60 lines
1.5 KiB
Nix
60 lines
1.5 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "driftwood";
|
|
|
|
time.timeZone = "America/Louisville";
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
system.stateVersion = "24.11"; # Did you read the comment?
|
|
networking.nat = {
|
|
enable = true;
|
|
internalInterfaces = ["ve-+"];
|
|
externalInterface = "enp5s0f0";
|
|
# Lazy IPv6 connectivity for the container
|
|
enableIPv6 = true;
|
|
};
|
|
|
|
# Nginx configuration
|
|
# Configure automated TLS acquisition/renewal
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "admin@stranger.systems";
|
|
};
|
|
};
|
|
|
|
# ACME data must be readable by the NGINX user
|
|
users.users.nginx.extraGroups = [
|
|
"acme"
|
|
];
|
|
|
|
# Enable nginx
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
};
|
|
|
|
# Open firewall ports for HTTP, HTTPS, and Matrix federation
|
|
networking.firewall.allowedTCPPorts = [80 443 8448];
|
|
networking.firewall.allowedUDPPorts = [80 443 8448];
|
|
|
|
# Syncthing host as an untrusted backup
|
|
services.syncthing = {
|
|
enable = true;
|
|
user = "nathan";
|
|
guiAddress = "100.64.0.3:8384";
|
|
};
|
|
}
|