nixos-config/machines/orbi/configuration.nix

{
  lib,
  config,
  pkgs,
  modulesPath,
  ...
}:
{
  imports = [

    (modulesPath + "/profiles/hardened.nix")

    ./hardware-configuration

    ../../system/all/defaults.nix

    ./service-forgejo-runner.nix
    ./service-forgejo.nix
    ./service-hedgedoc.nix
    ./service-nix-cache.nix
    ./service-photoprism.nix
    #    ./service-surrealdb.nix # not really needed at the moment
    ./service-taskchampion.nix
    ./service-vaultwarden.nix
    ./service-wastebin.nix

    ./nginx-ingolf-wagner-de.nix
    ./nginx-wkd.nix

    ./network-tinc.nix
    ./network-wireguard.nix

    ./media-arr.nix
    ./media-jellyfin.nix
    ./media-nextcloud.nix
    ./media-share.nix
    ./media-syncthing.nix
    ./media-transmission2.nix

    #./social-jitsi.nix
    ./social-matrix-terranix.nix

    ./topology.nix

  ];

  networking.firewall.enable = true;

  services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

  networking.hostName = "orbi";

  components.terminal.enable = true;
  components.mainUser.enable = true;
  components.gui.enable = false;
  components.network.enable = true;
  components.network.nginx.landingpage.enable = false;
  components.network.wifi.enable = false;

  features.network.fail2ban.enable = true;
  features.boot.ssh.enable = true;

  telemetry.enable = true;
  telemetry.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
  telemetry.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus
  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
  networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
  healthchecks.closed.public.ports.opentelemetry = [ 4317 ];

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "contact@ingolf-wagner.de";

  healthchecks.closed.wg0.host = "10.100.0.1";
  healthchecks.closed.public.host = "orbi.public";

  # chungus rsync
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD"
  ];

  # todo : need this for syncoid
  environment.systemPackages = [
    pkgs.mbuffer
    pkgs.lzop
    pkgs.gzip
  ];

}
nix fmt 2024-08-29 03:26:04 +02:00			`{`
			`lib,`
			`config,`
			`pkgs,`
			`modulesPath,`
			`...`
			`}:`
			`{`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`imports = [`

cleanup 2024-08-08 17:30:08 +02:00			`(modulesPath + "/profiles/hardened.nix")`

systems folder get smaller 2024-03-03 10:52:46 +01:00			`./hardware-configuration`

update robi and started with orbi 2023-12-09 17:15:50 +01:00			`../../system/all/defaults.nix`
systems folder get smaller 2024-03-03 10:52:46 +01:00
working forgejo-runner 2024-07-19 21:33:09 +02:00			`./service-forgejo-runner.nix`
add paste.ingolf-wagner.de 2024-07-22 00:19:08 +02:00			`./service-forgejo.nix`
clean up of orbi files 2024-05-18 23:57:31 +02:00			`./service-hedgedoc.nix`
add paste.ingolf-wagner.de 2024-07-22 00:19:08 +02:00			`./service-nix-cache.nix`
enable photoprism on orbi 2024-05-10 23:17:45 +02:00			`./service-photoprism.nix`
:lipstick: nix fmt 2024-09-03 13:21:26 +02:00			`# ./service-surrealdb.nix # not really needed at the moment`
:construction: taskwarrior-webui as podman container but not working as expected 2024-09-08 06:29:17 +02:00			`./service-taskchampion.nix`
clean up of orbi files 2024-05-18 23:57:31 +02:00			`./service-vaultwarden.nix`
add paste.ingolf-wagner.de 2024-07-22 00:19:08 +02:00			`./service-wastebin.nix`
refactorings 2024-04-12 20:56:42 +02:00
			`./nginx-ingolf-wagner-de.nix`
			`./nginx-wkd.nix`
working on orbi 2024-02-16 22:21:05 +01:00
working on orbi tinc support 2024-03-03 21:58:52 +01:00			`./network-tinc.nix`
switch wireguard configuration 2024-04-07 17:58:36 +02:00			`./network-wireguard.nix`
working on orbi 2024-02-16 22:21:05 +01:00
clean up of orbi files 2024-05-18 23:57:31 +02:00			`./media-arr.nix`
			`./media-jellyfin.nix`
			`./media-nextcloud.nix`
migrated media stuff 2024-04-07 10:18:13 +02:00			`./media-share.nix`
syncthing setup on orbi 2024-04-17 10:00:17 +02:00			`./media-syncthing.nix`
migrated media stuff 2024-04-07 10:18:13 +02:00			`./media-transmission2.nix`
working on orbi 2024-02-16 22:21:05 +01:00
update nextcloud 2024-05-27 21:02:15 +02:00			`#./social-jitsi.nix`
set up terranix matrix again 2024-04-04 21:26:10 +02:00			`./social-matrix-terranix.nix`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
:wrench: add some topology information 2024-08-30 12:34:57 +02:00			`./topology.nix`

