# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./router.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "bcachefs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. time.timeZone = "Europe/Paris"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; # Enable the X11 windowing system. # services.xserver.enable = true; # security.polkit.enable = true; # programs.light.enable = true; services.dbus.packages = with pkgs; [ dconf ]; nixpkgs.config.allowUnfree = true; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. programs.zsh.enable = true; users.users.guest = { isNormalUser = true; # extraGroups = [ "wheel" ]; packages = with pkgs; [ ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor" # maurice "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris" # raito "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU" # tomate "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" ]; }; environment.systemPackages = with pkgs; [ wget brightnessctl nix-search-cli git btop ranger dnsmasq screen ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; services.netbird.enable = true; boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = let vhosts = { "degette.katvayor.net" = { vm = "192.168.122.2"; sshport = 22000; }; "betamail.katvayor.net" = { vm = "192.168.122.3"; sshport = 22002; }; "traque.katvayor.net" = { vm = "192.168.122.4"; sshport = 22001; }; "test.traque.katvayor.net" = { vm = "192.168.122.4"; sshport = null; }; }; in { enable = true; virtualHosts = builtins.mapAttrs ( _: { vm, ... }: { enableACME = true; addSSL = true; acmeFallbackHost = vm; acmeFallbackRecommendedProxySettings = true; locations."/" = { recommendedProxySettings = true; proxyPass = "https://${vm}/"; extraConfig = '' proxy_set_header Connection '''; proxy_http_version 1.1; chunked_transfer_encoding off; proxy_buffering off; proxy_cache off; ''; }; } ) vhosts; streamConfig = builtins.concatStringsSep "\n" ( lib.mapAttrsToList ( vhost: { vm, sshport }: lib.optionalString (!isNull sshport) '' server { listen ${toString sshport}; proxy_pass ${vm}:22; } '' ) vhosts ) + '' server { listen 993; proxy_pass 192.168.122.3:993; } server { listen 465; proxy_pass 192.168.122.3:465; } ''; }; # Open ports in the firewall. networking.firewall = { allowedTCPPorts = [ 22 53 80 443 465 993 ]; allowedTCPPortRanges = [ { from = 22000; to = 22100; } ]; allowedUDPPorts = [ 67 ]; }; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? }