machines/serber.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

{ config, pkgs, sops, ... }: {
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
  ];

  system.stateVersion = "23.05";
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  networking.hostName = "vinkland";
  networking.domain = "xyz";
  services.openssh.enable = true;

  sops.secrets.porkbunCredentials = {
      format = "binary";
      sopsFile = ../../secrets/credentials/porkbun;
  };

  security.acme = {
    acceptTerms = true;
    defaults = {
      extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
      email = ivi.email;
      dnsProvider = "porkbun";
      credentialsFile = config.sops.secrets.porkbunCredentials.path;
    };
    certs = {
      "vinkland.xyz" = { };
    };
  };
}