nixos/dafoe/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').

{ config, pkgs, lib, inputs, ... }:
{
  imports =
    [
      ./hardware-configuration.nix
      ./services
      ./programs
    ];

  # enable flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";

  networking.hostName = "dafoe"; # Define your hostname.

  # open ports for servers
  networking.firewall.allowedTCPPorts = [ 22 80 443 631 8096 8920 ];
  networking.firewall.allowedUDPPorts = [ 22 80 443 631 1900 7359 ];

  # static ipv6 (hetzner cant manage ipv6 via dhcp)
  networking.interfaces = {
    ens3.ipv6.addresses = [{ 
      address = "2a01:4f8:1c1e:83ae::";
      prefixLength = 64;
    }];
  };
  networking.defaultGateway6 = {
    address = "fe80::1";
    interface = "ens3";
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Define a user account. Don't forget to set a password with 'passwd'.
  users.users.leonv = {     
    isNormalUser = true;
    initialPassword = "leonv";
    extraGroups = [ "wheel" "nginx" ]; # Enable 'sudo' for the user.
    packages = with pkgs; [
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@gunther"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@absol"
    ];
   };
  users.defaultUserShell = pkgs.zsh;

  # List packages installed in system profile.
  environment.systemPackages = with pkgs; [
    wget
    zsh
    oh-my-zsh
    restic
    # for hugo website
    hugo
    go
  ];
  environment.variables = {
    EDITOR = "vim";

    # bitwarden key
    YUBICO_CLIENT_ID = "${../nix-secrets/dafoe/vaultwarden/yubico-id}";
    YUBICO_SECRET_KEY = "${../nix-secrets/dafoe/vaultwarden/yubico-secret}";
  };
  environment.shells = [ pkgs.zsh ];

  programs.git = {
    enable = true;
    lfs.enable = true;
    config = {
      init = {
        defaultBranch = "main";
      };
      commit = {
        gpgsign = true;
      };
      gpg = {
        format = "ssh";
      };
      user = {
        email = "leon.vatthauer@fau.de";
        name = "Leon Vatthauer";
        signingkey = "~/git";
      };
    };
  };

  system.stateVersion = "23.11"; # Did you read the comment?
}
added dafoe 2024-05-08 11:03:22 +02:00			`# Edit this configuration file to define what should be installed on`
			`# your system. Help is available in the configuration.nix(5) man page`
			`# and in the NixOS manual (accessible by running 'nixos-help').`

			`{ config, pkgs, lib, inputs, ... }:`
			`{`
			`imports =`
			`[`
			`./hardware-configuration.nix`
			`./services`
			`./programs`
			`];`

			`# enable flakes`
			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`

			`# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)`
			`boot.loader.grub.enable = true;`
			`boot.loader.grub.device = "/dev/sda";`

			`networking.hostName = "dafoe"; # Define your hostname.`
static ipv6 2024-05-08 16:35:56 +02:00
			`# open ports for servers`
added dafoe 2024-05-08 11:03:22 +02:00			`networking.firewall.allowedTCPPorts = [ 22 80 443 631 8096 8920 ];`
			`networking.firewall.allowedUDPPorts = [ 22 80 443 631 1900 7359 ];`

static ipv6 2024-05-08 16:35:56 +02:00			`# static ipv6 (hetzner cant manage ipv6 via dhcp)`
			`networking.interfaces = {`
			`ens3.ipv6.addresses = [{`
			`address = "2a01:4f8:1c1e:83ae::";`
			`prefixLength = 64;`
			`}];`
			`};`
			`networking.defaultGateway6 = {`
			`address = "fe80::1";`
			`interface = "ens3";`
			`};`

added dafoe 2024-05-08 11:03:22 +02:00			`# Set your time zone.`
			`time.timeZone = "Europe/Berlin";`

			`# Define a user account. Don't forget to set a password with 'passwd'.`
			`users.users.leonv = {`
			`isNormalUser = true;`
			`initialPassword = "leonv";`
rename vaultwarden 2024-05-08 12:20:42 +02:00			`extraGroups = [ "wheel" "nginx" ]; # Enable 'sudo' for the user.`
added dafoe 2024-05-08 11:03:22 +02:00			`packages = with pkgs; [`
			`];`
ssh update 2024-08-30 21:45:11 +02:00			`openssh.authorizedKeys.keys = [`
hard code ssh keys 2024-08-30 22:00:16 +02:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@gunther"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@absol"`
ssh update 2024-08-30 21:45:11 +02:00			`];`
added dafoe 2024-05-08 11:03:22 +02:00			`};`
			`users.defaultUserShell = pkgs.zsh;`

			`# List packages installed in system profile.`
			`environment.systemPackages = with pkgs; [`
			`wget`
			`zsh`
			`oh-my-zsh`
			`restic`
			`# for hugo website`
			`hugo`
			`go`
			`];`
			`environment.variables = {`
			`EDITOR = "vim";`

			`# bitwarden key`
add nextcloud 2024-05-29 08:27:05 +02:00			`YUBICO_CLIENT_ID = "${../nix-secrets/dafoe/vaultwarden/yubico-id}";`
			`YUBICO_SECRET_KEY = "${../nix-secrets/dafoe/vaultwarden/yubico-secret}";`
added dafoe 2024-05-08 11:03:22 +02:00			`};`
			`environment.shells = [ pkgs.zsh ];`

			`programs.git = {`
			`enable = true;`
			`lfs.enable = true;`
			`config = {`
			`init = {`
			`defaultBranch = "main";`
			`};`
			`commit = {`
			`gpgsign = true;`
			`};`
			`gpg = {`
			`format = "ssh";`
			`};`
			`user = {`
			`email = "leon.vatthauer@fau.de";`
			`name = "Leon Vatthauer";`
update ssh location 2024-10-16 11:20:54 +02:00			`signingkey = "~/git";`
added dafoe 2024-05-08 11:03:22 +02:00			`};`
			`};`
			`};`

			`system.stateVersion = "23.11"; # Did you read the comment?`
			`}`