dotfiles/hosts/flame/default.nix

113 lines
3.5 KiB
Nix
Raw Normal View History

2023-02-11 14:35:38 +00:00
# The Flame
2022-10-01 16:21:34 +00:00
# System configuration for an Oracle free server
2022-10-04 00:45:05 +00:00
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
2023-02-11 14:35:38 +00:00
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
2022-10-01 16:21:34 +00:00
system = "aarch64-linux";
2022-07-27 01:11:07 +00:00
specialArgs = { };
modules = [
globals
inputs.home-manager.nixosModules.home-manager
2023-04-30 21:51:35 +00:00
../../modules/common
../../modules/nixos
2022-07-27 01:11:07 +00:00
{
nixpkgs.overlays = overlays;
2022-10-04 00:45:05 +00:00
2023-04-30 21:51:35 +00:00
# Hardware
server = true;
2023-02-11 14:35:38 +00:00
networking.hostName = "flame";
2023-04-30 21:51:35 +00:00
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
2023-04-30 21:51:35 +00:00
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Theming
gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
2022-10-04 00:45:05 +00:00
# Disable passwords, only use SSH key
2022-10-01 16:21:34 +00:00
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
2022-10-04 00:45:05 +00:00
2023-04-30 21:51:35 +00:00
# Programs and services
cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles
neovim.enable = true;
services.caddy.enable = true;
services.grafana.enable = true;
services.openssh.enable = true;
services.prometheus.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server
2023-04-30 21:51:35 +00:00
2023-07-03 15:49:21 +00:00
cloudflareTunnel = {
enable = true;
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../private/cloudflared-flame.age;
ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
2023-07-10 22:00:48 +00:00
giteaRunner.enable = true;
# Nextcloud backup config
2022-12-21 21:18:03 +00:00
backup.s3 = {
2022-10-08 15:52:05 +00:00
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
2022-10-16 03:47:21 +00:00
accessKeyId = "0026b0e73b2e2c80000000005";
2022-10-08 15:52:05 +00:00
};
# # Grant access to Jellyfin directories from Nextcloud
# users.users.nextcloud.extraGroups = [ "jellyfin" ];
# # Wireguard config for Transmission
# wireguard.enable = true;
# networking.wireguard.interfaces.wg0 = {
#
# # The local IPs for this machine within the Wireguard network
# # Any inbound traffic bound for these IPs should be kept on localhost
# ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
#
# peers = [{
#
# # Identity of Wireguard target peer (VPN)
# publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
#
# # The public internet address of the target peer
# endpoint = "86.106.143.132:51820";
#
# # Which outgoing IP ranges should be sent through Wireguard
# allowedIPs = [ "0.0.0.0/0" "::0/0" ];
#
# # Send heartbeat signal within the network
# persistentKeepalive = 25;
#
# }];
#
# };
# # VPN port forwarding
# services.transmission.settings.peer-port = 57599;
# # Grant access to Transmission directories from Jellyfin
# users.users.jellyfin.extraGroups = [ "transmission" ];
2022-12-21 21:18:03 +00:00
2022-07-27 01:11:07 +00:00
}
];
}