2023-04-19 01:01:07 +02:00
|
|
|
|
{
|
|
|
|
|
pkgs,
|
|
|
|
|
inputs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
imports = [
|
|
|
|
|
inputs.self.nixosModules.homeManagerConfig
|
|
|
|
|
../hardware/netcup-rs-2000-g9.nix
|
|
|
|
|
../modules/nginx-reverse-proxy.nix
|
|
|
|
|
];
|
2021-12-18 12:41:35 +01:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
config = {
|
|
|
|
|
boot.loader.grub.enable = true;
|
|
|
|
|
boot.loader.grub.device = "/dev/sda";
|
2021-12-18 12:41:35 +01:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
networking.hostId = "94d2a920";
|
|
|
|
|
networking.hostName = "cornu-aspersum";
|
|
|
|
|
networking.interfaces.ens3.useDHCP = true;
|
2022-05-19 01:31:32 +02:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
settings.ssh.openOutsideVPN = true;
|
|
|
|
|
|
|
|
|
|
users.users = {
|
|
|
|
|
root = {
|
|
|
|
|
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
|
|
|
|
|
};
|
2021-12-18 12:41:35 +01:00
|
|
|
|
};
|
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml;
|
|
|
|
|
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
2022-01-14 17:24:43 +01:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
# Run radicale with infcloud interface for me and Marie
|
|
|
|
|
services.radicaleWithInfcloud.enable = true;
|
2022-02-19 16:01:47 +01:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
services.qemuGuest.enable = true;
|
2021-12-18 12:41:35 +01:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
services.bind = {
|
|
|
|
|
enable = true;
|
|
|
|
|
cacheNetworks = ["any"];
|
|
|
|
|
forwarders = ["100.100.100.100"];
|
|
|
|
|
listenOn = ["any"];
|
|
|
|
|
listenOnIpv6 = ["any"];
|
|
|
|
|
zones."home" = let
|
|
|
|
|
cornu-aspersum = {
|
|
|
|
|
v4 = "100.86.42.110";
|
|
|
|
|
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e";
|
|
|
|
|
};
|
|
|
|
|
faunus-ater = {
|
|
|
|
|
v4 = "100.108.135.4";
|
|
|
|
|
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
|
|
|
|
|
};
|
|
|
|
|
point = domain: host: ''
|
|
|
|
|
${domain} AAAA ${host.v6}
|
|
|
|
|
${domain} A ${host.v4}
|
|
|
|
|
'';
|
|
|
|
|
in {
|
|
|
|
|
master = true;
|
|
|
|
|
# TODO: Fix TTLs
|
|
|
|
|
file = pkgs.writeText "home-zone" ''
|
|
|
|
|
$TTL 1
|
|
|
|
|
@ IN SOA home. malte.home. (
|
|
|
|
|
5 ; Serial
|
|
|
|
|
1 ; Refresh
|
|
|
|
|
1 ; Retry
|
|
|
|
|
1 ; Expire
|
|
|
|
|
1) ; Negative Cache TTL
|
|
|
|
|
@ NS home.
|
|
|
|
|
${point "home." cornu-aspersum}
|
|
|
|
|
${point "foto" faunus-ater}
|
|
|
|
|
${point "mc" cornu-aspersum}
|
|
|
|
|
${point "doc" faunus-ater}
|
|
|
|
|
${point "sheet" faunus-ater}
|
|
|
|
|
${point "media" faunus-ater}
|
|
|
|
|
${point "file" faunus-ater}
|
|
|
|
|
${point "stats" faunus-ater}
|
|
|
|
|
${point "cache" faunus-ater}
|
|
|
|
|
${point "hydra" faunus-ater}
|
2023-07-02 10:04:47 +02:00
|
|
|
|
${point "todo" faunus-ater}
|
2023-04-19 01:01:07 +02:00
|
|
|
|
'';
|
2022-06-18 11:14:13 +02:00
|
|
|
|
};
|
2022-05-26 21:19:10 +02:00
|
|
|
|
};
|
2023-04-19 01:01:07 +02:00
|
|
|
|
networking.firewall.allowedTCPPorts = [53];
|
|
|
|
|
networking.firewall.allowedUDPPorts = [53];
|
2022-01-20 17:18:25 +01:00
|
|
|
|
|
2023-04-19 01:01:07 +02:00
|
|
|
|
# This value determines the NixOS release from which the default
|
|
|
|
|
# settings for stateful data, like file locations and database versions
|
|
|
|
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
|
|
|
# this value at the release version of the first install of this system.
|
|
|
|
|
# Before changing this value read the documentation for this option
|
|
|
|
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
|
|
|
system.stateVersion = "21.05"; # Did you read the comment?
|
|
|
|
|
};
|
2021-12-18 12:41:35 +01:00
|
|
|
|
}
|