nixos-config/nixos/configs/sputnik/configuration.nix

57 lines
1.3 KiB
Nix
Raw Normal View History

2019-12-20 05:54:26 +01:00
{ config, pkgs, lib, ... }: {
2019-10-24 02:20:38 +02:00
imports = [
2021-09-27 18:53:45 +02:00
../../system/proxy
2019-10-24 02:20:38 +02:00
./hardware-configuration.nix
2021-09-27 18:53:45 +02:00
../../system/server/packages.nix
2019-10-24 02:20:38 +02:00
./nginx.nix
./tinc.nix
2021-08-05 09:01:39 +02:00
./bitwarden.nix
2022-01-13 13:40:18 +01:00
#./codimd.nix
2020-04-22 22:25:26 +02:00
#./syncplay.nix
2021-10-13 20:55:57 +02:00
./grocy.nix
2019-10-24 02:20:38 +02:00
];
2021-10-05 22:00:44 +02:00
sops.defaultSopsFile = ../../secrets/sputnik.yaml;
2019-12-20 05:54:26 +01:00
networking.hostName = "sputnik";
2019-10-24 02:20:38 +02:00
networking.useDHCP = true;
boot.kernelParams = [ "net.ifnames=0" ];
boot.loader.grub = {
2019-12-20 05:54:26 +01:00
enable = true;
2019-10-24 02:20:38 +02:00
version = 2;
2019-12-20 05:54:26 +01:00
device = "/dev/sda";
2019-10-24 02:20:38 +02:00
};
# nix-shell -p speedtest_cli --run speedtest
configuration.fireqos = {
enable = true;
interface = "eth0";
input = 55000;
output = 4000;
balance = false;
};
2019-12-20 05:54:26 +01:00
services.custom.ssh.sshd.rootKeyFiles =
2021-10-05 22:00:44 +02:00
[ ../../assets/ssh/jenkins.pub ];
2019-10-24 02:20:38 +02:00
# make sure ssh is only available trough the tinc
networking.firewall.extraCommands = ''
iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0
'';
# enable all subdomains to be reached to make nginx rules easier
services.dnsmasq = with lib; {
enable = true;
extraConfig = ''
${concatStringsSep "\n"
(flip mapAttrsToList config.module.cluster.services.tinc."private".hosts
(name: attrs: "address=/.${name}.private/${attrs.tincIp}"))}
'';
};
2019-10-24 02:20:38 +02:00
}