modules: add server module

author: seth <[email protected]> 2023-04-25 21:58:17 -0400
committer: seth <[email protected]> 2023-04-25 21:58:17 -0400
commit: 4e397cca0363f0c2b7ff53785ad0c3f63194ee07 (patch)
tree: 08a7900cdfceeca56cfb138ea0a7119b51a5c45a /modules
parent: 386d94bec75400733b1b0ff10edfa048e04a1b4e (diff)
1 files changed, 60 insertions, 0 deletions
diff --git a/modules/server/default.nix b/modules/server/default.nix
new file mode 100644
index 0000000..7fb1e76
--- /dev/null
+++ b/modules/server/default.nix
@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.server;
+  inherit (lib) mkDefault mkEnableOption mkIf;
+in {
+  options.server.enable = mkEnableOption "enable server configuration";
+
+  config = mkIf cfg.enable {
+    base = {
+      enable = true;
+      documentation.enable = mkDefault false;
+      defaultPackages.enable = mkDefault false;
+    };
+
+    environment.systemPackages = [pkgs.cachix];
+
+    nixos = {
+      enable = true;
+      networking.enable = false;
+    };
+
+    networking = {
+      firewall = let
+        ports = [80 420];
+      in {
+        allowedUDPPorts = ports;
+        allowedTCPPorts = ports;
+      };
+    };
+
+    nix.gc.options = "--delete-older-than 7d --max-freed 50G";
+
+    programs = {
+      git.enable = true;
+      vim.defaultEditor = true;
+    };
+
+    security = {
+      pam.enableSSHAgentAuth = true;
+    };
+
+    services = {
+      endlessh = {
+        enable = true;
+        port = 22;
+        openFirewall = true;
+      };
+
+      openssh = {
+        enable = true;
+        passwordAuthentication = false;
+        ports = [420];
+      };
+    };
+  };
+}
author	seth <[email protected]>	2023-04-25 21:58:17 -0400
committer	seth <[email protected]>	2023-04-25 21:58:17 -0400
commit	4e397cca0363f0c2b7ff53785ad0c3f63194ee07 (patch)
tree	08a7900cdfceeca56cfb138ea0a7119b51a5c45a /modules
parent	386d94bec75400733b1b0ff10edfa048e04a1b4e (diff)