qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity
nixfiles/hosts/yevaud/default.nix
Katherina Walshe-Grey d1b974b86c yevaud: specify (non-boot-critical) zfs datasets with randomcat's module 
Also moves forgejo state directory to the default location
2024-09-24 18:56:27 +01:00

83 lines
2.2 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
networking.hostName = "yevaud";
networking.hostId = "09673d65";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
users.users.qenya.extraGroups = [ "wheel" ];
qenya.base-server.enable = true;
age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age;
birdsong.peering = {
enable = true;
privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path;
};
services.bind = {
# enable = true;
cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
forwarders = [ ];
listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
zones = {
"birdsong.internal" = {
master = true;
# TODO: pick better email address for SOA record
file = pkgs.writeText "birdsong.internal.zone" ''
$TTL 60
$ORIGIN birdsong.internal.
birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 )
birdsong.internal. IN NS ns.birdsong.internal.
yevaud.c.birdsong.internal. IN A 10.127.1.1
yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
ns.birdsong.internal. IN A 10.127.1.1
ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
'';
};
};
};
networking.resolvconf.useLocalResolver = false;
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
randomcat.services.zfs.datasets = {
"rpool/state" = { mountpoint = "none"; };
"rpool/state/forgejo" = { mountpoint = "/var/lib/forgejo"; };
};
qenya.services.forgejo = {
enable = true;
domain = "git.qenya.tel";
};
services.nginx = {
enable = true;
virtualHosts = {
"git.katherina.rocks" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.qenya.tel$request_uri";
};
"birdsong.network" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.qenya.tel/qenya/birdsong/";
};
};
};
system.stateVersion = "23.11";
}
Reference in a new issue View git blame Copy permalink