86 lines
1.7 KiB
Nix
86 lines
1.7 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./linode.nix
|
|
];
|
|
|
|
networking = {
|
|
hostName = "tlater.net";
|
|
|
|
# useDHCP is deprecated
|
|
useDHCP = false;
|
|
interfaces.eth0.useDHCP = true;
|
|
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
80
|
|
443
|
|
2222
|
|
3022
|
|
];
|
|
};
|
|
};
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
users.users = {
|
|
tlater = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "docker" ];
|
|
openssh.authorizedKeys.keyFiles = [ ./keys/tlater.pub ];
|
|
};
|
|
|
|
lauren = {
|
|
isNormalUser = true;
|
|
openssh.authorizedKeys.keyFiles = [ ./keys/lauren.pub ];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
allowSFTP = false;
|
|
passwordAuthentication = false;
|
|
permitRootLogin = "no";
|
|
ports = [ 2222 ];
|
|
startWhenNeeded = true;
|
|
};
|
|
};
|
|
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
autoPrune.enable = true;
|
|
};
|
|
|
|
docker-containers = {
|
|
## Reverse proxy
|
|
#
|
|
# These two services set up a reverse proxy that allows setting up
|
|
# SSL services with docker containers on subdomains easily.
|
|
#
|
|
# To use, simply set:
|
|
#
|
|
# ```nix
|
|
# environment = {
|
|
# VIRTUAL_HOST = "<subdomain>.tlater.net";
|
|
# LETSENCRYPT_HOST = "<subdomain>.tlater.net";
|
|
# }
|
|
# extraDockerOptions = [
|
|
# "--network=webproxy"
|
|
# ];
|
|
# ```
|
|
nginx-proxy = import ./services/nginx-proxy.nix;
|
|
nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;
|
|
|
|
## Actual service definitions
|
|
gitlab = import ./services/gitlab.nix;
|
|
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "19.09";
|
|
}
|