manu
/
config-vps
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
config-vps/configuration.nix

131 lines
3.7 KiB
Nix
Raw Permalink Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# The is the system definition for vps-15813ce.ovh.net.
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Boot loader
boot.loader = {
grub = {
enable = true;
device = "/dev/sda";
};
};
boot.cleanTmpDir = true;
# Network configuration
networking = {
hostName = "vps-15813cea";
useDHCP = false;
interfaces.ens3.useDHCP = true;
firewall.allowedTCPPorts = [ 22 80 443 ];
firewall.allowedTCPPortRanges = [ { from = 40000; to = 49999; } ];
};
# Time zone
time.timeZone = "Europe/Paris";
# Packages installed in system profile
environment.systemPackages = with pkgs; [
git htop tmux vim wget
];
# OpenSSH daemon
services.openssh = {
enable = true;
passwordAuthentication = false;
};
# Let's Encrypt certificates
security.acme = {
acceptTerms = true;
email = "manu@beffara.org";
};
# Nginx web server
services.nginx = {
enable = true;
virtualHosts."www.beffara.org" = {
default = true;
forceSSL = true;
root = "/data/web/root";
enableACME = true;
};
virtualHosts."cloud.beffara.org" = {
forceSSL = true;
enableACME = true;
};
};
# Nextcloud
services.nextcloud = {
enable = true;
hostName = "cloud.beffara.org";
https = true;
package = pkgs.nextcloud21;
home = "/data/web/nextcloud";
autoUpdateApps = {
enable = true;
startAt = "03:00:00";
};
config = {
overwriteProtocol = "https";
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/data/web/nextcloud/db-pass";
defaultPhoneRegion = "FR";
adminpassFile = "/data/web/nextcloud/admin-pass";
adminuser = "admin";
};
};
# Ensure that postgres is running before setting up Nextcloud
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
# PostgreSQL database
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# Initial user account
users.users.manu = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialHashedPassword = "$6$40/yq55oyhD2MhbS$fox2DB5Aj4EpbQAx8z6FYEh3Jl3HKa7aHlGbijJukWxOpXIlKqNucBA8Eene7SaUQzHpvrhke9EFZIRxZpl5F/";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCCf/v5xV24A0f6oqktmxl4qxbEAg+LSaPqiNzXB7b6m0+uYqxxL5ywLGyLp2Dv3xkMuKTqKV3BvXqZXUjgpWC8W1a952D4vRlghgX6ZaA4R0feQYeba8OaQTmDyPD1Ou4pRGHz/VPH1W8y+46lgOMzNHNuvnVuny72syfGFquN12aS+gvN7+FBQektcK+1Rs+EplaZ28rI6vFQycMK17/pXzD1ug42GQxeR9tzDQjJAyVz1nomwuwNOTJDbfd8qGSGYFUWLcKctn+ZWQhD0C1GD8+mdwYilve3su8N3XOuOi4umDFajAv7+CuVAD5RdtSwzx5knKMx/ksfels9MiQFPDz5z/doc4/s/t2qKKmP3bghrvLTEI1p4xiBj/4aJetyqlYgyYyrOYlm3xcx/ImL7oZYF2Jxq7ekio23hHaQLOHA+BYxYulTvDw99Mly933Ny9Z2Ead3mYYfCkRJieJ/7p62IcQUKIwU1pvqDHXRUYgeWJg8pW1TgqZB6rYkYk= manu@manivelle"
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink