prepared the new vps

2025-04-26 08:28:31 +02:00 · 2023-04-12 17:21:24 +02:00 · 2023-04-12 17:21:24 +02:00 · 1cd25fb778
commit 1cd25fb778
parent 534dba6dbe
5 changed files with 102 additions and 3 deletions
--- a/hosts/falkenstein-1/default.nix
+++ b/hosts/falkenstein-1/default.nix
@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+{
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./modules/networks
+      ./modules/nginx
+    ];
+
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        version = 2;
+        efiSupport = true;
+        efiInstallAsRemovable = true;
+        device = "/dev/sda";
+      };
+      efi.efiSysMountPoint = "/boot/efi";
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+    #tmpOnTmpfs = true;
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    keyMap = "dvorak";
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    htop-vim
+  ];
+  programs.git = {
+    enable = true;
+    config = {
+      user.name = "Rouven Seifert";
+      user.email = "rouven@rfive.de";
+    };
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    #../../keys/ssh/rouven-thinkpad
+    ../../keys/ssh/rouven-pixel
+    ../../keys/ssh/rouven-smartcard
+  ];
+
+  system.stateVersion = "22.11";
+
+}
+
--- a/hosts/falkenstein-1/modules/networks/default.nix
+++ b/hosts/falkenstein-1/modules/networks/default.nix
@ -0,0 +1,21 @@
+{ config, ... }:
+{
+  networking = {
+    hostName = "nuc";
+    useNetworkd = true;
+    enableIPv6 = true;
+  };
+  systemd.network = {
+    enable = true;
+    networks."10-loopback" = {
+      matchConfig.Name = "lo";
+      linkConfig.RequiredForOnline = false;
+    };
+    networks."10-wired" = {
+      matchConfig.Name = "ens3";
+      networkConfig = {
+        DHCP = "yes";
+      };
+    };
+  };
+}
--- a/hosts/falkenstein-1/modules/nginx/default.nix
+++ b/hosts/falkenstein-1/modules/nginx/default.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.nginx.enable = true;
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "rouven@rfive.de";
+    };
+  };
+}