nix_config/sys/platforms/vps/default.nix

{
  config,
  lib,
  pkgs,
  flakes,
  modulesPath,
  ...
}:
with lib; {
  imports = [
    flakes.vpsadminos.nixosConfigurations.container
    flakes.home-manager.nixosModules.home-manager
    flakes.impermanence.nixosModule
    ./hardware-configuration.nix
    ./srv
    ./networkMap.nix
  ];

  local.sys = {
    baseline.enable = true;

    users.fabian = {
      enable = true;
      sshKeyPublicFile = [public_files/pki/fabian.ssh];
    };
  };

  networking = {
    hostName = "vps";
    domain = "posixlycorrect.com";
  };

  services.openssh = {
    settings.PasswordAuthentication = false;
  };

  programs.mosh.enable = true;

  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;

    extraSpecialArgs = {inherit flakes;};

    users.fabian = {
      imports = [
        flakes.impermanence.nixosModules.home-manager.impermanence
        "${flakes.self}/home/platforms/fabian@vps"
        "${flakes.self}/home"
      ];
    };
  };

  networking.firewall.allowedUDPPorts = [51820]; #TODO

  systemd = {
    extraConfig = ''
      DefaultTimeoutStartSec=900s
    '';

    network = let
      inherit (config.local.sys) nets;
    in {
      enable = true;

      netdevs = {
        wg-vpn = {
          netdevConfig = {
            Name = "wg-vpn";
            Kind = "wireguard";
          };

          wireguardConfig = {
            PrivateKeyFile = "/var/trust/wg/vpn/key.priv";
            ListenPort = "51820";
          };

          wireguardPeers = [
            {
              PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";
              PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";
              AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];
            }
            {
              PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";
              PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";
              AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];
            }
          ];
        };
      };

      networks = {
        wg-vpn = {
          name = "wg-vpn";

          networkConfig = {
            Address = [
              nets.vpn-vps.hosts.vps.v6.cidr
            ];
          };

          routes = [
            {
              Destination = nets.vpn.v6.cidr;
            }
            {
              Source = nets.vpn.v6.cidr;
            }
          ];
        };
      };
    };
  };

  time.timeZone = "Europe/Amsterdam";
}
unified all nixos configurations 2024-11-21 00:52:37 +01:00			`{`
			`config,`
			`lib,`
modularize users and other stuff 2024-12-03 02:25:34 +01:00			`pkgs,`
unified all nixos configurations 2024-11-21 00:52:37 +01:00			`flakes,`
modularize users and other stuff 2024-12-03 02:25:34 +01:00			`modulesPath,`
unified all nixos configurations 2024-11-21 00:52:37 +01:00			`...`
			`}:`
			`with lib; {`
			`imports = [`
			`flakes.vpsadminos.nixosConfigurations.container`
			`flakes.home-manager.nixosModules.home-manager`
			`flakes.impermanence.nixosModule`
modularize users and other stuff 2024-12-03 02:25:34 +01:00			`./hardware-configuration.nix`
unified all nixos configurations 2024-11-21 00:52:37 +01:00			`./srv`
add ipv6 support, net module and wireguard vpn 2025-01-25 07:10:50 +01:00			`./networkMap.nix`
unified all nixos configurations 2024-11-21 00:52:37 +01:00			`];`

modularize baseline system configuration 2024-12-02 21:04:55 +01:00			`local.sys = {`
			`baseline.enable = true;`
unified all nixos configurations 2024-11-21 00:52:37 +01:00
re-order configuration 2024-12-02 21:57:33 +01:00			`users.fabian = {`
modularize users and other stuff 2024-12-03 02:25:34 +01:00			`enable = true;`
apply format 2024-12-03 04:07:06 +01:00			`sshKeyPublicFile = [public_files/pki/fabian.ssh];`
re-order configuration 2024-12-02 21:57:33 +01:00			`};`
			`};`

vps: add syncthing 2025-01-23 03:18:04 +01:00			`networking = {`
			`hostName = "vps";`
			`domain = "posixlycorrect.com";`
			`};`
modularize users and other stuff 2024-12-03 02:25:34 +01:00
unified all nixos configurations 2024-11-21 00:52:37 +01:00			`services.openssh = {`
			`settings.PasswordAuthentication = false;`
			`};`

vps: add mosh 2025-01-23 17:03:33 +01:00			`programs.mosh.enable = true;`

unified all nixos configurations 2024-11-21 00:52:37 +01:00			`home-manager = {`
			`useGlobalPkgs = true;`
			`useUserPackages = true;`

			`extraSpecialArgs = {inherit flakes;};`

			`users.fabian = {`
			`imports = [`
			`flakes.impermanence.nixosModules.home-manager.impermanence`
			`"${flakes.self}/home/platforms/fabian@vps"`
			`"${flakes.self}/home"`
			`];`
			`};`
			`};`

add ipv6 support, net module and wireguard vpn 2025-01-25 07:10:50 +01:00			`networking.firewall.allowedUDPPorts = [51820]; #TODO`

			`systemd = {`
			`extraConfig = ''`
			`DefaultTimeoutStartSec=900s`
			`'';`

			`network = let`
			`inherit (config.local.sys) nets;`
			`in {`
			`enable = true;`

			`netdevs = {`
			`wg-vpn = {`
			`netdevConfig = {`
			`Name = "wg-vpn";`
			`Kind = "wireguard";`
			`};`

			`wireguardConfig = {`
			`PrivateKeyFile = "/var/trust/wg/vpn/key.priv";`
			`ListenPort = "51820";`
			`};`

			`wireguardPeers = [`
			`{`
			`PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";`
			`PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";`
			`AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];`
			`}`
			`{`
			`PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";`
			`PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";`
			`AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];`
			`}`
			`];`
			`};`
			`};`

			`networks = {`
			`wg-vpn = {`
			`name = "wg-vpn";`

			`networkConfig = {`
			`Address = [`
			`nets.vpn-vps.hosts.vps.v6.cidr`
			`];`
			`};`

			`routes = [`
			`{`
			`Destination = nets.vpn.v6.cidr;`
			`}`
			`{`
			`Source = nets.vpn.v6.cidr;`
			`}`
			`];`
			`};`
			`};`
			`};`
			`};`
unified all nixos configurations 2024-11-21 00:52:37 +01:00
			`time.timeZone = "Europe/Amsterdam";`
			`}`