paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
infrastructure/nix/gilgamesh/configuration.nix
Paul Brinkmeier f2f12a2688
All checks were successful
Check / Lint Ansible Files (push) Successful in 3m1s
Details
Add agenix, spigot-server and ionos-dyndns to gilgamesh config
2023-11-19 03:09:42 +01:00

147 lines
4.5 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, lib, ... }:
let
agenix = builtins.fetchTarball {
url = "https://github.com/ryantm/agenix/archive/daf42cb35b2dc614d1551e37f96406e4c4a2d3e4.tar.gz";
sha256 = "0gbn01hi8dh7s9rc66yawnmixcasadf20zci4ijzpd143ph492ad";
};
in {
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
"${agenix}/modules/age.nix"
../modules/spigot-server.nix
../modules/ionos-dyndns.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda";
networking.hostName = "gilgamesh"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de-latin1";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.paul = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMFqREiw3EareYXntIrm1/numKDo113zx1WMOFO69LJ paul"
];
# packages = with pkgs; [];
};
# Users in group wheel may sudo without password
security.sudo.wheelNeedsPassword = false;
# Users in group wheel are special friends of the Nix daemon
nix.settings.trusted-users = [
"@wheel"
];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
tmux
bottom
(pkgs.callPackage ../packages/ionos-dyndns.nix {})
];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
# Enable Avahi for mDNS (advertise hostname in LAN)
services.avahi = {
enable = true;
nssmdns = true;
};
services.spigot-server = {
enable = true;
user = "spigot";
};
# Secrets management
age.secrets = {
ionos-prefix = {
file = ../secrets/ionos-prefix.age;
owner = "ionos-dyndns";
group = "ionos-dyndns";
};
ionos-secret = {
file = ../secrets/ionos-secret.age;
owner = "ionos-dyndns";
group = "ionos-dyndns";
};
};
# DynDNS stuff. IONOS has a (proprietary?) API for this,
# so we're using a Python script from the interwebs :shrug:
services.ionos-dyndns = {
enable = true;
# Must match the user owning the secrets below. See agenix config
# above for more details.
user = "ionos-dyndns";
apiPrefixPath = config.age.secrets.ionos-prefix.path;
apiSecretPath = config.age.secrets.ionos-secret.path;
aaaa = true;
fqdn = "blocks.beany.club";
interface = "enp0s25";
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 25565 ];
networking.firewall.allowedUDPPorts = [ 25565 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# TODO: Backups
# Practical hardware options
services.logind.lidSwitch = "ignore";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink