62 lines
1.6 KiB
Nix
62 lines
1.6 KiB
Nix
{ config, modulesPath, lib, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
./vps-disk-config.nix
|
|
];
|
|
boot.loader.grub = {
|
|
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
|
|
# devices = [ ];
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
curl
|
|
];
|
|
|
|
networking.hostName = "tien";
|
|
# do not use DHCP, as dashserv provisions IPs using cloud-init (see service below)
|
|
networking.useDHCP = pkgs.lib.mkForce false;
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 ];
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
};
|
|
|
|
services.caddy = {
|
|
enable = true;
|
|
email = lib.strings.concatStrings ["mail" "@" "johannes-rothe.de"];
|
|
virtualHosts = {
|
|
"johannes-rothe.de".extraConfig = ''
|
|
reverse_proxy base:11112
|
|
'';
|
|
"www.johannes-rothe.de".extraConfig = ''
|
|
reverse_proxy base:11112
|
|
'';
|
|
"cloud.johannes-rothe.de".extraConfig = ''
|
|
reverse_proxy base:5002
|
|
'';
|
|
"feeds.johannes-rothe.de".extraConfig = ''
|
|
reverse_proxy base:1990
|
|
'';
|
|
"git.johannes-rothe.de".extraConfig = ''
|
|
reverse_proxy base:3001
|
|
'';
|
|
"radicale.johannes-rothe.de".extraConfig = ''
|
|
reverse_proxy base:5232
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.cloud-init = {
|
|
enable = true;
|
|
network.enable = true;
|
|
};
|
|
|
|
services.tailscale.enable = true;
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|