39 lines
944 B
Nix
39 lines
944 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
system.stateVersion = "24.11";
|
|
|
|
networking.hostName = "noisebell";
|
|
|
|
# Enable the noisebell service
|
|
services.noisebell = {
|
|
enable = true;
|
|
endpointUrl = "https://example.com/webhook"; # TODO: set your endpoint
|
|
};
|
|
|
|
# Basic system config
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Tailscale
|
|
services.tailscale.enable = true;
|
|
|
|
# Caddy reverse proxy — proxies to the noisebell status endpoint
|
|
services.caddy = {
|
|
enable = true;
|
|
virtualHosts.":80".extraConfig = ''
|
|
reverse_proxy localhost:${toString config.services.noisebell.port}
|
|
'';
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
|
|
# Only allow traffic from Tailscale interface
|
|
networking.firewall = {
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
# TODO: add your SSH public key
|
|
];
|
|
}
|