2023-08-13 00:28:29 +02:00
|
|
|
{ config, pkgs, ... }:
|
2020-09-27 14:27:25 +02:00
|
|
|
|
2021-10-23 03:06:06 +02:00
|
|
|
let
|
|
|
|
|
# mkdir /etc/secrets/initrd -p
|
|
|
|
|
# chmod 700 -R /etc/secrets/
|
|
|
|
|
# ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
|
|
|
|
|
hostKeys = [{
|
|
|
|
|
path = "/etc/secrets/initrd/ssh_host_ed25519_key";
|
|
|
|
|
type = "ed25519";
|
|
|
|
|
}];
|
|
|
|
|
in with builtins; {
|
2020-09-27 14:27:25 +02:00
|
|
|
imports = [
|
2023-08-13 00:28:29 +02:00
|
|
|
../hardware/base.nix
|
|
|
|
|
../hardware/gpu-intel.nix
|
|
|
|
|
../desktop/x11.nix
|
|
|
|
|
../system/server.nix
|
2023-09-18 19:37:04 +02:00
|
|
|
../virtualisation/containers.nix
|
|
|
|
|
../virtualisation/podman.nix
|
2023-10-04 19:46:50 +02:00
|
|
|
../modules/inadyn.nix
|
2023-08-13 00:28:29 +02:00
|
|
|
../modules/systemdNotify.nix
|
|
|
|
|
../services/mail.nix
|
|
|
|
|
../services/restic/home-server.nix
|
|
|
|
|
../services/samba/home-server.nix
|
|
|
|
|
# ../services/kodi.nix
|
|
|
|
|
../services/jellyfin.nix
|
|
|
|
|
../services/etebase.nix
|
|
|
|
|
../services/website.nix
|
|
|
|
|
../services/wkd.nix
|
|
|
|
|
../services/home-assistant
|
|
|
|
|
../services/matrix
|
|
|
|
|
../services/immich.nix
|
|
|
|
|
../services/miniflux.nix
|
|
|
|
|
../services/paperless.nix
|
|
|
|
|
../services/nextcloud.nix
|
2023-09-29 22:45:34 +02:00
|
|
|
../services/collabora-office.nix
|
2023-08-13 00:28:29 +02:00
|
|
|
../services/calibre-web.nix
|
|
|
|
|
../services/focalboard.nix
|
2020-09-27 14:27:25 +02:00
|
|
|
];
|
|
|
|
|
|
2023-08-13 00:28:29 +02:00
|
|
|
age.secrets.cloudflare.file = ../secrets/cloudflare.age;
|
|
|
|
|
age.secrets.hostKey.file = ../secrets/home-server/hostKey.age;
|
2022-05-06 03:16:17 +02:00
|
|
|
|
2020-09-27 14:27:25 +02:00
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
2020-10-03 16:23:36 +02:00
|
|
|
networking.domain = "home.felschr.com";
|
|
|
|
|
|
2020-10-06 17:41:56 +02:00
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
2021-10-23 03:20:38 +02:00
|
|
|
networking.firewall.allowedUDPPorts = [ 80 443 ];
|
2020-10-03 16:23:36 +02:00
|
|
|
|
2022-01-01 02:06:35 +01:00
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
|
security.acme.defaults.email = "dev@felschr.com";
|
2020-10-03 16:23:36 +02:00
|
|
|
|
2023-10-04 19:46:50 +02:00
|
|
|
services.inadyn.enable = true;
|
|
|
|
|
services.inadyn.provider = "cloudflare.com";
|
|
|
|
|
services.inadyn.username = "felschr.com";
|
|
|
|
|
services.inadyn.passwordFile = config.age.secrets.cloudflare.path;
|
|
|
|
|
services.inadyn.extraConfig = ''
|
|
|
|
|
proxied = false
|
|
|
|
|
'';
|
|
|
|
|
services.inadyn.ipv4.enable = true;
|
|
|
|
|
