{ config, lib, pkgs, ... }: { imports = [ ../../common ./encboot.nix ./hardware.nix ./services/murmur.nix ./services/mail.nix ./services/codimd.nix ../../common # ./wireguard.nix ./services/nginx.nix # ./k8s.nix ./services/docker.nix ./services/gitlab-runner.nix ./services/lantifa.nix ./services/syncthing.nix ./services/monitoring.nix # ./services/workadventure.nix ./services/minecraft.nix ./services/mattermost.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; boot.supportedFilesystems = [ "zfs" ]; # stop *something* from loading ip_tables and breaking nftables boot.blacklistedKernelModules = [ "ip_tables" "ip6_tables" "x_tables"]; # networking networking.hostName = "hainich"; networking.hostId = "8a58cb2f"; networking.useDHCP = true; networking.interfaces.enp6s0.ipv4.addresses = [ { address = "46.4.63.148"; prefixLength = 27; } { address = "46.4.63.158"; prefixLength = 27; } ]; networking.interfaces.enp6s0.ipv6.addresses = [ { address = "2a01:4f8:140:84c9::1"; prefixLength = 64; } ]; networking.defaultGateway = "46.4.63.129"; networking.nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; networking.defaultGateway6 = { address = "fe80::1"; interface = "enp6s0"; }; hacc.nftables.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.internalIPs = [ "192.168.100.0/24" "172.17.0.0/16" ]; networking.nat.externalInterface = "enp6s0"; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.enable = false; # misc time.timeZone = "UTC"; environment.systemPackages = with pkgs; [ wget vim git ]; services.openssh.enable = true; services.openssh.ports = [ 22 62954 ]; users.users.root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvmrk3i04tXfrSlZtHFbG3o6lQgh3ODMWmGDING4TJ4ctidexmMNY15IjVjzXZgQSET1uKLDLITiaPsii8vaWERZfjm3jjub845mpKkKv48nYdM0eCbv7n604CA3lwoB5ebRgULg4oGTi60rQ4trFf3iTkJfmiLsieFBZz7l+DfgeDEjDNSJcrkOggGBrjE5vBXoDimdkNh8kBNwgMDj1kPR/FHDqybSd5hohCJ5FzQg9vzl/x/H1rzJJKYPO4svSgHkYNkeoL84IZNeHom+UEHX0rw2qAIEN6AiHvNUJR38relvQYxbVdDSlaGN3g26H2ehsmolf+U0uQlRAXTHo0NbXNVYOfijFKL/jWxNfH0aRycf09Lu60oY54gkqS/J0GoQe/OGNq1Zy72DI+zAwEzyCGfSDbAgVF7Y3mU2HqcqGqNzu7Ade5oCbLmkT7yzDM3x6IsmT1tO8dYiT8Qv+zFAECkRpw3yDkJkPOxNKg10oM318whMTtM3yqntE90hk= schweby@taxusbaccata" ]; initialHashedPassword = "$6$F316njEF2$GMF4OmPSF6QgZ3P/DblQ/UFMgoo98bztbdw7X0ygvBGC1UMMIc13Vtxjd/ZGRYW/pEHACZZ7sbRZ48t6xhvO7/"; # shell = pkgs.fish; }; # storage stuffs! services.zfs = { autoSnapshot = { enable = true; frequent = 12; hourly = 18; daily = 3; weekly = 0; monthly = 0; }; autoScrub = { enable = true; }; }; boot.kernelPackages = pkgs.linuxPackages; services.restic.backups.tardis = { passwordFile = "/etc/restic/system"; s3CredentialsFile = "/etc/restic/system.s3creds"; paths = [ "/data" "/home" "/run/florinori" "/var/lib/containers/codimd/var/lib/codimd" "/var/lib/containers/codimd/var/backup/postgresql" "/var/lib/containers/lantifa/var/lib/mediawiki" "/var/lib/containers/lantifa/var/backup/mysql" "/var/lib/murmur" "/var/lib/syncthing" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 3" ]; repository = "b2:tardis-hainich:system"; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.03"; # Did you read the comment? }