124 lines
3.8 KiB
Nix
124 lines
3.8 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
|
|
networking.hostName = "oracle";
|
|
networking.domain = "subnet08161027.vcn08161027.oraclevcn.com";
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedUDPPorts = [51820];
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
services.openssh.settings = {
|
|
PasswordAuthentication = false;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [wireguard-tools];
|
|
|
|
# Wireguard tunnel
|
|
age.secrets.wireguardOracle.file = ../../secrets/wireguard-oracle.age;
|
|
networking.wg-quick.interfaces = {
|
|
wg0 = {
|
|
address = ["10.0.10.1/24"];
|
|
listenPort = 51820;
|
|
privateKeyFile = config.age.secrets.wireguardOracle.path;
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "iKJO9Q8LsdCdApapTX9CJmrtAKn1TYhg4YUiBUBPzmo=";
|
|
allowedIPs = ["10.0.10.2/32"];
|
|
}
|
|
{
|
|
publicKey = "IM7i+2BFsa+XyA4V4jd8iM+jpW307rDEkPOGdSddfzI=";
|
|
allowedIPs = ["10.0.10.3/32"];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
programs.zsh.enable = true;
|
|
environment.variables.EDITOR = "nvim";
|
|
|
|
users.users.michael = {
|
|
isNormalUser = true;
|
|
home = "/home/michael";
|
|
description = "Michael Thomas";
|
|
extraGroups = ["wheel" "networkmanager"];
|
|
shell = pkgs.zsh;
|
|
openssh.authorizedKeys.keys = [
|
|
''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUYHiTel+RDzygCeNwV25cnBBNioM19EQWqxPC+xq7lNlNcAQ4wi9JIOONVGkshxPXzKZyR3F53Igs9JZr1E9088L52eUp35JhW1pthai82cw1jGkj9wxcKJnU6b7QNDKA+ejPTC/ciFFKytMyPgID0ICzBRQsnj15i4lGvGDgfTQ7qfI2J855H7S7qOpY7cbsGfeoz3f8Ye1FspJFDsNu9QhX05iunBcbni0uLoTtgS5cEBRr7H9RkKR7GCfd4Ae/sp+aeDkLU4aBkEi+A8VLfR74Juia1j/3mAAmkgJKGcBCKUv0ixBGd6XclZmkF8f2Hx0z8mDxJ7U8lsDUSKdvxK7fecsM4F/GTvjrUxV1nLD4SRQ06GtBmGQGDzIn3Nm1URd6gGT9W3486XJsqmGzjuHa5o4WhmBgh/Gs8xUcv7kWD5enrYacBr+HKVJWnnLFp+XfAYaMCT6j/4jc4D9/9hijRbhboICTDxWCWtFgz7QpsO6BQpi/wkR4Ql61vPc= michael@neptune''
|
|
|
|
''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQr9lluvuGk3qU1bE7HrrZcE36x5hhD5Dat+E4My55aoh+Df/JeuWMPvzS4zLKMsIIZCUX6kbjvTtvWe7gPLflhDOUGI947MK9B01pojDn0LBugz57Ai9fPlG5+AlMWaxWitmP8JB637oxBpqesqxHdiEKW25u9t2qOvjX3kCdcoSYDlW72Xm8ZI9+qKcAlGLnFhiQxM18rjHcZYdn9ZyWRRSC1ocuTqnbh5lsYoMhD+4QWo5LmwMVjr5uix0i+ktqKzENaiDgA/MQIWQrHqUavfjvMRyyQO7bScVTe/PllKFpLOBym2SLC5hD7vG69BBo0dQUto8tAbIgI9Tmv1dx michael@venus''
|
|
];
|
|
};
|
|
|
|
swapDevices = [
|
|
{
|
|
device = "/var/lib/swapfile";
|
|
size = 4 * 1024;
|
|
}
|
|
];
|
|
|
|
# Services
|
|
services.caddy = {
|
|
enable = true;
|
|
package = let
|
|
caddyWithPlugins = builtins.fetchurl {
|
|
url = "https://raw.githubusercontent.com/jpds/nixpkgs/a33b02fa9d664f31dadc8a874eb1a5dbaa9f4ecf/pkgs/servers/caddy/default.nix";
|
|
sha256 = "sha256:1x1g6qyhmclz2jyc5nmfjsri3xx4pw5rd15n2xjkxlgdcvywcv5f";
|
|
};
|
|
in (pkgs.callPackage "${caddyWithPlugins}" {
|
|
externalPlugins = [
|
|
{
|
|
name = "greenpau/caddy-security";
|
|
repo = "github.com/greenpau/caddy-security";
|
|
version = "v1.1.23";
|
|
}
|
|
];
|
|
vendorHash = "sha256-rGNyeHZZBxVM8GMUQMV/JzkK9S/l8tefaQde/d4x9LA=";
|
|
});
|
|
globalConfig = ''
|
|
email michaelhthomas@outlook.com
|
|
'';
|
|
virtualHosts = {
|
|
"auth.s.michaelt.xyz".extraConfig = ''
|
|
reverse_proxy http://10.0.10.2:7654
|
|
'';
|
|
"traggo.s.michaelt.xyz".extraConfig = ''
|
|
reverse_proxy http://10.0.10.2:3030
|
|
'';
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
|
|
my.server = {
|
|
domain = "s.michaelt.xyz";
|
|
proxyIP = "10.0.10.2";
|
|
};
|
|
my.services.homer.enable = true;
|
|
my.services.forgejo.proxy = true;
|
|
|
|
services.uptime-kuma = {
|
|
enable = true;
|
|
settings = {
|
|
port = "3001";
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."status.gringotts.michaelt.xyz".extraConfig = ''
|
|
reverse_proxy http://localhost:${config.services.uptime-kuma.settings.PORT}
|
|
'';
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|