2024-05-07 22:02:59 +00:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
home-manager,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}:
|
2024-02-29 14:53:34 +00:00
|
|
|
let
|
2024-05-07 22:02:59 +00:00
|
|
|
start-haven = pkgs.writeShellScriptBin "start-haven" (builtins.readFile ./start-haven.sh);
|
2024-02-29 14:53:34 +00:00
|
|
|
in
|
|
|
|
{
|
2024-05-07 22:02:59 +00:00
|
|
|
imports = [ ./hardware-configuration.nix ];
|
|
|
|
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
system.autoUpgrade.enable = lib.mkForce false;
|
2024-02-29 14:53:34 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
host = {
|
|
|
|
role = "server";
|
|
|
|
apps.development.kubernetes.enable = true;
|
|
|
|
services = {
|
|
|
|
apcupsd.enable = true;
|
|
|
|
duplicacy-web = {
|
|
|
|
enable = true;
|
|
|
|
autostart = false;
|
|
|
|
environment = "${config.users.users.aires.home}";
|
|
|
|
};
|
|
|
|
k3s = {
|
|
|
|
enable = true;
|
|
|
|
role = "server";
|
|
|
|
};
|
|
|
|
msmtp.enable = true;
|
|
|
|
};
|
|
|
|
users = {
|
|
|
|
aires = {
|
|
|
|
enable = true;
|
|
|
|
services = {
|
|
|
|
syncthing = {
|
|
|
|
enable = true;
|
|
|
|
autostart = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
media.enable = true;
|
|
|
|
};
|
|
|
|
};
|
2024-02-29 14:53:34 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
# Enable SSH
|
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
ports = [ 33105 ];
|
2024-02-29 14:53:34 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
settings = {
|
|
|
|
# require public key authentication for better security
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
PubkeyAuthentication = true;
|
2024-02-29 14:53:34 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
PermitRootLogin = "without-password";
|
|
|
|
};
|
|
|
|
};
|
2024-02-29 14:53:34 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
# Enable mdadm and Sapana (RAID 5 primary storage)
|
|
|
|
boot.swraid = {
|
|
|
|
enable = true;
|
|
|
|
# mdadmConf configured in nix-secrets
|
|
|
|
};
|
2024-05-06 13:37:46 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
# Open port for OpenVPN
|
|
|
|
networking.firewall.allowedUDPPorts = [ 1194 ];
|
2024-04-01 16:30:07 +00:00
|
|
|
|
2024-05-07 22:02:59 +00:00
|
|
|
# Add script for booting Haven
|
|
|
|
environment.systemPackages = [ start-haven ];
|
2024-04-01 16:30:07 +00:00
|
|
|
}
|