JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
7a6a0dceed
nixos/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
Jake Hillion 7a6a0dceed
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details
caddy: modularise properly
2023-04-07 23:29:55 +01:00

91 lines
2.6 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
{
config.system.stateVersion = "22.05";
config.networking.hostName = "vm";
config.networking.domain = "strangervm.ts.hillion.co.uk";
imports = [
../../modules/common/default.nix
../../modules/drone/server.nix
../../modules/matrix/default.nix
../../modules/resilio/default.nix
./hardware-configuration.nix
];
config.boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
## Custom Services
config.custom.www.global.enable = true;
## Networking
config.networking.interfaces.ens18.ipv4.addresses = [{
address = "10.72.164.3";
prefixLength = 24;
}];
config.networking.defaultGateway = "10.72.164.1";
config.networking.firewall = {
allowedTCPPorts = lib.mkForce [
22 # SSH
];
allowedUDPPorts = lib.mkForce [ ];
interfaces = {
ens18 = {
allowedTCPPorts = lib.mkForce [
80 # HTTP 1-2
443 # HTTPS 1-2
];
allowedUDPPorts = lib.mkForce [
443 # HTTP 3
];
};
};
};
## Tailscale
config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".file = ../../secrets/tailscale/vm.strangervm.ts.hillion.co.uk.age;
config.tailscalePreAuth = config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".path;
## Resilio Sync (Encrypted)
config.services.resilio.enable = true;
config.services.resilio.deviceName = "vm.strangervm";
config.services.resilio.directoryRoot = "/data/sync";
config.services.resilio.storagePath = "/data/sync/.sync";
config.age.secrets."resilio/encrypted/dad" = {
file = ../../secrets/resilio/encrypted/dad.age;
owner = "rslsync";
group = "rslsync";
};
config.age.secrets."resilio/encrypted/projects" = {
file = ../../secrets/resilio/encrypted/projects.age;
owner = "rslsync";
group = "rslsync";
};
config.age.secrets."resilio/encrypted/resources" = {
file = ../../secrets/resilio/encrypted/resources.age;
owner = "rslsync";
group = "rslsync";
};
config.age.secrets."resilio/encrypted/sync" = {
file = ../../secrets/resilio/encrypted/sync.age;
owner = "rslsync";
group = "rslsync";
};
config.resilioFolders = [
{ name = "dad"; secretFile = config.age.secrets."resilio/encrypted/dad".path; }
{ name = "projects"; secretFile = config.age.secrets."resilio/encrypted/projects".path; }
{ name = "resources"; secretFile = config.age.secrets."resilio/encrypted/resources".path; }
{ name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; }
];
## Backups
config.services.postgresqlBackup.location = "/data/backup/postgres";
}
Reference in New Issue View Git Blame Copy Permalink