sciety-bonfire-nix/configuration.nix_backup at main · sciety/sciety-bonfire-nix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{ config, pkgs, bonfire-app, ... }:

{
  imports =
    [
    ./hardware-configuration.nix
    ];

  nix.settings.experimental-features =["nix-command" "flakes"];

  time.timeZone = "europe/london";

  boot = {
   kernelPackages = pkgs.linuxPackages_6_1;
   supportedFilesystems = [ "btrfs"];

  loader.grub = {
  enable = true;
  version = 2;
  forceInstall = true;
  device = "/dev/sda";
  };
 };

 networking = {
  hostName = "nixos-vm";
  useDHCP = false;

  interfaces = {
   eth0.useDHCP = true;
 };

 firewall = {
  enable = true;
  allowedTCPPorts =[];
  allowedUDPPorts =[];
  };
 };

 nix = {
    gc = {
      automatic = true;
      dates = "monthly";
      options = "--delete-older-than 30d";
      };
    };

  environment.systemPackages = with pkgs; [
    git
    vim
    bonfire-app.packages.${pkgs.system}.default
  ];

  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
    passwordAuthentication = false;
  };

  services.fail2ban.enable = true;

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbtpVOYTYF0aCPNpQSUoU7efLH13RwCwiN4rmhl3RQN mark.williams@protonmail.com"
  ];

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_15;
    ensureDatabases = [ "bonfire" ];
    ensureUsers = [
      {
        name = "bonfire";
      }
    ];
    authentication = ''
      local   all             all                                     md5
      host    all             all             127.0.0.1/32            md5
      host    all             all             ::1/128                 md5
    '';
  };

  systemd.services.bonfire = {
    description = "Bonfire federated social app";
    after = [ "network.target" "postgresql.service" ];
    wantedBy = [ "multi-user.target" ];
    environment = {
      DATABASE_URL = "postgresql://bonfire:bonfirepassword@localhost/bonfire";
    };
    serviceConfig = {
      ExecStart = "${bonfire-app.packages.${pkgs.system}.default}/bin/bonfire";
      Restart = "always";
      User = "bonfire";
      WorkingDirectory = "/var/lib/bonfire";
    };
    preStart = ''
      mkdir -p /var/lib/bonfire
      chown bonfire:bonfire /var/lib/bonfire
    '';
  };

  users.users.bonfire = {
    isSystemUser = true;
    home = "/var/lib/bonfire";
    createHome = true;
    group = "bonfire";
  };
  users.groups.bonfire = {};

  system.stateVersion = "23.11";
}