🔧 socrates: initial config

2021-03-07 22:05:33 -05:00 · 2021-03-07 22:05:33 -05:00 · 3d7cf5c3fe
commit 3d7cf5c3fe
parent 807a7cfea5
3 changed files with 120 additions and 0 deletions
--- a/hosts/socrates/configuration.nix
+++ b/hosts/socrates/configuration.nix
@ -0,0 +1,67 @@
+{ pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix # generated at runtime by nixos-infect
+    <home-manager/nixos>
+  ];
+
+  boot.cleanTmpDir = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  networking.hostName = "socrates";
+  networking.firewall.allowPing = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.nameservers = [ "100.100.100.100" "1.1.1.1" ];
+  networking.search = [ "walkah.net.beta.tailscale.net" ];
+
+  security.sudo.wheelNeedsPassword = false;
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+  ];
+  users.users = {
+    walkah = {
+      extraGroups = [ "wheel" "docker" ];
+      isNormalUser = true;
+      shell = pkgs.zsh;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
+      ];
+    };
+  };
+  home-manager.users.walkah = import /home/walkah/.config/nixpkgs/home.nix;
+
+  system.autoUpgrade.enable = true;
+  environment.systemPackages = with pkgs; [ ];
+
+  programs.mosh.enable = true;
+  programs.zsh.enable = true;
+
+  services.openssh.enable = true;
+  services.tailscale.enable = true;
+
+  virtualisation.docker.enable = true;
+
+  security.acme.acceptTerms = true;
+  security.acme.email = "walkah@walkah.net";
+
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."walkah.codes" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+}
--- a/hosts/socrates/hardware-configuration.nix
+++ b/hosts/socrates/hardware-configuration.nix
@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+  boot.loader.grub.device = "/dev/vda";
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+}
--- a/hosts/socrates/networking.nix
+++ b/hosts/socrates/networking.nix
@ -0,0 +1,47 @@
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    defaultGateway = "167.99.176.1";
+    defaultGateway6 = "2604:a880:cad:d0::1";
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce true;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "167.99.176.10";
+            prefixLength = 20;
+          }
+          {
+            address = "10.20.0.5";
+            prefixLength = 16;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2604:a880:cad:d0::cda:5001";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::b885:79ff:fe71:134e";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [{
+          address = "167.99.176.1";
+          prefixLength = 32;
+        }];
+        ipv6.routes = [{
+          address = "2604:a880:cad:d0::1";
+          prefixLength = 32;
+        }];
+      };
+
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="ba:85:79:71:13:4e", NAME="eth0"
+    ATTR{address}=="3e:02:2b:ed:5d:22", NAME="eth1"
+  '';
+}