{ config, lib, pkgs, modulesPath, ... }: let in { imports = [ ../default.nix ]; stitchyconf = { form = "server"; }; networking.hostName = "tanzanite"; time.timeZone = "America/Los_Angeles"; virtualisation.docker = { enable = true; daemon.settings = { data-root = "/opt/data/docker-data"; }; }; security.acme = { acceptTerms = true; defaults.email = "stitchy@stitchy.moe"; defaults.dnsProvider = "porkbun"; defaults.environmentFile = "/persist/acme/porkbun.tokens"; certs = { "turn.stitchy.moe" = {}; }; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "stitchy.moe" = { enableACME = true; forceSSL = true; root = "/opt/www/stitchy.moe/public"; extraConfig = '' add_header 'Access-Control-Allow-Origin' '*' always; error_page 404 /404.html; location = /404.html { internal; } ''; }; "gay.stitchy.moe" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3333"; }; }; "matrix.stitchy.moe" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:9008"; }; }; "syncv3.stitchy.moe" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8008"; }; }; }; }; networking.firewall = { allowedTCPPorts = [ 22 80 222 443 3478 5349 ]; allowedUDPPorts = [ 3478 5349 ]; allowedUDPPortRanges = [ { from = 19000; to = 20000; } ]; }; # Boot Config boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; # Redundant Storage fileSystems."/opt/data" = { device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529"; fsType = "btrfs"; options = [ "subvol=@data" "compress=zstd" ]; }; fileSystems."/opt/docker-containers" = { device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529"; fsType = "btrfs"; options = [ "subvol=@docker-containers" "compress=zstd" ]; }; fileSystems."/opt/www" = { device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529"; fsType = "btrfs"; options = [ "subvol=@www" "compress=zstd" ]; }; # Non-Redundant Storage fileSystems."/" = { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; fsType = "btrfs"; options = [ "subvol=@nix-root" "compress=zstd"]; }; fileSystems."/home" = { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; fsType = "btrfs"; options = [ "subvol=@nix-home" "compress=zstd"]; }; fileSystems."/nix/store" = { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; fsType = "btrfs"; options = [ "subvol=@nix" "noatime" "compress=zstd"]; }; fileSystems."/persist" = { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c"; fsType = "btrfs"; options = [ "subvol=@persist" "compress=zstd"]; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/262D-F161"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = [ { device = "/dev/disk/by-uuid/5c007a16-9f0f-42d0-8761-63bea3120f6d"; } ]; # Static Networking systemd.network.enable = true; networking.useNetworkd = true; systemd.network.networks."10-lan" = { matchConfig.Name = "enp0s31f6"; address = [ "192.168.51.3/24" ]; routes = [ { Gateway = "192.168.51.1"; } ]; linkConfig.RequiredForOnline = "routable"; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; system.stateVersion = "24.11"; }