From deba8c91eb4892c31864c7d03506eb70cae1baff Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Fri, 19 Mar 2021 22:53:25 +0100
Subject: migrating chaski config

---
 hosts/chaski/configuration.nix | 81 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 hosts/chaski/configuration.nix

(limited to 'hosts/chaski/configuration.nix')

diff --git a/hosts/chaski/configuration.nix b/hosts/chaski/configuration.nix
new file mode 100644
index 0000000..6aa24bc
--- /dev/null
+++ b/hosts/chaski/configuration.nix
@@ -0,0 +1,81 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./services/coturn.nix
+      ./services/cgit.nix
+    ];
+
+  hexchen.deploy = {
+    ssh.host = "chaski";
+  };
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+
+  networking.hostName = "chaski"; # Define your hostname.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.ens10.useDHCP = true;
+  networking.interfaces.ens3.useDHCP = true;
+
+  environment.systemPackages = with pkgs; [
+    wget curl htop iftop vim git
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+
+  boot.loader.grub.devices = [ "/dev/sda" ];
+  # Initial empty root password for easy login:
+  users.users.root.initialHashedPassword = "";
+  services.openssh.permitRootLogin = "prohibit-password";
+  services.openssh.enable = true;
+  # Replace this by your SSH pubkey
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw=="
+  ];
+
+  users.users.git = {
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
+    home = "/var/git";
+    isNormalUser = true;
+  };
+
+  security.sudo.enable = false;
+
+  security.acme = {
+    acceptTerms = true;
+    email = "stuebinm@disroot.org";
+  };
+
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."stuebinm.eu" = {
+      forceSSL = true;
+      enableACME = true;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 442 ];
+}
+
-- 
cgit v1.2.3