mirror of
https://github.com/genebean/dots.git
synced 2026-05-31 07:45:20 -04:00
97 lines
2 KiB
Nix
97 lines
2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
username,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
../../../shared/nixos/nixroutes.nix
|
|
../../../shared/nixos/ports.nix
|
|
./disk-config.nix
|
|
./hardware-configuration.nix
|
|
./ports.nix
|
|
./post-install
|
|
];
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
boot.loader.grub = {
|
|
# no need to set devices, disko will add all devices that have a
|
|
# EF02 partition to the list already
|
|
# devices = [ ];
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
podman-tui # status of containers in the terminal
|
|
podman-compose
|
|
];
|
|
|
|
networking = {
|
|
firewall = {
|
|
allowedTCPPorts = lib.pipe config.dots.ports [
|
|
builtins.attrValues
|
|
(builtins.filter (e: e.openFirewall && e.protocol == "tcp"))
|
|
(map (e: e.port))
|
|
];
|
|
allowedUDPPorts = lib.pipe config.dots.ports [
|
|
builtins.attrValues
|
|
(builtins.filter (e: e.openFirewall && e.protocol == "udp"))
|
|
(map (e: e.port))
|
|
];
|
|
};
|
|
|
|
hostId = "85d0e6cb"; # head -c4 /dev/urandom | od -A none -t x4
|
|
|
|
networkmanager.enable = true;
|
|
};
|
|
|
|
programs.mtr.enable = true;
|
|
|
|
services = {
|
|
fail2ban.enable = true;
|
|
logrotate.enable = true;
|
|
ntopng = {
|
|
enable = false;
|
|
interfaces = [
|
|
"enp1s0"
|
|
"tailscale0"
|
|
];
|
|
};
|
|
openssh.settings = {
|
|
# require public key authentication for better security
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_16;
|
|
};
|
|
postgresqlBackup = {
|
|
enable = true;
|
|
backupAll = true;
|
|
startAt = "*-*-* 23:00:00";
|
|
};
|
|
uptime-kuma = {
|
|
enable = true;
|
|
settings = {
|
|
UPTIME_KUMA_HOST = "127.0.0.1";
|
|
#UPTIME_KUMA_PORT = "3001";
|
|
};
|
|
};
|
|
};
|
|
|
|
users.users.${username} = {
|
|
isNormalUser = true;
|
|
description = "Gene Liverman";
|
|
extraGroups = [
|
|
"networkmanager"
|
|
"wheel"
|
|
];
|
|
linger = true;
|
|
};
|
|
}
|