diff --git a/home/asakiyuki/configuration.nix b/home/asakiyuki/configuration.nix index 6aa3da3..f9150b1 100644 --- a/home/asakiyuki/configuration.nix +++ b/home/asakiyuki/configuration.nix @@ -3,7 +3,6 @@ libs, config, custom, - pkgs, unstable, ... }: diff --git a/home/junko/configuration.nix b/home/junko/configuration.nix new file mode 100644 index 0000000..197fffd --- /dev/null +++ b/home/junko/configuration.nix @@ -0,0 +1,35 @@ +{ + inputs, + libs, + config, + custom, + unstable, + ... +}: +let + osconfig = config; +in +{ + users.users.junko = { + isNormalUser = true; + }; + + home-manager.users.junko = { + _module.args = { + inherit + inputs + unstable + osconfig + custom + libs + ; + }; + + imports = [ ]; + + home = { + username = "junko"; + stateVersion = "25.11"; + }; + }; +} diff --git a/host/server/default.nix b/host/server/default.nix index a098139..9d77f6b 100644 --- a/host/server/default.nix +++ b/host/server/default.nix @@ -2,109 +2,15 @@ { imports = [ ./programs.nix - ./service.nix + ./services.nix + ./networking.nix (libs.root "/modules/features/system/docker.nix") (libs.root "/modules/features/system/packages.nix") (libs.root "/home/asakiyuki/configuration.nix") + (libs.root "/home/junko/configuration.nix") + (libs.root "/options/system/default.nix") ]; - - environment.systemPackages = with pkgs; [ - git - vim - ]; - - users.users.junko = { - isNormalUser = true; - }; - - services = { - - fail2ban = { - enable = true; - ignoreIP = [ - "192.168.0.0/16" - ]; - }; - - cloudflare-dyndns = { - enable = true; - apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY"; - frequency = "*:0/5"; - proxied = true; - ipv6 = false; - ipv4 = true; - deleteMissing = false; - domains = [ "ddns.asakiyuki.com" ]; - }; - - openssh = { - enable = true; - ports = [ 15523 ]; - authorizedKeysInHomedir = true; - authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ]; - settings = { - AllowUsers = [ - "asakiyuki" - "junko" - ]; - PasswordAuthentication = true; - KbdInteractiveAuthentication = false; - AllowAgentForwarding = false; - AllowStreamLocalForwarding = false; - X11Forwarding = false; - PermitRootLogin = "no"; - }; - }; - }; - - networking = { - useDHCP = false; - networkmanager.enable = true; - defaultGateway = "192.168.1.1"; - nameservers = [ - "8.8.8.8" - "1.1.1.1" - ]; - - interfaces = { - enp1s0 = { - useDHCP = false; - - ipv4.addresses = [ - { - address = "192.168.1.100"; - prefixLength = 24; - } - ]; - - ipv6.addresses = [ - { - address = "2402:800:62d0:1c26:abcd:1234:5678:9abc"; - prefixLength = 64; - } - ]; - }; - }; - - firewall = { - enable = true; - allowedUDPPorts = [ - 53 - 34778 - ]; - allowedTCPPorts = [ - 80 - 443 - 18581 - 8443 - 15523 - 53 - 583 - 25565 - ]; - }; - }; } diff --git a/host/server/networking.nix b/host/server/networking.nix new file mode 100644 index 0000000..6dd4bfb --- /dev/null +++ b/host/server/networking.nix @@ -0,0 +1,50 @@ +{ ... }: +{ + networking = { + firewall = { + enable = true; + allowedUDPPorts = [ + 53 + 34778 + ]; + allowedTCPPorts = [ + 80 + 443 + 18581 + 8443 + 15523 + 53 + 583 + 25565 + ]; + }; + + useDHCP = false; + networkmanager.enable = true; + + defaultGateway = "192.168.1.1"; + nameservers = [ + "8.8.8.8" + "1.1.1.1" + ]; + + interfaces = { + enp1s0 = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.1.100"; + prefixLength = 24; + } + ]; + + ipv6.addresses = [ + { + address = "2402:800:62d0:1c26:abcd:1234:5678:9abc"; + prefixLength = 64; + } + ]; + }; + }; + }; +} diff --git a/host/server/service.nix b/host/server/service.nix deleted file mode 100644 index b701053..0000000 --- a/host/server/service.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ libs, ... }: [ - imports = [ - (libs.root "/modules/services/adguardhome.nix") - ]; -] \ No newline at end of file diff --git a/host/server/services.nix b/host/server/services.nix new file mode 100644 index 0000000..8bb1137 --- /dev/null +++ b/host/server/services.nix @@ -0,0 +1,9 @@ +{ libs, ... }: +{ + imports = [ + (libs.root "/modules/services/adguardhome.nix") + (libs.root "/modules/services/cloudflare-dyndns.nix") + (libs.root "/modules/services/fail2ban.nix") + (libs.root "/modules/services/openssh.nix") + ]; +} diff --git a/modules/services/cloudflare-dyndns.nix b/modules/services/cloudflare-dyndns.nix new file mode 100644 index 0000000..76d36d2 --- /dev/null +++ b/modules/services/cloudflare-dyndns.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + services.cloudflare-dyndns = { + enable = true; + apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY"; + frequency = "*:0/5"; + proxied = true; + ipv6 = false; + ipv4 = true; + deleteMissing = false; + domains = [ "ddns.asakiyuki.com" ]; + }; +} diff --git a/modules/services/fail2ban.nix b/modules/services/fail2ban.nix new file mode 100644 index 0000000..e5847a1 --- /dev/null +++ b/modules/services/fail2ban.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + security.fail2ban = { + enable = true; + ignoreIP = [ + "192.168.0.0/16" + ]; + }; +} diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix new file mode 100644 index 0000000..ea30230 --- /dev/null +++ b/modules/services/openssh.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + services.openssh = { + enable = true; + ports = [ 15523 ]; + authorizedKeysInHomedir = true; + authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ]; + settings = { + AllowUsers = [ + "asakiyuki" + "junko" + ]; + PasswordAuthentication = true; + KbdInteractiveAuthentication = false; + AllowAgentForwarding = false; + AllowStreamLocalForwarding = false; + X11Forwarding = false; + PermitRootLogin = "no"; + }; + }; +} diff --git a/modules/services/pipewire.nix b/modules/services/pipewire.nix index 0295aac..95f8f8f 100644 --- a/modules/services/pipewire.nix +++ b/modules/services/pipewire.nix @@ -1,6 +1,7 @@ -{ ... }: { - services.pipewire = { - enable = true; - pulse.enable = true; - }; -} \ No newline at end of file +{ ... }: +{ + services.pipewire = { + enable = true; + pulse.enable = true; + }; +}