jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
extremist-software/configuration.nix
Jet Pham ad8cb52169
feat: create mymx service
2026-03-04 15:08:44 -08:00

77 lines
2.2 KiB
Nix
Raw Blame History

{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./modules/caddy.nix
./modules/forgejo.nix
./modules/mail.nix
./modules/searx.nix
./modules/matrix.nix
./modules/monitoring.nix
./modules/ntfy.nix
./modules/uptime-kuma.nix
./modules/mymx.nix
./secrets/secrets-scheme.nix
# Impure Secrets
./secrets/secrets.nix
];
# ... (rest of imports block replaced by ./secrets/secrets.nix being added to imports)
# Bootloader
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
# Networking
networking.hostName = "extremist-software";
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS
# Tailscale
services.tailscale.enable = true;
# We assume the user will authenticate manually or via a one-time key service
# For now, let's enable it and allow the user to run `tailscale up` or provision via key
# Users
users.users.root.openssh.authorizedKeys.keys = [
config.mySecrets.sshPublicKey
];
# SSH - Secure it
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
# nh (yet another nix helper)
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep 2";
flake = "/home/jet/Documents/extremist-software";
};
# System
system.stateVersion = "24.05";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true; # Allow unfree packages (Minecraft, etc.)
# Time
time.timeZone = "UTC";
# ZRAM for limited RAM
zramSwap.enable = true;
zramSwap.memoryPercent = 50;
# Secrets handled via ./secrets.nix importing to config.mySecrets
environment.etc."secrets/tailscale-auth".text = config.mySecrets.tailscaleKey;
services.tailscale.authKeyFile = "/etc/secrets/tailscale-auth";
# Allow Tailscale traffic
networking.firewall.trustedInterfaces = [ "tailscale0" ];
# Required for Tailscale subnet routing and exit nodes, and often helpful for connectivity
networking.firewall.checkReversePath = "loose";
}
Reference in a new issue View git blame Copy permalink