{ config, pkgs, ... }: let unstable = import (builtins.fetchTarball https://github.com/nixos/nixpkgs/tarball/nixpkgs-unstable) # reuse the current configuration { config = config.nixpkgs.config; }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./modules/gitea.nix ./modules/podman.nix #./modules/mailserver.nix ]; environment.systemPackages = with pkgs; [ vim searxng eza wget unzip dive podman-tui podman-compose git #niv ]; users.groups.data = {}; security.acme.acceptTerms = true; security.acme.defaults.email = "1111700bh@gmail.com"; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; users.users.root = { password = "qqcTch4m"; }; services.kavita = { enable = true; package = unstable.kavita; tokenKeyFile = "/mnt/tokenKey.file"; dataDir = "/mnt/kavita"; }; services.searx = { enable = true; settings.server.port = 8080; settings.server.bind_address = "127.0.0.1"; settings.server.base_url = "https://searx.vitrial.xyz"; settings.server.secret_key = "secretkey"; settings.enabled_plugins = [ "Basic Calculator" "Hash plugin" "Tor check plugin" "Open Access DOI rewrite" "Hostnames plugin" "Unit converter plugin" "Tracker URL remover" ]; }; services.nginx = { enable = true; virtualHosts."searx.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:8080"; }; virtualHosts."kavita.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:5000"; }; virtualHosts."stash.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:5124"; }; virtualHosts."homarr.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:7575"; }; virtualHosts."dash.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:3001"; }; virtualHosts."vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".root = "/mnt/www/vitrial/"; }; virtualHosts."vim.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".root = "/mnt/www/vim"; }; virtualHosts."software.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".root = "/mnt/www/software"; }; virtualHosts."home.vitrial.xyz" = { enableACME = true; forceSSL = true; locations."/".root = "/mnt/www/homepage/"; }; }; users.users."root".openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPEfmeIfrU6kIbREche1Pm+Z6SiSDbBC8nK2PFMdPbBc34ov5sRIpC1d8oS+2U3SjOsommYk5Ws1/LLyK7aOm2PkF4LjkS/3y45JjaDZci3QMbZN2pAPIIM/O7nOEe+0jEWOmWTr+V0WqB2FLgTq7UC+S9oYMrxAX7dY8hjPZZHqPY7BCvjg8M1+OtklgI423K9cQUun0wL38ysq5yDGLy6XXM+v+n8kxyG+nA0rOh8KptJrRMwRaW1zX4RNMTHwnjfCBLYber1CihPUIquHeYhuD7SouYMwIeFlbJaZh3rcGY/cIvqOvKH1VhSU0Cq5rb5ER/gkM5MwEDdJzSVS7VH93nRU03gWN+yHjHY7A/+HWS36CB4vDwNujYwOBNstuIpCebiiTXoOcR9h1CMJBh+V2snUtjHyNOc+lBHZ2a2QiCmjuN6Alw8DBU1nDadB8qka3vbOHGVPSocOhBmDrJ5ziZstrkRsv8B0Lzf8Pbi+N/wVODETZSGiU6emFb1Qk= vitrial" ]; users.users."kavita".openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPEfmeIfrU6kIbREche1Pm+Z6SiSDbBC8nK2PFMdPbBc34ov5sRIpC1d8oS+2U3SjOsommYk5Ws1/LLyK7aOm2PkF4LjkS/3y45JjaDZci3QMbZN2pAPIIM/O7nOEe+0jEWOmWTr+V0WqB2FLgTq7UC+S9oYMrxAX7dY8hjPZZHqPY7BCvjg8M1+OtklgI423K9cQUun0wL38ysq5yDGLy6XXM+v+n8kxyG+nA0rOh8KptJrRMwRaW1zX4RNMTHwnjfCBLYber1CihPUIquHeYhuD7SouYMwIeFlbJaZh3rcGY/cIvqOvKH1VhSU0Cq5rb5ER/gkM5MwEDdJzSVS7VH93nRU03gWN+yHjHY7A/+HWS36CB4vDwNujYwOBNstuIpCebiiTXoOcR9h1CMJBh+V2snUtjHyNOc+lBHZ2a2QiCmjuN6Alw8DBU1nDadB8qka3vbOHGVPSocOhBmDrJ5ziZstrkRsv8B0Lzf8Pbi+N/wVODETZSGiU6emFb1Qk= vitrial" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; system.stateVersion = "18.09"; }