nix-home/nki-personal-do/configuration.nix

96 lines
3.1 KiB
Nix
Raw Normal View History

2021-10-28 20:35:02 +00:00
{ pkgs, config, ... }: {
2021-10-27 19:36:16 +00:00
imports = [
./hardware-configuration.nix
2021-10-31 21:37:04 +00:00
# Set up cloud
../modules/cloud/postgresql
../modules/cloud/traefik
2021-11-01 01:41:29 +00:00
../modules/cloud/bitwarden
2021-11-01 19:50:30 +00:00
../modules/cloud/mail
2022-06-10 20:50:07 +00:00
../modules/cloud/conduit
2022-11-14 20:31:05 +00:00
../modules/cloud/writefreely
2021-10-27 19:36:16 +00:00
];
boot.cleanTmpDir = true;
networking.hostName = "nki-personal";
networking.firewall.allowPing = true;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLr1Q+PJuDYJtBAVMSU0U2kZi4V0Z7dE+dpRxa4aEDupSlcPCwSEtcpNME1up7z0yxjcIHHkBYq0RobIaLqwEmntnZzz37jg/iiHwyZsN93jZljId1X0uykcMem4ljiqgmRg3Fs8RKj2+N1ovpIZVDOWINLJJDVJntNvwW/anSCtx27FATVdroHoiyXCwVknG6p3bHU5Nd3idRMn45kZ7Qf1J50XUhtu3ehIWI2/5nYIbi8WDnzY5vcRZEHROyTk2pv/m9rRkCTaGnUdZsv3wfxeeT3223k0mUfRfCsiPtNDGwXn66HcG2cmhrBIeDoZQe4XNkzspaaJ2+SGQfO8Zf natsukagami@gmail.com"
2021-10-27 19:36:16 +00:00
];
2022-06-11 21:41:43 +00:00
users.users.root.shell = pkgs.fish;
2021-10-27 19:36:16 +00:00
environment.systemPackages = with pkgs; [
2021-11-01 18:41:55 +00:00
git
2021-10-27 19:36:16 +00:00
];
services.do-agent.enable = true;
system.autoUpgrade = {
enable = true;
allowReboot = true;
flake = "github:natsukagami/nix-home#nki-personal-do";
};
nix = {
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
2021-10-28 20:35:02 +00:00
# Secret management
sops.defaultSopsFile = ./secrets/secrets.yaml;
2022-12-01 18:14:40 +00:00
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
2021-10-28 20:35:02 +00:00
# tinc
services.my-tinc.enable = true;
2021-10-28 21:05:06 +00:00
services.my-tinc.hostName = "cloud";
2022-10-17 11:51:03 +00:00
sops.secrets."tinc/rsa-private-key" = { };
sops.secrets."tinc/ed25519-private-key" = { };
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
2021-10-31 21:37:04 +00:00
# Set up traefik
2021-11-01 19:44:19 +00:00
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
2021-10-31 21:37:04 +00:00
cloud.traefik.cloudflareKeyFile = config.sops.secrets.cloudflare-dns-api-token.path;
2021-11-01 19:44:19 +00:00
cloud.traefik.dashboard = {
enable = true;
usersFile = config.sops.secrets.traefik-dashboard-users.path;
};
2021-11-01 19:50:30 +00:00
cloud.traefik.certsDumper.enable = true;
2022-06-10 20:50:07 +00:00
cloud.conduit.enable = true;
2022-07-17 21:10:28 +00:00
cloud.conduit.package = pkgs.unstable.matrix-conduit;
2021-11-01 19:50:30 +00:00
2022-06-11 19:53:34 +00:00
# Navidrome back to the PC
cloud.traefik.hosts.navidrome = {
host = "navidrome.nkagami.me";
port = 4533;
localHost = "11.0.0.2";
};
2021-11-01 19:50:30 +00:00
# Mail
sops.secrets.mail-users = { owner = "maddy"; };
cloud.mail = {
enable = true;
2021-12-01 19:38:53 +00:00
debug = true;
2022-12-01 18:14:40 +00:00
# local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
2021-11-01 19:50:30 +00:00
tls.certFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/certificate.crt";
tls.keyFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/privatekey.key";
usersFile = config.sops.secrets.mail-users.path;
};
2021-11-03 17:22:27 +00:00
# Youmubot
sops.secrets.youmubot-env = { };
2021-11-03 17:22:27 +00:00
services.youmubot = {
enable = true;
envFile = config.sops.secrets.youmubot-env.path;
};
2022-11-14 20:31:05 +00:00
# Writefreely
cloud.writefreely.enable = true;
system.stateVersion = "21.11";
2021-10-27 19:36:16 +00:00
}