{ lib, config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/hardened.nix") ./hardware-configuration ../../system/all/defaults.nix ./service-forgejo-runner.nix ./service-forgejo.nix ./service-hedgedoc.nix ./service-nix-cache.nix ./service-photoprism.nix # ./service-surrealdb.nix # not really needed at the moment ./service-taskchampion.nix #./service-taskwarrior.nix ./service-vaultwarden.nix # ./service-vikunja.nix ./service-wastebin.nix ./nginx-ingolf-wagner-de.nix ./nginx-wkd.nix ./network-tinc.nix ./network-wireguard.nix ./media-arr.nix ./media-jellyfin.nix ./media-nextcloud.nix ./media-share.nix ./media-syncthing.nix ./media-transmission2.nix #./social-jitsi.nix ./social-matrix-terranix.nix ./topology.nix ]; networking.firewall.enable = true; services.logrotate.checkConfig = false; # because uid 3000 does not exist in here networking.hostName = "orbi"; components.terminal.enable = true; components.mainUser.enable = true; components.gui.enable = false; components.network.enable = true; components.network.nginx.landingpage.enable = false; components.network.wifi.enable = false; features.network.fail2ban.enable = true; features.boot.ssh.enable = true; components.monitor.enable = true; components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317"; components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ]; verify.closed.public.ports.opentelemetry = [ 4317 ]; security.acme.acceptTerms = true; security.acme.defaults.email = "contact@ingolf-wagner.de"; verify.closed.wg0.host = "10.100.0.1"; verify.closed.public.host = "orbi.public"; # chungus rsync users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ]; # todo : need this for syncoid environment.systemPackages = [ pkgs.mbuffer pkgs.lzop pkgs.gzip ]; }