arianvp/configuration.nix Secret

## configuration.nix
{ config, pkgs, ...}:
{
  imports =
    [
      ./hardware-configuration.nix
      ./grub.nix
      ./users.nix
      ./services.nix
      ./security-patches.nix
      ./security.nix
    ];
}

## security.nix
{ config, pkgs, ...}:
{
  security.sudo.wheelNeedsPassword = false;
}

## services.nix
{ config, pkgs, ...}:
{
  imports =
    [ ./services/irc.nix
    ];
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  services.nginx.enable = true;
  security.acme.certs."arianvp.me" = {
    webroot = config.security.acme.directory + "/acme-challenge";
    email = "arian.vanputten@gmail.com";
    user = "nginx";
    group = "nginx";
    postRun = "systemctl restart nginx.service";
  };
  services.nginx.httpConfig = ''
    server {
      server_name arianvp.me;
      listen 80;
      listen [::]:80;

      location /.well-known/acme-challenge {
        root ${security.acme.certs."arianvp.me".webroot};
      }

      location / {
        return 301 https://$host$request_uri;
      }
    }

    server {
      server_name arianvp.me;
      listen 443 ssl;
      ssl_certificate     ${config.security.acme.directory}/arianvp.me/fullchain.pem;
      ssl_certificate_key ${config.security.acme.directory}/arianvp.me/key.pem;
      root /var/www/arianvp.me/;
    }
  '';
}

## users.nix
{ config, pkgs, ...}:
{
  users.extraUsers.nixos = {
    isNormalUser = true;
    extraGroups = ["wheel"];
    openssh.authorizedKeys.keys =
      [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqq3LWPkSfldIKiBFK+/JYSQgf/uehjKaDOQFFMV/L8IdQ59H6r0swHj6Ohcg7ThkxaA01BcVQWJiHokza5t9Y3MqiMYu1qGCCfwXnVEHnM6ORacOFgYioY7AaAxmKR3Vg09oJKnMgDFPrtLUke2/6I9Mzj+eCOhTLaO0CJFgR6J2wwQV+PNF2eBNfT2WBzVk6/3LAlElfgwU67ct+NAJ1W6p5n3gTD2iRh/0mdq0UFf/wA8OC0+xc5tWZDbmdq2wFAzm/8CvgCqEC6vmCcTyrGQStj6TFO3nhEJN9z4oPNzT9sEeghWT+gEJ/q8LcO//I4Pw0flK/B90X0sLxa5rP (none)"
      ];

  };
}
	{ config, pkgs, ...}:
	{
	imports =
	[
	./hardware-configuration.nix
	./grub.nix
	./users.nix
	./services.nix
	./security-patches.nix
	./security.nix
	];
	}
	{ config, pkgs, ...}:
	{
	security.sudo.wheelNeedsPassword = false;
	}
	{ config, pkgs, ...}:
	{
	imports =
	[ ./services/irc.nix
	];
	services.openssh = {
	enable = true;
	passwordAuthentication = false;
	};

	services.nginx.enable = true;
	security.acme.certs."arianvp.me" = {
	webroot = config.security.acme.directory + "/acme-challenge";
	email = "arian.vanputten@gmail.com";
	user = "nginx";
	group = "nginx";
	postRun = "systemctl restart nginx.service";
	};
	services.nginx.httpConfig = ''
	server {
	server_name arianvp.me;
	listen 80;
	listen [::]:80;

	location /.well-known/acme-challenge {
	root ${security.acme.certs."arianvp.me".webroot};
	}

	location / {
	return 301 https://$host$request_uri;
	}
	}

	server {
	server_name arianvp.me;
	listen 443 ssl;
	ssl_certificate ${config.security.acme.directory}/arianvp.me/fullchain.pem;
	ssl_certificate_key ${config.security.acme.directory}/arianvp.me/key.pem;
	root /var/www/arianvp.me/;
	}
	'';
	}
	{ config, pkgs, ...}:
	{
	users.extraUsers.nixos = {
	isNormalUser = true;
	extraGroups = ["wheel"];
	openssh.authorizedKeys.keys =
	[
	"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqq3LWPkSfldIKiBFK+/JYSQgf/uehjKaDOQFFMV/L8IdQ59H6r0swHj6Ohcg7ThkxaA01BcVQWJiHokza5t9Y3MqiMYu1qGCCfwXnVEHnM6ORacOFgYioY7AaAxmKR3Vg09oJKnMgDFPrtLUke2/6I9Mzj+eCOhTLaO0CJFgR6J2wwQV+PNF2eBNfT2WBzVk6/3LAlElfgwU67ct+NAJ1W6p5n3gTD2iRh/0mdq0UFf/wA8OC0+xc5tWZDbmdq2wFAzm/8CvgCqEC6vmCcTyrGQStj6TFO3nhEJN9z4oPNzT9sEeghWT+gEJ/q8LcO//I4Pw0flK/B90X0sLxa5rP (none)"
	];

	};
	}