nixos/modules/server/default.nix

53 lines
1.5 KiB
Nix
Raw Normal View History

2024-10-01 09:46:18 +04:00
{ config, lib, ... }:
with lib;
let cfg = config.void.server;
2024-04-03 16:50:45 +04:00
in {
imports = [
./dns
./nginx.nix
./services
./postgresql.nix
./redis.nix
./fail2ban.nix
2025-01-01 16:20:55 +04:00
./media
2025-01-01 18:44:37 +04:00
./fedi
2025-01-01 23:55:56 +04:00
./ddns.nix
2025-01-02 13:08:10 +04:00
./ddclient.nix
];
2024-04-03 16:50:45 +04:00
2024-12-31 16:40:35 +04:00
options.void.server = { isServer = mkEnableOption false; };
2024-04-03 16:50:45 +04:00
config = mkIf cfg.isServer {
# we need this if you say otherwise ill throw you
# into a wall
services.openssh = {
enable = true;
2024-12-31 16:42:56 +04:00
ports = [ 69 ];
2024-12-31 16:49:36 +04:00
openFirewall = true;
2024-04-03 16:50:45 +04:00
settings = {
# disable this NEVER enable it
2024-12-31 17:53:31 +04:00
# PermitRootLogin = "no";
2024-04-03 16:50:45 +04:00
# its so easy to use keys your grandmother could use it
PasswordAuthentication = false;
};
};
2024-10-01 09:46:18 +04:00
users.users.sako.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPGAwG2Fqs3xNF/6/9GdznH/jUIqxW3aTYvmteuq9odZ sako@sakotop"
2024-12-12 16:48:14 +04:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDjPSt4TykAJgafU9Trk7sr9wzXhBZxawDIZir0CPyDN sako@sakopc"
2025-01-01 03:02:51 +04:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKprOJ+vtqUL8QQNjRDfIEG7uDPLsxYCpRQoq9blsAvW sakophone"
2024-10-01 09:46:18 +04:00
];
2024-12-31 17:53:31 +04:00
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPGAwG2Fqs3xNF/6/9GdznH/jUIqxW3aTYvmteuq9odZ sako@sakotop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDjPSt4TykAJgafU9Trk7sr9wzXhBZxawDIZir0CPyDN sako@sakopc"
];
2024-12-31 19:15:07 +04:00
services.logrotate.enable = true;
# anything can be a server, even a laptop
# any say against this is a lie and propaganda
services.logind.lidSwitch = "ignore";
2024-04-03 16:50:45 +04:00
};
2023-07-30 20:54:50 +04:00
}