mirror of
https://github.com/tuxdotrs/tnvim.git
synced 2025-07-06 21:36:34 +05:30
120 lines
2.7 KiB
Nix
120 lines
2.7 KiB
Nix
{
|
|
pkgs,
|
|
username,
|
|
config,
|
|
...
|
|
}: {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
../common
|
|
../../modules/nixos/headscale.nix
|
|
../../modules/nixos/vaultwarden.nix
|
|
../../modules/nixos/gitea.nix
|
|
../../modules/nixos/monitoring/grafana.nix
|
|
../../modules/nixos/monitoring/loki.nix
|
|
../../modules/nixos/monitoring/promtail.nix
|
|
../../modules/nixos/ntfy-sh.nix
|
|
../../modules/nixos/searx.nix
|
|
];
|
|
|
|
sops.secrets = {
|
|
borg_encryption_key = {
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
|
|
searx_secret_key = {
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
|
|
"cloudflare_credentials/email" = {
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
|
|
"cloudflare_credentials/dns_api_token" = {
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
};
|
|
|
|
boot = {
|
|
kernelPackages = pkgs.linuxPackages_zen;
|
|
initrd.systemd.enable = true;
|
|
|
|
loader = {
|
|
grub.device = "/dev/sda";
|
|
timeout = 1;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = "arcturus";
|
|
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [80 443 22];
|
|
};
|
|
};
|
|
|
|
security = {
|
|
sudo.wheelNeedsPassword = false;
|
|
|
|
acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "0xtux@pm.me";
|
|
certs = {
|
|
"tux.rs" = {
|
|
domain = "*.tux.rs";
|
|
extraDomainNames = ["tux.rs"];
|
|
dnsProvider = "cloudflare";
|
|
credentialFiles = {
|
|
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
|
|
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
users.users.nginx.extraGroups = ["acme"];
|
|
|
|
services = {
|
|
nginx = {
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
};
|
|
|
|
borgbackup.jobs.arcturus-backup = {
|
|
paths = [
|
|
"/var/lib/bitwarden_rs"
|
|
"/var/lib/gitea"
|
|
"/var/lib/headscale"
|
|
"/var/lib/grafana"
|
|
"/var/lib/loki"
|
|
"/var/lib/private/ntfy-sh"
|
|
];
|
|
encryption = {
|
|
mode = "repokey-blake2";
|
|
passCommand = "cat ${config.sops.secrets.borg_encryption_key.path}";
|
|
};
|
|
environment.BORG_RSH = "ssh -i /home/${username}/.ssh/storagebox";
|
|
repo = "ssh://u416910@u416910.your-storagebox.de:23/./arcturus-backups";
|
|
compression = "auto,zstd";
|
|
startAt = "daily";
|
|
};
|
|
};
|
|
|
|
programs = {
|
|
zsh.enable = true;
|
|
nix-ld = {
|
|
enable = true;
|
|
package = pkgs.nix-ld-rs;
|
|
};
|
|
dconf.enable = true;
|
|
};
|
|
|
|
fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|