nix/systems/spontaneity/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

{ config, lib, ... }:
  let
    ipv4addr = "66.42.84.130";
    ipv6addr = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
  in
  {
    imports = [
      ../common.nix
      ../../disko/drive-bios.nix

      # nixos-anywhere generates this file
      ./hardware-configuration.nix
    ];
    config = {
      monorepo = {
        vars.device = "/dev/vda";
        profiles = {
          server.enable = true;
          ttyonly.enable = true;
          grub.enable = true;
          pipewire.enable = false;
          tor.enable = false;
          home.enable = false;
        };
      };

      boot.loader.grub.device = "nodev";
      networking = {
        extraHosts = ''
    127.0.0.1 livekit.${config.monorepo.vars.orgHost}
    127.0.0.1 matrix.${config.monorepo.vars.orgHost}
  '';
        interfaces.ens3.ipv4.addresses = [
          {
            address = ipv4addr;
            prefixLength = 24;
          }
        ];
        interfaces.ens3.ipv6.addresses = [
          {
            address = ipv6addr;
            prefixLength = 64;
          }
        ];
        defaultGateway = "66.42.84.1";
        firewall = {
          allowedTCPPorts = [
            80
            143
            443
            465
            587
            993
            3478
            5349
            6697
            6667
            7881
            8443
            8448
          ];
          allowedUDPPorts = [
            3478 5349 7882
          ];
          allowedUDPPortRanges = [
            { from = 49152; to = 65535; }
          ];
        };
        domains = {
          enable = true;
          baseDomains = {
            "${config.monorepo.vars.remoteHost}" = {
              a.data = ipv4addr;
              aaaa.data = ipv6addr;
            };
            "${config.monorepo.vars.orgHost}" = {
              a.data = ipv4addr;
              aaaa.data = ipv6addr;
            };
          };
          subDomains = {
            "${config.monorepo.vars.remoteHost}" = {};
            "notes.${config.monorepo.vars.remoteHost}" = {
              a.data = "45.76.87.125";
            };
            "matrix.${config.monorepo.vars.remoteHost}" = {};
            "www.${config.monorepo.vars.remoteHost}" = {};
            "mail.${config.monorepo.vars.remoteHost}" = {};

            "livekit.${config.monorepo.vars.orgHost}" = {};
            "${config.monorepo.vars.orgHost}" = {};
            "git.${config.monorepo.vars.orgHost}" = {};
            "matrix.${config.monorepo.vars.orgHost}" = {};
            "talk.${config.monorepo.vars.orgHost}" = {};
            "mail.${config.monorepo.vars.orgHost}" = {};
            "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" = {};
          };
        };
      };
    };
  }