From 06900b906fb64df473a5955b21c64ede4616d378 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Sun, 24 Sep 2023 20:35:09 +0200
Subject: Create base config from lapin

---
 configuration.nix | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 configuration.nix

(limited to 'configuration.nix')

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..24ae7e3
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,75 @@
+{ pkgs, ... }:
+
+let
+  util = import ./util.nix;
+
+  me = import ./me.nix { inherit util; };
+  security = import ./security.nix;
+in
+{
+  system.stateVersion = "23.05";
+
+  imports = [
+    (./hardware + "/${me.name}.nix")
+    (./machine + "/${me.name}.nix")
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+
+  users.mutableUsers = false;
+  users.users.mel = {
+    isNormalUser = true;
+    home = "/home/mel";
+    shell = pkgs.fish;
+    extraGroups = [ "wheel" "docker" ];
+
+    openssh.authorizedKeys.keys = security.keys; 
+    hashedPassword = security.password;
+  };
+
+  networking = {
+    hostName = me.name;
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
+    };
+  };
+
+  services = {
+    openssh = {
+      enable = true;
+      openFirewall = false;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false; 
+        PermitRootLogin = "no";
+      }; 
+    };
+    nginx.enable = true;
+    tailscale.enable = true;
+  };
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      enableOnBoot = true;
+    };
+  };
+
+  programs = {
+    fish.enable = true;
+  };
+
+  services.nginx.virtualHosts = {
+    default = { default = true; };
+    "${me.name}.rnrd.eu" = { root = "/var/www/html"; };
+  };
+
+  environment.variables = { EDITOR = "vim"; };
+  environment.systemPackages = with pkgs; [
+    vim
+  ]; 
+}
+
-- 
cgit 1.4.1