Added domain option. Maybe fixed binary cache signing.

2019-03-23 02:50:48 +01:00 · 2019-03-23 02:50:48 +01:00 · 66ca5839e5
commit 66ca5839e5
parent 63e40a5a29
17 changed files with 238 additions and 139 deletions
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@ -0,0 +1,42 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  imports = [ 
+    ../../options/machine.nix 
+  ];
+
+  config.machine = {
+    hostName = "Ophanim";
+    domain = "ophanim.de";
+    allowUnfree = true;
+    conffiles = [
+      "etcvars"
+      "security"
+      "zsh"
+    ];
+    pkgs = [
+      "base"
+      "emacs"
+      "server"
+    ];
+    services = [
+      "fail2ban"
+      "gitea"
+      "hydra"
+      "mailserver"
+      "mariaDB"
+      "nextcloud"
+      "nginx"
+      "openssh"
+    ];
+    firewall = {
+      allowPing = false;
+      allowedUDPPorts = [ 22 80 443 ];
+      allowedTCPPorts = [ 80 443 ]; # 5222 5269 ];
+      allowedUDPPortRanges = [];
+      allowedTCPPortRanges = [];
+    };
+  };
+}