# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./amanuensis.nix ./redstring.nix ./catacomb.nix ./gitea.nix ]; # Use the GRUB 2 boot loader. boot.loader.grub = { enable = true; version = 2; device = "/dev/xvda"; extraConfig = "serial --unit=0 --speed=115200 ; terminal_input serial console ; terminal_output serial console"; }; boot.kernelParams = ["console=ttyS0"]; nix.package = pkgs.nixFlakes; networking.hostName = "empyrean"; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; networking.interfaces.eth0.useDHCP = true; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; # Set your time zone. time.timeZone = "UTC"; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim htop git tinc_pre python3 gitea ]; environment.variables.EDITOR = "vim"; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { # Static pages "www.alogoulogoi.com" = { enableACME = true; forceSSL = true; root = "/srv/www/"; extraConfig = '' access_log /var/log/nginx/access.www.log; index index.html; ''; }; # Deny all other subdomains "alogoulogoi.com" = { default = true; locations."/".return = "444"; }; }; }; security.acme = { email = "tim.vanbaak+alogoulogoi@gmail.com"; acceptTerms = true; }; services.gitolite = { enable = true; adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDkSvOcY0eFuYqewc73MNHGP/Owzfnt+BZDSOCwr4h+gJenOBmXol695sRKdIw8phgshb6LsNyWeEAr3YISwzjdOvWNKpSsdyH/79VFIffC+/RBhPFhIPHn1zpHIwgthXji8FMmnO6B1bhJvbJxD5bUqhdBLnUeMhNgUkDj4Qi42S8yK1VZkgWRuPOTGqlzkODEdzG6OST7ndL58jEQaK8R2KRC2cZfrjingmPL+ORyf1/lGwyF6MEAmbQuE6UdspMs8FWt2e8jQJS+ZQ8dl+NDFrC1QfPRFpBJWnQceBcfAVZTtDaJpRhc4ClZstBy/bVRjiKeQiNv5NasjKRvvIvot4+LXmBKrXJs81enExtMSHMPuqPRlyVZLMMCVmdLDP/HUYOASDzlUhV/v5Wp0jjY4Wy0IWC7nm7P8EKsp1ZofwU6rJ9XPLpQJt7UUURX71h1FMaqi+lylW6xkD3LqD8oT5Bdp+Vs0bUbPQVRw1Fenjc6G1URU94GOAggyNgsWms= root@empyrean"; }; services.ntp = { enable = true; servers = ["time.nist.gov"]; }; services.openssh = { enable = true; passwordAuthentication = false; permitRootLogin = "prohibit-password"; }; services.tinc.networks.beatific = { listenAddress = "0.0.0.0"; chroot = false; }; services.nebula.networks.beatific = { enable = true; # Network certificate and host credentials ca = "/etc/nebula/beatific/ca.crt"; cert = "/etc/nebula/beatific/empyrean.crt"; key = "/etc/nebula/beatific/empyrean.key"; # This host has a well-known IP at prgmr, so it can function as a lighthouse/entry node isLighthouse = true; # Listen to connection requests from the public Internet listen.port = 4242; listen.host = "vpn.alogoulogoi.com"; # Don't filter anything at the VPN level. firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ]; firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ]; settings = { # Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other punchy = { punch = true; response = true; }; }; }; networking.firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 # ssh 80 # http 443 # https 655 # tinc ]; allowedUDPPorts = [ 655 # tinc ]; }; users.users.tvb = { isNormalUser = true; group = "tvb"; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. }; users.groups.tvb = {}; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.03"; # Did you read the comment? }