forked from hacc/haccfiles
stuebinm
960426f68f
This reverts commit d933a6ef98
.
The conference was held months ago, and as agreed beforehand, we would
delete this instance after two months, which is now.
This revert was partially done by hand, since sops does not play nice
with automated git merged (these lead to mac mismatches).
93 lines
2 KiB
Nix
93 lines
2 KiB
Nix
{ config, lib, pkgs, sources, modules, ... }:
|
|
|
|
{
|
|
imports = [
|
|
../common
|
|
./hardware.nix
|
|
modules.encboot
|
|
modules.nopersist
|
|
./nftables.nix
|
|
./nextcloud.nix
|
|
./mattermost.nix
|
|
./murmur.nix
|
|
./hedgedoc-hacc.nix
|
|
./hedgedoc-i4f.nix
|
|
./mail.nix
|
|
./forgejo.nix
|
|
./nginx-pages.nix
|
|
./vaultwarden.nix
|
|
./tracktrain.nix
|
|
./uffd.nix
|
|
./lxc.nix
|
|
./monit.nix
|
|
];
|
|
|
|
hacc.bindToPersist = [ "/var/lib/acme" ];
|
|
|
|
hacc.encboot = {
|
|
enable = true;
|
|
dataset = "-a";
|
|
networkDrivers = [ "igb" ];
|
|
};
|
|
|
|
sops.defaultSopsFile = ../secrets.yaml;
|
|
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
|
|
networking.hostId = "b2867696";
|
|
networking.useDHCP = true;
|
|
networking.nftables.enable = true;
|
|
|
|
networking.hostName = "parsons";
|
|
|
|
networking.interfaces.enp35s0.ipv6.addresses = [{
|
|
address = "2a01:4f9:3a:2ddb::1";
|
|
prefixLength = 64;
|
|
}];
|
|
networking.defaultGateway6 = {
|
|
address = "fe80::1";
|
|
interface = "enp35s0";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
virtualHosts = {
|
|
"parsons.hacc.space" = {
|
|
default = true;
|
|
locations."/".return = "404";
|
|
};
|
|
"hacc.space" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".return = "302 https://hacc.earth";
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.restic.backups.tardis = {
|
|
passwordFile = "/run/secrets/restic/system";
|
|
environmentFile = "/run/secrets/restic/s3creds.env";
|
|
paths = [
|
|
"/home"
|
|
"/persist"
|
|
];
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 5"
|
|
"--keep-monthly 3"
|
|
];
|
|
repository = "b2:tardis-parsons:system";
|
|
};
|
|
|
|
sops.secrets = {
|
|
"restic/system" = {};
|
|
"restic/s3creds.env" = {};
|
|
};
|
|
|
|
system.stateVersion = "21.05";
|
|
}
|