nixos-config/vps-configuration.nix

65 lines
1.6 KiB
Nix
Raw Normal View History

2024-11-13 22:10:09 +01:00
{ config, modulesPath, lib, pkgs, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./vps-disk-config.nix
];
boot.loader.grub = {
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
2024-11-14 22:38:24 +01:00
environment.systemPackages = with pkgs; [
curl
];
2024-11-13 22:10:09 +01:00
2024-11-14 22:38:24 +01:00
networking.hostName = "tien";
# do not use DHCP, as dashserv provisions IPs using cloud-init (see service below)
2024-11-13 22:10:09 +01:00
networking.useDHCP = pkgs.lib.mkForce false;
2024-11-14 22:38:24 +01:00
networking.firewall = {
2024-11-13 22:10:09 +01:00
enable = true;
2024-11-14 22:38:24 +01:00
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "tailscale0" ];
2024-11-13 22:10:09 +01:00
};
2024-11-14 22:38:24 +01:00
services.caddy = {
2024-11-13 22:10:09 +01:00
enable = true;
2024-11-14 22:38:24 +01:00
email = lib.strings.concatStrings ["mail" "@" "johannes-rothe.de"];
virtualHosts = {
"johannes-rothe.de".extraConfig = ''
reverse_proxy base:11112
'';
"www.johannes-rothe.de".extraConfig = ''
reverse_proxy base:11112
'';
"cloud.johannes-rothe.de".extraConfig = ''
reverse_proxy base:5002
'';
"feeds.johannes-rothe.de".extraConfig = ''
reverse_proxy base:1990
'';
"git.johannes-rothe.de".extraConfig = ''
reverse_proxy base:3001
'';
"radicale.johannes-rothe.de".extraConfig = ''
reverse_proxy base:5232
'';
};
2024-11-13 22:10:09 +01:00
};
2024-11-14 22:38:24 +01:00
services.cloud-init = {
enable = true;
network.enable = true;
settings = {
hostname = "tien";
};
2024-11-14 22:38:24 +01:00
};
2024-11-13 22:10:09 +01:00
2024-11-14 22:38:24 +01:00
services.tailscale.enable = true;
2024-11-13 22:10:09 +01:00
system.stateVersion = "24.05";
}