2024-11-08 14:00:54 +08:00
|
|
|
{ inputs, config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
./hardware-configuration.nix
|
2025-01-17 16:06:22 +08:00
|
|
|
../modules/nasp.nix
|
2024-11-08 14:00:54 +08:00
|
|
|
];
|
|
|
|
|
|
2025-01-17 16:06:22 +08:00
|
|
|
nasp = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-11-08 14:00:54 +08:00
|
|
|
## nix
|
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
## hardware and system
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
time.hardwareClockInLocalTime = true;
|
|
|
|
|
## network
|
|
|
|
|
services.resolved.enable = true;
|
|
|
|
|
networking.nameservers = [
|
|
|
|
|
"166.111.8.29"
|
|
|
|
|
"166.111.8.28"
|
|
|
|
|
];
|
|
|
|
|
networking.networkmanager.enable = false;
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
|
systemd.network.enable = true;
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 12022 ];
|
|
|
|
|
## packages and services
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
## desktop
|
|
|
|
|
services.xserver = {
|
|
|
|
|
enable = true;
|
|
|
|
|
displayManager.gdm.enable = true;
|
|
|
|
|
desktopManager.gnome.enable = true;
|
|
|
|
|
xkb.layout = "us";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# networking
|
2025-01-17 16:06:22 +08:00
|
|
|
networking.hostName = "web-server";
|
2024-11-08 14:00:54 +08:00
|
|
|
systemd.network.networks."10-thunet" = {
|
2025-01-17 16:06:22 +08:00
|
|
|
matchConfig.Name = "enp3s0f0";
|
2024-11-08 14:00:54 +08:00
|
|
|
networkConfig = {
|
|
|
|
|
DHCP = "no";
|
|
|
|
|
IPv6AcceptRA = false;
|
|
|
|
|
};
|
2025-01-17 16:06:22 +08:00
|
|
|
address = [ "166.111.68.109/28" ];
|
2024-11-08 14:00:54 +08:00
|
|
|
routes = [
|
|
|
|
|
{
|
|
|
|
|
routeConfig = {
|
2025-01-17 16:06:22 +08:00
|
|
|
Gateway = "166.111.68.97";
|
2024-11-08 14:00:54 +08:00
|
|
|
GatewayOnLink = true;
|
|
|
|
|
Metric = 90;
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# service: nginx
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts."nasp.cs.tsinghua.edu.cn" = {
|
|
|
|
|
http2 = true;
|
|
|
|
|
addSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
root = "/data0/var/www/www";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-01-17 16:06:22 +08:00
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
defaults.email = "xd21@mails.tsinghua.edu.cn";
|
|
|
|
|
};
|
2024-11-08 14:00:54 +08:00
|
|
|
|
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
|
}
|
