tlaternet-server/etc/nixos/configuration.nix

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./linode.nix
    <nixpkgs/nixos/modules/profiles/headless.nix>

    ./modules/networked-docker-containers.nix

    # FIXME: It'd be much nicer if these were imported further down,
    # and set inside the docker-containers set, instead of setting the
    # docker-containers set here.
    ./services/nginx.nix
    ./services/gitea.nix
    ./services/nextcloud.nix
    ./services/tlaternet.nix
  ];

  networking = {
    hostName = "tlaternet";

    usePredictableInterfaceNames = false;
    # useDHCP is deprecated
    useDHCP = false;
    interfaces.eth0.useDHCP = true;

    firewall = {
      enable = true;
      allowedTCPPorts = [
        80
        443
        2222
        2221
      ];
    };
  };

  time.timeZone = "Europe/London";

  users.users = {
    tlater = {
      isNormalUser = true;
      extraGroups = [ "docker" ];
      openssh.authorizedKeys.keyFiles = [ ./keys/tlater.pub ];
    };
  };

  services = {
    openssh = {
      enable = true;
      allowSFTP = false;
      passwordAuthentication = false;
      permitRootLogin = "no";
      ports = [ 2222 ];
      startWhenNeeded = true;
    };
  };

  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };

  system.stateVersion = "19.09";
}