Initialize nixos server config

2025-11-22 02:11:35 +01:00 · 2025-10-24 11:21:28 +02:00
parent e2cb8845b0
commit 272fc2f256
3 changed files with 190 additions and 0 deletions
--- a/server/default.nix
+++ b/server/default.nix
@@ -0,0 +1,73 @@
+{ pkgs }:
+{
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  time.timeZone = "Europe/Amsterdam";
+
+  nixpkgs.config.allowUnfree = true;
+
+  networking = {
+    networkmanager.enable = true;
+    hostName = "nixos-server";
+    firewall = {
+      allowedTCPPorts = [
+        80
+        443
+      ];
+      allowedUDPPorts = [
+        80
+        443
+      ];
+    };
+  };
+
+  services = {
+    openssh = {
+      enable = true;
+      settings.PasswordAuthentication = false;
+    };
+    nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      virtualHosts = {
+        "redlib.thilohohlt.com" = {
+          enableACME = true;
+          forceSSL = true;
+        };
+      };
+    };
+  };
+
+  security = {
+    acme = {
+      acceptTerms = true;
+      defaults.email = "contact@thilohohlt.com";
+    };
+  };
+
+  users.users.thohlt = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "networkmanager"
+    ];
+    openssh.authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDvf71FYha3PYUlOfc1rh+qZaGd6zzqYAIfecV2K6td thohlt@archlinux"
+    ];
+  };
+
+  system.stateVersion = "25.10";
+}