2024-06-03 09:36:47 +02:00
|
|
|
{ pkgs, ... }:
|
2023-09-19 14:22:42 +02:00
|
|
|
{
|
2024-06-03 09:36:47 +02:00
|
|
|
time.timeZone = "Europe/Prague";
|
2023-11-15 15:37:04 +01:00
|
|
|
system.stateVersion = "23.11";
|
|
|
|
|
2024-06-26 00:01:18 +02:00
|
|
|
fileSystems."/mnt/export1981" = {
|
|
|
|
device = "172.16.128.47:/nas/5490";
|
|
|
|
fsType = "nfs";
|
|
|
|
options = [ "nofail" ];
|
|
|
|
};
|
|
|
|
|
2023-11-15 15:37:04 +01:00
|
|
|
nix = {
|
|
|
|
extraOptions = ''
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
security = {
|
|
|
|
acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
defaults.email = "security@idimitrov.dev";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-04-05 11:59:44 +02:00
|
|
|
networking = {
|
2024-07-21 20:48:00 +02:00
|
|
|
firewall = pkgs.lib.mkForce {
|
2024-04-05 11:59:44 +02:00
|
|
|
enable = true;
|
2024-07-21 20:48:00 +02:00
|
|
|
allowedTCPPorts = [
|
|
|
|
25 # smtp
|
|
|
|
465 # smtps
|
|
|
|
80 # http
|
|
|
|
443 # https
|
|
|
|
];
|
|
|
|
allowedUDPPorts = [
|
|
|
|
25
|
|
|
|
465
|
|
|
|
80
|
|
|
|
443
|
|
|
|
51820 # wireguard
|
|
|
|
];
|
|
|
|
extraCommands = ''
|
|
|
|
iptables -N vpn # create a new chain named vpn
|
|
|
|
iptables -A vpn --src 10.0.0.2 -j ACCEPT # allow
|
|
|
|
iptables -A vpn --src 10.0.0.3 -j ACCEPT # allow
|
|
|
|
iptables -A vpn --src 10.0.0.4 -j ACCEPT # allow
|
|
|
|
iptables -A vpn -j DROP # drop everyone else
|
|
|
|
iptables -I INPUT -m tcp -p tcp --dport 22 -j vpn
|
|
|
|
'';
|
|
|
|
extraStopCommands = ''
|
|
|
|
iptables -F vpn
|
|
|
|
iptables -D INPUT -m tcp -p tcp --dport 22 -j vpn
|
|
|
|
iptables -X vpn
|
|
|
|
'';
|
2024-04-05 11:59:44 +02:00
|
|
|
};
|
|
|
|
stevenBlackHosts = {
|
|
|
|
enable = true;
|
|
|
|
blockFakenews = true;
|
|
|
|
blockGambling = true;
|
|
|
|
};
|
2023-11-18 16:59:08 +01:00
|
|
|
};
|
2023-11-15 15:37:04 +01:00
|
|
|
|
|
|
|
users = {
|
|
|
|
users.ivand = {
|
|
|
|
isNormalUser = true;
|
|
|
|
hashedPassword =
|
|
|
|
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
|
|
|
|
extraGroups = [ "wheel" "adm" "mlocate" ];
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
''
|
|
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
|
|
|
|
''
|
|
|
|
];
|
|
|
|
};
|
|
|
|
extraGroups = { mlocate = { }; };
|
|
|
|
};
|
|
|
|
|
|
|
|
environment = {
|
2024-08-02 08:30:35 +02:00
|
|
|
systemPackages = with pkgs; [ nmap uutils-coreutils-noprefix fd git vim mlocate busybox bash scripts ];
|
|
|
|
enableAllTerminfo = true;
|
2023-11-15 15:37:04 +01:00
|
|
|
};
|
|
|
|
|
2023-10-13 15:59:57 +02:00
|
|
|
services = {
|
|
|
|
openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
PermitRootLogin = "prohibit-password";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-04-21 22:54:04 +02:00
|
|
|
systemd = {
|
|
|
|
timers = {
|
|
|
|
bingwp = {
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
timerConfig = {
|
|
|
|
OnCalendar = "*-*-* 10:00:00";
|
|
|
|
Persistent = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services = {
|
|
|
|
bingwp = {
|
|
|
|
description = "Download bing image of the day";
|
|
|
|
script = ''
|
|
|
|
${pkgs.nushell}/bin/nu -c "http get ('https://bing.com' + ((http get https://www.bing.com/HPImageArchive.aspx?format=js&n=1).images.0.url)) | save ('/var/pic' | path join ( [ (date now | format date '%Y-%m-%d'), '.png' ] | str join ))"
|
2024-07-07 19:20:35 +02:00
|
|
|
${pkgs.nushell}/bin/nu -c "${pkgs.toybox}/bin/ln -sf (ls /var/pic | where type == file | get name | sort | last) /var/pic/latest.png"
|
2024-04-21 22:54:04 +02:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2023-09-19 14:22:42 +02:00
|
|
|
}
|