add server configurations

2026-04-13 10:41:13 +07:00 · 2026-04-13 10:41:13 +07:00 · a442768eac
commit a442768eac
parent 6f07cf2b90
3 changed files with 158 additions and 1 deletions
--- a/devices/home-server/configuration.nix
+++ b/devices/home-server/configuration.nix
@ -0,0 +1,107 @@
+{ ... }:
+{
+  imports = [ ./hardware-configuration.nix ];
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  services = {
+    adguardhome = {
+      enable = true;
+      port = 34778;
+      openFirewall = true;
+    };
+
+    fail2ban = {
+      enable = true;
+      ignoreIP = [
+        "192.168.0.0/16"
+      ];
+    };
+
+    cloudflare-dyndns = {
+      enable = true;
+      apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY";
+      frequency = "*:0/5";
+      proxied = true;
+      ipv6 = false;
+      ipv4 = true;
+      deleteMissing = false;
+      domains = [ "ddns.asakiyuki.com" ];
+    };
+
+    openssh = {
+      enable = true;
+      ports = [ 15523 ];
+      authorizedKeysInHomedir = true;
+      authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ];
+      settings = {
+        AllowUsers = [
+          "asakiyuki"
+          "junko"
+        ];
+        PasswordAuthentication = true;
+        KbdInteractiveAuthentication = false;
+        AllowAgentForwarding = false;
+        AllowStreamLocalForwarding = false;
+        X11Forwarding = false;
+        PermitRootLogin = "no";
+      };
+    };
+  };
+
+  networking = {
+    useDHCP = false;
+    networkmanager.enable = true;
+    defaultGateway = "192.168.1.1";
+    nameservers = [
+      "8.8.8.8"
+      "1.1.1.1"
+    ];
+
+    interfaces = {
+      enp1s0 = {
+        useDHCP = false;
+
+        ipv4.addresses = [
+          {
+            address = "192.168.1.100";
+            prefixLength = 24;
+          }
+        ];
+
+        ipv6.addresses = [
+          {
+            address = "2402:800:62d0:1c26:abcd:1234:5678:9abc";
+            prefixLength = 64;
+          }
+        ];
+      };
+    };
+
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [
+        53
+        34778
+      ];
+      allowedTCPPorts = [
+        15523
+        53
+        8443
+        583
+        25565
+      ];
+    };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  time.timeZone = "Asia/Ho_Chi_Minh";
+  system.stateVersion = "25.11";
+}
--- a/devices/home-server/hardware-configuration.nix
+++ b/devices/home-server/hardware-configuration.nix
@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/16cfcdf6-15bb-4b63-835f-044867999510";
+      fsType = "ext4";
+    };
+    "/home/asakiyuki/HOST" = {
+      device = "/dev/disk/by-uuid/414e2a24-605f-47c3-a325-8db8a4934329";
+      fsType = "ext4";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/cfa7f30f-f08a-4400-babe-41357586a6a0"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}