hosts/cloud/sortug/configuration.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

{
  modulesPath,
  lib,
  ...
}: {
  imports =
    lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix
    ++ [
      ./hardware-configuration.nix
      (modulesPath + "/installer/scan/not-detected.nix")
      ../../base.nix
      ../../users.nix
      ../../server.nix
      ../packages.nix
      ./gitea.nix
      ./nginx.nix
      ./minio.nix
      # ./coturn.nix
      ./disk-config.nix
      ./mail.nix
    ];

  boot = {
    loader.grub.enable = true;
    # loader.grub.device = "/dev/sda";
  };

  services.do-agent.enable = true;
  networking = {
    firewall.enable = false;
    networkmanager.enable = true;
    hostName = "sortug"; # use Digital Ocean metadata server
    useDHCP = false;
    interfaces.enp3s0.ipv4.addresses = [
      {
        address = "209.182.234.186";
        prefixLength = 24;
      }
    ];
    interfaces.enp3s0.ipv6.addresses = [
      {
        address = "2602:ff16:14:0:1:f7:0:1";
        prefixLength = 64;
      }
    ];
    defaultGateway = {
      address = "209.182.234.1";
      interface = "enp3s0";
    };
    defaultGateway6 = {
      address = "2602:ff16:14::1";
      interface = "enp3s0";
    };
    nameservers = [
      "8.8.8.8"
      "8.8.4.4"
      "2001:4860:4860::8888"
      "2001:4860:4860::8844"
    ];
  };

  # curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.11 bash -x

  services.resolved = {
    enable = true;
    domains = ["2001:4860:4860::8888" "2001:4860:4860::8844"];
  };

  #      networking.firewall = {
  #        enable = true;
  # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ];
  # allowedUDPPorts = [ 40308 80 443 53 51820 5522
  #    50000
  #    50001
  #    50002
  #    50003
  #    50004
  #    50005
  #    50006
  #    50007
  #    50008
  #    50009
  #    50010
  #  ];
  #      };
  services.ntfy-sh = {
    enable = true;
    settings = {
      base-url = "https://ntfy.sortug.com";
      listen-http = ":8099";
    };
  };
  system.stateVersion = "24.05"; # Did you read the comment?
  users.users.y.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes"];
}