From 4e397cca0363f0c2b7ff53785ad0c3f63194ee07 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Tue, 25 Apr 2023 21:58:17 -0400
Subject: modules: add server module

---
 modules/server/default.nix | 60 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 modules/server/default.nix

(limited to 'modules/server/default.nix')

diff --git a/modules/server/default.nix b/modules/server/default.nix
new file mode 100644
index 0000000..7fb1e76
--- /dev/null
+++ b/modules/server/default.nix
@@ -0,0 +1,60 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.server;
+  inherit (lib) mkDefault mkEnableOption mkIf;
+in {
+  options.server.enable = mkEnableOption "enable server configuration";
+
+  config = mkIf cfg.enable {
+    base = {
+      enable = true;
+      documentation.enable = mkDefault false;
+      defaultPackages.enable = mkDefault false;
+    };
+
+    environment.systemPackages = [pkgs.cachix];
+
+    nixos = {
+      enable = true;
+      networking.enable = false;
+    };
+
+    networking = {
+      firewall = let
+        ports = [80 420];
+      in {
+        allowedUDPPorts = ports;
+        allowedTCPPorts = ports;
+      };
+    };
+
+    nix.gc.options = "--delete-older-than 7d --max-freed 50G";
+
+    programs = {
+      git.enable = true;
+      vim.defaultEditor = true;
+    };
+
+    security = {
+      pam.enableSSHAgentAuth = true;
+    };
+
+    services = {
+      endlessh = {
+        enable = true;
+        port = 22;
+        openFirewall = true;
+      };
+
+      openssh = {
+        enable = true;
+        passwordAuthentication = false;
+        ports = [420];
+      };
+    };
+  };
+}
-- 
cgit v1.2.3