132 lines
4.2 KiB
Nix
132 lines
4.2 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
unstable = import
|
|
(builtins.fetchTarball https://github.com/nixos/nixpkgs/tarball/nixpkgs-unstable)
|
|
# reuse the current configuration
|
|
{ config = config.nixpkgs.config; };
|
|
in
|
|
{
|
|
imports =
|
|
[ # Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
./modules/gitea.nix
|
|
./modules/podman.nix
|
|
#./modules/mailserver.nix
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
searxng
|
|
eza
|
|
wget
|
|
unzip
|
|
dive
|
|
podman-tui
|
|
podman-compose
|
|
git
|
|
#niv
|
|
];
|
|
|
|
users.groups.data = {};
|
|
|
|
security.acme.acceptTerms = true;
|
|
security.acme.defaults.email = "1111700bh@gmail.com";
|
|
|
|
# Use the GRUB 2 boot loader.
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/vda";
|
|
|
|
# Enable the OpenSSH daemon.
|
|
services.openssh.enable = true;
|
|
services.openssh.settings.PermitRootLogin = "yes";
|
|
|
|
users.users.root = {
|
|
password = "qqcTch4m";
|
|
};
|
|
|
|
services.kavita = {
|
|
enable = true;
|
|
package = unstable.kavita;
|
|
tokenKeyFile = "/mnt/tokenKey.file";
|
|
dataDir = "/mnt/kavita";
|
|
};
|
|
|
|
services.searx = {
|
|
enable = true;
|
|
settings.server.port = 8080;
|
|
settings.server.bind_address = "127.0.0.1";
|
|
settings.server.base_url = "https://searx.vitrial.xyz";
|
|
settings.server.secret_key = "secretkey";
|
|
settings.enabled_plugins = [
|
|
"Basic Calculator"
|
|
"Hash plugin"
|
|
"Tor check plugin"
|
|
"Open Access DOI rewrite"
|
|
"Hostnames plugin"
|
|
"Unit converter plugin"
|
|
"Tracker URL remover"
|
|
];
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."searx.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:8080";
|
|
};
|
|
virtualHosts."kavita.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:5000";
|
|
};
|
|
virtualHosts."stash.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:5124";
|
|
};
|
|
virtualHosts."homarr.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:7575";
|
|
};
|
|
virtualHosts."dash.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:3001";
|
|
};
|
|
virtualHosts."vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".root = "/mnt/www/vitrial/";
|
|
};
|
|
virtualHosts."vim.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".root = "/mnt/www/vim";
|
|
};
|
|
virtualHosts."software.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".root = "/mnt/www/software";
|
|
};
|
|
virtualHosts."home.vitrial.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".root = "/mnt/www/homepage/";
|
|
};
|
|
};
|
|
|
|
users.users."root".openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPEfmeIfrU6kIbREche1Pm+Z6SiSDbBC8nK2PFMdPbBc34ov5sRIpC1d8oS+2U3SjOsommYk5Ws1/LLyK7aOm2PkF4LjkS/3y45JjaDZci3QMbZN2pAPIIM/O7nOEe+0jEWOmWTr+V0WqB2FLgTq7UC+S9oYMrxAX7dY8hjPZZHqPY7BCvjg8M1+OtklgI423K9cQUun0wL38ysq5yDGLy6XXM+v+n8kxyG+nA0rOh8KptJrRMwRaW1zX4RNMTHwnjfCBLYber1CihPUIquHeYhuD7SouYMwIeFlbJaZh3rcGY/cIvqOvKH1VhSU0Cq5rb5ER/gkM5MwEDdJzSVS7VH93nRU03gWN+yHjHY7A/+HWS36CB4vDwNujYwOBNstuIpCebiiTXoOcR9h1CMJBh+V2snUtjHyNOc+lBHZ2a2QiCmjuN6Alw8DBU1nDadB8qka3vbOHGVPSocOhBmDrJ5ziZstrkRsv8B0Lzf8Pbi+N/wVODETZSGiU6emFb1Qk= vitrial"
|
|
];
|
|
|
|
users.users."kavita".openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPEfmeIfrU6kIbREche1Pm+Z6SiSDbBC8nK2PFMdPbBc34ov5sRIpC1d8oS+2U3SjOsommYk5Ws1/LLyK7aOm2PkF4LjkS/3y45JjaDZci3QMbZN2pAPIIM/O7nOEe+0jEWOmWTr+V0WqB2FLgTq7UC+S9oYMrxAX7dY8hjPZZHqPY7BCvjg8M1+OtklgI423K9cQUun0wL38ysq5yDGLy6XXM+v+n8kxyG+nA0rOh8KptJrRMwRaW1zX4RNMTHwnjfCBLYber1CihPUIquHeYhuD7SouYMwIeFlbJaZh3rcGY/cIvqOvKH1VhSU0Cq5rb5ER/gkM5MwEDdJzSVS7VH93nRU03gWN+yHjHY7A/+HWS36CB4vDwNujYwOBNstuIpCebiiTXoOcR9h1CMJBh+V2snUtjHyNOc+lBHZ2a2QiCmjuN6Alw8DBU1nDadB8qka3vbOHGVPSocOhBmDrJ5ziZstrkRsv8B0Lzf8Pbi+N/wVODETZSGiU6emFb1Qk= vitrial"
|
|
];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
system.stateVersion = "18.09";
|
|
}
|