112 lines
2.8 KiB
Nix
112 lines
2.8 KiB
Nix
|
{
|
||
|
lib,
|
||
|
pkgs,
|
||
|
userdata,
|
||
|
...
|
||
|
}: {
|
||
|
imports = [./hardware.nix];
|
||
|
|
||
|
hardware.cpu.intel.updateMicrocode = true;
|
||
|
hardware.enableRedistributableFirmware = true;
|
||
|
|
||
|
networking = {
|
||
|
hostName = "bicboye";
|
||
|
useDHCP = lib.mkDefault false;
|
||
|
interfaces.enp6s0 = {
|
||
|
useDHCP = lib.mkDefault true;
|
||
|
wakeOnLan.enable = true;
|
||
|
};
|
||
|
firewall.allowedTCPPorts = [
|
||
|
80
|
||
|
443
|
||
|
];
|
||
|
};
|
||
|
|
||
|
# Enable weekly btrfs auto-scrub.
|
||
|
services.btrfs.autoScrub = {
|
||
|
enable = true;
|
||
|
interval = "weekly";
|
||
|
fileSystems = ["/"];
|
||
|
};
|
||
|
|
||
|
# Power management, enable powertop and thermald.
|
||
|
powerManagement.powertop.enable = true;
|
||
|
services.thermald.enable = true;
|
||
|
|
||
|
# TODO: move to module
|
||
|
security.acme.defaults.email = "chinmaydpai@gmail.com";
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
recommendedProxySettings = true;
|
||
|
recommendedOptimisation = true;
|
||
|
recommendedGzipSettings = true;
|
||
|
recommendedTlsSettings = true;
|
||
|
};
|
||
|
|
||
|
snowflake = {
|
||
|
stateVersion = "24.05";
|
||
|
|
||
|
core.docker.enable = true;
|
||
|
core.docker.storageDriver = "btrfs";
|
||
|
core.security.sysctl.enable = lib.mkForce false;
|
||
|
|
||
|
networking.networkManager.enable = true;
|
||
|
|
||
|
hardware.initrd-luks = {
|
||
|
enable = true;
|
||
|
authorizedKeys = [
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP"
|
||
|
];
|
||
|
availableKernelModules = ["r8169"];
|
||
|
};
|
||
|
|
||
|
services = {
|
||
|
gitea = {
|
||
|
enable = true;
|
||
|
domain = "git.deku.moe";
|
||
|
sshDomain = "git-ssh.deku.moe";
|
||
|
dbPasswordFile = userdata.secrets.services.gitea.password;
|
||
|
};
|
||
|
|
||
|
miniflux = {
|
||
|
enable = true;
|
||
|
domain = "flux.deku.moe";
|
||
|
adminTokenFile = userdata.secrets.services.miniflux.password;
|
||
|
};
|
||
|
|
||
|
paperless = {
|
||
|
enable = true;
|
||
|
domain = "docs.deku.moe";
|
||
|
passwordFile = userdata.secrets.services.paperless.password;
|
||
|
adminUser = "chinmay";
|
||
|
};
|
||
|
|
||
|
vaultwarden = {
|
||
|
enable = true;
|
||
|
domain = "bw.deku.moe";
|
||
|
adminTokenFile = userdata.secrets.services.vaultwarden.password;
|
||
|
};
|
||
|
|
||
|
static-site = {
|
||
|
enable = true;
|
||
|
package = pkgs.maych-in;
|
||
|
domain = "maych.in";
|
||
|
};
|
||
|
unifi-controller.enable = true;
|
||
|
};
|
||
|
|
||
|
user = {
|
||
|
enable = true;
|
||
|
username = "server";
|
||
|
description = "Bicboye Server";
|
||
|
userPasswordAgeModule = userdata.secrets.machines.bicboye.password;
|
||
|
rootPasswordAgeModule = userdata.secrets.machines.bicboye.root-password;
|
||
|
extraAuthorizedKeys = [
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP"
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
}
|