diaz/nix_config_fabian
1
0
Fork 0
forked from fabian/nix
Code Pull requests Activity
nix_config_fabian/sys/platforms/vps/default.nix

188 lines
4.4 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
flakes,
modulesPath,
doctrine,
...
}:
with lib; {
imports = [
flakes.vpsadminos.nixosConfigurations.container
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
./srv
./networkMap.nix
];
local.sys = {
baseline.enable = true;
borgsync = {
enable = true;
paths = [
"/var/lib/forgejo"
"/var/lib/mealie"
"/var/lib/trilium"
"/var/lib/forgejo"
];
repoName = "vps";
};
users.fabian = {
enable = true;
sshKeyPublicFile = [pki/id_ed25519.pub]; # move this out someday
};
};
trivium = {
soju = {
enable = true;
fullyQualifiedDomain = "soju.posixlycorrect.com";
};
mediawiki = {
enable = true;
hostName = "wiki.posixlycorrect.com";
name = "posixlycorrect wiki";
passwordFile = "/run/keys/mediawiki-password";
skins = {
citizen = "${flakes.mediawikiSkinCitizen}";
};
extraConfig = ''
# Disable anonymous editing and account creation
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgDefaultSkin = 'citizen';
$wgDefaultMobileSkin = 'citizen';
$wgCitizenThemeDefault = 'dark';
$wgCitizenShowPageTools = 'login';
$wgLogos = [
'icon' => "https://posixlycorrect.com/favicon.png",
'1x' => "https://posixlycorrect.com/favicon.png",
'2x' => "https://posixlycorrect.com/favicon.png",
];
$wgEnableEmail = false; #TODO: arreglar esto
$wgNoReplyAddress = 'mediawiki@posixlycorrect.com';
$wgEmergencyContact = 'mediawiki@posixlycorrect.com';
$wgPasswordSender = 'mediawiki@posixlycorrect.com';
'';
extensions = {
# some extensions are included and can enabled by passing null
VisualEditor = null;
CategoryTree = null;
CiteThisPage = null;
Scribunto = null;
Cite = null;
CodeEditor = null;
Math = null;
MultimediaViewer = null;
PdfHandler = null;
Poem = null;
SecureLinkFixer = null;
WikiEditor = null;
ParserFunctions = null;
};
};
};
services.openssh = {
settings.PasswordAuthentication = false;
};
programs.mosh.enable = true;
networking = {
hostName = "vps";
domain = "posixlycorrect.com";
firewall.allowedUDPPorts = [51820]; #TODO
};
time.timeZone = "Europe/Amsterdam";
systemd = {
extraConfig = ''
DefaultTimeoutStartSec=900s
'';
network = let
inherit (config.local.sys) nets;
in {
enable = true;
netdevs = {
wg-vpn = {
netdevConfig = {
Name = "wg-vpn";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/var/trust/wg/vpn/key.priv";
ListenPort = "51820";
};
wireguardPeers = [
{
PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";
AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];
}
{
PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";
AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];
}
];
};
};
networks = {
wg-vpn = {
name = "wg-vpn";
networkConfig = {
Address = [
nets.vpn-vps.hosts.vps.v6.cidr
];
};
routes = [
{
Destination = nets.vpn.v6.cidr;
}
{
Source = nets.vpn.v6.cidr;
}
];
};
};
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit flakes;
doctrine = flakes.trivionomicon.lib.mkDoctrine {
inherit pkgs;
inherit (doctrine) prefix;
namespace = "hm";
};
};
users.fabian = {
imports = [
flakes.impermanence.nixosModules.home-manager.impermanence
"${flakes.self}/home/platforms/fabian@vps"
"${flakes.self}/home"
];
};
};
}
View git blame Copy permalink