85 lines
2.2 KiB
Nix
85 lines
2.2 KiB
Nix
{ inputs, config, ... }:
|
|
let
|
|
hostname = "dnsc-vps-sm";
|
|
secretsDir = "${inputs.self}/secrets";
|
|
in
|
|
{
|
|
flake.nixosConfigurations.${hostname} = inputs.nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = with config.flake.modules.nixos; [
|
|
inputs.agenix.nixosModules.default
|
|
home-manager
|
|
base
|
|
server-shell
|
|
git
|
|
ssh
|
|
cli-tools
|
|
nix
|
|
restic
|
|
caddy
|
|
vaultwarden
|
|
uptime-kuma
|
|
homepage
|
|
actual-server
|
|
memos
|
|
forgejo
|
|
|
|
(
|
|
{ config, lib, ... }:
|
|
{
|
|
imports = [
|
|
./_hardware-configuration.nix
|
|
./_networking.nix
|
|
];
|
|
|
|
networking.hostName = hostname;
|
|
networking.hostId = "e5d5a602";
|
|
networking.domain = "dnsc.io";
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
22
|
|
80
|
|
443
|
|
];
|
|
};
|
|
|
|
system.stateVersion = "24.11";
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
|
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
# Fix due to https://github.com/NixOS/nixpkgs/issues/180175
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
|
|
|
# Secrets for this machine
|
|
age = {
|
|
identityPaths = [
|
|
"${config.users.users.dennis.home}/.ssh/id_ed25519"
|
|
];
|
|
secrets."vaultwarden/env" = {
|
|
file = "${secretsDir}/vaultwarden/env.age";
|
|
};
|
|
secrets."restic/password" = {
|
|
file = "${secretsDir}/restic/password.age";
|
|
};
|
|
secrets."forgejo/mail-password" = {
|
|
file = "${secretsDir}/forgejo/mail-password.age";
|
|
};
|
|
};
|
|
|
|
# Custom Module Options
|
|
restic.repository = "sftp:dnsc-storage:restic/dnsc-server";
|
|
restic.backupPaths = [
|
|
"/var/backup/vaultwarden"
|
|
"/var/lib/vaultwarden"
|
|
"/var/lib/actual-server"
|
|
"/var/lib/memos"
|
|
"/var/lib/uptime-kuma"
|
|
"/var/lib/forgejo"
|
|
];
|
|
}
|
|
)
|
|
];
|
|
};
|
|
}
|