Chinmay D. Pai
98fbfc0590
* add mailserver module based on simple-nixos-mailserver * add smolboye server running on Hetzner Cloud * add support for grub, make systemd-boot an optional default Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
93 lines
2.4 KiB
Nix
93 lines
2.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
userdata,
|
|
...
|
|
}: {
|
|
imports = [./disk-config.nix];
|
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
hardware.enableRedistributableFirmware = true;
|
|
|
|
networking = {
|
|
hostName = "smolboye";
|
|
nameservers = ["1.1.1.1"];
|
|
useDHCP = lib.mkDefault false;
|
|
interfaces.enp1s0 = {
|
|
useDHCP = lib.mkDefault true;
|
|
ipv6.addresses = [
|
|
{
|
|
address = "2a01:4f8:1c1c:90b::";
|
|
prefixLength = 64;
|
|
}
|
|
];
|
|
};
|
|
defaultGateway6 = {
|
|
address = "fe80::1";
|
|
interface = "enp1s0";
|
|
};
|
|
firewall.allowedTCPPorts = [80 443];
|
|
};
|
|
|
|
boot = {
|
|
initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "nvme" "usb_storage" "sd_mod"];
|
|
kernelModules = ["kvm-amd" "virtio_gpu"];
|
|
kernelParams = ["console=tty"];
|
|
loader.grub.device = "/dev/sda";
|
|
supportedFilesystems = ["btrfs"];
|
|
};
|
|
|
|
# Enable weekly btrfs auto-scrub.
|
|
services.btrfs.autoScrub = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
fileSystems = ["/"];
|
|
};
|
|
|
|
security.acme.defaults.email = "chinmaydpai@gmail.com";
|
|
|
|
age.secrets = {
|
|
mailserver-watashi.file = userdata.secrets.services.mailserver.watashi.password.file;
|
|
};
|
|
|
|
snowflake = {
|
|
stateVersion = "24.11";
|
|
bootloader = "grub";
|
|
|
|
core.security.sysctl.enable = lib.mkForce false;
|
|
|
|
networking.firewall.enable = true;
|
|
networking.networkManager.enable = true;
|
|
networking.resolved.enable = true;
|
|
|
|
services = {
|
|
mailserver = {
|
|
enable = true;
|
|
fqdn = "mail.deku.moe";
|
|
domains = ["deku.moe"];
|
|
loginAccounts = {
|
|
"watashi@deku.moe" = {
|
|
hashedPasswordFile = config.age.secrets.mailserver-watashi.path;
|
|
aliases = ["@deku.moe"];
|
|
catchAll = ["deku.moe"];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
user = {
|
|
enable = true;
|
|
username = "server";
|
|
description = "Smolboye Server";
|
|
userPasswordAgeModule = userdata.secrets.machines.smolboye.password;
|
|
rootPasswordAgeModule = userdata.secrets.machines.smolboye.root-password;
|
|
extraAuthorizedKeys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C"
|
|
];
|
|
};
|
|
};
|
|
}
|