75 lines
1.2 KiB
Nix
75 lines
1.2 KiB
Nix
{ impermanence, pkgs, ... }:
|
|
|
|
let
|
|
|
|
ports = {
|
|
ssh = [ 2322 2323 2324 ];
|
|
gitea = 10010;
|
|
headscale = 10020;
|
|
};
|
|
|
|
in
|
|
{
|
|
|
|
imports = [
|
|
./hardware.nix
|
|
../../modules/gitea
|
|
../../modules/headscale
|
|
../../users/christian
|
|
];
|
|
|
|
services = {
|
|
gitea.enable = true;
|
|
nginx.enable = true;
|
|
headscale.enable = true;
|
|
openssh = {
|
|
enable = true;
|
|
ports = ports.ssh;
|
|
};
|
|
};
|
|
|
|
programs.mosh.enable = true;
|
|
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
christian = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
|
|
security = {
|
|
sudo = {
|
|
wheelNeedsPassword = false;
|
|
extraConfig = ''
|
|
Defaults lecture = never
|
|
'';
|
|
};
|
|
acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "cert@ctsk.xyz";
|
|
};
|
|
};
|
|
|
|
nix.settings = {
|
|
trusted-users = [ "@wheel" ];
|
|
trusted-public-keys = [
|
|
"labyrinth-1:GCR2h5k9WFvome2mrFRBtiWw7sAn+pYZwXRwAj9W0b0="
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
config-archive
|
|
];
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|