diff --git a/atlantis.nix b/atlantis.nix index 59ff530..5a0306d 100644 --- a/atlantis.nix +++ b/atlantis.nix @@ -1,40 +1,80 @@ { config, pkgs, ... }: { - imports = - [ - ./hardware-configuration.nix - ]; + imports = [ + ./hardware-configuration.nix + ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; - networking.hostName = "atlantis.zotan.network"; + boot.kernel.sysctl."net.core.rmem_max" = 2500000; + boot.kernel.sysctl."kernel.hostname" = "atlantis.zotan.network"; + + networking = { + hostName = ""; # no FQDN support :( + useDHCP = false; + interfaces.enp1s0.ipv4.addresses = [{ + address = "10.42.0.7"; + prefixLength = 24; + }]; + interfaces.enp1s0.ipv6.addresses = [{ + address = "2a01:4f8:241:5bb4:acab::2"; + prefixLength = 64; + }]; + defaultGateway = { + address = "116.202.163.154"; + interface = "enp1s0"; + }; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp1s0"; + }; + nameservers = ["1.1.1.1"]; + firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 443 ]; + package = pkgs.iptables-nftables-compat; + }; + }; time.timeZone = "Europe/Berlin"; - networking.useDHCP = false; - networking.interfaces.enp1s0.ipv4.addresses = [{ - address = "10.42.0.7"; - prefixLength = 24; - }]; + security.sudo.wheelNeedsPassword = false; - networking.interfaces.enp1s0.ipv6.addresses = [{ - address = "2a01:4f8:241:5bb4:acab::2"; - prefixLength = 64; - }]; + users = { + mutableUsers = false; + users = { + zotan = { + home = "/home/zotan"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + hashedPassword = "$6$iKwOP5T6P8BV0sHt$f2xjotyDs7ohIgzDq7ypHiQU.hI6evfgbAuOyMoId3aNj/6MDuo7AgmCBF.7Y0BnL/rNcXBqDXjNSWf6xtRwp."; + openssh = { + authorizedKeys = { + keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWDArL4+m9kUmLyWcmUby5+CVrmBThP0KbQWep32+BF laura@zotan.network"]; + }; + }; + }; - networking.defaultGateway.address = "116.202.163.154"; - networking.defaultGateway.interface = "enp1s0"; - networking.defaultGateway6.address = "fe80::1"; - networking.defaultGateway6.interface = "enp1s0"; - networking.nameservers = ["1.1.1.1"]; + root = { + hashedPassword = "$6$Zu.eBdDB1fhE4tKR$gZ6wgCaWZxhI.BLyONpwifH3vRoYcJ8/84n.cWJgZiItF09XZdajvqm8tvM19zCBqDqdBMFpeqF3.DWEfv7Ul0"; + openssh = { + authorizedKeys = { + keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWDArL4+m9kUmLyWcmUby5+CVrmBThP0KbQWep32+BF laura@zotan.network"]; + }; + }; + }; - users.users.zotan = { - home = "/home/zotan"; - isNormalUser = true; - extraGroups = [ "wheel" ]; + php = { + isSystemUser = true; + createHome = false; + group = "php"; + }; + }; + + groups.php = {}; }; environment.systemPackages = with pkgs; [ @@ -49,8 +89,6 @@ passwordAuthentication = false; }; - users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWDArL4+m9kUmLyWcmUby5+CVrmBThP0KbQWep32+BF laura@zotan.network"]; - services.caddy = { enable = true; globalConfig = '' @@ -63,7 +101,7 @@ virtualHosts = { "h3.zotan.pw" = { extraConfig = '' - root * /var/www/sites/zotan.pw + root * ${(builtins.fetchGit { url = "https://git.ztn.sh/zotan/zotan.pw-web.git"; ref = "dev"; name = "zotan.pw-web-${toString __currentTime}"; }).outPath} encode gzip zstd try_files /blog/posts/{path} {path}.php @@ -117,18 +155,5 @@ }; }; - users.users.php = { - isSystemUser = true; - createHome = false; - group = "php"; - }; - users.groups.php = {}; - - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 443 ]; - - networking.firewall.package = pkgs.iptables-nftables-compat; - system.stateVersion = "21.11"; # Leave this alone } \ No newline at end of file