Initial

2023-01-09 13:13:56 +00:00
commit 8d551299d9
16 changed files with 1384 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -0,0 +1,78 @@
+{ config, pkgs, lib, ... }:
+let
+  secrets = import ./secrets.nix;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    ./mastodon.nix
+  ];
+
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    grub = {
+      enable = true;
+      efiSupport = true;
+      device = "nodev";
+      mirroredBoots = [{
+        devices = [ "nodev" ];
+        path = "/boot-fallback";
+      }];
+    };
+  };
+
+  networking = {
+    hostName = "lor-sh";
+    hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
+
+    useDHCP = false;
+
+    interfaces.eno1 = {
+      ipv4 = secrets.ipv4;
+      ipv6 = secrets.ipv6;
+    };
+
+    nameservers = [ "1.1.1.1" ];
+
+    firewall =  {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  users.extraUsers.root = {
+    openssh.authorizedKeys.keys = secrets.pubkeys;
+  };
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    vim htop git
+  ];
+
+  services.postgresql.settings = {
+    max_connections = "512";
+    shared_buffers = "4096MB";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = secrets.letsencryptEmail;
+  };
+
+  time.timeZone = "UTC";
+
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+  };
+
+  system.stateVersion = "22.11";
+
+  nix = {
+    optimise.automatic = true;
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 7d";
+    };
+  };
+}