toph/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/systems/x86_64-linux/europium/default.nix
Christopher Mühl 786af32daf
Publish my config 
This is the result of ~100 commits to my NixOS config. Since I haven't
always used `agenix-rekey`, this is another initial commit so that none
of the secrets in my git history are leaked
2025-07-30 23:36:39 +02:00

91 lines
2 KiB
Nix
Raw Blame History

# ++ 63_Eu: Europium
#
# Hosted VPS used primarily as an email server
{pkgs, ...}: {
imports = [./hardware.nix];
system.stateVersion = "23.11";
elements = {
hostname = "europium";
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAzw6hzrX3zDJAiMfhVpU+t1xr9C2PxJ9rf4HUfRzTiU";
needs = {
compose = {
rekeyFile = "stalwart-compose.yaml.age";
path = "/opt/stalwart/compose.yaml";
symlink = false;
mode = "0644";
};
stalwart = {
rekeyFile = "stalwart-config.toml.age";
path = "/opt/stalwart/stalwart/etc/config.toml";
symlink = false;
mode = "0644";
};
traefik = {
rekeyFile = "stalwart-traefik.yml.age";
path = "/opt/stalwart/loadbalancer/traefik.yml";
symlink = false;
mode = "0644";
};
};
};
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
# Used to generate a FQDN in the internal contabo network
networking = {
domain = "contaboserver.net";
firewall = {
enable = true;
allowedTCPPorts = [
# ssh
22
# http + https
80
443
# stalwart ports
143
993
587
465
110
995
4190
];
};
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOJO3cs5ldXTibguhJQKwopdssnfGwwIHS5vyOQTvzbm christopher@cobalt"];
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
vim
];
system.activationScripts = {
dockerNetwork = {
text = ''
# Don't fail in case the network can't be created (in case it already exists)
${pkgs.docker}/bin/docker network create traefik-proxy || true
'';
};
};
users.users.stalwart = {
home = "/opt/stalwart";
isSystemUser = true;
group = "stalwart";
extraGroups = ["docker"];
};
users.groups.stalwart = {};
}
Reference in a new issue View git blame Copy permalink