NixOS Configuration of nixe.k4cg.org

configuration.nix

{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ./users.nix
      ./services/irc.nix
      ./services/wiki.nix
      ./services/mailinglist.nix
      ./services/backup.nix
    ];

  ### Networking
  # General
  networking = {
    hostName = "nixe.k4cg.org";
    nameservers = ["62.128.1.53"];
    hostId = "e0ca53c8";
    defaultGateway = "213.95.86.177";
    defaultGateway6  = "2001:780:124::1";
    enableIPv6 = true;
    interfaces.eno16780032.ip4 = [ { address = "213.95.86.180" ; prefixLength = 29 ; } ];
    interfaces.eno16780032.ip6 = [ { address = "2001:780:124::42" ; prefixLength = 64 ; } ];
  };
  
  # Firewall
  networking.firewall = {
    enable = true;
    rejectPackets = true;
    allowPing = true;
    autoLoadConntrackHelpers = false;
    allowedTCPPorts = [
      22 # ssh
      25 # opensmtpd
      80 # http
      443 # https
      9001 # tor
      6667 # irc boucer
    ];
  };

  ### Localization
  # Timezone
  time.timeZone = "Europe/Berlin";
  # Keyboard
  i18n = {
    consoleFont = "lat9w-16";
    consoleKeyMap = "de";
    defaultLocale = "en_US.UTF-8";
  };
  
  
  ### Packages
  environment.systemPackages = with pkgs; [
    file
    mailutils
    wget
    curl
    vimHugeX
    python
    tmux
    netcat-openbsd
    git
    netcat
    htop
    bzip2
    gzip
    libressl
    vnstat
    php
  ];

  ### Services
  # SSH
  services.openssh = {
    enable = true;
    allowSFTP = false;
    forwardX11 = false;
    permitRootLogin = "no";
    passwordAuthentication = false;
    challengeResponseAuthentication = false;
  };


  # TOR
  services.tor = {
    enable = true;
    controlPort = 9051;
    extraConfig = ''
        CookieAuthentication 1
    '';
  };

  services.tor.relay = {
    nickname = "nixe.k4cg.org";
    portSpec = 9001;
    exitPolicy = "reject *:*";
    isExit = false;
    bandwidthRate = "200000" ; # 200kb
    bandwidthBurst = "300000" ; # 300kb
    accountingStart = "day 00:00"; # reset daily
    accountingMax = "4 GB" ;
  };

  # Fail2ban
  services.fail2ban.enable = true;

  # DHCP Disbale
  services.dhcpd.enable = false;

  # sudo
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  # Cron
  services.cron = {
    enable = true;
    mailto = "root";
    systemCronJobs = [
      "* * * * *     bash /usr/local/temperatur/temperaturcrawler.sh"#
      "10 4 * * *    bash /usr/local/freifunkcrawler/freifunkmaximumdayvalue.sh"
    ];
  };

  # locate
  services.locate.enable = true;
}

services wiki.nix

{ config, lib, pkgs, ... }:

{
  # Apache2
  services.httpd = {
    enable = true;
    enablePHP = true;
    hostName = "nixe.k4cg.org";
    adminAddr = "admin@k4cg.org";
    extraModules = [ "rewrite" ];
    virtualHosts =
    [ {
      documentRoot = "/var/www/k4cg.org";
      enableSSL = true;
      port = 443;
      hostName = "k4cg.org";
      serverAliases = [ "www.k4cg.org" ];
      adminAddr = "admin@k4cg.org";
      sslServerCert = "/etc/ssl/k4cg.org.crt";
      sslServerKey = "/etc/ssl/k4cg.org.key";
      sslServerChain = "/etc/ssl/intermediate-k4cg.org.crt";
      }
      {
      documentRoot = "/var/www/k4cg.org";
      port = 80;
      hostName = "k4cg.org";
      serverAliases = [ "www.k4cg.org" ];
      adminAddr = "admin@k4cg.org";
      globalRedirect = "https://k4cg.org";
      extraConfig = ''
       DirectoryIndex index.php
      '';
      }
    ];
  };