diff --git a/configuration.nix b/configuration.nix index c9aec57..3267cf2 100644 --- a/configuration.nix +++ b/configuration.nix @@ -14,26 +14,32 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + boot.kernelPackages = pkgs.linuxPackages_latest; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + networking.hostName = "nginx"; # Define your hostname. # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "Europe/Zurich"; + + system.autoUpgrade = { + enable = true; + allowReboot = true; + rebootWindow = { + lower = "01:00"; + upper = "03:00"; + }; + }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; # Configure keymap in X11 - services.xserver = { + services.xserver.xkb = { layout = "ch"; - xkbVariant = ""; + variant = ""; }; # Configure console keymap @@ -57,6 +63,7 @@ wget curl git + nginx ]; # Some programs need SUID wrappers, can be configured further or are @@ -71,9 +78,18 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; + services.nginx.enable = true; + + services.nginx.virtualHosts."git.blubb.fish" = { + addSSL = true; + sslCertificate = /cert/git.blubb.fish/cert.pem; + sslCertificateKey = /cert/git.blubb.fish/key.pem; + sslTrustedCertificate = /cert/git.blubb.fish/fullchain.pem; + locations."/".proxyPass = "http://10.0.0.24:3000/"; + }; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false;