{ self, ... }@inputs: { modulesPath, lib, ... }: # let # pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; # in { imports = [ "${modulesPath}/profiles/qemu-guest.nix" ../../users/root ../../users/erwin ]; eboskma = { users.erwin = { enable = true; server = true; }; headscale = { enable = false; baseDomain = "asgard.datarift.nl"; serverUrl = "https://heimdall.datarift.nl"; }; keycloak.enable = true; nix-common = { enable = true; }; }; networking = { hostName = "heimdall"; domain = "datarift.nl"; nameservers = [ "8.8.8.8" ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; dhcpcd.enable = false; usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { ipv4.addresses = [ { address = "159.69.211.175"; prefixLength = 32; } ]; ipv6.addresses = [ { address = "2a01:4f8:1c1e:5fb2::1"; prefixLength = 64; } { address = "fe80::9400:2ff:fe12:a2eb"; prefixLength = 64; } ]; ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; }; }; }; ### Hetzner stuff boot = { tmp.cleanOnBoot = true; loader.grub.device = "/dev/sda"; initrd = { availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; kernelModules = [ "nvme" ]; }; }; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; zramSwap.enable = true; ### END Hetzner stuff time.timeZone = "Europe/Amsterdam"; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; services = { udev.extraRules = '' ATTR{address}=="96:00:02:12:a2:eb", NAME="eth0" ''; openssh = { enable = true; settings = { PasswordAuthentication = false; }; }; tailscale = { enable = true; permitCertUid = "caddy"; }; caddy = { virtualHosts = { "datarift.nl" = { extraConfig = '' @webfinger-erwin { path /.well-known/webfinger query resource=acct:erwin@datarift.nl } respond @webfinger-erwin 200 { body `{"subject":"acct:erwin@datarift.nl","links":[{"rel":"http://openid.net/specs/connect/1.0/issuer","href":"https://id.datarift.nl/realms/datarift"}]}` close } ''; }; }; }; }; security.apparmor = { enable = true; killUnconfinedConfinables = true; }; security.protectKernelImage = true; sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { keycloak-db-password = { }; }; system.stateVersion = "23.05"; }