121 lines
2 KiB
Nix
121 lines
2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
cfg = config.machine;
|
|
in
|
|
{
|
|
config.machine = rec {
|
|
hostName = "Ophanim";
|
|
domain = "ophanim.de";
|
|
administrators = [
|
|
{
|
|
name = "derped";
|
|
id = 1337;
|
|
}
|
|
];
|
|
mailAccounts = [
|
|
{
|
|
name = "derped";
|
|
aliases = [
|
|
"postmaster"
|
|
"baensch"
|
|
];
|
|
}
|
|
{
|
|
name = "august";
|
|
aliases = [
|
|
];
|
|
}
|
|
];
|
|
allowUnfree = true;
|
|
conffiles = [
|
|
"etcvars"
|
|
"security"
|
|
"zsh"
|
|
];
|
|
pkgs = [
|
|
"base"
|
|
"server"
|
|
"nvim"
|
|
"nvim::cmp"
|
|
"nvim::fugitive"
|
|
"nvim::harpoon"
|
|
"nvim::kanagawa-nvim"
|
|
"nvim::lsp"
|
|
"nvim::lsp::bash"
|
|
"nvim::lsp::nix-nil"
|
|
"nvim::lsp::python"
|
|
"nvim::lualine"
|
|
"nvim::nvim-highlight"
|
|
"nvim::telescope"
|
|
"nvim::tmux-navigate"
|
|
"nvim::treesitter"
|
|
"nvim::trim"
|
|
"nvim::undotree"
|
|
];
|
|
services = [
|
|
"acme"
|
|
"btrbk"
|
|
"btrfs"
|
|
"fail2ban"
|
|
"forgejo"
|
|
"impermanence"
|
|
"mailserver"
|
|
"mariaDB"
|
|
"nginx"
|
|
"openssh"
|
|
"radicale"
|
|
"tmux"
|
|
# TODO: re-add sservices
|
|
# "tandoor"
|
|
# "tt-rss"
|
|
];
|
|
vHosts =
|
|
let
|
|
base = domain;
|
|
in
|
|
[
|
|
{
|
|
domain = base;
|
|
service = "simple";
|
|
}
|
|
{
|
|
domain = "cal.${base}";
|
|
service = "radicale";
|
|
}
|
|
{
|
|
domain = "mail.${base}";
|
|
service = "mail";
|
|
}
|
|
{
|
|
domain = "git.${base}";
|
|
service = "forgejo";
|
|
}
|
|
# {
|
|
# domain = "food.${base}";
|
|
# service = "tandoor";
|
|
# }
|
|
# {
|
|
# domain = "feed.${base}";
|
|
# service = "tt-rss";
|
|
# }
|
|
];
|
|
firewall = {
|
|
enable = true;
|
|
allowPing = false;
|
|
allowedUDPPorts = [
|
|
22
|
|
80
|
|
443
|
|
];
|
|
allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
};
|
|
};
|
|
}
|