nixos-config/configs/sputnik/configuration.nix

{ config, pkgs, lib, ... }: {
  imports = [

    <system/proxy>
    ./hardware-configuration.nix

    ./nginx.nix
    ./tinc.nix

    # ./mail-server.nix

  ];

  networking.hostName = "sputnik";
  networking.useDHCP = true;

  boot.kernelParams = [ "net.ifnames=0" ];
  boot.loader.grub = {
    enable = true;
    version = 2;
    device = "/dev/sda";
  };

  # nix-shell -p speedtest_cli --run speedtest
  configuration.fireqos = {
    enable = true;
    interface = "eth0";
    input = 55000;
    output = 4000;
    balance = false;
  };

  services.custom.ssh.sshd.rootKeyFiles =
    [ (toString <secrets/ssh/jenkins_rsa.pub>) ];

  # make sure ssh is only available trough the tinc
  networking.firewall.extraCommands = ''
    iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0
  '';

}