# Overall configuration # Copyright (C) 2022 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { pkgs, ... }: { environment = { enableAllTerminfo = true; systemPackages = with pkgs; [ git htop man-pages rsync vim ]; }; fileSystems."/mnt/nas" = { device = "172.16.129.228:/nas/4905"; options = [ "nfsvers=3" ]; fsType = "nfs"; }; imports = [ ./automation.nix ./dbms.nix ./dns.nix ./irc.nix ./git.nix ./mail.nix ./matrix.nix ./music.nix ./push.nix ./static.nix ./status.nix ./vpsadminos.nix ]; networking = { domain = "loang.net"; hostName = "brno"; nftables = { enable = true; ruleset = '' table inet filter { # https://openai.com/gptbot-ranges.txt set gptbot_ipv4 { type ipv4_addr flags interval elements = { 20.15.240.64/28, 20.15.240.80/28, 20.15.240.96/28, 20.15.240.176/28, 20.15.241.0/28, 20.15.242.128/28, 20.15.242.144/28, 20.15.242.192/28, 40.83.2.64/28 } } chain output { type filter hook output priority 0 policy accept ip daddr @gptbot_ipv4 counter reject } chain input { type filter hook output priority 0 policy accept ip saddr @gptbot_ipv4 counter reject } } ''; }; }; security.sudo = { enable = true; wheelNeedsPassword = false; }; services.openssh = { enable = true; openFirewall = true; settings.PasswordAuthentication = false; ports = [ 2211 ]; }; system.stateVersion = "22.05"; systemd.extraConfig = '' DefaultTimeoutStartSec=900s ''; time.timeZone = "UTC"; users.users = { axl = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/axl.pub" ]; }; ckie = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/ckie.pub" ]; }; cnx = { extraGroups = [ "wheel" ]; isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/cnx.pub" ]; packages = with pkgs; [ stow ]; }; epoch = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/epoch.pub" ]; }; int2k = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/int2k.pub" ]; }; mingnho = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/mingnho.pub" ]; }; owocean = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/owocean.pub" ]; }; xarvos = { extraGroups = [ "wheel" ]; isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/xarvos.pub" ]; }; }; }