diff options
author | Profpatsch <mail@profpatsch.de> | 2022-06-27 00:38:41 +0200 |
---|---|---|
committer | Profpatsch <mail@profpatsch.de> | 2022-06-27 00:38:41 +0200 |
commit | d614baf80e676e3047e67d545f94e61cba2d7a0c (patch) | |
tree | 335f20e334a4aeea293b2925eb5b5167eb4ed964 /machines/profpatsch/leguin.nix | |
parent | 73a10bbc8cf639b8f7ccf84b9451a2a3dad1f294 (diff) |
machines/leguin: Actually set up
Diffstat (limited to 'machines/profpatsch/leguin.nix')
-rw-r--r-- | machines/profpatsch/leguin.nix | 54 |
1 files changed, 22 insertions, 32 deletions
diff --git a/machines/profpatsch/leguin.nix b/machines/profpatsch/leguin.nix index 31aa1c26..bc9fed67 100644 --- a/machines/profpatsch/leguin.nix +++ b/machines/profpatsch/leguin.nix @@ -5,8 +5,8 @@ let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; tailscaleInterface = "tailscale0"; - # tailscaleAddress = "100.76.60.85"; - # ethernetInterface = "enp0s20"; + + hostname = "leguin"; myKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMQvmOfon956Z0ZVdp186YhPHtSBrXsBwaCt0JAbkf/U/P+4fG0OROA++fHDiFM4RrRHH6plsGY3W6L26mSsCM2LtlHJINFZtVILkI26MDEIKWEsfBatDW+XNAvkfYEahy16P5CBtTVNKEGsTcPD+VDistHseFNKiVlSLDCvJ0vMwOykHhq+rdJmjJ8tkUWC2bNqTIH26bU0UbhMAtJstWqaTUGnB0WVutKmkZbnylLMICAvnFoZLoMPmbvx8efgLYY2vD1pRd8Uwnq9MFV1EPbkJoinTf1XSo8VUo7WCjL79aYSIvHmXG+5qKB9ed2GWbBLolAoXkZ00E4WsVp9H philip@nyx"; @@ -15,31 +15,25 @@ in { imports = [ ./base-server.nix + ./thinkpad.nix ]; config = { # TODO abstract out vuizvui.modifyNixPath = false; - nix.nixPath = [ - "nixpkgs=${with pkgs.vuizvui.profpatsch; filterSourceGitignoreWith { - gitignoreLines = - readGitignoreFile "${toString pkgs.path}/.gitignore"; - globMap = glob: - # filter out the non-rooted file globs, - # because those take forever to filter - # (10(!) seconds evaluation time in my test). - if (!glob.isDir && !glob.isRooted) - then null - else glob; - } pkgs.path}" - # TODO? - # "vuizvui=/root/vuizvui" - # TODO: nicer? - "nixos-config=${pkgs.writeText "leguin-configuration.nix" '' - (import <vuizvui/machines>).profpatsch.leguin.config - ''}" - ]; + nix = { + nixPath = [ + # cop out, if you really need a tool locally on the server, just use latest unstable + "nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz" + ]; + + extraOptions = '' + auto-optimise-store = true + min-free = ${toString (3 * 1024 * 1024 * 1024)} + ''; + + }; boot.loader.grub.device = "/dev/sda"; @@ -54,21 +48,18 @@ in }; }; + vuizvui.user.profpatsch.server.sshPort = 7001; + users.users = { root.openssh.authorizedKeys.keys = [ myKey ]; }; security.acme.acceptTerms = true; - security.acme.email = "mail@profpatsch.de"; + security.acme.defaults.email = "mail@profpatsch.de"; networking = { - nat = { - # enable = true; - # externalInterface = ethernetInterface; - # internalInterfaces = [ wireguard.interface ]; - }; - hostName = "leguin"; + hostName = hostname; firewall = { allowedTCPPorts = [ 80 443 @@ -82,14 +73,13 @@ in }; }; - # nameservers = [ - # "62.210.16.6" - # "62.210.16.7" }; services.tailscale = { enable = true; - # interfaceName = tailscaleInterface; + interfaceName = tailscaleInterface; }; + # strict filtering breaks some tailscale features + networking.firewall.checkReversePath = "loose"; }; } |