{ pkgs, ... }: { imports = [ ./hardware.nix ]; # Running Services services = { openssh.enable = true; openssh.settings.PasswordAuthentication = false; tangled-knot = { enable = true; openFirewall = false; repo.mainBranch = "dev"; motd = "Bogos binted? 👽"; server = { owner = "did:plc:nmpjck4rv6hjscoxnwdltfyj"; hostname = "knot.sydney.blue"; }; }; nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; virtualHosts."knot.sydney.blue" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:5555"; proxyWebsockets = true; }; }; virtualHosts."bogos.binted.sydney.blue" = { forceSSL = true; enableACME = true; root = "/var/www/bogosbinted"; }; }; }; # Base Packages environment.systemPackages = with pkgs; [ ghostty.terminfo tmux arch-install-scripts tcpdump dig ]; # Network Setup networking = { hostName = "hetzner"; nameservers = [ "9.9.9.9" "149.112.112.112" ]; useDHCP = true; # Switch this to a static setup later firewall.enable = false; nftables = { enable = true; ruleset = builtins.readFile ./nftables.conf; }; }; # User Account users.users.sydney = { description = "Sydney Angelia"; isNormalUser = true; extraGroups = [ "wheel" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRJWbyvyeo8ykLovPOR+EuwqmjOsSrBBckpicVWhULl mac" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYI8038ZK8GFZmX2j8gwe5OR70+gP2PZFz79TCFvZQH sydney@riptide" ]; }; # Boot/Firmware stuff boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest; kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; "net.ipv6.conf.all.forwarding" = true; }; }; # Miscellaneous settings system.stateVersion = "24.05"; nix.settings.trusted-users = [ "@wheel" ]; security.acme.acceptTerms = true; security.acme.defaults.email = "me@sydney.blue"; }