nixos-config/machines/orbi/configuration.nix

78 lines
2 KiB
Nix
Raw Permalink Normal View History

2023-12-09 17:15:50 +01:00
{ lib, config, pkgs, ... }: {
imports = [
2024-03-03 10:52:46 +01:00
./hardware-configuration
2023-12-09 17:15:50 +01:00
../../system/all/defaults.nix
2024-03-03 10:52:46 +01:00
2023-12-09 17:15:50 +01:00
../../components
../../modules
2024-07-19 21:33:09 +02:00
./service-forgejo-runner.nix
2024-07-22 00:19:08 +02:00
./service-forgejo.nix
2024-05-18 23:57:31 +02:00
./service-hedgedoc.nix
2024-07-22 00:19:08 +02:00
./service-nix-cache.nix
2024-05-10 23:17:45 +02:00
./service-photoprism.nix
2024-07-22 00:19:08 +02:00
#./service-surrealdb.nix # not really needed at the moment
2024-05-18 23:57:31 +02:00
./service-taskserver.nix
./service-vaultwarden.nix
2024-06-22 19:31:50 +02:00
./service-vikunja.nix
2024-07-22 00:19:08 +02:00
./service-wastebin.nix
2024-04-12 20:56:42 +02:00
./nginx-ingolf-wagner-de.nix
./nginx-wkd.nix
2024-02-16 22:21:05 +01:00
2024-03-03 21:58:52 +01:00
./network-tinc.nix
2024-04-07 17:58:36 +02:00
./network-wireguard.nix
2024-02-16 22:21:05 +01:00
2024-05-18 23:57:31 +02:00
./media-arr.nix
./media-jellyfin.nix
./media-nextcloud.nix
2024-04-07 10:18:13 +02:00
./media-share.nix
2024-04-17 10:00:17 +02:00
./media-syncthing.nix
2024-04-07 10:18:13 +02:00
./media-transmission2.nix
2024-02-16 22:21:05 +01:00
2024-05-27 21:02:15 +02:00
#./social-jitsi.nix
2024-04-04 21:26:10 +02:00
./social-matrix-terranix.nix
2023-12-09 17:15:50 +01:00
2024-07-18 11:24:21 +02:00
#./buildbot-worker.nix
#./buildbot-master.nix
2024-07-17 21:48:22 +02:00
2023-12-09 17:15:50 +01:00
];
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
2023-12-09 17:15:50 +01:00
networking.hostName = "orbi";
2024-02-16 22:21:05 +01:00
2023-12-09 17:15:50 +01:00
components.terminal.enable = true;
components.mainUser.enable = true;
components.gui.enable = false;
components.network.enable = true;
2024-04-12 20:56:42 +02:00
components.network.nginx.landingpage.enable = false;
2023-12-09 17:15:50 +01:00
components.network.wifi.enable = false;
2024-06-21 20:39:35 +02:00
components.network.fail2ban.enable = true;
2024-06-15 01:17:53 +02:00
components.network.sshd.sshguard.enable = false;
components.nixos.boot.enable = true;
components.monitor.enable = true;
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus
2023-12-09 17:15:50 +01:00
security.acme.acceptTerms = true;
security.acme.defaults.email = "contact@ingolf-wagner.de";
2024-04-04 22:24:48 +02:00
# chungus rsync
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ];
2024-05-19 01:29:29 +02:00
# todo : need this for syncoid
environment.systemPackages = [
pkgs.mbuffer
pkgs.lzop
pkgs.gzip
];
2023-12-09 17:15:50 +01:00
}