# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { config, depot, lib, pkgs, ... }: let inherit (depot.ops) secrets; systemConfig = config; in { imports = [ ../lib/bvm.nix ]; # Networking! networking = { hostName = "bvm-forgejo"; hostId = "9cdd4290"; tempAddresses = "disabled"; interfaces.enp1s0 = { ipv4.addresses = [{ address = "10.100.0.208"; prefixLength = 23; }]; }; interfaces.enp2s0 = { ipv4.addresses = [{ address = "92.118.28.7"; prefixLength = 24; }]; ipv6.addresses = [{ address = "2a09:a441::7"; prefixLength = 32; }]; }; interfaces.lo = { ipv4.addresses = [ { address = "127.0.0.1"; prefixLength = 8; } ]; ipv6.addresses = [ { address = "::1"; prefixLength = 128; } ]; }; defaultGateway = { address = "92.118.28.1"; interface = "enp2s0"; }; defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; firewall = { allowedTCPPorts = [ 22 80 443 20022 ]; allowedUDPPorts = [ 443 ]; }; }; #my.ip.tailscale = "100.94.23.105"; #my.ip.tailscale6 = "fd7a:115c:a1e0:ab12:4843:cd96:625e:1769"; services.openssh.ports = [ 20022 ]; my.deploy.args = "-p 20022"; my.rundeck.hostname = "${config.networking.fqdn}:20022"; users.users.postfix.extraGroups = [ "opendkim" ]; services.postfix = { enable = true; domain = "hg.lukegb.com"; hostname = "hg.lukegb.com"; extraConfig = '' milter_protocol = 2 milter_default_action = accept smtpd_milters = ${config.services.opendkim.socket} non_smtpd_milters = ${config.services.opendkim.socket} ''; networks = [ "172.17.0.0/16" ]; }; services.opendkim = { enable = true; domains = "csl:hg.lukegb.com"; selector = "bvm-forgejo"; }; system.stateVersion = "24.11"; }