server-configuration.nix · by gayfamicom.lol

gayfamicom.lol / server-configuration.nix
personal nixos configuration file for my server waow
server-configuration.nix edited 7w ago
135 lines 3.2 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3{
  4  imports =
  5    [ 
  6      ./hardware-configuration.nix
  7    ];
  8  
  9  boot.loader = { 
 10        systemd-boot.enable = true;
 11        efi.canTouchEfiVariables = true;
 12  };
 13
 14  networking = { 
 15        hostName = "mercury"; 
 16        networkmanager.enable = true;
 17
 18        firewall.allowedTCPPorts = [ 22 80 443 8080 8443 ];
 19  };
 20  
 21  time.timeZone = "America/Los_Angeles";
 22
 23  fileSystems."/storage" = {
 24                device = "/dev/disk/by-label/storage";
 25  };
 26  
 27  users.users.cybr = {
 28     isNormalUser = true;
 29     extraGroups = [ "wheel" "podman" ];
 30     packages = with pkgs; [
 31       tree
 32       fastfetch
 33       podman-compose
 34     ];
 35   };
 36
 37  programs.nix-ld = {
 38        enable = true;
 39        libraries = with pkgs; [
 40  
 41        ];
 42  };
 43
 44  environment.systemPackages = with pkgs; [
 45     micro
 46     wget
 47     curl
 48     zulu
 49     go
 50     python3
 51     nodejs
 52     screen
 53     gnumake
 54     bun
 55     btop
 56     sqlite
 57     git
 58     deno
 59     cargo
 60  ];
 61
 62  systemd = { 
 63        timers = { 
 64                "markov-bot" = {
 65                wantedBy = [ "timers.target" ];
 66                timerConfig = {
 67                        OnCalendar = "hourly";
 68                        Persistent = true; 
 69                        Unit = "markov-bot.service";
 70                };
 71        };
 72        "pds-backup" = {
 73                wantedBy = [ "timers.target" ];
 74                timerConfig = {
 75                        OnCalendar = "*-*-* 04:00:00";
 76                        Persistent = true; 
 77                Unit = "pds-backup.service";
 78                };
 79        };
 80        };
 81        services = {
 82                "markov-bot" = {
 83                serviceConfig = {
 84                        Type = "simple";
 85                        User = "cybr";
 86                        WorkingDirectory = "/home/cybr/markov";
 87                        ExecStart = "/home/cybr/markov/post.sh"; # sorry ur not getting dis script
 88                };
 89        };
 90        "pds-backup" = {
 91                serviceConfig = {
 92                        Type = "simple";
 93                        User = "cybr";
 94                        WorkingDirectory = "/home/cybr/pds";
 95                        ExecStart = "/home/cybr/pds/backup.sh"; # get the script here -> https://tangled.org/strings/did:web:gayfamicom.lol/3mdr2aehdrf22
 96                };
 97        };
 98        };
 99  };
100  services = {
101        openssh = {
102                enable = true;
103                settings = {
104                        PasswordAuthentication = false;
105                        KbdInteractiveAuthentication = false;
106                        PermitRootLogin = "no";
107                        AllowUsers = [ "cybr" ];
108                };
109        }; 
110        fail2ban = {
111                enable = true;
112                maxretry = 5;
113
114                bantime = "48h";
115        };
116        caddy = { 
117                enable = true;
118                configFile = ./Caddyfile;
119        };
120        postgresql.enable = true;
121  };
122  virtualisation = {
123    containers.enable = true;
124    podman = {
125      enable = true;
126      dockerCompat = true;
127      defaultNetwork.settings.dns_enabled = true;
128    };
129  };
130
131  system = { 
132        copySystemConfiguration = true;
133        stateVersion = "25.11";
134  };
135}