65 lines
1.1 KiB
Nix
65 lines
1.1 KiB
Nix
{
|
|
tree,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.lists) forEach flatten;
|
|
in {
|
|
imports = flatten (with tree; [
|
|
(with tree.presets.nixos; [
|
|
serverBase
|
|
serverHetzner
|
|
serverEncryptedDrive
|
|
kernelLatest
|
|
])
|
|
|
|
profiles.nixos.nginx
|
|
|
|
(forEach [
|
|
"storage"
|
|
"mail"
|
|
] (name: ./containers + "/${name}/${name}.nix"))
|
|
|
|
(with hosts.hetzner-arm.profiles; [
|
|
staticSites
|
|
gotosocial
|
|
forgejo
|
|
mpd
|
|
radicale
|
|
vault
|
|
restic
|
|
vaultwarden
|
|
photoprism
|
|
])
|
|
|
|
./hardware.nix
|
|
./secrets.nix
|
|
]);
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
nixpkgs.overlays = [
|
|
(_final: prev: {
|
|
vault = prev.vault-bin;
|
|
mpd = prev.mpd-headless;
|
|
})
|
|
];
|
|
|
|
# For Containers
|
|
networking.nat = {
|
|
enable = true;
|
|
internalInterfaces = ["ve-+"];
|
|
externalInterface = "enp1s0";
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [80 443];
|
|
allowedUDPPorts = [80 443];
|
|
};
|
|
|
|
networking.hostName = "hetzner-arm";
|
|
|
|
home-manager.users.root.home.stateVersion = "25.05";
|
|
system.stateVersion = "25.05";
|
|
}
|