default.nix - nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
104 
105 
106 
107 
108 
109 
110 
{

  system = "x86_64-linux";
  nixpkgsStable = true;

  domain = "infra.zaphyra.eu";

  sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFimeRkXE4Oa+IFpVBBMkIReDwjtRMQkTZY7HTGXN2yy";

  hardware = {
    cpuVendor = "intel";
    allowHibernation = false;
  };

  networking = {
    ip4IsPrivate = false;
    ip4Address = "152.89.106.158";
    ip4PrefixLength = 22;
    defaultGateway4 = "152.89.104.1";

    ip6IsPrivate = false;
    ip6Address = "2a03:4000:39:e9a::1";
    ip6PrefixLength = 64;
    defaultGateway6 = "fe80::1";
  };

  configuration =
    {
      inputs,
      config,
      pkgs,
      ...
    }:
    {

      boot.initrd.systemd.emergencyAccess = true;

      sops.secrets = {
        "resticEnv/novus" = {
          sopsFile = inputs.self.sopsSecrets.common;
        };
      };

      modules = {
        filesystem = {
          impermanence.system.enable = true;
          impermanence.home.enable = true;
          rootDisk = {
            enable = true;
            encrypt = true;
            type = "zfs";
            path = "/dev/vda";
            reservedSpace = "500M";
            parts = {
              nix = true;
            };
            swap = {
              enable = true;
              size = "2G";
            };
          };
        };

        presets = {
          base.enable = true;
          netcup.enable = true;
          zaphyra = {
            enable = true;
            syncthing.enable = false;
            dnsServer.enable = true;
            mailServer.enable = true;
            mautrixBridges.signal.enable = true;
            mautrixBridges.whatsapp.enable = true;
            mautrixBridges.telegram.enable = true;
          };
        };

        services = {
          resticBackup.targets = {
            novus = {
              repository = "rest:https://restic.novus.infra.zaphyra.eu";
              environmentFile = config.sops.secrets."resticEnv/novus".path;
            };
          };
        };

        websites = {
          "prometheus.infra.zaphyra.eu".enable = true;
          "grafana.infra.zaphyra.eu".enable = true;

          "zaphyra.eu".enable = true;
          "katja.wtf".enable = true;
          "git.zaphyra.eu".enable = true;
          "bikemap.zaphyra.eu".enable = true;
          "dav.zaphyra.eu".enable = true;
          "gts.zaphyra.eu".enable = true;
          "grapevine.zaphyra.eu".enable = true;
          "vault.zaphyra.eu".enable = true;
          "oeffi.zaphyra.eu".enable = true;
          "things.zaphyra.eu".enable = true;
        };

        users.zaphyra.enable = true;
      };

      system.stateVersion = "25.05";
      home-manager.users.zaphyra.home.stateVersion = "25.05";
    };

}