niksos/hosts/chmura/configuration.nix

109 lines
2.2 KiB
Nix

{
pkgs,
config',
...
}: {
# fuck broadcom
nixpkgs.config.allowUnfree = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "Europe/Warsaw";
nix.settings = {
experimental-features = [
"flakes"
"nix-command"
];
trusted-users = [
"root"
config'.username
];
};
networking.hostName = config'.hostname;
programs.zsh.enable = true;
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
users.users.${config'.username} = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
shell = pkgs.zsh;
packages = with pkgs; [
curl
neovim
neofetch
git
wireguard-tools
ntfy
btop
docker
docker-compose
nodePackages_latest.pnpm
nodePackages_latest.prisma
prisma-engines
openssl
pkg-config
direnv
nix-direnv
git-annex
];
};
environment = {
shells = with pkgs; [zsh];
pathsToLink = [ "/share/zsh" ];
sessionVariables = {
EDITOR = "nvim";
};
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
services.caddy = {
enable = true;
virtualHosts."trollface.pl".extraConfig = ''
@discord {
header_regexp User-Agent (?i)(Discord)
path /
}
rewrite @discord /trollface.png
root * ${./trollface.pl}
file_server
'';
virtualHosts."test.jacekpoz.pl".extraConfig = ''
reverse_proxy * localhost:3001
'';
};
virtualisation = {
#podman = {
# enable = true;
# dockerCompat = true;
#};
#oci-containers.backend = "podman";
docker.enable = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 22 ];
system.stateVersion = "23.11";
}