tux/tawm
1
0
Fork 0
mirror of https://github.com/tuxdotrs/tawm.git synced 2025-07-06 04:56:34 +05:30
Code Issues Packages Projects Releases Wiki Activity
Files
c33278b0bfc97500b46141b37ea385347b5a42ab
tawm/hosts/arcturus/default.nix
0xTux c33278b0bf firewall allow port 3333
2024-10-12 06:55:47 +05:30

141 lines
3.1 KiB
Nix
Raw Blame History

{
pkgs,
username,
config,
...
}: {
imports = [
./hardware-configuration.nix
../common
../../modules/nixos/postgresql.nix
../../modules/nixos/headscale.nix
../../modules/nixos/vaultwarden.nix
../../modules/nixos/gitea.nix
../../modules/nixos/plausible.nix
../../modules/nixos/monitoring/grafana.nix
../../modules/nixos/monitoring/loki.nix
../../modules/nixos/monitoring/promtail.nix
../../modules/nixos/ntfy-sh.nix
../../modules/nixos/searx.nix
../../modules/nixos/wakapi.nix
];
sops.secrets = {
borg_encryption_key = {
sopsFile = ./secrets.yaml;
};
searx_secret_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
plausible_password = {
sopsFile = ./secrets.yaml;
};
plausible_key = {
sopsFile = ./secrets.yaml;
};
wakapi_salt = {
sopsFile = ./secrets.yaml;
};
};
boot = {
kernelPackages = pkgs.linuxPackages_zen;
initrd.systemd.enable = true;
loader = {
grub.device = "/dev/sda";
timeout = 1;
};
};
networking = {
hostName = "arcturus";
firewall = {
enable = true;
allowedTCPPorts = [80 443 22 3333];
};
};
security = {
sudo.wheelNeedsPassword = false;
acme = {
acceptTerms = true;
defaults.email = "0xtux@pm.me";
certs = {
"tux.rs" = {
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
services = {
nginx = {
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedZstdSettings = true;
};
borgbackup.jobs.arcturus-backup = {
paths = [
"/var/lib/bitwarden_rs"
"/var/lib/gitea"
"/var/lib/headscale"
"/var/lib/grafana"
"/var/lib/loki"
"/var/lib/private/ntfy-sh"
];
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.borg_encryption_key.path}";
};
environment.BORG_RSH = "ssh -i /home/${username}/.ssh/storagebox";
repo = "ssh://u416910@u416910.your-storagebox.de:23/./arcturus-backups";
compression = "auto,zstd";
startAt = "daily";
};
};
programs = {
zsh.enable = true;
nix-ld = {
enable = true;
package = pkgs.nix-ld-rs;
};
dconf.enable = true;
};
fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
environment.persistence."/persist" = {
enable = false;
};
system.stateVersion = "23.11";
}
Reference in New Issue View Git Blame Copy Permalink