state Sun Oct 24 09:29:25 PM CEST 2021

2021-10-24 21:29:25 +02:00 · 2021-10-24 21:29:25 +02:00 · e345e400db
commit e345e400db
parent 65146e772d
2 changed files with 42 additions and 35 deletions
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@ -5,14 +5,13 @@
 { config, pkgs, ... }:

 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];

  nix.package = pkgs.nixUnstable;
  nix.extraOptions = ''
-    experimental-features = nix-command flakes
+    experimental-features = nix-command flakes ca-derivations ca-references
  '';
  #nix.registry.nixpkgs.flake = nixpkgs;
  # Use the GRUB 2 boot loader.
@ -52,7 +51,7 @@
    defaultGateway = "195.90.208.1";
    nameservers = [ "1.1.1.1" "8.8.8.8" ];
    firewall = {
-      allowedTCPPorts = [ 22 80 443 ];
+      allowedTCPPorts = [ 22 80 443 5000 ];
      allowedUDPPorts = [ 42666 ];
    };

@ -74,13 +73,11 @@
        '';

        privateKeyFile = config.age.secrets.wireguard-thrall.path;
-        peers = [
-          {
-            # my phone
-            publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
-            allowedIPs = [ "10.0.0.2/32" ];
-          }
-        ];
+        peers = [{
+          # my phone
+          publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
+          allowedIPs = [ "10.0.0.2/32" ];
+        }];
      };
    };
  };
@ -97,15 +94,13 @@
  security.sudo = {
    enable = true;
    execWheelOnly = true;
-    extraRules = [
-      { groups = [ "wheel" ];
-        commands = [
-	  { command = "/run/current-system/sw/bin/nixos-rebuild";
-	    options = [ "NOPASSWD" ];
-	  }
-	];
-      }
-    ];
+    extraRules = [{
+      groups = [ "wheel" ];
+      commands = [{
+        command = "/run/current-system/sw/bin/nixos-rebuild";
+        options = [ "NOPASSWD" ];
+      }];
+    }];
  };

  # Select internationalisation properties.
@ -175,7 +170,7 @@
    "failco.de" = {
      forceSSL = true;
      enableACME = true;
-      root = "/var/www/blog";
+      root = "/srv/www/failco.de";
      serverAliases = [ "www.failco.de" "mail.failco.de" ];
    };
  };
@ -189,11 +184,9 @@
      "me@failco.de" = {
        hashedPasswordFile = config.age.secrets.mailPass.path;

-	aliases = [
-          "jakalx@failco.de"
-	];
+        aliases = [ "jakalx@failco.de" ];

-	catchAll = [ "failco.de" ];
+        catchAll = [ "failco.de" ];
      };
    };