{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./data/secrets/secrets.nix ../../common/services/ssh.nix ./services/acme.nix ./services/coturn.nix ./services/nginx.nix ./services/restic.nix ./services/synapse.nix ./services/postgres.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; boot.kernelPackages = pkgs.linuxPackages_5_10; networking = { hostName = "grondahl"; useDHCP = false; interfaces = { "ens3" = { ipv4.addresses = [ { address = "107.189.30.157"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2605:6400:30:ef32::1"; prefixLength = 48; } ]; }; }; defaultGateway = "107.189.30.1"; defaultGateway6 = { address = "2605:6400:30::1"; interface = "ens3"; }; nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; }; time.timeZone = "Europe/Copenhagen"; security.sudo.wheelNeedsPassword = false; nix = { autoOptimiseStore = true; trustedUsers = [ "root" "@wheel" ]; }; users.users.emelie = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap" ]; }; users.groups.acme.members = [ "nginx" "turnserver" ]; users.groups.backup.members = [ "matrix-synapse" "postgres" ]; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim wget htop iotop dig ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; networking.firewall.allowedTCPPortRanges = [ { from = 3478; to = 3479; } { from = 5349; to = 5350; } ]; networking.firewall.allowedUDPPortRanges = [ { from = 3478; to = 3479; } { from = 5349; to = 5350; } { from = 49152; to = 49999; } ]; system.stateVersion = "21.05"; }