diff options
Diffstat (limited to 'users/tazjin/nixos/polyanka/default.nix')
-rw-r--r-- | users/tazjin/nixos/polyanka/default.nix | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/users/tazjin/nixos/polyanka/default.nix b/users/tazjin/nixos/polyanka/default.nix new file mode 100644 index 000000000000..c7f41b95aa0c --- /dev/null +++ b/users/tazjin/nixos/polyanka/default.nix @@ -0,0 +1,135 @@ +# VPS hosted at GleSYS, running my Quassel and some random network +# stuff. + +_: # ignore readTree options + +{ config, depot, lib, pkgs, ... }: + +let + mod = name: depot.path.origSrc + ("/ops/modules/" + name); + usermod = name: depot.path.origSrc + ("/users/tazjin/nixos/modules/" + name); +in +{ + imports = [ + (mod "quassel.nix") + (mod "www/base.nix") + (usermod "tgsa.nix") + (usermod "predlozhnik.nix") + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" "sd_mod" "sr_mod" ]; + + # Adjust to disk size increases + boot.growPartition = true; + + virtualisation.vmware.guest.enable = true; + virtualisation.vmware.guest.headless = true; + + nix.settings.trusted-users = [ "tazjin" ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/4c51357a-1e34-4b59-b169-63af1fcdce71"; + fsType = "ext4"; + }; + + networking = { + hostName = "polyanka"; + domain = "tazj.in"; + useDHCP = false; + + # Required for VPN usage + networkmanager.enable = true; + + interfaces.ens192 = { + ipv4.addresses = lib.singleton { + address = "159.253.30.129"; + prefixLength = 24; + }; + + ipv6.addresses = lib.singleton { + address = "2a02:750:7:3305::308"; + prefixLength = 64; + }; + }; + + defaultGateway = "159.253.30.1"; + defaultGateway6.address = "2a02:750:7:3305::1"; + + firewall.enable = true; + firewall.allowedTCPPorts = [ 22 80 443 ]; + + nameservers = [ + "79.99.4.100" + "79.99.4.101" + "2a02:751:aaaa::1" + "2a02:751:aaaa::2" + ]; + }; + + time.timeZone = "UTC"; + + security.acme.acceptTerms = true; + security.acme.certs."polyanka.tazj.in" = { + listenHTTP = ":80"; + email = "mail@tazj.in"; + group = "quassel"; + }; + + programs.fish.enable = true; + + users.users.tazjin = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = depot.users.tazjin.keys.all; + }; + + security.sudo.wheelNeedsPassword = false; + + services.depot.quassel = { + enable = true; + acmeHost = "polyanka.tazj.in"; + bindAddresses = [ + "0.0.0.0" + ]; + }; + + # Automatically collect garbage from the Nix store. + services.depot.automatic-gc = { + enable = true; + interval = "daily"; + diskThreshold = 2; # GiB + maxFreed = 8; # GiB + preserveGenerations = "14d"; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + curl + htop + jq + nmap + bat + emacs-nox + nano + wget + ]; + + programs.mtr.enable = true; + programs.mosh.enable = true; + services.openssh.enable = true; + + services.tailscale.enable = true; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + + system.stateVersion = "20.09"; +} |