diff options
Diffstat (limited to 'hosts/cloud/sortug/configuration.nix')
| -rw-r--r-- | hosts/cloud/sortug/configuration.nix | 146 |
1 files changed, 75 insertions, 71 deletions
diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix index da267f6..9f75d14 100644 --- a/hosts/cloud/sortug/configuration.nix +++ b/hosts/cloud/sortug/configuration.nix @@ -1,84 +1,88 @@ -{ modulesPath, lib, ... }: { - imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ - ./hardware-configuration.nix - (modulesPath + "/installer/scan/not-detected.nix") - ./gitea.nix - ./nginx.nix - ./minio.nix - # ./coturn.nix - ./disk-config.nix - # ./mail.nix - ]; + modulesPath, + lib, + ... +}: { + imports = + lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix + ++ [ + ./hardware-configuration.nix + (modulesPath + "/installer/scan/not-detected.nix") + ../../base.nix + ../../users.nix + ../../server.nix + ../packages.nix + ./gitea.nix + ./nginx.nix + ./minio.nix + # ./coturn.nix + ./disk-config.nix + # ./mail.nix + ]; - - boot = { + boot = { loader.grub.enable = true; # loader.grub.device = "/dev/sda"; - }; + }; - services.openssh = { - enable = true; - passwordAuthentication = false; - ports = [5522]; + services.do-agent.enable = true; + networking = { + firewall.enable = false; + networkmanager.enable = true; + hostName = "sortug"; # use Digital Ocean metadata server + useDHCP = false; + interfaces.enp3s0.ipv4.addresses = [ + { + address = "209.182.234.186"; + prefixLength = 24; + } + ]; + interfaces.enp3s0.ipv6.addresses = [ + { + address = "2602:ff16:14:0:1:f7:0:1"; + prefixLength = 64; + } + ]; + defaultGateway = { + address = "209.182.234.1"; + interface = "enp3s0"; }; - - users.users.root.openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; - - services.do-agent.enable = true; - networking = { - firewall.enable = false; - networkmanager.enable = true; - hostName = "sortug"; # use Digital Ocean metadata server - useDHCP = false; - interfaces.enp3s0.ipv4.addresses = [ - {address = "209.182.234.186"; prefixLength = 24;} - ]; - interfaces.enp3s0.ipv6.addresses = [ - {address = "2602:ff16:14:0:1:f7:0:1"; prefixLength = 64;} - ]; - defaultGateway = { - address = "209.182.234.1"; - interface = "enp3s0"; - }; - defaultGateway6 = { - address = "2602:ff16:14::1"; - interface = "enp3s0"; - }; - nameservers = [ - "8.8.8.8" - "8.8.4.4" - "2001:4860:4860::8888" - "2001:4860:4860::8844" - ]; - }; + defaultGateway6 = { + address = "2602:ff16:14::1"; + interface = "enp3s0"; + }; + nameservers = [ + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + ]; + }; # curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.11 bash -x - services.resolved = { - enable = true; - domains = - [ "2001:4860:4860::8888" "2001:4860:4860::8844" ]; - }; + services.resolved = { + enable = true; + domains = ["2001:4860:4860::8888" "2001:4860:4860::8844"]; + }; - # networking.firewall = { - # enable = true; - # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; - # allowedUDPPorts = [ 40308 80 443 53 51820 5522 - # 50000 - # 50001 - # 50002 - # 50003 - # 50004 - # 50005 - # 50006 - # 50007 - # 50008 - # 50009 - # 50010 - # ]; - # }; + # networking.firewall = { + # enable = true; + # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 40308 80 443 53 51820 5522 + # 50000 + # 50001 + # 50002 + # 50003 + # 50004 + # 50005 + # 50006 + # 50007 + # 50008 + # 50009 + # 50010 + # ]; + # }; services.ntfy-sh = { enable = true; settings = { |