{ inputs, outputs, _lib, config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./networking.nix inputs.home-manager.nixosModules.home-manager inputs.ip-whitelist.nixosModules.default ../../modules/openssh ../../modules/vaultwarden ../../modules/uptime-kuma ../../modules/glance ../../modules/docker ../../modules/actual-server ]; # Secrets age = { identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; secrets."vaultwarden/env".file = ../../secrets/vaultwarden/env.age; secrets."restic/password".file = ../../secrets/restic/password.age; }; # Generated automatically boot.tmp.cleanOnBoot = true; zramSwap.enable = true; # General time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; # Nix Settings nix.gc = { automatic = true; dates = "03:15"; options = "-d"; }; nix.settings.auto-optimise-store = true; programs.bash = { enable = true; }; security.sudo.enable = true; # Networking networking.hostName = "dnsc-vps-sm"; networking.hostId = "380f585f"; networking.domain = "dnsc.io"; networking.networkmanager.enable = true; # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 systemd.services.NetworkManager-wait-online.enable = false; # Firewall networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; ipBasedAllowedTCPPorts = [ { port = 22; ips = [ "100.103.199.4" "100.115.100.87" "100.83.40.63" ]; } ]; }; # My user account users.users.dennis = { description = "dennis"; initialPassword = "admin"; isNormalUser = true; linger = true; extraGroups = [ "wheel" "networkmanager" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnmuxDkpDIku5t1Tykz21u78xoQ7LJR8JEcfth32LGu dennis@dnsc-work" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8LXdDU3C4PcCHb/BEm1xQIZyo2KTR5Dcuw6ni+SxmH dennis@dnsc-machine" ]; }; # Home Manager Setup home-manager = { extraSpecialArgs = { inherit inputs outputs; }; backupFileExtension = "backup"; users = { dennis = import ../../home/server.nix; }; }; # Enable new Nix CLI and flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Install system wide packages environment.systemPackages = with pkgs; [ git btop neovim wget docker-compose actual-server restic glance ncdu ]; # Programs # GnuPG programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # Services # Tailscale services.tailscale.enable = true; # Caddy services.caddy = { enable = true; virtualHosts."www.dnsc.io".extraConfig = '' redir https://dnsc.io{uri} ''; virtualHosts."dnsc.io".extraConfig = '' encode gzip file_server root * /var/www/homepage ''; virtualHosts."slides.dnsc.io".extraConfig = '' encode gzip file_server root * /var/www/slides ''; virtualHosts."vault.dnsc.io".extraConfig = '' reverse_proxy localhost:8222 ''; virtualHosts."uptime.dnsc.io".extraConfig = '' reverse_proxy localhost:9000 ''; virtualHosts."home.dnsc.io".extraConfig = '' reverse_proxy localhost:9001 ''; virtualHosts."finance.dnsc.io".extraConfig = '' reverse_proxy localhost:9002 ''; }; # Restic services.restic.backups.dnsc-vps-sm-backup = { initialize = true; passwordFile = config.age.secrets."restic/password".path; repository = "sftp:u295965@u295965.your-storagebox.de:restic/dnsc-vps-sm"; paths = [ "/var/backup/vaultwarden" ]; pruneOpts = [ "--keep-daily 1" "--keep-weekly 3" "--keep-monthly 5" "--keep-yearly 10" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; }; }; # Environment variables environment.variables.EDITOR = "nvim"; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; }