blob: 369331820fb8a8619e9e7b075c5726fb13839409 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
{ ... }:
# TODO `fysiweb` should import config
#
# `config/default.nix` should automatically be imported by all systems through
# `fysiweb deploy`, if it exists.
{
users.users.root.openssh.authorizedKeys.keyFiles = [
../public/aforemny.id_rsa.pub
../public/kirchner.id_rsa.pub
];
security.acme.acceptTerms = true;
# TODO why do defaults not suffice here?
#security.acme.certs.defaults.email = "aforemny@posteo.de";
#security.acme.certs.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.certs."auth.nomath.org".email = "aforemny@posteo.de";
security.acme.certs."auth.nomath.org".webroot = "/var/lib/acme/acme-challenge";
security.acme.certs."code.nomath.org".email = "aforemny@posteo.de";
security.acme.certs."code.nomath.org".webroot = "/var/lib/acme/acme-challenge";
security.acme.certs."feed.nomath.org".email = "aforemny@posteo.de";
security.acme.certs."feed.nomath.org".webroot = "/var/lib/acme/acme-challenge";
security.acme.certs."grafana.nomath.org".email = "aforemny@posteo.de";
security.acme.certs."grafana.nomath.org".webroot = "/var/lib/acme/acme-challenge";
security.acme.certs."nomath.org".email = "aforemny@posteo.de";
security.acme.certs."nomath.org".webroot = "/var/lib/acme/acme-challenge";
security.acme.certs."static.nomath.org".email = "aforemny@posteo.de";
security.acme.certs."static.nomath.org".webroot = "/var/lib/acme/acme-challenge";
networking.firewall.allowedTCPPorts = [ 80 ];
# TODO IPv6 configuration should be handled by `fysiweb`
# TODO this is system1-specific
networking.nameservers = [
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
networking.interfaces.eth0.ipv6.addresses = [
{
address = "2a01:4f8:c2c:2203::1";
prefixLength = 64;
}
];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
}
|
