tlaternet-server/etc/nixos/configuration.nix
2019-11-26 23:06:50 +00:00

104 lines
3.2 KiB
Nix

{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./linode.nix
];
networking = {
hostName = "tlater.net";
# useDHCP is deprecated
useDHCP = false;
interfaces.eth0.useDHCP = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
2222
];
};
};
time.timeZone = "Europe/London";
users.users = {
tlater = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOu0MwDJJcnh0JO3rFWqB5i7Katc06z913FJ2mrSwTMsvZrvsfCWeoHkwTZB72nUPhyAR5VtGruoSKDrX486ps+g4+Ec37/Bmij/4F+Kkfa8VjIiqlis2owPa1eWz0Oczvl1Bg+oSraNY75v2Q4cgrjrJyyA+UdG1TUBijBUa16Tqb0jzq7ZXu+HRdMTVSDMbYYiQObs16HTA0KyKT3nd8l18PFqni66ar6OV6k5oLbuXKEFoDI13/JFiD1r/LDghAoDhzAXfPeUsKDeilRwlddqcigpiassGLj1cdqVep3H1GWQ9q0TI1UadN7K3jeEwJVyjBH37duj4/ulWkUlLv tlater@haruna"
];
};
lauren = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsQbwAdxtl4psbt0lkBaG9UZeJgDcI8xHWbot3cCM4avbfFjfpYhhv5SPlYvRKG4BqHXcK12oATKqKCapJhonR34K3khPiHGex+BUVs19bGTSj7NdXKFSvIDltdTeTA8gmpcOwT3ctlN7mdRNJdMIM3gzmFAu6DFOq/QnSNQViQDSvULyo4ElT48MS0fFuGCFT/bUGZaLQjnfHcnPegtBVfoZRNpLu+qgJZGm36mnzmovvza9cwm7ZE53FFjy4iGk/SzVw8li2b3Om3GgmdJd63ZPUI8wyLowPWQhQzf+N488WUe8mBw8dqUR4vhYSWTWhbQOuEqI2ttyWNrc0ApkknQgwLNzHVTFbaDL5Y0ATQaK7pzZ/c9GOS1dRMSEGFYwSY+pdMzXhIyG9wNCuDSFCXOluocbh4kJ42gdEI12IZ4GgYp5EgJ3obXXNDRizghrqljone415kga1fp+LVA3gLeScoh/DtB3EZ6oa1Dt9LjL8CH6KwX8wFUipCwcUkOCLairiMYyR2P6A9KBPtW/+JI7WaMO6SrBn/IS6wvqHr9If6dClyjpKHD5fqjDF8VrOyBfdGLU1WnYdHHPjmBRsJloLX85bZQtrJChBOS30wfeWwIIsBJOuqdj0/PlYmfq9l6NfGVoowC7BWJMw3Nl91CFfGD44cRUQM0oGQweEnQ== me@laurenweston.com"
];
};
};
environment.systemPackages = with pkgs; [
];
services = {
openssh = {
enable = true;
allowSFTP = false;
passwordAuthentication = false;
permitRootLogin = "no";
ports = [ 2222 ];
startWhenNeeded = true;
};
};
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
docker-containers = {
nginx-proxy = {
image = "jwilder/nginx-proxy:alpine";
ports = [
"80:80"
"443:443"
];
volumes = [
# So that we can watch new containers come up
"/var/run/docker.sock:/tmp/docker.sock:ro"
# So that we can access generated certs
"nginx-certs:/etc/nginx/certs:ro"
# So that we can write challenge files for letsencrypt auth
"nginx-challenges:/usr/share/nginx/html"
# So that we can modify config on-the-fly to set up challenge
# files
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
};
};
nginx-proxy-letsencrypt = {
image = "jrcs/letsencrypt-nginx-proxy-companion";
volumes = [
"/var/run/docker.sock:/var/run/dokcer.sock:ro"
"nginx-certs:/etc/nginx/certs"
"nginx-challenges:/usr/share/nginx/html"
"nginx-conf:/etc/nginx/vhost.d"
];
environment = {
DEFAULT_EMAIL = "tm@tlater.net";
};
};
};
system.stateVersion = "19.09";
}