73 lines
1.7 KiB
Nix
73 lines
1.7 KiB
Nix
{
|
|
lib,
|
|
inputs,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
../../config/base.nix
|
|
];
|
|
my = {
|
|
secureHost = true;
|
|
enableProxy = true;
|
|
users.nixremote = {
|
|
enable = true;
|
|
authorizedKeys = inputs.self.lib.getSshKeys [
|
|
"nixworkstation"
|
|
"nixserver"
|
|
"nixminiserver"
|
|
];
|
|
};
|
|
interfaces = lib.mkMerge [
|
|
{
|
|
vps = "eth0";
|
|
}
|
|
];
|
|
services = {
|
|
network.enable = true;
|
|
wireguard.enable = true;
|
|
};
|
|
};
|
|
environment.etc."iptables.rules".source = ../../iptables;
|
|
networking.firewall.enable = false;
|
|
networking.nftables.enable = false;
|
|
systemd.services.iptables-restore = {
|
|
description = "Apply iptables ruleset";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-pre.target" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
ExecStart = "${pkgs.iptables}/bin/iptables-restore --wait /etc/iptables.rules";
|
|
};
|
|
};
|
|
image.modules.linode = { };
|
|
networking.hostName = "vps";
|
|
sops.age = {
|
|
generateKey = true;
|
|
keyFile = "/var/lib/sops-nix/key.txt";
|
|
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
};
|
|
users = {
|
|
groups = {
|
|
deploy = { };
|
|
lidarr-reports = { };
|
|
};
|
|
users = {
|
|
deploy = {
|
|
isSystemUser = true;
|
|
group = "deploy";
|
|
openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_deploy.pub ];
|
|
};
|
|
lidarr-reports = {
|
|
isSystemUser = true;
|
|
group = "lidarr-reports";
|
|
openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_lidarr-reports.pub ];
|
|
};
|
|
};
|
|
};
|
|
environment.systemPackages = [ ];
|
|
}
|