{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; networking.hostName = "venus"; # Define your hostname. networking.nameservers = ["1.1.1.1" "8.8.8.8"]; networking.firewall = { enable = true; interfaces."wg0" = { allowedTCPPorts = [7654]; }; }; # Wireguard tunnel to oracle age.secrets.wireguardThinkcentre.file = ../../secrets/wireguard-thinkcentre.age; networking.wg-quick.interfaces = { wg0 = { address = ["10.0.10.2/32"]; listenPort = 51820; privateKeyFile = config.age.secrets.wireguardThinkcentre.path; peers = [ { publicKey = "sdqT2l1HRe9rDYejJ+luQK8zdC+/KqDuQ1rpvZq/KlQ="; endpoint = "150.136.162.107:51820"; allowedIPs = ["10.0.10.1/24"]; persistentKeepalive = 25; } ]; }; }; # Set your time zone. time.timeZone = "America/New_York"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; # Configure keymap in X11 services.xserver = { layout = "us"; xkbVariant = ""; }; services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; AllowUsers = ["michael"]; }; }; age.secrets.keycloakDb.file = ../../secrets/keycloak-db.age; services.keycloak = { enable = true; settings = { hostname-url = "https://auth.s.michaelt.xyz"; hostname-admin-url = "https://auth.s.michaelt.xyz"; hostname-strict = false; hostname-strict-https = false; # proxy-headers = "xforwarded"; proxy = "edge"; http-enabled = true; http-port = 7654; }; database.passwordFile = config.age.secrets.keycloakDb.path; }; virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.containers.traggo = { image = "traggo/server:latest"; autoStart = true; ports = ["127.0.0.1:3030:3030"]; volumes = [ "/var/lib/traggo/data:/opt/traggo/data" ]; environment = { TRAGGO_DEFAULT_USER_NAME = "michael"; TRAGGO_DEFAULT_USER_PASS = "NfvzH2H5eNJLAJb6"; }; }; swapDevices = [ { device = "/swapfile"; priority = 0; size = 16384; } ]; programs.zsh.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.michael = { isNormalUser = true; description = "Michael Thomas"; extraGroups = ["wheel" "docker" "podman" "adbusers" "dialout"]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ # Neptune "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUYHiTel+RDzygCeNwV25cnBBNioM19EQWqxPC+xq7lNlNcAQ4wi9JIOONVGkshxPXzKZyR3F53Igs9JZr1E9088L52eUp35JhW1pthai82cw1jGkj9wxcKJnU6b7QNDKA+ejPTC/ciFFKytMyPgID0ICzBRQsnj15i4lGvGDgfTQ7qfI2J855H7S7qOpY7cbsGfeoz3f8Ye1FspJFDsNu9QhX05iunBcbni0uLoTtgS5cEBRr7H9RkKR7GCfd4Ae/sp+aeDkLU4aBkEi+A8VLfR74Juia1j/3mAAmkgJKGcBCKUv0ixBGd6XclZmkF8f2Hx0z8mDxJ7U8lsDUSKdvxK7fecsM4F/GTvjrUxV1nLD4SRQ06GtBmGQGDzIn3Nm1URd6gGT9W3486XJsqmGzjuHa5o4WhmBgh/Gs8xUcv7kWD5enrYacBr+HKVJWnnLFp+XfAYaMCT6j/4jc4D9/9hijRbhboICTDxWCWtFgz7QpsO6BQpi/wkR4Ql61vPc= michael@neptune" # Oracle "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPc/HYsbpVsyoU2n0EiqQ4+3aSiFPtddjPCGK187W24f michael@oracle" ]; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.11"; # Did you read the comment? }