Skip to content

Instantly share code, notes, and snippets.

@noqqe
Last active Sep 5, 2015
Embed
What would you like to do?
NixOS Configuration of nixe.k4cg.org
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
./users.nix
./services/irc.nix
./services/wiki.nix
./services/mailinglist.nix
./services/backup.nix
];
### Networking
# General
networking = {
hostName = "nixe.k4cg.org";
nameservers = ["62.128.1.53"];
hostId = "e0ca53c8";
defaultGateway = "213.95.86.177";
defaultGateway6 = "2001:780:124::1";
enableIPv6 = true;
interfaces.eno16780032.ip4 = [ { address = "213.95.86.180" ; prefixLength = 29 ; } ];
interfaces.eno16780032.ip6 = [ { address = "2001:780:124::42" ; prefixLength = 64 ; } ];
};
# Firewall
networking.firewall = {
enable = true;
rejectPackets = true;
allowPing = true;
autoLoadConntrackHelpers = false;
allowedTCPPorts = [
22 # ssh
25 # opensmtpd
80 # http
443 # https
9001 # tor
6667 # irc boucer
];
};
### Localization
# Timezone
time.timeZone = "Europe/Berlin";
# Keyboard
i18n = {
consoleFont = "lat9w-16";
consoleKeyMap = "de";
defaultLocale = "en_US.UTF-8";
};
### Packages
environment.systemPackages = with pkgs; [
file
mailutils
wget
curl
vimHugeX
python
tmux
netcat-openbsd
git
netcat
htop
bzip2
gzip
libressl
vnstat
php
];
### Services
# SSH
services.openssh = {
enable = true;
allowSFTP = false;
forwardX11 = false;
permitRootLogin = "no";
passwordAuthentication = false;
challengeResponseAuthentication = false;
};
# TOR
services.tor = {
enable = true;
controlPort = 9051;
extraConfig = ''
CookieAuthentication 1
'';
};
services.tor.relay = {
nickname = "nixe.k4cg.org";
portSpec = 9001;
exitPolicy = "reject *:*";
isExit = false;
bandwidthRate = "200000" ; # 200kb
bandwidthBurst = "300000" ; # 300kb
accountingStart = "day 00:00"; # reset daily
accountingMax = "4 GB" ;
};
# Fail2ban
services.fail2ban.enable = true;
# DHCP Disbale
services.dhcpd.enable = false;
# sudo
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
# Cron
services.cron = {
enable = true;
mailto = "root";
systemCronJobs = [
"* * * * * bash /usr/local/temperatur/temperaturcrawler.sh"#
"10 4 * * * bash /usr/local/freifunkcrawler/freifunkmaximumdayvalue.sh"
];
};
# locate
services.locate.enable = true;
}
{ config, lib, pkgs, ... }:
{
# Apache2
services.httpd = {
enable = true;
enablePHP = true;
hostName = "nixe.k4cg.org";
adminAddr = "admin@k4cg.org";
extraModules = [ "rewrite" ];
virtualHosts =
[ {
documentRoot = "/var/www/k4cg.org";
enableSSL = true;
port = 443;
hostName = "k4cg.org";
serverAliases = [ "www.k4cg.org" ];
adminAddr = "admin@k4cg.org";
sslServerCert = "/etc/ssl/k4cg.org.crt";
sslServerKey = "/etc/ssl/k4cg.org.key";
sslServerChain = "/etc/ssl/intermediate-k4cg.org.crt";
}
{
documentRoot = "/var/www/k4cg.org";
port = 80;
hostName = "k4cg.org";
serverAliases = [ "www.k4cg.org" ];
adminAddr = "admin@k4cg.org";
globalRedirect = "https://k4cg.org";
extraConfig = ''
DirectoryIndex index.php
'';
}
];
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment