{ config, lib, pkgs, inputs, ... }: { imports = [ ./matrix.nix ]; # Sops setup for this machine sops.secrets = { "borg-ssh-key" = { sopsFile = ../../secrets/pendulum/borg.yaml; format = "yaml"; }; "borg-password" = { sopsFile = ../../secrets/pendulum/borg.yaml; format = "yaml"; }; "matrix-secrets.yaml" = { owner = "matrix-synapse"; format = "binary"; sopsFile = ../../secrets/pendulum/recaptcha; }; }; # Setup system configuration nathan = { services = { nginx = { enable = true; acme = true; }; matrix = { enable = true; baseDomain = "community.rs"; enableRegistration = true; }; borg = { enable = true; extraExcludes = [ "*/.cache" "*/.tmp" "/var/lib/postgresql" "/var/lib/redis" "/var/lib/docker" "/var/log" ]; passwordFile = config.sops.secrets."borg-password".path; sshKey = config.sops.secrets."borg-ssh-key".path; }; postgresql.backup = true; }; config = { setupGrub = false; nix = { autoUpdate = true; autoGC = true; }; harden = false; virtualization = { docker = true; }; }; }; # State version system.stateVersion = "23.05"; # Postgres version and tuning services.postgresql = { package = pkgs.postgresql_15; settings = { shared_buffers = "4GB"; effective_cache_size = "8GB"; work_mem = "64MB"; maintenance_work_mem = "128MB"; }; }; # Configure bootloader boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.useOSProber = true; # Configure networking networking = { domain = "mccarty.io"; useDHCP = false; interfaces.enp1s0f0.ipv4.addresses = [{ address = "45.83.129.50"; prefixLength = 24; }]; defaultGateway = "45.83.129.49"; nameservers = [ "1.1.1.1" ]; # Open ports in firewall firewall = { # allowedTCPPorts = [ 25565 ]; # allowedUDPPorts = [ 25565 ]; }; }; # Setup home manager home-manager.users.nathan = import ./home.nix; }