update robi and started with orbi 2023-12-09 17:15:50 +01:00			`];`
cleanup 2024-08-08 17:30:08 +02:00
:wrench: migrate to taskwarrior 3 2024-09-03 13:20:29 +02:00			`networking.firewall.enable = true;`

fix various things, to make it work after update 2024-07-12 21:51:41 +02:00			`services.logrotate.checkConfig = false; # because uid 3000 does not exist in here`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
orbi works and steam is a component now 2024-02-28 23:17:23 +01:00			`networking.hostName = "orbi";`
working on orbi 2024-02-16 22:21:05 +01:00
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`components.terminal.enable = true;`
			`components.mainUser.enable = true;`
			`components.gui.enable = false;`
			`components.network.enable = true;`
refactorings 2024-04-12 20:56:42 +02:00			`components.network.nginx.landingpage.enable = false;`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`components.network.wifi.enable = false;`

fixing fail2ban and set up ssh + tor on chungus 2024-08-08 19:25:19 +02:00			`features.network.fail2ban.enable = true;`
introduced features 2024-08-08 16:39:50 +02:00			`features.boot.ssh.enable = true;`
fiddeling around with fail2ban and unlock via ssh 2024-08-02 23:40:57 +02:00
:heavy_plus_sign: migrate to nixos-telemetry flake 2024-10-16 16:18:47 +02:00			`telemetry.enable = true;`
			`telemetry.opentelemetry.receiver.endpoint = "0.0.0.0:4317";`
			`telemetry.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus`
cleanup 2024-08-08 17:30:08 +02:00			`networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];`
			`networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];`
:heavy_plus_sign: use nixos-healthchecks instead of verify 2024-09-30 05:05:17 +02:00			`healthchecks.closed.public.ports.opentelemetry = [ 4317 ];`
make monitoring a component and easy to configure 2024-05-15 11:59:24 +02:00
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`security.acme.acceptTerms = true;`
			`security.acme.defaults.email = "contact@ingolf-wagner.de";`

:heavy_plus_sign: use nixos-healthchecks instead of verify 2024-09-30 05:05:17 +02:00			`healthchecks.closed.wg0.host = "10.100.0.1";`
			`healthchecks.closed.public.host = "orbi.public";`
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00
backup terranix matrix 2024-04-04 22:24:48 +02:00			`# chungus rsync`
nix fmt 2024-08-29 03:26:04 +02:00			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD"`
			`];`
backup terranix matrix 2024-04-04 22:24:48 +02:00
add some syncoid packages 2024-05-19 01:29:29 +02:00			`# todo : need this for syncoid`
			`environment.systemPackages = [`
			`pkgs.mbuffer`
			`pkgs.lzop`
			`pkgs.gzip`
			`];`

update robi and started with orbi 2023-12-09 17:15:50 +01:00			`}`