{ config, lib, pkgs, ... }: let domain = "loang.net"; bindUserDirs = sources: target: lib.mapAttrs' (user: dir: { name = "${target}/~${user}"; value = { device = "${config.users.users.${user}.home}/${dir}"; options = [ "bind" ]; }; }) sources; in { environment = { enableAllTerminfo = true; systemPackages = with pkgs; [ git rsync vim ]; }; fileSystems = bindUserDirs { cnx = "www"; } config.services.nginx.virtualHosts.${domain}.root; imports = [ ./vpsadminos.nix ]; networking = { domain = domain; firewall = { allowedTCPPorts = [ 80 # HTTP 443 # TLS 2211 # SSH 4001 # IPFS ]; allowedUDPPorts = [ 4001 # IPFS ]; }; hostName = "brno"; }; security = { acme = { acceptTerms = true; defaults.email = "mcsinyx@disroot.org"; }; sudo = { enable = true; execWheelOnly = true; wheelNeedsPassword = false; }; }; services = { ipfs = { enable = true; enableGC = true; extraConfig.GateWay = { NoFetch = true; PublicGateways.${domain} = { Paths = [ "/ipfs" "/ipns" ]; UseSubdomains = true; }; }; }; nginx = { enable = true; recommendedProxySettings = true; virtualHosts.${domain} = { enableACME = true; forceSSL = true; locations = let ipfsGateway = "http://localhost:8080"; in { "/ipfs".proxyPass = ipfsGateway; "/ipns".proxyPass = ipfsGateway; }; root = "/var/lib/www/${domain}"; }; }; openssh = { enable = true; passwordAuthentication = false; ports = [ 2211 ]; }; }; system.stateVersion = "22.05"; systemd.extraConfig = '' DefaultTimeoutStartSec=900s ''; time.timeZone = "UTC"; users.users = { ckie = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/ckie.pub" ]; }; cnx = { extraGroups = [ "wheel" ]; isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/cnx.pub" ]; packages = with pkgs; [ stow ]; }; owocean = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/owocean.pub" ]; }; xarvos = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/xarvos.pub" ]; }; }; }