{ inputs, config, pkgs, lib, ... }: { imports = [ ./hw.nix ../../modules/secrets.nix ]; time.timeZone = "America/New_York"; # Generated by nixos-infect boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = "chaewon-nixos-ash-1"; networking.domain = ""; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi" ]; # Generated by nixos-infect networking = { nameservers = [ "8.8.8.8" ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; dhcpcd.enable = false; usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { ipv4.addresses = [{ address = "178.156.207.225"; prefixLength = 32; }]; ipv6.addresses = [ { address = "2a01:4ff:f0:7ccc::1"; prefixLength = 64; } { address = "fe80::9000:6ff:fe59:7a8b"; prefixLength = 64; } ]; ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; }; }; }; services.udev.extraRules = '' ATTR{address}=="92:00:06:59:7a:8b", NAME="eth0" ''; security.acme = { acceptTerms = true; defaults.email = "lucas@priime.dev"; certs = { "priime.dev" = { webroot = "/var/lib/acme/priime.dev"; email = "lucas@priime.dev"; group = "nginx"; extraDomainNames = [ "www.priime.dev" ]; }; "files.priime.dev" = { webroot = "/var/lib/acme/files.priime.dev"; email = "lucas@priime.dev"; group = "nginx"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; users.users.priime = { isNormalUser = true; description = "Lucas"; extraGroups = [ "wheel" "docker" ]; packages = with pkgs; [ ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi" ]; }; programs.fish.enable = true; services.nginx = { enable = true; virtualHosts = { "priime.dev" = { default = true; forceSSL = true; useACMEHost = "priime.dev"; serverAliases = [ "www.priime.dev" ]; acmeRoot = "/var/lib/acme/priime.dev"; locations."/" = { root = "/var/www/site"; index = "index.html"; tryFiles = "$uri $uri.html $uri/ /404.html"; }; }; "files.priime.dev" = { forceSSL = true; useACMEHost = "files.priime.dev"; acmeRoot = "/var/lib/acme/files.priime.dev"; locations."/" = { root = "/var/lib/files.priime.dev"; extraConfig = '' autoindex on; autoindex_exact_size off; autoindex_localtime on; ''; }; }; "git.priime.dev" = { forceSSL = true; enableACME = true; extraConfig = '' client_max_body_size 512M; ''; locations."/".proxyPass = "http://localhost:3000"; }; }; }; services.forgejo = { enable = true; database.type = "postgres"; lfs.enable = true; settings = { server = { DOMAIN = "git.priime.dev"; ROOT_URL = "https://git.priime.dev/"; HTTP_PORT = 3000; }; service.DISABLE_REGISTRATION = true; }; }; virtualisation.docker.enable = true; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; name = "monolith"; url = "https://git.priime.dev"; tokenFile = config.age.secrets.forgejo-runner-token.path; # Default labels labels = [ "ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" ]; }; }; services.tailscale.enable = true; services.thelounge.enable = true; services.stirling-pdf.enable = true; system.stateVersion = "23.11"; home-manager.users.priime = { pkgs, ... }: { imports = [ ./home.nix ]; }; }