{ config, lib, pkgs, flakes, modulesPath, doctrine, ... }: with lib; { imports = [ flakes.vpsadminos.nixosConfigurations.container flakes.home-manager.nixosModules.home-manager flakes.impermanence.nixosModule ./hardware-configuration.nix ./srv ./networkMap.nix ]; local.sys = { baseline.enable = true; borgsync = { enable = true; paths = [ "/var/lib/forgejo" "/var/lib/mealie" "/var/lib/trilium" "/var/lib/forgejo" ]; repoName = "vps"; }; users.fabian = { enable = true; sshKeyPublicFile = [pki/id_ed25519.pub]; # move this out someday }; }; trivium = { soju = { enable = true; fullyQualifiedDomain = "soju.posixlycorrect.com"; }; mediawiki = { enable = true; hostName = "wiki.posixlycorrect.com"; name = "posixlycorrect wiki"; passwordFile = "/run/keys/mediawiki-password"; skins = { citizen = "${flakes.mediawikiSkinCitizen}"; }; extraConfig = '' # Disable anonymous editing and account creation $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createaccount'] = false; $wgDefaultSkin = 'citizen'; $wgDefaultMobileSkin = 'citizen'; $wgCitizenThemeDefault = 'dark'; $wgCitizenShowPageTools = 'login'; $wgLogos = [ 'icon' => "https://posixlycorrect.com/favicon.png", '1x' => "https://posixlycorrect.com/favicon.png", '2x' => "https://posixlycorrect.com/favicon.png", ]; $wgEnableEmail = false; #TODO: arreglar esto $wgNoReplyAddress = 'mediawiki@posixlycorrect.com'; $wgEmergencyContact = 'mediawiki@posixlycorrect.com'; $wgPasswordSender = 'mediawiki@posixlycorrect.com'; ''; extensions = { # some extensions are included and can enabled by passing null VisualEditor = null; CategoryTree = null; CiteThisPage = null; Scribunto = null; Cite = null; CodeEditor = null; Math = null; MultimediaViewer = null; PdfHandler = null; Poem = null; SecureLinkFixer = null; WikiEditor = null; ParserFunctions = null; }; }; }; services.openssh = { settings.PasswordAuthentication = false; }; programs.mosh.enable = true; networking = { hostName = "vps"; domain = "posixlycorrect.com"; firewall.allowedUDPPorts = [51820]; #TODO }; time.timeZone = "Europe/Amsterdam"; systemd = { extraConfig = '' DefaultTimeoutStartSec=900s ''; network = let inherit (config.local.sys) nets; in { enable = true; netdevs = { wg-vpn = { netdevConfig = { Name = "wg-vpn"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/var/trust/wg/vpn/key.priv"; ListenPort = "51820"; }; wireguardPeers = [ { PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU="; PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk"; AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"]; } { PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks="; PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk"; AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"]; } ]; }; }; networks = { wg-vpn = { name = "wg-vpn"; networkConfig = { Address = [ nets.vpn-vps.hosts.vps.v6.cidr ]; }; routes = [ { Destination = nets.vpn.v6.cidr; } { Source = nets.vpn.v6.cidr; } ]; }; }; }; }; home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = { inherit flakes; doctrine = flakes.trivionomicon.lib.mkDoctrine { inherit pkgs; inherit (doctrine) prefix; namespace = "hm"; }; }; users.fabian = { imports = [ flakes.impermanence.nixosModules.home-manager.impermanence "${flakes.self}/home/platforms/fabian@vps" "${flakes.self}/home" ]; }; }; }