{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./data/secrets/secrets.nix ../../common/services/ssh.nix ../../common/services/tailscale.nix ../../common/users.nix ./services/acme.nix ./services/coturn.nix ./services/nginx.nix ./services/restic.nix ./services/synapse.nix ./services/postgres.nix #./services/mail.nix #./services/containers.nix #./services/redis.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; boot.kernelPackages = pkgs.linuxPackages_5_10; networking = { hostName = "grondahl"; useDHCP = false; interfaces = { "ens3" = { ipv4.addresses = [ { address = "107.189.30.157"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2605:6400:30:ef32::1"; prefixLength = 48; } ]; }; }; defaultGateway = "107.189.30.1"; defaultGateway6 = { address = "2605:6400:30::1"; interface = "ens3"; }; nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; }; time.timeZone = "Europe/Copenhagen"; security.sudo.wheelNeedsPassword = false; nix.settings = { auto-optimise-store = true; trusted-users = [ "root" "@wheel" ]; }; users.groups.acme.members = [ "nginx" "turnserver" ]; users.groups.backup.members = [ "matrix-synapse" "postgres" ]; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim wget htop iotop dig ]; networking.firewall = { enable = true; checkReversePaths = "loose"; trustedInterfaces = [ "tailscale0" ]; allowedUDPPorts = [ config.services.tailscale.port ]; allowedTCPPorts = [ 22 80 443 ]; allowedTCPPortRanges = [ { from = 3478; to = 3479; } { from = 5349; to = 5350; } ]; allowedUDPPortRanges = [ { from = 3478; to = 3479; } { from = 5349; to = 5350; } { from = 49152; to = 49999; } ]; }; system.stateVersion = "21.05"; }