{ config, lib, pkgs, sources, modules, ... }: { imports = [ ../common ./hardware.nix modules.encboot modules.network.nftables modules.nftnat sources.nix-hexchen.nixosModules.profiles.nopersist ./nextcloud.nix ./mattermost.nix ./murmur.nix ./hedgedoc-hacc.nix ./hedgedoc-i4f.nix ./mail.nix ./forgejo.nix ./nginx-pages.nix ./vaultwarden.nix ./tracktrain.nix ./uffd.nix ./lxc.nix ]; hexchen.bindmounts."/var/lib/acme" = "/persist/var/lib/acme"; hexchen.encboot = { enable = true; dataset = "-a"; networkDrivers = [ "igb" ]; }; sops.defaultSopsFile = ../secrets.yaml; sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ]; boot.loader.grub.enable = true; boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; boot.supportedFilesystems = [ "zfs" ]; networking.hostId = "b2867696"; networking.useDHCP = true; networking.nftables.enable = true; hexchen.nftables.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "enp35s0"; networking.hostName = "parsons"; networking.interfaces.enp35s0.ipv6.addresses = [{ address = "2a01:4f9:3a:2ddb::1"; prefixLength = 64; }]; networking.defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; }; boot = { kernelModules = [ "nf_nat_ftp" ]; kernel.sysctl = { "net.ipv4.conf.all.forwarding" = lib.mkOverride 90 true; "net.ipv4.conf.default.forwarding" = lib.mkOverride 90 true; }; }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { "parsons.hacc.space" = { default = true; locations."/".return = "404"; }; "hacc.space" = { enableACME = true; forceSSL = true; locations."/".return = "302 https://hacc.earth"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.restic.backups.tardis = { passwordFile = "/run/secrets/restic/system"; environmentFile = "/run/secrets/restic/s3creds.env"; paths = [ "/home" "/persist" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 3" ]; repository = "b2:tardis-parsons:system"; }; sops.secrets = { "restic/system" = {}; "restic/s3creds.env" = {}; }; system.stateVersion = "21.05"; }