75 lines
1.5 KiB
Nix
75 lines
1.5 KiB
Nix
{
|
|
tree,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.lists) forEach;
|
|
in {
|
|
imports = with tree;
|
|
[
|
|
presets.nixos.serverBase
|
|
presets.nixos.serverHetzner
|
|
presets.nixos.serverEncryptedDrive
|
|
|
|
profiles.nginx
|
|
profiles.firewallAllow.httpCommon
|
|
|
|
# profiles.chaosInternalWireGuard
|
|
|
|
./hardware.nix
|
|
./secrets.nix
|
|
]
|
|
++ (forEach [
|
|
"social"
|
|
"storage"
|
|
"postgresql"
|
|
"mail"
|
|
"forgejo"
|
|
"caldav"
|
|
"jellyfin"
|
|
"grocy"
|
|
"vault-ca"
|
|
"music"
|
|
# "owncast"
|
|
# TODO: "rss"
|
|
] (name: ./containers + "/${name}"))
|
|
++ (with hosts.hetzner-arm.profiles; [
|
|
staticSites
|
|
]);
|
|
|
|
# TODO: environment.noXlibs = true;
|
|
|
|
nixpkgs.overlays = [
|
|
(_final: prev: {
|
|
# So we don't need to build all Vault
|
|
# when we already are using vault-bin on this server
|
|
vault = prev.vault-bin;
|
|
|
|
# Have no need for HW Accel, hoping it works with this
|
|
jellyfin-ffmpeg = prev.ffmpeg_6-headless;
|
|
|
|
ffmpeg = prev.ffmpeg-headless;
|
|
ffmpeg_4 = prev.ffmpeg_4-headless;
|
|
ffmpeg_5 = prev.ffmpeg_5-headless;
|
|
ffmpeg_6 = prev.ffmpeg_6-headless;
|
|
ffmpeg_7 = prev.ffmpeg_7-headless;
|
|
|
|
mpd = prev.mpd-headless;
|
|
})
|
|
];
|
|
|
|
# TODO: system.forbiddenDependenciesRegexes = ["libX11*"];
|
|
|
|
# For Containers
|
|
networking.nat = {
|
|
enable = true;
|
|
internalInterfaces = ["ve-+"];
|
|
externalInterface = "enp1s0";
|
|
};
|
|
|
|
networking.hostName = "hetzner-arm";
|
|
|
|
home-manager.users.root.home.stateVersion = "24.05";
|
|
system.stateVersion = "24.05";
|
|
}
|