snowfield/machines/lisa/default.nix

{ pkgs, modulesPath, ... }:
{
  imports =
    [
      (modulesPath + "/profiles/qemu-guest.nix")
      ./hardware.nix
      ./home-julien.nix
      ../../users/julien.nix
      ../../users/default.nix
    ];


  luj = {
    irc = {
      enable = true;
      nginx = {
        enable = true;
        subdomain = "irc";
      };
    };
    mediaserver = {
      enable = true;
      tv.enable = true;
      music.enable = true;
    };
    homepage.enable = true;
    docs = {
      enable = true;
      nginx = {
        enable = true;
        subdomain = "docs";
      };
    };
    homer.enable = true;
    mailserver.enable = true;

  };


  # make the tailscale command usable to users
  environment.systemPackages = [ pkgs.tailscale ];

  # enable the tailscale service
  services.tailscale.enable = true;

  services.fail2ban.enable = true;

  networking.hostName = "lisa";
  networking.useDHCP = false;
  networking.interfaces.ens20.useDHCP = false;
  networking.interfaces.ens20.mtu = 1420;
  networking.interfaces.ens20.ipv4.addresses = [{ address = "212.129.40.11"; prefixLength = 32; }];
  networking.interfaces.ens18.useDHCP = true;
  networking.defaultGateway.interface = "ens20";
  networking.defaultGateway.address = "212.129.40.11";
  networking.interfaces.ens19.useDHCP = false;
  networking.interfaces.ens19.ipv6.addresses = [{
    address = "2a01:e0a:5f9:9681:5880:c9ff:fe9f:3dfb";
    prefixLength = 120;
  }];

  networking.hostId = "fbb334ae";
  services.zfs.autoSnapshot.enable = true;
  services.zfs.autoScrub.enable = true;

  networking.wireguard.interfaces = {
    wg0 = {
      ips = [ "fd85:27e8:fc9::6/128" ];
      listenPort = 51820;
      privateKeyFile = "/root/wg-private";

      peers = [
        {
          allowedIPs = [ "fd85:27e8:fc9::/48" ];
          publicKey = "ZO8j0AwssAERtyJQO+o11pWAFKzkxTI5hmqHsfEy5Bo=";
          endpoint = "core01.rz.ens.wtf:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };

  services.openssh.extraConfig = ''
    HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
    HostKey /etc/ssh/ssh_host_ed25519_key
    TrustedUserCAKeys /etc/ssh/ssh_user_key.pub
    MaxAuthTries 20
  '';


  networking.firewall.allowedTCPPorts = [ 51821 ];
  networking.firewall.allowedUDPPorts = [ 51821 ];

  system.stateVersion = "21.11";


}
removed dead code 2024-03-30 20:18:12 +01:00			`{ pkgs, modulesPath, ... }:`
More refactoring 2021-12-05 23:29:51 +01:00			`{`
			`imports =`
Added neovim on lisa 2021-12-11 11:45:18 +01:00			`[`
			`(modulesPath + "/profiles/qemu-guest.nix")`
Refactored lisa 2021-12-21 00:00:21 +01:00			`./hardware.nix`
			`./home-julien.nix`
Small refactor 2022-01-01 20:46:20 +01:00			`../../users/julien.nix`
			`../../users/default.nix`
More refactoring 2021-12-05 23:29:51 +01:00			`];`

Lot of changes, playing with ssh keys 2021-12-28 16:42:30 +01:00
Added mosh module 2021-12-25 16:37:08 +01:00			`luj = {`
Added nginx for the lounge 2022-05-25 07:58:15 +02:00			`irc = {`
			`enable = true;`
			`nginx = {`
			`enable = true;`
			`subdomain = "irc";`
			`};`
			`};`
Refactored mediaserver 2022-02-05 19:00:46 +01:00			`mediaserver = {`
			`enable = true;`
			`tv.enable = true;`
			`music.enable = true;`
			`};`
Added mosh module 2021-12-25 16:37:08 +01:00			`homepage.enable = true;`
Added mailserver and hedgedoc service 2022-01-23 19:11:10 +01:00			`docs = {`
			`enable = true;`
			`nginx = {`
			`enable = true;`
			`subdomain = "docs";`
			`};`
			`};`
Added Authelia : en chantier 2022-02-26 19:07:28 +01:00			`homer.enable = true;`
Added mailserver and hedgedoc service 2022-01-23 19:11:10 +01:00			`mailserver.enable = true;`
Just a small formatting change 2022-01-11 10:05:05 +01:00
Moved drone to lisa 2021-12-25 15:56:30 +01:00			`};`
Added mosh module 2021-12-25 16:37:08 +01:00
Updated lisa config 2022-05-10 06:56:35 +02:00
			`# make the tailscale command usable to users`
remove linkal from lisa 2024-03-30 12:58:02 +01:00			`environment.systemPackages = [ pkgs.tailscale ];`
Updated lisa config 2022-05-10 06:56:35 +02:00
			`# enable the tailscale service`
Added beta feature : tailscale 2022-04-21 19:33:23 +02:00			`services.tailscale.enable = true;`

