death916/nixconfig
1
0
Fork 0
mirror of https://github.com/Death916/nixconfig.git synced 2026-04-10 02:54:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixconfig/nixos/homelab.nix
death916 1ad1a43d9c tailscale on homelab
2025-05-11 14:15:36 +00:00

60 lines
2.6 KiB
Nix
Raw Blame History

# ./nixos/homelab.nix
{ config, pkgs, lib, inputs, ... }:
{
imports = [
# Import any shared modules from your ./modules directory if applicable
# e.g., (../modules/common-settings.nix)
];
boot.loader.systemd-boot.enable = true; # Or grub, as appropriate for your server
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "homelab"; # Set the server's hostname
# Basic firewall
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ]; # Allow SSH
# SSH Server configuration
services.openssh = {
enable = true;
ports = [ 22 ];
openFirewall = true;
settings.PasswordAuthentication = false; # Recommended: use SSH keys
settings.PermitRootLogin = "no"; # Recommended
};
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
networking.firewall.checkReversePath = "loose"; #needed for tailscale nodes
# Define the 'death916' user for the server
users.users.death916 = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # For sudo access
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCte9KjJUSn4xBPEKCk9QER6+jF+C0uBatVl27zIamYsryyHdFrmqK2DAg7OhqTHqzjxID6sp6d57MsJqOUAtwXbUDMLffqBSerUxfTm+1SPDrhL0GSvo0QVjMLVseOEq8d2qXgW1R7dIk412VbO5e9SAump5aJOHI/SzT6VLoUczalmqrjnDacWQMeLu/TSOZHcfrhjYSg+b1xbc1vHp6C4obOb8JIj/anAieT/1P36MhlNW79ow6PWenLemBYeeezFrKtESF1oMc8jmcxogzgLamlqhKYAHlKhOuBF6u0nRneI5IPDbbMF5zwEv5szCEKj8XZJVYUk8uUg7ARyppjcA7yAXuaNKBNxa7tfjqWrDWOACn97ufE5FFJt0XH5JzkXcDh96K8ZSZaWxMRu2s+GlIu/1F415xtVfe1d79HYkWke/ewaQ4NqgOt8f7wRvyzabpQZDzkaXO0UoK65O2HyUur33XWCEmV+1pB6BrS8pD+1I4Tvbnc+rOgtHTTRfKqezKqZmaErEOxClBwvWjvn0PzhGSoClTGXPjhl239/sH0JGY09dTBh8GtAVbfv+jFO6nm6aR7O/OwSaohY3uOdRo8XyxJr4XyGAaBNRdm6BUJRnB4W51J49IQBZzIe2NUkNMHeUT4jkxFpfhkujnSFw2ZnOLkERpwkltAlbwuLw== tavn1992@gmail.com" # <<-- REPLACE THIS WITH YOUR SSH PUBLIC KEY for death916
# Add more keys if needed
];
# If 'death916' needs a password on the server (less secure than key-only)
# initialPassword = "yoursecurepassword"; # Or use hashed password
};
# Sudo access for the wheel group (which death916 is part of)
security.sudo.wheelNeedsPassword = true; # Or false if you prefer passwordless sudo for wheel
# Essential server packages
environment.systemPackages = with pkgs; [
git
vim
htop
tmux
# Add other common server utilities
];
# If you use custom overlays specific to this server:
# nixpkgs.overlays = [(import ../overlays/homelab-overlay.nix)];
system.stateVersion = "24.11"; # Set to your NixOS version
}
Reference in a new issue View git blame Copy permalink