{ config, lib, inputs, ... }: let sshKeys = import ../../crypto/ssh-keys.nix; in { imports = [ ./hardware-configuration.nix ../../common/base.nix ./forgejo.nix # ./grafana.nix ./tasiaiso.nix ]; networking = { hostName = "vulpecula"; firewall = { allowedTCPPorts = [ 80 443 22 ]; allowedUDPPorts = [ # 8080 # ? ]; }; }; # Disable systemd-boot, use grub instead boot = { loader.systemd-boot.enable = lib.mkForce false; initrd = { enable = lib.mkForce true; systemd.enable = lib.mkForce false; }; }; users.users.tasia = { isNormalUser = true; description = "Tasia"; extraGroups = ["networkmanager" "wheel"]; initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ sshKeys.tasia.cave sshKeys.tasia.yubi-primary sshKeys.tasia.yubi-spare ]; }; users.users.vulpecula = { isNormalUser = true; description = "test acc"; extraGroups = ["networkmanager" "wheel"]; initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ sshKeys.tasia.yubi-primary sshKeys.tasia.yubi-spare ]; }; users.users.dedsec = { isNormalUser = true; description = "dedsec"; extraGroups = ["networkmanager" "wheel"]; initialPassword = "correcthorsebatterystaple"; openssh.authorizedKeys.keys = [ sshKeys.dedsec.key sshKeys.dedsec.secondary ]; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."vulpecula.zone" = { addSSL = true; enableACME = true; root = inputs.vulpecula-zone.packages.x86_64-linux.default; }; }; # change when ppl can make their own website security.acme = { acceptTerms = true; defaults.email = "tasiaiso@proton.me"; }; boot.tmp.cleanOnBoot = true; # zramSwap.enable = true; # networking.domain = ""; system.stateVersion = "24.05"; }