Create nix server

author: Jake Zerrer <him@jakezerrer.com> 2025-11-30 10:49:34 -0500
committer: Jake Zerrer <him@jakezerrer.com> 2025-11-30 12:32:15 -0500
commit: 106bb76d1ed738f38512665ef3c173629cfc75a2 (patch)
tree: 950cf71d5f5a39415d28edf8f3e2d2e00533e9dc /server/server.nix
parent: d4369a77d4539725e5e018639101ea4f2d43317f (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/server/server.nix b/server/server.nix
new file mode 100644
index 0000000..dd475e5
--- /dev/null
+++ b/server/server.nix
@@ -0,0 +1,31 @@
+{
+  config,
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}@args:
+{
+  imports = [
+    ./bootstrap.nix
+  ];
+
+  users.mutableUsers = false;
+
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+    secrets = { };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = lib.mkForce [
+      22
+      80
+      443
+    ];
+  };
+}
author	Jake Zerrer <him@jakezerrer.com>	2025-11-30 10:49:34 -0500
committer	Jake Zerrer <him@jakezerrer.com>	2025-11-30 12:32:15 -0500
commit	106bb76d1ed738f38512665ef3c173629cfc75a2 (patch)
tree	950cf71d5f5a39415d28edf8f3e2d2e00533e9dc /server/server.nix
parent	d4369a77d4539725e5e018639101ea4f2d43317f (diff)