mirror of
https://codeberg.org/tmayoff/.dotfiles.git
synced 2025-12-06 08:48:34 -05:00
146 lines
3.7 KiB
Nix
146 lines
3.7 KiB
Nix
{
|
|
pkgs,
|
|
outputs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
nixpkgs = {
|
|
overlays = builtins.attrValues outputs.overlays;
|
|
|
|
config = {
|
|
allowUnfree = true;
|
|
permittedInsecurePackages = [
|
|
];
|
|
};
|
|
};
|
|
|
|
# Use GRUB 2 boot loader
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.efiSupport = true;
|
|
boot.loader.grub.efiInstallAsRemovable = true;
|
|
boot.loader.grub.device = "nodev";
|
|
boot.loader.efi.efiSysMountPoint = "/efi";
|
|
|
|
services.tailscale = {
|
|
package = pkgs.unstable.tailscale;
|
|
enable = true;
|
|
};
|
|
|
|
networking.hostName = "saffron"; # Define your hostname.
|
|
networking.firewall.allowedTCPPorts = [443 80];
|
|
|
|
# Caddy reverse proxy with DNS challenge
|
|
services.caddy = {
|
|
enable = true;
|
|
package = pkgs.caddy.withPlugins {
|
|
plugins = ["github.com/caddy-dns/cloudflare@v0.2.2"];
|
|
hash = "sha256-Z8nPh4OI3/R1nn667ZC5VgE+Q9vDenaQ3QPKxmqPNkc=";
|
|
};
|
|
environmentFile = "/etc/caddy/environment";
|
|
virtualHosts."rss.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:5600
|
|
'';
|
|
};
|
|
virtualHosts."search.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:6000
|
|
'';
|
|
};
|
|
virtualHosts."monitor.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:8090
|
|
'';
|
|
};
|
|
virtualHosts."gitforge.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:3000
|
|
'';
|
|
};
|
|
virtualHosts."immich.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:2283
|
|
'';
|
|
};
|
|
virtualHosts."nextcloud.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:8100
|
|
'';
|
|
};
|
|
# virtualHosts."documentserver.mayoff.ca" = {
|
|
# extraConfig = ''
|
|
# tls {
|
|
# dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
# }
|
|
# reverse_proxy serenity.pizzly-bortle.ts.net:8101
|
|
# '';
|
|
# };
|
|
virtualHosts."chat.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:8009
|
|
'';
|
|
};
|
|
virtualHosts."media.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy serenity.pizzly-bortle.ts.net:8096
|
|
'';
|
|
};
|
|
virtualHosts."homeassistant.mayoff.ca" = {
|
|
extraConfig = ''
|
|
tls {
|
|
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
|
}
|
|
reverse_proxy homeassistant.pizzly-bortle.ts.net:8123 {
|
|
header_up Host {upstream_hostport}
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-For {remote_host}
|
|
header_up X-Forwarded-Proto {scheme}
|
|
header_up X-Forwarded-Host {host}
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "America/Toronto";
|
|
|
|
users.users.tyler = {
|
|
isNormalUser = true;
|
|
description = "tyler";
|
|
extraGroups = ["wheel"];
|
|
shell = pkgs.fish;
|
|
};
|
|
programs.fish.enable = true;
|
|
|
|
services.openssh.enable = true;
|
|
|
|
system.stateVersion = "25.05"; # Did you read the comment?
|
|
}
|