nixos-config/machines/orbi/configuration.nix
2024-09-14 07:09:41 +07:00

90 lines
2.2 KiB
Nix

{
lib,
config,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/hardened.nix")
./hardware-configuration
../../system/all/defaults.nix
./service-forgejo-runner.nix
./service-forgejo.nix
./service-hedgedoc.nix
./service-nix-cache.nix
./service-photoprism.nix
# ./service-surrealdb.nix # not really needed at the moment
./service-taskchampion.nix
#./service-taskwarrior.nix
./service-vaultwarden.nix
# ./service-vikunja.nix
./service-wastebin.nix
./nginx-ingolf-wagner-de.nix
./nginx-wkd.nix
./network-tinc.nix
./network-wireguard.nix
./media-arr.nix
./media-jellyfin.nix
./media-nextcloud.nix
./media-share.nix
./media-syncthing.nix
./media-transmission2.nix
#./social-jitsi.nix
./social-matrix-terranix.nix
./topology.nix
];
networking.firewall.enable = true;
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
networking.hostName = "orbi";
components.terminal.enable = true;
components.mainUser.enable = true;
components.gui.enable = false;
components.network.enable = true;
components.network.nginx.landingpage.enable = false;
components.network.wifi.enable = false;
features.network.fail2ban.enable = true;
features.boot.ssh.enable = true;
components.monitor.enable = true;
components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
verify.closed.public.ports.opentelemetry = [ 4317 ];
security.acme.acceptTerms = true;
security.acme.defaults.email = "contact@ingolf-wagner.de";
verify.closed.wg0.domain = "10.100.0.1";
verify.closed.public.domain = "orbi.public";
# chungus rsync
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD"
];
# todo : need this for syncoid
environment.systemPackages = [
pkgs.mbuffer
pkgs.lzop
pkgs.gzip
];
}