diff --git a/devices/home-server/configuration.nix b/devices/home-server/configuration.nix index dc1615b..5cbd3e5 100644 --- a/devices/home-server/configuration.nix +++ b/devices/home-server/configuration.nix @@ -1,116 +1,15 @@ -{ pkgs, ... }: +{ pkgs, libs, ... }: { - imports = [ ./hardware-configuration.nix ]; + imports = [ + ./hardware-configuration.nix + (libs.root "/host/server/default.nix") + ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; - environment.systemPackages = with pkgs; [ - git - vim - ]; - - users.users.junko = { - isNormalUser = true; - }; - - users.users.asakiyuki = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - - services = { - adguardhome = { - enable = true; - port = 34778; - openFirewall = true; - }; - - fail2ban = { - enable = true; - ignoreIP = [ - "192.168.0.0/16" - ]; - }; - - cloudflare-dyndns = { - enable = true; - apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY"; - frequency = "*:0/5"; - proxied = true; - ipv6 = false; - ipv4 = true; - deleteMissing = false; - domains = [ "ddns.asakiyuki.com" ]; - }; - - openssh = { - enable = true; - ports = [ 15523 ]; - authorizedKeysInHomedir = true; - authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ]; - settings = { - AllowUsers = [ - "asakiyuki" - "junko" - ]; - PasswordAuthentication = true; - KbdInteractiveAuthentication = false; - AllowAgentForwarding = false; - AllowStreamLocalForwarding = false; - X11Forwarding = false; - PermitRootLogin = "no"; - }; - }; - }; - - networking = { - useDHCP = false; - networkmanager.enable = true; - defaultGateway = "192.168.1.1"; - nameservers = [ - "8.8.8.8" - "1.1.1.1" - ]; - - interfaces = { - enp1s0 = { - useDHCP = false; - - ipv4.addresses = [ - { - address = "192.168.1.100"; - prefixLength = 24; - } - ]; - - ipv6.addresses = [ - { - address = "2402:800:62d0:1c26:abcd:1234:5678:9abc"; - prefixLength = 64; - } - ]; - }; - }; - - firewall = { - enable = true; - allowedUDPPorts = [ - 53 - 34778 - ]; - allowedTCPPorts = [ - 15523 - 53 - 8443 - 583 - 25565 - ]; - }; - }; - nixpkgs.config.allowUnfree = true; boot.loader.systemd-boot.enable = true; diff --git a/host/server/default.nix b/host/server/default.nix index facb35d..cee9119 100644 --- a/host/server/default.nix +++ b/host/server/default.nix @@ -1,4 +1,110 @@ -{ ... }: +{ libs, ... }: { + imports = [ + (libs.root "/home/asakiyuki/configuration.nix") + ]; + environment.systemPackages = with pkgs; [ + git + vim + ]; + + users.users.junko = { + isNormalUser = true; + }; + + users.users.asakiyuki = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + services = { + adguardhome = { + enable = true; + port = 34778; + openFirewall = true; + }; + + fail2ban = { + enable = true; + ignoreIP = [ + "192.168.0.0/16" + ]; + }; + + cloudflare-dyndns = { + enable = true; + apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY"; + frequency = "*:0/5"; + proxied = true; + ipv6 = false; + ipv4 = true; + deleteMissing = false; + domains = [ "ddns.asakiyuki.com" ]; + }; + + openssh = { + enable = true; + ports = [ 15523 ]; + authorizedKeysInHomedir = true; + authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ]; + settings = { + AllowUsers = [ + "asakiyuki" + "junko" + ]; + PasswordAuthentication = true; + KbdInteractiveAuthentication = false; + AllowAgentForwarding = false; + AllowStreamLocalForwarding = false; + X11Forwarding = false; + PermitRootLogin = "no"; + }; + }; + }; + + networking = { + useDHCP = false; + networkmanager.enable = true; + defaultGateway = "192.168.1.1"; + nameservers = [ + "8.8.8.8" + "1.1.1.1" + ]; + + interfaces = { + enp1s0 = { + useDHCP = false; + + ipv4.addresses = [ + { + address = "192.168.1.100"; + prefixLength = 24; + } + ]; + + ipv6.addresses = [ + { + address = "2402:800:62d0:1c26:abcd:1234:5678:9abc"; + prefixLength = 64; + } + ]; + }; + }; + + firewall = { + enable = true; + allowedUDPPorts = [ + 53 + 34778 + ]; + allowedTCPPorts = [ + 15523 + 53 + 8443 + 583 + 25565 + ]; + }; + }; }