Cradicle Explorer
cboy-cloud
/ hosts / nixerve / configuration.nix
configuration.nix
  1  { inputs, config, pkgs, lib, modulesPath, hostname, ... }:
  2  
  3  {
  4    imports = [
  5        ../../modules/virtualization/lxc/proxmox-lxc.nix
  6    ];
  7  
  8    home-manager = import ../../home-manager;
  9  
 10    users = {
 11      groups = {
 12        audit = { };
 13      };
 14      defaultUserShell = pkgs.fish;
 15      users.arbel = {
 16        isNormalUser = true;
 17        description = "Arbel Arad";
 18        extraGroups = [ "networkmanager" "wheel" "audit" "tss" ];
 19        useDefaultShell = true;
 20        packages = with pkgs; [
 21          trayscale
 22          kdePackages.kate
 23          fastfetch
 24        ];
 25      };
 26    };
 27    programs.fish.enable = true;
 28    networking = {
 29      hostName = hostname;
 30      firewall = {
 31        enable = false;
 32        allowedTCPPorts = [ 80 443 ];
 33    #    allowedUDPPortRanges = [
 34    #     { from = 4000; to = 4007; }
 35      #    { from = 8000; to = 8010; }
 36     #   ];
 37      };
 38    };
 39    # fix container-related mount issues
 40    systemd.mounts = [{
 41      where = "/sys/kernel/debug";
 42      enable = false;
 43    }];
 44  
 45    virtualisation.oci-containers.containers = {
 46      semaphore = {
 47        autoStart = true;
 48        image = "docker.io/semaphoreui/semaphore:latest";
 49        environment = {
 50          SEMAPHORE_DB_DIALECT = "bolt";
 51          SEMAPHORE_ADMIN = "admin";
 52          SEMAPHORE_ADMIN_PASSWORD = "changeme";
 53          SEMAPHORE_ADMIN_NAME="Admin" ;
 54          SEMAPHORE_ADMIN_EMAIL = "admin@localhost";
 55        };
 56        ports = [
 57          "3000:3000"
 58        ];
 59        volumes = [
 60          "semaphore_data:/var/lib/semaphore"
 61          "semaphore_config:/etc/semaphore"
 62          "tmp_config:/tmp/semaphore"
 63        ];
 64      };
 65    };
 66  
 67    services = {
 68      openssh = {
 69        enable = true;
 70        ports = [ 22 ];
 71        settings = {
 72          PasswordAuthentication = true;
 73          AllowUsers = null;
 74          UseDns = true;
 75          X11Forwarding = false;
 76          PermitRootLogin = "prohibit-password";
 77        };
 78      };
 79      netbox = {
 80        enable = true;
 81        port = 8001;
 82        secretKeyFile = /var/lib/netbox/secret-key-file;
 83        #listenAddress = "0.0.0.0";
 84      };
 85      nginx = {
 86        enable = true;
 87        user = "netbox";
 88        recommendedTlsSettings = true;
 89        clientMaxBodySize = "25m";
 90  
 91        virtualHosts."192.168.10.142" = {
 92          locations = {
 93            "/" = {
 94              proxyPass = "http://[::1]:8001";
 95              # proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
 96            };
 97            "/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
 98          };
 99          forceSSL = false;
100          enableACME = false;
101          serverName = "192.168.10.142";#"${config.networking.fqdn}";
102        };
103      };
104    };
105  }