2019-12-20 05:54:26 +01:00
|
|
|
{ config, pkgs, lib, ... }: {
|
2019-10-24 02:20:38 +02:00
|
|
|
imports = [
|
|
|
|
|
2021-09-27 18:53:45 +02:00
|
|
|
../../system/proxy
|
2019-10-24 02:20:38 +02:00
|
|
|
./hardware-configuration.nix
|
|
|
|
|
2021-09-27 18:53:45 +02:00
|
|
|
../../system/server/packages.nix
|
2019-10-24 02:20:38 +02:00
|
|
|
./nginx.nix
|
|
|
|
./tinc.nix
|
2021-02-11 20:43:54 +01:00
|
|
|
./codimd.nix
|
2021-08-05 09:01:39 +02:00
|
|
|
./bitwarden.nix
|
2020-04-22 22:25:26 +02:00
|
|
|
#./syncplay.nix
|
2021-10-13 20:55:57 +02:00
|
|
|
./grocy.nix
|
2019-11-27 03:21:44 +01:00
|
|
|
|
2019-10-24 02:20:38 +02:00
|
|
|
];
|
|
|
|
|
2021-10-05 22:00:44 +02:00
|
|
|
sops.defaultSopsFile = ../../secrets/sputnik.yaml;
|
2019-12-20 05:54:26 +01:00
|
|
|
networking.hostName = "sputnik";
|
2019-10-24 02:20:38 +02:00
|
|
|
networking.useDHCP = true;
|
|
|
|
|
|
|
|
boot.kernelParams = [ "net.ifnames=0" ];
|
|
|
|
boot.loader.grub = {
|
2019-12-20 05:54:26 +01:00
|
|
|
enable = true;
|
2019-10-24 02:20:38 +02:00
|
|
|
version = 2;
|
2019-12-20 05:54:26 +01:00
|
|
|
device = "/dev/sda";
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
# nix-shell -p speedtest_cli --run speedtest
|
|
|
|
configuration.fireqos = {
|
|
|
|
enable = true;
|
|
|
|
interface = "eth0";
|
|
|
|
input = 55000;
|
|
|
|
output = 4000;
|
|
|
|
balance = false;
|
|
|
|
};
|
|
|
|
|
2019-12-20 05:54:26 +01:00
|
|
|
services.custom.ssh.sshd.rootKeyFiles =
|
2021-10-05 22:00:44 +02:00
|
|
|
[ ../../assets/ssh/jenkins.pub ];
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
# make sure ssh is only available trough the tinc
|
|
|
|
networking.firewall.extraCommands = ''
|
|
|
|
iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0
|
|
|
|
'';
|
|
|
|
|
2020-03-03 17:14:21 +01:00
|
|
|
# enable all subdomains to be reached to make nginx rules easier
|
|
|
|
services.dnsmasq = with lib; {
|
|
|
|
enable = true;
|
|
|
|
extraConfig = ''
|
|
|
|
${concatStringsSep "\n"
|
|
|
|
(flip mapAttrsToList config.module.cluster.services.tinc."private".hosts
|
|
|
|
(name: attrs: "address=/.${name}.private/${attrs.tincIp}"))}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2019-10-24 02:20:38 +02:00
|
|
|
}
|
|
|
|
|