kp2pml30/dotfiles
1
0
Fork 0
mirror of https://github.com/kp2pml30/dotfiles.git synced 2026-04-14 14:21:45 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions

add server

Browse source
This commit is contained in:
kp2pml30 2025-01-26 19:33:07 +04:00
parent 284b131058
commit 95f65d9c03
18 changed files with 358 additions and 112 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nix/server/boot.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }:
let
cfg = config.kp2pml30.server;
in {
}

38
nix/server/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.kp2pml30.server;
in {
options.kp2pml30.server = {
username = lib.mkOption {
type = lib.types.str;
default = "kp2pml30-serv";
};
hostname = lib.mkOption {
type = lib.types.str;
default = null;
};
nginx = lib.mkEnableOption "";
};
imports = [
./ssh.nix
./nginx.nix
./boot.nix
];
config = {
users.users."${cfg.username}" = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
];
extraGroups = [ "wheel" "networkmanager" "acme" ];
hashedPassword = "$6$UK6oHr2gPRYD4Rak$lgF.mYReC0jahNuI4kt0j/CsrajVzMprvp3HgjKwwsjYHU6/Ur9jfROXZbKhhpyCLRmnlCpWeRCbHEYO/jhIv/";
};
};
}

38
nix/server/nginx.nix Normal file
View file

@ -0,0 +1,38 @@
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.kp2pml30.server;
in lib.mkIf cfg.nginx {
security.acme = {
acceptTerms = true;
defaults.email = "kp2pml30@gmail.com";
certs."${cfg.hostname}" = {
serverAliases = [ "*.${cfg.hostname}" ];
webroot = "/var/lib/acme/.challenges";
group = "nginx";
};
};
services.nginx = {
enable = true;
virtualHosts."${cfg.hostname}" = {
addSSL = true;
enableACME = true;
listen = [
{ port = 80; }
];
locations."/.well-known/acme-challenge/" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = 404;
};
};
streamConfig = (builtins.readFile ./stream.nginx);
};
}

20
nix/server/ssh.nix Normal file
View file

@ -0,0 +1,20 @@
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.kp2pml30.server;
in {
services.openssh = {
enable = true;
ports = [ 22 ];
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkForce "no";
AllowUsers = [ cfg.username ];
};
};
}

8
nix/server/user.nix
View file

@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmc+wSjdvbyiFmB55r1ilegor533eo7hsE62z+pXCu0YIaVZwUoRe0Sqj0GoMzfn80jXubNmQgV+Wk8byz/xAsZ4R9Y/PFVuZYA/uDRAQ0TXpqxBSCH2CHkwioolg6q+sMXdUJTvvKkCpluXVk8o9ZN+5+rBhc2xAeZw2FDbz+u2HHYN8zCXFB3MPPJNG9CscBQirBgOkhg0ASCJ2rahaAJVaBosS7DD6S6iEip8bGgwByuWJl0oZr9cdJHkQDl2AMdNZrxoPcLqItCk5Mz9ssxTcK0lj/xIBXqLNMe4RPUJeWOOMNexeKRbzJEaF+G3Pfboqqeg7UPM6/9h9CXW9cyY/DXEj2pQmEi2jYWdTpx/ViCg83/rLboGyiyAuE6AWGte8r5YqYKuFEB0ixswENlH0s4TXEmouimRRkypzT4KAJ/ObPLsnGAkbzbLcsPCQUQSywQ8TGo3b72gNWTKjn9PeqBZkzgU9AXtxN1hCmKAX+/KwnGUSqyDz2YRhcO1E= kp2pml30@r3vdy2b10vv-pc"
];
extraGroups = [ "wheel" "networkmanager" ];
}