garionion/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

initial commit

Browse source
This commit is contained in:
garionion 2021-03-13 15:32:44 +01:00
commit 0e480bb6b6
36 changed files with 13615 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

63
common/common.nix Normal file
View file

@ -0,0 +1,63 @@
{ config, pkgs, ... }:
{
imports = [
../modules
];
boot.cleanTmpDir = true;
networking.firewall.allowPing = true;
networking.useDHCP = false;
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de-latin1-nodeadkeys";
};
time.timeZone = "Europe/Berlin";
system.autoUpgrade.enable = false;
system.autoUpgrade.allowReboot = false;
networking.domain = "net.entr0py.de";
networking.nameservers = [ "2a02:2970:1002::18" "46.182.19.48" "2001:1608:10:25::9249:d69b" "84.200.70.40" ];
networking.extraHosts =
''
2001:638:904:ffcb::5 scotty-router
'';
# Define a user account. Don't forget to set a password with passwd.
users.users.garionion = {
isNormalUser = true;
hashedPassword = "$6$NMzXsfARs2HVA4iq$55uxWCANME/HsjIg9HmZyxqGwlr7RpJfCcMad2OhbmUiHhdnOh/v9TDwT3Vt0mu9HE37Fh3b1g2yyEa3Dxxg80";
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== matze@darwin"];
};
users.users.root.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGw3Yuee8oSXSEqmoMzrqQrUizKV9sJbJMxAUC01wxvbxevAqFEpiGrznnu3K0HN3sfKItjqGkNDPDQ+mIlQwdwJAE0GyJIx9CMvo1RPugKSJ5rFh/vEgJTNMPaeYUb/L2rn3WEZHrZI5wwf+z4ljSHCVetAnaMKjk/+QQWgBHdvNImmA== matze@darwin"
];
environment.systemPackages = with pkgs; [
wget vim screen mtr iperf
htop dstat dnsutils nettools tcpdump
git zsh oh-my-zsh spaceship-prompt
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
ports = [1022];
passwordAuthentication = false;
};
security.acme.acceptTerms = true;
security.acme.email = "letsencrypt@entr0py.de";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.03"; # Did you read the comment?
}

5
common/kvm.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
services.qemuGuest.enable = true;
}

9
common/netdata.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, pkgs, ...}:
{
environment.systemPackages = with pkgs; [
netdata
];
networking.firewall.allowedTCPPorts = [ 19999 ];
services.netdata.enable = true;
}

35
common/nginx.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ...}:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
package = pkgs.nginxMainline;
enableReload = true;
proxyResolveWhileRunning = true;
resolver = {
addresses = [ "[2a02:2970:1002::18]" "46.182.19.48" "[2001:1608:10:25::9249:d69b]" "84.200.70.40" ];
};
appendHttpConfig = ''
server {
listen 0.0.0.0:80 default;
listen [::]:80 default;
location /.well-known/acme-challenge {
proxy_pass http://$host$request_uri;
}
location / {
return 301 https://$host$request_uri;
}
}
'';
streamConfig = ''
resolver [2a02:2970:1002::18] 46.182.19.48 [2001:1608:10:25::9249:d69b] 84.200.70.40 ;
server {
listen 0.0.0.0:443;
listen [::]:443;
proxy_pass $ssl_preread_server_name:443;
ssl_preread on;
}
'';
};
}