# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors # # SPDX-License-Identifier: GPL-3.0-only # axol # 137.184.177.239 { pkgs, lib, modulesPath, config, ... }: { imports = [ (modulesPath + "/virtualisation/digital-ocean-config.nix") ]; age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+vSEiWVIn53Jyhs0QmVa7d7qkoArCWVbP1yKv46FDX"; boot.loader.grub.enable = true; virtualisation.digitalOcean.rebuildFromUserData = false; networking.firewall.allowedTCPPorts = [ 80 443 ]; environment.systemPackages = with pkgs; [ neovim ]; auxolotl = { nix.enable = true; users.infra.enable = true; security = { doas.enable = true; acme = { enable = true; email = "jake.hamilton@hey.com"; }; }; services = { ssh.enable = true; chat.enable = true; website.enable = true; }; }; clicks.services.headscale = { enable = true; domain = "vpn.auxolotl.org"; database_password_path = config.age.secrets."clicks.services.headscale.database_password_path".path; }; clicks.networking.tailscale = { enable = true; server = "vpn.auxolotl.org"; authKeyFile = config.age.secrets."clicks.networking.tailscale.authKeyFile".path; }; age.secrets."clicks.services.headscale.database_password_path" = { generator.script = "alnum"; group = "headscale"; mode = "0440"; # Needed to allow headscale group to read unstableName = true; # Clicks option to base the name on a hash of the contents ... helps with autorestarting services }; age.secrets."clicks.networking.tailscale.authKeyFile" = { rekeyFile = ./clicks.networking.tailscale.authKeyFile.age; unstableName = true; }; system.stateVersion = "23.11"; }