55 lines
No EOL
1.4 KiB
Nix
55 lines
No EOL
1.4 KiB
Nix
{ lib, modulesPath, enableSSL, user, pkgs, ... }:
|
|
|
|
{
|
|
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
|
|
(modulesPath + "/virtualisation/digital-ocean-config.nix")
|
|
#./hardware-configuration.nix
|
|
# Remember to update for new instances
|
|
#./networking.nix # generated at runtime by nixos-infect
|
|
|
|
# root gets managed by digital-ocean-config for us
|
|
# but we want to override some things and let user login
|
|
./modules/ssh.nix
|
|
#./modules/headscale.nix
|
|
./modules/tailscale.nix
|
|
|
|
./hosts/git.elnu.com
|
|
#./hosts/jichan.org
|
|
#./hosts/tegakituesday.com
|
|
./hosts/atlantapaversinc.com
|
|
];
|
|
fileSystems."/mnt/data" = { device = "/dev/sda"; fsType = "ext4"; };
|
|
|
|
programs.git.enable = true;
|
|
environment.systemPackages = with pkgs; [
|
|
hugo
|
|
];
|
|
|
|
networking = {
|
|
# May cause some issues
|
|
#networkmanager.enable = lib.mkForce false;
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "elnu@elnu.com";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
user = "forgejo"; # prevent 403 Forbidden error
|
|
virtualHosts."default" = {
|
|
default = true;
|
|
rejectSSL = true;
|
|
serverName = null;
|
|
# https://stackoverflow.com/a/42802777
|
|
locations."/".return = "444";
|
|
};
|
|
};
|
|
|
|
#services.do-agent.enable = true;
|
|
} |