add current configuration nix files from nixOS on Hetzner

Author: themarkness

nixos/configuration.nix

@@ -0,0 +1,110 @@
+{ config, pkgs, bonfire-app, ... }:
+
+{
+  imports =
+    [
+    ./hardware-configuration.nix
+    ];
+ 
+  nix.settings.experimental-features =["nix-command" "flakes"];
+  
+  time.timeZone = "europe/london";
+ 
+  boot = {
+   kernelPackages = pkgs.linuxPackages_6_1;
+   supportedFilesystems = [ "btrfs"];
+
+  loader.grub = {
+  enable = true;
+  version = 2;
+  forceInstall = true;
+  device = "/dev/sda";
+  };
+ };
+ 
+ networking = {
+  hostName = "nixos-vm";
+  useDHCP = false;
+
+  interfaces = {
+   eth0.useDHCP = true;
+ };
+
+ firewall = {
+  enable = true;
+  allowedTCPPorts =[];
+  allowedUDPPorts =[];
+  };
+ };
+
+ nix = {
+    gc = {
+      automatic = true;
+      dates = "monthly";
+      options = "--delete-older-than 30d";
+      };
+    };
+
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+    bonfire-app.packages.${pkgs.system}.default
+  ];
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  services.fail2ban.enable = true;
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 <ssh-key-here>"
+  ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    ensureDatabases = [ "bonfire" ];
+    ensureUsers = [
+      {
+        name = "bonfire";
+      }
+    ];
+    authentication = ''
+      local   all             all                                     md5
+      host    all             all             127.0.0.1/32            md5
+      host    all             all             ::1/128                 md5
+    '';
+  };
+
+  systemd.services.bonfire = {
+    description = "Bonfire federated social app";
+    after = [ "network.target" "postgresql.service" ];
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      DATABASE_URL = "postgresql://bonfire:bonfirepassword@localhost/bonfire";
+    };
+    serviceConfig = {
+      ExecStart = "${bonfire-app.packages.${pkgs.system}.default}/bin/bonfire";
+      Restart = "always";
+      User = "bonfire";
+      WorkingDirectory = "/var/lib/bonfire";
+    };
+    preStart = ''
+      mkdir -p /var/lib/bonfire
+      chown bonfire:bonfire /var/lib/bonfire
+    '';
+  };
+
+  users.users.bonfire = {
+    isSystemUser = true;
+    home = "/var/lib/bonfire";
+    createHome = true;
+    group = "bonfire";
+  };
+  users.groups.bonfire = {};
+
+  system.stateVersion = "23.11";
+}

nixos/configuration.nix.old

@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+    ./hardware-configuration.nix
+    ];
+ 
+  nix.settings.experimental-features =["nix-command" "flakes"];
+  
+  time.timeZone = "europe/london";
+ 
+  boot = {
+   kernelPackages = pkgs.linuxPackages_6_1;
+   supportedFilesystems = [ "btrfs"];
+
+  loader.grub = {
+  enable = true;
+  version = 2;
+  forceInstall = true;
+  device = "/dev/sda";
+  };
+ };
+ 
+ networking = {
+  hostName = "nixos-vm";
+  useDHCP = false;
+
+  interfaces = {
+   eth0.useDHCP = true;
+ };
+
+ firewall = {
+  enable = true;
+  allowedTCPPorts =[];
+  allowedUDPPorts =[];
+  };
+ };
+
+ nix = {
+    gc = {
+      automatic = true;
+      dates = "monthly";
+      options = "--delete-older-than 30d";
+      };
+    };
+
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+  ];
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  services.fail2ban.enable = true;
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 <ssh key>"
+  ];
+
+  system.stateVersion = "23.11";
+}

nixos/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a8cd745f-4e9f-4583-ab14-57e20123ad7d";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC2D-CE36";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}