hosts/cloud/sortug/configuration.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

{ modulesPath, lib, ... }:
{
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    ./hardware-configuration.nix
    (modulesPath + "/installer/scan/not-detected.nix")
    ./gitea.nix
    ./nginx.nix
    ./minio.nix
    # ./coturn.nix
    ./disk-config.nix
    # ./mail.nix
  ];

    
   boot = {
    loader.grub.enable = true;
    # loader.grub.device = "/dev/sda";
  }; 

    services.openssh = {
      enable = true;
      passwordAuthentication = false;
    	ports = [5522];
    };

     users.users.root.openssh.authorizedKeys.keys = 
          [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ];
    
      services.do-agent.enable =  true;
      networking = {
        firewall.enable = false;
        networkmanager.enable = true;
        hostName =  "sortug"; # use Digital Ocean metadata server
        useDHCP = false;
        interfaces.enp3s0.ipv4.addresses = [
          {address =  "209.182.234.186"; prefixLength = 24;}
        ];        
        interfaces.enp3s0.ipv6.addresses = [
          {address =  "2602:ff16:14:0:1:f7:0:1"; prefixLength = 64;}
        ];        
        defaultGateway = {
          address = "209.182.234.1";
          interface = "enp3s0";
        };
        defaultGateway6 = {
          address = "2602:ff16:14::1";
          interface = "enp3s0";
        };
        nameservers = [
          "8.8.8.8"
          "8.8.4.4"
          "2001:4860:4860::8888"
          "2001:4860:4860::8844"
        ];
      };

  # curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.11 bash -x

    services.resolved = {
      enable = true;
      domains =
        [ "2001:4860:4860::8888" "2001:4860:4860::8844" ];
    };      

      #      networking.firewall = {
 #        enable = true;
	# allowedTCPPorts = [ 40308 80 443 53 51820 5522 ];
	# allowedUDPPorts = [ 40308 80 443 53 51820 5522 
 #    50000
 #    50001
 #    50002
 #    50003
 #    50004
 #    50005
 #    50006
 #    50007
 #    50008
 #    50009
 #    50010
 #  ];
 #      };
  services.ntfy-sh = {
    enable = true;
    settings = {
      base-url = "https://ntfy.sortug.com";
      listen-http = ":8099";
    };
  };
  system.stateVersion = "24.05"; # Did you read the comment?
}