katja's git: nixfiles

ctucx' nixfiles

path: /nodes/rabbit/default.nix 2.08 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 {

  system          = "x86_64-linux";

  sshPubKey       = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFpItlMyMEepKhAGd2+jfXbyyvaoUi9fQmRKCJMnox70 root@nixos";

  mainInterface   = "ens3";

  ip4IsPrivate    = false;
  ip4Address      = "152.89.106.158";
  ip4PrefixLength = 22;
  defaultGateway4 = "152.89.104.1";

  ip6IsPrivate    = false;
  ip6Address      = "2a03:4000:39:e9a::1";
  ip6PrefixLength = 64;
  defaultGateway6 = "fe80::1";

  configuration = { config, node, secrets, dnsNix, ctucxConfig, ... }: {

    imports = [
      ./hardware-configuration.nix

      ctucxConfig.services.prometheus-exporters
      ctucxConfig.services.dns-server

      # monitoring
      ctucxConfig.websites."prometheus.infra.katja.wtf"
      ctucxConfig.websites."grafana.infra.katja.wtf"

      # website / webservices
      ctucxConfig.websites."katja.wtf"
      ctucxConfig.websites."oeffi.katja.wtf"
      ctucxConfig.websites."things.katja.wtf"
      ctucxConfig.websites."bikemap.katja.wtf" # depends on git

      # git server (gitolite+stagit)
      ctucxConfig.websites."git.katja.wtf"

      # cal-/card-dav server (radicale)
      ctucxConfig.websites."dav.katja.wtf"

      # password-store (vaultwarden)
      ctucxConfig.websites."vault.katja.wtf"

      # mailserver
      ctucxConfig.services.mailserver

      # fediverse server (gotosocial)
      ctucxConfig.websites."fedi.ctu.cx"

      # matrix server (grapevine)
      ctucxConfig.websites."matrix.ctu.cx"

      # matrix-bridges
      ctucxConfig.services.matrixBridges.mautrix-signal
      ctucxConfig.services.matrixBridges.mautrix-whatsapp
      ctucxConfig.services.matrixBridges.mautrix-telegram
    ];

    home-manager.users.katja.imports = [];

    age.secrets.resticServerBriefkasten.file = secrets.allNodes.resticServer.briefkasten;
    age.secrets.resticServerWanderduene.file = secrets.allNodes.resticServer.wanderduene;

    systemd.network.networks."5-mainInterface".enable = true;

    services.ntfysh-notify.enable = true;

    system.stateVersion = "24.11"; # Did you read the comment?
    home-manager.users.katja.home.stateVersion = "24.11";

  };

}