hosts/duck/default.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / hosts / duck / default.nix
at master 3.1 kB view raw
  1{
  2  pkgs,
  3  config,
  4  lib,
  5  eilean,
  6  eon,
  7  ...
  8}:
  9
 10{
 11  imports = [ ./hardware-configuration.nix ];
 12
 13  custom = {
 14    enable = true;
 15    tailscale = true;
 16    autoUpgrade.enable = true;
 17    homeManager.enable = true;
 18  };
 19
 20  home-manager.users.${config.custom.username}.config.custom.machineColour = "green";
 21
 22  environment.systemPackages = with pkgs; [ xe-guest-utilities ];
 23
 24  networking.domain = "cl.freumh.org";
 25
 26  services = {
 27    eon = {
 28      enable = lib.mkForce true;
 29      # TODO make this zonefile derivation a config parameter `services.eilean.services.dns.zonefile`
 30      # TODO add module in eilean for eon
 31      zoneFiles = [
 32        "${
 33          import "${eilean}/modules/services/dns/zonefile.nix" {
 34            inherit pkgs config lib;
 35            zonename = "cl.freumh.org";
 36            zone = config.eilean.services.dns.zones."cl.freumh.org";
 37          }
 38        }/cl.freumh.org"
 39      ];
 40      logLevel = 1;
 41      application = "capd";
 42      capnpAddress = "cl.freumh.org";
 43      #prod = false;
 44    };
 45  };
 46
 47  security.acme-eon = {
 48    acceptTerms = true;
 49    defaults.email = "${config.custom.username}@${config.networking.domain}";
 50    nginxCerts = [ config.networking.domain ];
 51    defaults.capFile = "/var/lib/eon/caps/domain/cl.freumh.org.cap";
 52  };
 53
 54  services.nginx = {
 55    enable = true;
 56    virtualHosts."${config.networking.domain}" = {
 57      forceSSL = true;
 58      locations."/index.html".root = pkgs.writeTextFile {
 59        name = "freumh";
 60        text = ''
 61          <html>
 62          <body>
 63          <pre>
 64                ||
 65                \\
 66          _      ||    __
 67          \    / \\  /  \
 68            \__/   \\/
 69                    \\      __
 70              _    / \\    /  \_/
 71            _/ \  ||   \__/
 72                \//     \
 73                //       \
 74                ||        \_
 75          </html>
 76          </body>
 77          </pre>
 78        '';
 79        destination = "/index.html";
 80      };
 81    };
 82  };
 83
 84  eilean.services.dns = {
 85    zones."cl.freumh.org" = {
 86      soa.serial = lib.mkDefault 3;
 87      records =
 88        let
 89          ipv4 = "128.232.113.136";
 90          ipv6 = "2a05:b400:110:1101:d051:f2ff:fe13:3781";
 91        in
 92        [
 93          {
 94            name = "@";
 95            type = "NS";
 96            value = "ns";
 97          }
 98
 99          {
100            name = "ns";
101            type = "A";
102            value = ipv4;
103          }
104          {
105            name = "ns";
106            type = "AAAA";
107            value = ipv6;
108          }
109
110          {
111            name = "@";
112            type = "A";
113            value = ipv4;
114          }
115          {
116            name = "@";
117            type = "AAAA";
118            value = ipv6;
119          }
120          {
121            name = "vps";
122            type = "A";
123            value = ipv4;
124          }
125          {
126            name = "vps";
127            type = "AAAA";
128            value = ipv6;
129          }
130        ];
131    };
132  };
133
134  networking.firewall = {
135    allowedTCPPorts = [
136      80 # HTTP
137      443 # HTTPS
138    ];
139    allowedUDPPorts = [
140      80 # HTTP
141    ];
142  };
143}