hosts: server: change to kabtop

2024-04-21 15:06:42 +02:00
parent 0a0ba2b5a1
commit 02267d4825
4 changed files with 3 additions and 3 deletions
--- a/hosts/kabtop/default.nix
+++ b/hosts/kabtop/default.nix
@@ -0,0 +1,111 @@
+#
+#  Specific system configuration settings for desktop
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ ./laptop
+#   │        ├─ default.nix *
+#   │        └─ hardware-configuration.nix       
+#   └─ ./modules
+#       ├─ ./desktop
+#       │   └─ ./hyprland
+#       │       └─ hyprland.nix
+#       ├─ ./modules
+#       │   └─ ./programs
+#       │       └─ waybar.nix
+#       └─ ./hardware
+#           └─ default.nix
+#
+
+{ config, pkgs, user, agenix, impermanence, ... }:
+
+{
+  imports =                                                         # For now, if applying to other system, swap files
+    [(import ./hardware-configuration.nix)] ++                      # Current system hardware config @ /etc/nixos/hardware-configuration.nix
+    [(import ../../modules/desktop/virtualisation/docker.nix)] ++   # Docker
+    (import ../../modules/services/server) ++                       # Server Services
+    (import ../../modules/hardware);                                # Hardware devices
+
+  boot = {                                  # Boot options
+    kernelPackages = pkgs.linuxPackages_latest;
+
+    loader = {                              # EFI Boot
+    grub = {
+        enable = true;
+        device = "/dev/sda";
+    };
+      timeout = 1;                          # Grub auto select time
+    };
+  };
+
+  environment = {
+    etc = {
+      "fail2ban/filter.d/open-webui.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
+        mode = "0444";
+      };
+      "fail2ban/filter.d/gitea.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/gitea.conf;
+        mode = "0444";
+      };
+      "fail2ban/filter.d/nextcloud.conf" = {
+        source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
+        mode = "0444";
+      };
+    };
+  };
+
+  programs = {                              # No xbacklight, this is the alterantive
+    zsh.enable = true;
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+      pinentryFlavor = "curses";
+    };
+  };
+
+  services = {
+    #auto-cpufreq.enable = true;
+    qemuGuest.enable = true;
+    avahi = {                               # Needed to find wireless printer
+      enable = true;
+      nssmdns = true;
+      publish = {                           # Needed for detecting the scanner
+        enable = true;
+        addresses = true;
+        userServices = true;
+      };
+    };
+    fail2ban = {
+        enable = true;
+        maxretry = 5;
+        jails.DEFAULT.settings = {
+           findtime = "15m";
+        };
+        jails = {
+            open-webui = ''
+              enabled = true
+              filter = open-webui
+              backend = systemd
+              action = iptables-allports
+            '';
+            gitea = ''
+              enabled = true
+              filter = gitea
+              backend = systemd
+              action = iptables-allports
+            '';
+            nextcloud = ''
+              backend = auto
+              enabled = true
+              filter = nextcloud
+              logpath = /var/lib/nextcloud/data/nextcloud.log
+              action = iptables-allports
+            '';
+          };
+    };
+
+  };
+
+}