2022-12-06 17:56:29 +00:00
|
|
|
{ inputs, globals, overlays, ... }:
|
2022-10-31 00:14:41 +00:00
|
|
|
|
|
|
|
with inputs;
|
2022-07-27 01:11:07 +00:00
|
|
|
|
2022-10-01 16:21:34 +00:00
|
|
|
# System configuration for an Oracle free server
|
2022-10-04 00:45:05 +00:00
|
|
|
|
|
|
|
# How to install:
|
|
|
|
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
|
|
|
|
|
2022-07-27 01:11:07 +00:00
|
|
|
nixpkgs.lib.nixosSystem {
|
2022-10-01 16:21:34 +00:00
|
|
|
system = "aarch64-linux";
|
2022-07-27 01:11:07 +00:00
|
|
|
specialArgs = { };
|
|
|
|
modules = [
|
2022-12-21 21:18:03 +00:00
|
|
|
./hardware-configuration.nix
|
|
|
|
../../modules
|
2022-12-22 00:07:58 +00:00
|
|
|
../../nixos
|
2022-12-21 21:18:03 +00:00
|
|
|
(removeAttrs globals [ "mail.server" ])
|
2022-12-22 00:31:25 +00:00
|
|
|
wsl.nixosModules.wsl
|
2022-07-27 01:11:07 +00:00
|
|
|
home-manager.nixosModules.home-manager
|
|
|
|
{
|
2022-12-21 21:18:03 +00:00
|
|
|
server = true;
|
2022-10-04 00:45:05 +00:00
|
|
|
gui.enable = false;
|
2022-12-21 21:18:03 +00:00
|
|
|
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
|
2022-12-06 17:56:29 +00:00
|
|
|
nixpkgs.overlays = overlays;
|
2022-12-22 00:31:25 +00:00
|
|
|
wsl.enable = false;
|
2022-12-22 00:47:25 +00:00
|
|
|
caddy.enable = true;
|
2022-10-04 00:45:05 +00:00
|
|
|
|
|
|
|
# FQDNs for various services
|
2022-10-01 16:21:34 +00:00
|
|
|
networking.hostName = "oracle";
|
2022-10-02 14:48:51 +00:00
|
|
|
bookServer = "books.masu.rs";
|
2022-10-02 17:40:10 +00:00
|
|
|
streamServer = "stream.masu.rs";
|
2022-10-02 20:54:26 +00:00
|
|
|
nextcloudServer = "cloud.masu.rs";
|
2022-10-09 14:12:31 +00:00
|
|
|
transmissionServer = "download.masu.rs";
|
2022-10-14 13:08:13 +00:00
|
|
|
metricsServer = "metrics.masu.rs";
|
2022-10-16 18:10:11 +00:00
|
|
|
vaultwardenServer = "vault.masu.rs";
|
2022-10-16 20:34:28 +00:00
|
|
|
giteaServer = "git.masu.rs";
|
2022-10-04 00:45:05 +00:00
|
|
|
|
|
|
|
# Disable passwords, only use SSH key
|
2022-10-01 16:21:34 +00:00
|
|
|
publicKey =
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
|
2022-10-04 00:45:05 +00:00
|
|
|
|
2022-10-10 03:13:16 +00:00
|
|
|
# Nextcloud backup config
|
2022-12-21 21:18:03 +00:00
|
|
|
backup.s3 = {
|
2022-10-08 15:52:05 +00:00
|
|
|
endpoint = "s3.us-west-002.backblazeb2.com";
|
|
|
|
bucket = "noahmasur-backup";
|
2022-10-16 03:47:21 +00:00
|
|
|
accessKeyId = "0026b0e73b2e2c80000000005";
|
2022-10-08 15:52:05 +00:00
|
|
|
};
|
|
|
|
|
2022-10-10 03:13:16 +00:00
|
|
|
# Grant access to Jellyfin directories from Nextcloud
|
2022-10-04 00:45:05 +00:00
|
|
|
users.users.nextcloud.extraGroups = [ "jellyfin" ];
|
2022-10-10 03:13:16 +00:00
|
|
|
|
|
|
|
# Wireguard config for Transmission
|
2022-12-22 00:47:25 +00:00
|
|
|
wireguard.enable = true;
|
2022-10-10 03:13:16 +00:00
|
|
|
networking.wireguard.interfaces.wg0 = {
|
|
|
|
|
|
|
|
# The local IPs for this machine within the Wireguard network
|
|
|
|
# Any inbound traffic bound for these IPs should be kept on localhost
|
|
|
|
ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
|
|
|
|
|
|
|
|
peers = [{
|
|
|
|
|
|
|
|
# Identity of Wireguard target peer (VPN)
|
|
|
|
publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
|
|
|
|
|
|
|
|
# The public internet address of the target peer
|
|
|
|
endpoint = "86.106.143.132:51820";
|
|
|
|
|
|
|
|
# Which outgoing IP ranges should be sent through Wireguard
|
|
|
|
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
|
|
|
|
|
|
|
# Send heartbeat signal within the network
|
|
|
|
persistentKeepalive = 25;
|
|
|
|
|
|
|
|
}];
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
# VPN port forwarding
|
|
|
|
services.transmission.settings.peer-port = 57599;
|
|
|
|
|
|
|
|
# Grant access to Transmission directories from Jellyfin
|
|
|
|
users.users.jellyfin.extraGroups = [ "transmission" ];
|
2022-12-21 21:18:03 +00:00
|
|
|
|
|
|
|
# Proxy traffic with Cloudflare
|
|
|
|
cloudflare.enable = true;
|
|
|
|
|
|
|
|
# Setup Minecraft server
|
|
|
|
gaming.minecraft-server.enable = true;
|
|
|
|
|
|
|
|
# Clone dotfiles
|
|
|
|
dotfiles.enable = true;
|
|
|
|
|
2022-12-22 00:47:25 +00:00
|
|
|
neovim.enable = true;
|
|
|
|
|
2022-07-27 01:11:07 +00:00
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|