From e964e072ce2c8e1602a0781fbd248c18064cc390 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Fri, 13 May 2022 00:09:49 +0900 Subject: Reorganize and add copyright headers --- configuration.nix | 98 +++++++++++++++++++------------------------------------ 1 file changed, 33 insertions(+), 65 deletions(-) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index fe0ab32..8af1061 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,90 +1,58 @@ -{ config, lib, pkgs, ... }: -let - certs = config.security.acme.certs.${domain}; - domain = config.networking.domain; - bindUserDirs = sources: target: lib.mapAttrs' (user: dir: { - name = target + user; - value = { - device = "${config.users.users.${user}.home}/${dir}"; - options = [ "bind" ]; - }; - }) sources; -in { +# Overall configuration +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see . + +{ config, pkgs, ... }: +{ environment = { enableAllTerminfo = true; - systemPackages = with pkgs; [ git rsync vim ]; + systemPackages = with pkgs; [ git htop rsync vim ]; }; - fileSystems = bindUserDirs { - cnx = "www"; - } "${config.services.nginx.virtualHosts.${domain}.root}/~"; - imports = [ ./ipfs.nix ./matrix.nix + ./static.nix ./vpsadminos.nix ]; networking = { domain = "loang.net"; - - firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # TLS - 1965 # Gemini - ]; - hostName = "brno"; }; - security = { - acme = { - acceptTerms = true; - defaults.email = "mcsinyx@disroot.org"; - }; - - sudo = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; + security.sudo = { + enable = true; + execWheelOnly = true; + wheelNeedsPassword = false; }; - services = { - molly-brown = { - certPath = "${certs.directory}/cert.pem"; - docBase = "/var/lib/gemini/${domain}"; - enable = true; - hostName = domain; - keyPath = "${certs.directory}/key.pem"; - }; - - nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - root = "/var/lib/www/${domain}"; - }; - }; - - openssh = { - enable = true; - openFirewall = true; - passwordAuthentication = false; - ports = [ 2211 ]; - }; + services.openssh = { + enable = true; + openFirewall = true; + passwordAuthentication = false; + ports = [ 2211 ]; }; system.stateVersion = "22.05"; - systemd = { - extraConfig = '' + systemd.extraConfig = '' DefaultTimeoutStartSec=900s - ''; - services.molly-brown.serviceConfig.SupplementaryGroups = [ certs.group ]; - }; + ''; time.timeZone = "UTC"; -- cgit 1.4.1