services.inadyn.ipv4.command = "${pkgs.writeScript "get-ipv4" ''
|
|
|
|
|
/run/wrappers/bin/mullvad-exclude \
|
|
|
|
|
${pkgs.curl}/bin/curl -4 -s --retry 10 ifconfig.co
|
|
|
|
|
''}";
|
|
|
|
|
services.inadyn.ipv6.enable = true;
|
|
|
|
|
services.inadyn.ipv6.command = "${pkgs.writeScript "get-ipv6" ''
|
|
|
|
|
${pkgs.iproute2}/bin/ip -6 --brief addr show enp2s0 mngtmpaddr \
|
|
|
|
|
| ${pkgs.gawk}/bin/awk '{print $3}' \
|
|
|
|
|
| cut -f1 -d'/'
|
|
|
|
|
''}";
|
|
|
|
|
services.inadyn.domains = [
|
|
|
|
|
"felschr.com"
|
|
|
|
|
"openpgpkey.felschr.com"
|
|
|
|
|
"home.felschr.com"
|
|
|
|
|
"esphome.felschr.com"
|
|
|
|
|
"matrix.felschr.com"
|
|
|
|
|
"element.felschr.com"
|
|
|
|
|
"cloud.felschr.com"
|
|
|
|
|
"office.felschr.com"
|
|
|
|
|
"media.felschr.com"
|
|
|
|
|
"photos.felschr.com"
|
|
|
|
|
"books.felschr.com"
|
|
|
|
|
"news.felschr.com"
|
|
|
|
|
"etebase.felschr.com"
|
|
|
|
|
"paperless.felschr.com"
|
|
|
|
|
"boards.felschr.com"
|
|
|
|
|
];
|
2020-10-03 16:23:36 +02:00
|
|
|
|
2020-10-03 16:32:06 +02:00
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
};
|
|
|
|
|
|
2020-09-27 14:27:25 +02:00
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
|
2023-09-30 02:36:46 +02:00
|
|
|
programs.ssh.enableAskPassword = false;
|
|
|
|
|
|
2020-10-03 19:13:33 +02:00
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
2023-05-31 17:25:46 +02:00
|
|
|
settings = {
|
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
};
|
2021-10-23 03:06:06 +02:00
|
|
|
inherit hostKeys;
|
2020-10-03 19:13:33 +02:00
|
|
|
};
|
|
|
|
|
|
2021-06-10 12:01:40 +02:00
|
|
|
# ssh root@hostname "echo "$(read -s pass; echo \'"$pass"\')" > /crypt-ramfs/passphrase"
|
2022-08-06 16:03:12 +02:00
|
|
|
boot.initrd.availableKernelModules = [ "igb" ];
|
2021-10-23 03:06:06 +02:00
|
|
|
boot.initrd.network = {
|
2020-10-03 19:13:33 +02:00
|
|
|
enable = true;
|
2021-10-23 03:06:06 +02:00
|
|
|
ssh = {
|
|
|
|
|
enable = true;
|
2022-05-15 15:45:00 +02:00
|
|
|
hostKeys = map (f: f.path) hostKeys;
|
2021-10-23 03:06:06 +02:00
|
|
|
authorizedKeys = config.users.users.felschr.openssh.authorizedKeys.keys;
|
|
|
|
|
};
|
2020-10-03 19:13:33 +02:00
|
|
|
};
|
2020-09-27 14:27:25 +02:00
|
|
|
|
2023-01-06 19:03:57 +01:00
|
|
|
systemd.notify = {
|
|
|
|
|
enable = true;
|
|
|
|
|
method = "email";
|
|
|
|
|
email.mailTo = "admin@felschr.com";
|
|
|
|
|
email.mailFrom = "${config.networking.hostName} <felschr@web.de>";
|
|
|
|
|
};
|
2022-05-01 16:42:56 +02:00
|
|
|
|
2020-09-27 14:27:25 +02:00
|
|
|
# only change this when specified in release notes
|
2023-05-31 18:50:01 +02:00
|
|
|
system.stateVersion = "23.05";
|
2020-09-27 14:27:25 +02:00
|
|
|
}
|
