38 lines
980 B
Nix
38 lines
980 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
system.stateVersion = "24.11";
|
|
|
|
networking.hostName = "noisebell";
|
|
|
|
# Decrypted at runtime by agenix
|
|
age.secrets.tailscale-auth-key.file = ./secrets/tailscale-auth-key.age;
|
|
|
|
age.secrets.api-key.file = ./secrets/api-key.age;
|
|
age.secrets.inbound-api-key.file = ./secrets/inbound-api-key.age;
|
|
|
|
services.noisebell = {
|
|
enable = true;
|
|
port = 80;
|
|
endpointUrl = "https://noisebell.extremist.software/webhook";
|
|
apiKeyFile = config.age.secrets.api-key.path;
|
|
inboundApiKeyFile = config.age.secrets.inbound-api-key.path;
|
|
};
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
services.tailscale = {
|
|
enable = true;
|
|
authKeyFile = config.age.secrets.tailscale-auth-key.path;
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
|
|
networking.firewall = {
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
];
|
|
}
|