diff --git a/machine/vps/configuration.nix b/machine/vps/configuration.nix new file mode 100644 index 0000000..cdb3bf1 --- /dev/null +++ b/machine/vps/configuration.nix @@ -0,0 +1,136 @@ +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + /etc/nixos/hardware-configuration.nix + ../../configs/common.nix + ../../configs/virtualisation.nix + (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master") + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.hostName = "vps"; # Define your hostname. + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + services.vscode-server.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users = { + defaultUserShell = pkgs.zsh; + + users.alex = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; + }; + }; + + programs.zsh = { + enable = true; + + enableCompletion = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + + ohMyZsh = { + enable = true; + theme = "agnoster"; + plugins = [ + "cp" + "common-aliases" + "docker " + "systemd" + "wd" + "kubectl" + "git" + ]; + }; + }; + + + # List packages installed in system profile. To search, run: + environment.systemPackages = with pkgs; [ + docker-compose + glances + htop + git + nodejs + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + security.acme.email = "webmaster@szczepan.ski"; + security.acme.acceptTerms = true; + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + "szczepan.ski" = { + forceSSL = true; + enableACME = true; + #root = "/var/www/myhost.org"; + }; + "nextcloud.szczepan.ski" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:8080/"; + extraConfig = '' + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + ''; + }; + "/.well-known/carddav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + "/.well-known/caldav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + }; + }; + }; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + +} +