33 lines
775 B
Nix
33 lines
775 B
Nix
{ config, pkgs, lib, name, ... }:
|
|
|
|
{
|
|
imports = [
|
|
../../modules/common.nix
|
|
../../modules/sops.nix
|
|
../../modules/nextcloud.nix
|
|
../../modules/forgejo.nix
|
|
];
|
|
|
|
networking.hostName = name;
|
|
|
|
# Prod: open ports for web
|
|
networking.firewall.allowedTCPPorts = [ 80 443 22 ];
|
|
|
|
services.flowback = {
|
|
nextcloudHost = "cloud.example.com";
|
|
forgejoHost = "git.example.com";
|
|
};
|
|
|
|
# Production should enforce stronger auth; you can refine later.
|
|
users.users.elifa = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGI1L2SZzAfxkdHPsgJe0cx9s0owlMPyS6LnAURzXyad eli@wsl"
|
|
];
|
|
};
|
|
|
|
security.sudo.wheelNeedsPassword = true;
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|