Sending people to ssh jail 2021-12-29 11:34:55 +01:00			`services.fail2ban.enable = true;`

Closed some ports 2021-12-26 15:52:13 +01:00			`networking.hostName = "lisa";`
Fixed lisa networking 2023-01-09 19:43:41 +01:00			`networking.useDHCP = false;`
New ip 2021-12-31 12:36:16 +01:00			`networking.interfaces.ens20.useDHCP = false;`
Changed mtu on ens20 on lisa 2022-11-03 01:10:03 +01:00			`networking.interfaces.ens20.mtu = 1420;`
Just a small formatting change 2022-01-11 10:05:05 +01:00			`networking.interfaces.ens20.ipv4.addresses = [{ address = "212.129.40.11"; prefixLength = 32; }];`
More refactoring 2021-12-05 23:29:51 +01:00			`networking.interfaces.ens18.useDHCP = true;`
Fixed lisa networking 2023-01-09 19:43:41 +01:00			`networking.defaultGateway.interface = "ens20";`
			`networking.defaultGateway.address = "212.129.40.11";`
More refactoring 2021-12-05 23:29:51 +01:00			`networking.interfaces.ens19.useDHCP = false;`
Added neovim on lisa 2021-12-11 11:45:18 +01:00			`networking.interfaces.ens19.ipv6.addresses = [{`
More refactoring 2021-12-05 23:29:51 +01:00			`address = "2a01:e0a:5f9:9681:5880:c9ff:fe9f:3dfb";`
			`prefixLength = 120;`
Added neovim on lisa 2021-12-11 11:45:18 +01:00			`}];`
Transitionning lisa to uncrypted zfs 2022-01-12 23:40:17 +01:00
			`networking.hostId = "fbb334ae";`
			`services.zfs.autoSnapshot.enable = true;`
			`services.zfs.autoScrub.enable = true;`

Changed irc service 2022-05-25 07:34:01 +02:00			`networking.wireguard.interfaces = {`
			`wg0 = {`
			`ips = [ "fd85:27e8:fc9::6/128" ];`
			`listenPort = 51820;`
			`privateKeyFile = "/root/wg-private";`

			`peers = [`
			`{`
			`allowedIPs = [ "fd85:27e8:fc9::/48" ];`
			`publicKey = "ZO8j0AwssAERtyJQO+o11pWAFKzkxTI5hmqHsfEy5Bo=";`
			`endpoint = "core01.rz.ens.wtf:51820";`
			`persistentKeepalive = 25;`
			`}`
			`];`
			`};`
			`};`
VPN... this is not really stable yet 2022-02-19 22:05:24 +01:00
Ssh certificates, got to clean that 2022-06-03 21:59:41 +02:00			`services.openssh.extraConfig = ''`
Added redirections 2022-07-29 09:30:49 +02:00			`HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub`
			`HostKey /etc/ssh/ssh_host_ed25519_key`
			`TrustedUserCAKeys /etc/ssh/ssh_user_key.pub`
			`MaxAuthTries 20`
Ssh certificates, got to clean that 2022-06-03 21:59:41 +02:00			`'';`

VPN... this is not really stable yet 2022-02-19 22:05:24 +01:00
Changed irc service 2022-05-25 07:34:01 +02:00			`networking.firewall.allowedTCPPorts = [ 51821 ];`
			`networking.firewall.allowedUDPPorts = [ 51821 ];`
VPN... this is not really stable yet 2022-02-19 22:05:24 +01:00
Changed irc service 2022-05-25 07:34:01 +02:00			`system.stateVersion = "21.11";`


More refactoring 2021-12-05 23:29:51 +01:00			`}`