temp

home/system/sops/server.nix

@@ -9,6 +9,11 @@
     secrets = {
       sshconfig = { path = "/home/hadi/.ssh/config"; };
       github-key = { path = "/home/hadi/.ssh/github"; };
+      nextcloud-adminpass = {
+        path = "/etc/nextcloud/adminpassFile";
+        owner = "nextcloud";
+        group = "nextcloud";
+      };
     };
   };
 

hosts/modules/nginx.nix

@@ -1,17 +0,0 @@
-{
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "test.anotherhadi.com" = {
-        locations."/" = {
-          proxy_set_header = [
-            "X-Real-IP $remote_addr"
-            "proxy_set_header Host $host"
-            "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
-          ];
-          proxyPass = "http://192.168.2.22:80";
-        };
-      };
-    };
-  };
-}

hosts/modules/openssh.nix

@@ -1,6 +0,0 @@
-{
-  services.openssh = {
-    enable = true;
-    ports = [ 22 ];
-  };
-}

hosts/modules/server/nextcloud.nix

@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+let
+    hostname = "cloud.anotherhadi.com";
+in
+{
+  services.nextcloud = {
+    enable = true;
+    hostName = hostname;
+    https = true;
+    config = {
+        adminUser = "jack";
+        adminpassFile = "/etc/nextcloud/adminpassFile";
+    };
+    settings = {
+        trusted_domains = [ "localhost" "127.0.0.1" "192.168.2.23" "cloud.anotherhadi.com" ];
+    };
+    nginx.recommendedHttpHeaders = true;
+  };
+  services.nginx.virtualHosts.${hostname} = {
+    forceSSL = true;
+    enableACME = true;
+  }
+}

hosts/modules/server/nginx.nix

@@ -0,0 +1,8 @@
+{config, ...}:{
+  services.nginx.enable = true;
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = ${config.var.git.email};
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}

hosts/modules/server/openssh.nix

@@ -0,0 +1,14 @@
+{
+  services.openssh = {
+    enable = true;
+    ports = [ 22 ];
+    settings = {
+      PasswordAuthentication = true;
+      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
+      UseDns = true;
+      X11Forwarding = false;
+      PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 22 ];
+}

hosts/modules/server/security.nix

@@ -0,0 +1,7 @@
+{
+    networking.firewall.enable = true;
+    services.fail2ban = {
+        enable = true;
+        maxretry = 5;
+    };
+}

hosts/modules/server/vaultwarden.nix

@@ -0,0 +1,9 @@
+let
+
+in{
+    services.vaultwarden = {
+        enable = true;
+        config = ''
+        
+    }
+}

hosts/server/configuration.nix

@@ -2,8 +2,8 @@
   imports = [
     ./hardware-configuration.nix
     ./variables.nix
-    ../modules/openssh.nix
+    ../modules/server/openssh.nix
-    ../modules/nginx.nix
+    ../modules/server/nginx.nix
   ];
 
   # Bootloader.