xin/hosts/faf/default.nix

140 lines
3.8 KiB
Nix
Raw Normal View History

2023-09-12 08:44:05 -06:00
{ config, ... }:
let
2022-08-25 12:21:35 -06:00
pubKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box"
];
2022-11-07 11:53:06 -07:00
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
2023-09-12 08:44:05 -06:00
in
{
2022-08-25 12:21:35 -06:00
_module.args.isUnstable = false;
2023-09-12 08:44:05 -06:00
imports = [ ./hardware-configuration.nix ];
2022-08-25 12:21:35 -06:00
2023-09-12 08:44:05 -06:00
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
2022-08-25 12:21:35 -06:00
2023-09-12 08:44:05 -06:00
supportedFilesystems = [ "zfs" ];
zfs.devNodes = "/dev/";
};
2022-08-25 12:21:35 -06:00
networking = {
hostName = "faf";
hostId = "12963a2a";
useDHCP = false;
interfaces.enp1s0.useDHCP = true;
interfaces.enp2s0.useDHCP = true;
2023-09-12 08:44:05 -06:00
firewall = {
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
allowedUDPPorts = [ 53 ];
};
2023-09-25 14:36:25 -06:00
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
};
2022-08-25 12:21:35 -06:00
2023-09-12 08:44:05 -06:00
users.users = {
root = userBase;
};
2022-08-25 12:21:35 -06:00
services = {
2022-09-02 18:46:43 -06:00
prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
2023-09-12 08:44:05 -06:00
enabledCollectors = [ "systemd" ];
2022-09-02 18:46:43 -06:00
port = 9002;
};
};
};
2022-08-25 12:21:35 -06:00
adguardhome = {
enable = false;
openFirewall = true;
settings = {
bind_port = 3000;
2022-08-25 12:21:35 -06:00
user_rules = [
"# Stuff from kyle"
"# some google stuff that wasn't being blocked"
"||googleadservices.com^"
"||imasdk.googleapis.com^"
"# some advertising stuff I saw on my network"
"||adjust.com^"
"||appsflyer.com^"
"||doubleclick.net^"
"||googleadservices.com^"
"||raygun.io^"
"||pizzaseo.com^"
"||scorecardresearch.com^"
"# annoying website 'features'"
"||drift.com^"
"||driftcdn.com^"
"||driftt.com^"
"||driftt.imgix.net^"
"||intercomcdn.com^"
"||intercom.io^"
"||salesforceliveagent.com^"
"||viafoura.co^"
"||viafoura.com^"
];
filters = [
{
name = "AdGuard DNS filter";
2023-07-11 09:12:50 -06:00
url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
2022-08-25 12:21:35 -06:00
enabled = true;
}
{
name = "AdaAway Default Blocklist";
url = "https://adaway.org/hosts.txt";
enabled = true;
}
{
name = "OISD";
url = "https://abp.oisd.nl";
enabled = true;
}
];
dns = {
statistics_interval = 90;
bind_host = "10.6.0.245";
bootstrap_dns = "10.6.0.1";
};
};
};
unbound = {
enable = true;
settings = {
server = {
2023-09-25 14:36:25 -06:00
interface = [ "100.80.94.131" ];
2023-09-12 08:44:05 -06:00
access-control = [ "100.64.0.0/10 allow" ];
2022-08-25 12:21:35 -06:00
};
local-zone = ''"bold.daemon." static'';
local-data = [
2023-09-25 14:36:25 -06:00
''"books.bold.daemon. IN A 100.115.16.150"''
''"headphones.bold.daemon. IN A 100.115.16.150"''
''"jelly.bold.daemon. IN A 100.115.16.150"''
''"lidarr.bold.daemon. IN A 100.115.16.150"''
''"nzb.bold.daemon. IN A 100.115.16.150"''
''"prowlarr.bold.daemon. IN A 100.115.16.150"''
''"radarr.bold.daemon. IN A 100.115.16.150"''
''"reddit.bold.daemon. IN A 100.115.16.150"''
''"sonarr.bold.daemon. IN A 100.115.16.150"''
''"readarr.bold.daemon. IN A 100.115.16.150"''
''"home.bold.daemon. IN A 100.115.16.150"''
''"graph.bold.daemon. IN A 100.115.16.150"''
''"invidious.bold.daemon. IN A 100.115.16.150"''
2023-09-27 20:26:49 -06:00
''"backup.bold.daemon. IN A 10.6.0.15"''
2022-12-12 07:49:18 -07:00
''"router.bold.daemon. IN A 10.6.0.1"''
2022-08-25 12:21:35 -06:00
];
};
};
};
system.stateVersion = "21.11"; # Did you read the comment?
}