nixos/configuration.nix at master · j0shmillar/nixos · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{ pkgs, config, lib, ... }:

{
  imports = [ ./hardware-configuration.nix ];

  boot.loader = {
    grub.enable = true;
    grub.device = "/dev/sda";
  };
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  environment.systemPackages = with pkgs; [
    git # for nix flakes
    vim
  ];

  programs.bash.promptInit = ''
    PS1='\u@\h:\w \$ '
  '';

  users.users = rec {
    root.initialHashedPassword = "$y$j9T$6uL8/7Rp71jCiozms9mr90$zE3rOYbaR1.WH8R/xwjOghwxzWYoxKw/39YhqbDE7VA";
    eilean = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      initialHashedPassword = root.initialHashedPassword;
      openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFEtnJgmx9T3QQlaAn+ZxQGo2cJp/YNJv8XciJ3544V jm4622@ic.ac.uk"
      ];
    };
  };


  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };

  networking.domain = "suiomh.org";

  networking.hosts."acme-v02.api.letsencrypt.org" = [ "172.65.32.248" ];
  security.acme.acceptTerms = true;
  security.acme-eon.acceptTerms = true;

  services.nginx = {
    enable = true;
    virtualHosts."josh.suiomh.org" = {
      root = "/var/www/josh";
      enableACME = true;
      forceSSL = true;
    };
  };

  security.acme.email = "jdm@suiomh.org";

  i18n.defaultLocale = "en_GB.UTF-8";
  time.timeZone = "Europe/London";
  console.keyMap = "uk";

  eilean = {
    serverIpv4 = "37.27.47.35";
    serverIpv6 = "fe80::9400:4ff:fe4e:6d8b";
    publicInterface = "enp1s0";

    username = "jdm";

    mailserver.enable = true;
    #matrix.enable = true;
    # mastodon.enable = true;
    # gitea.enable = true;
    # headscale.enable = true;
  };

  system.stateVersion = "23.05"; # Did you read the comment?
}