The NixOS config for my Hetzner VPS
cherry.computer
nixos
1# Edit this configuration file to define what should be installed on
2# your system. Help is available in the configuration.nix(5) man page, on
3# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
4
5{ ... }:
6
7{
8 imports = [
9 # Include the results of the hardware scan.
10 ./hardware-configuration.nix
11 ./packages.nix
12 ./servers.nix
13 ];
14
15 nix.settings.experimental-features = [
16 "nix-command"
17 "flakes"
18 ];
19
20 # Use the systemd-boot EFI boot loader.
21 boot.loader.systemd-boot.enable = true;
22 boot.loader.efi.canTouchEfiVariables = true;
23
24 networking.hostName = "cherry"; # Define your hostname.
25
26 # Set your time zone.
27 time.timeZone = "Europe/London";
28
29 # Select internationalisation properties.
30 i18n.defaultLocale = "en_GB.UTF-8";
31 # console = {
32 # font = "Lat2-Terminus16";
33 # keyMap = "us";
34 # useXkbConfig = true; # use xkb.options in tty.
35 # };
36
37 nix.optimise.automatic = true;
38 nix.gc = {
39 automatic = true;
40 dates = "weekly";
41 options = "--delete-older-than 30d";
42 };
43
44 # Define a user account. Don't forget to set a password with ‘passwd’.
45 users.users = {
46 root.hashedPassword = "!"; # Disable root login
47 ivo = {
48 isNormalUser = true;
49 extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
50 openssh.authorizedKeys.keys = [
51 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvb1u92smPBaQDUbKuXWaPq4dFA9a1Ce3Oq8Xvyzuyb"
52 ];
53 };
54 };
55
56 security.sudo.wheelNeedsPassword = false;
57
58 environment.enableAllTerminfo = true;
59
60 # List services that you want to enable:
61
62 # Enable the OpenSSH daemon.
63 services.openssh = {
64 enable = true;
65 settings = {
66 PermitRootLogin = "no";
67 PasswordAuthentication = false;
68 KbdInteractiveAuthentication = false;
69 };
70 };
71 programs.ssh.startAgent = true;
72 services.fail2ban.enable = true;
73
74 # Open ports in the firewall.
75 networking.firewall.allowedTCPPorts = [
76 22
77 80
78 443
79 ];
80
81 # Configure IPv6 on Hetzner
82 networking.interfaces.enp1s0.ipv6.addresses = [
83 {
84 address = "2a01:4f9:c012:5a53::1";
85 prefixLength = 64;
86 }
87 ];
88 networking.defaultGateway6 = {
89 address = "fe80::1";
90 interface = "enp1s0";
91 };
92
93 # This option defines the first version of NixOS you have installed on this particular machine,
94 # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
95 #
96 # Most users should NEVER change this value after the initial install, for any reason,
97 # even if you've upgraded your system to a new NixOS release.
98 #
99 # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
100 # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
101 # to actually do that.
102 #
103 # This value being lower than the current NixOS release does NOT mean your system is
104 # out of date, out of support, or vulnerable.
105 #
106 # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
107 # and migrated your data accordingly.
108 #
109 # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
110 system.stateVersion = "25.05"; # Did you read the comment?
111
112}