corngood/configuration.nix

## configuration.nix
{ config, pkgs, ... }:

{
  imports =
    [
      /etc/nixos/hardware-configuration.nix
    ];

  nix.buildCores = 0;

  boot.loader.grub = {
    enable = true;
    version = 2;
    device = "/dev/vda";
  };

  networking.hostName = "server.example.com";

  i18n = {
    consoleFont = "Lat2-Terminus16";
    consoleKeyMap = "us";
    defaultLocale = "en_GB.UTF-8";
  };

  time.timeZone = "America/Halifax";

  environment.systemPackages = with pkgs; [
    zsh
    vim
    tmux
  ];

  networking.firewall.allowedTCPPorts = [ 80 443 8448 ];

  services = {
    nginx = {
      enable = true;
      recommendedTlsSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
       virtualHosts."example.com" = {
        enableACME = true;
        forceSSL = true;
      };
      virtualHosts."matrix.example.com" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://localhost:8008";
        };
      };
    };

    openssh = {
      enable = true;
      permitRootLogin = "no";
    };

    matrix-synapse = {
      enable = true;
      server_name = "example.com";
      registration_shared_secret = ***;
      listeners = [{
        port = 8448;
        bind_address = "";
        type = "http";
        tls = true;
        x_forwarded = false;
        resources = [
          { names = ["federation"]; compress = false; }
        ];
      } {
        port = 8008;
        bind_address = "127.0.0.1";
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [
          { names = ["client" "webclient"]; compress = true; }
        ];
      }];
    };
  };

  # users.defaultUserShell = "/run/current-system/sw/bin/zsh";
  users.extraUsers.example = {
    isNormalUser = true;
    uid = 1000;
    extraGroups = [ "wheel" ];
  };

  system.stateVersion = "16.09";

}
	{ config, pkgs, ... }:

	{
	imports =
	[
	/etc/nixos/hardware-configuration.nix
	];

	nix.buildCores = 0;

	boot.loader.grub = {
	enable = true;
	version = 2;
	device = "/dev/vda";
	};

	networking.hostName = "server.example.com";

	i18n = {
	consoleFont = "Lat2-Terminus16";
	consoleKeyMap = "us";
	defaultLocale = "en_GB.UTF-8";
	};

	time.timeZone = "America/Halifax";

	environment.systemPackages = with pkgs; [
	zsh
	vim
	tmux
	];

	networking.firewall.allowedTCPPorts = [ 80 443 8448 ];

	services = {
	nginx = {
	enable = true;
	recommendedTlsSettings = true;
	recommendedOptimisation = true;
	recommendedGzipSettings = true;
	recommendedProxySettings = true;
	virtualHosts."example.com" = {
	enableACME = true;
	forceSSL = true;
	};
	virtualHosts."matrix.example.com" = {
	enableACME = true;
	forceSSL = true;
	locations."/" = {
	proxyPass = "http://localhost:8008";
	};
	};
	};

	openssh = {
	enable = true;
	permitRootLogin = "no";
	};

	matrix-synapse = {
	enable = true;
	server_name = "example.com";
	registration_shared_secret = ***;
	listeners = [{
	port = 8448;
	bind_address = "";
	type = "http";
	tls = true;
	x_forwarded = false;
	resources = [
	{ names = ["federation"]; compress = false; }
	];
	} {
	port = 8008;
	bind_address = "127.0.0.1";
	type = "http";
	tls = false;
	x_forwarded = true;
	resources = [
	{ names = ["client" "webclient"]; compress = true; }
	];
	}];
	};
	};

	# users.defaultUserShell = "/run/current-system/sw/bin/zsh";
	users.extraUsers.example = {
	isNormalUser = true;
	uid = 1000;
	extraGroups = [ "wheel" ];
	};

	system.stateVersion = "16.09";

	}