{ config, lib, pkgs, flakes, modulesPath, ... }: with lib; { imports = [ flakes.vpsadminos.nixosConfigurations.container flakes.home-manager.nixosModules.home-manager flakes.impermanence.nixosModule ./hardware-configuration.nix ./srv ./networkMap.nix ]; local.sys = { baseline.enable = true; users.fabian = { enable = true; sshKeyPublicFile = [public_files/pki/fabian.ssh]; }; }; networking = { hostName = "vps"; domain = "posixlycorrect.com"; }; services.openssh = { settings.PasswordAuthentication = false; }; programs.mosh.enable = true; home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = {inherit flakes;}; users.fabian = { imports = [ flakes.impermanence.nixosModules.home-manager.impermanence "${flakes.self}/home/platforms/fabian@vps" "${flakes.self}/home" ]; }; }; networking.firewall.allowedUDPPorts = [51820]; #TODO systemd = { extraConfig = '' DefaultTimeoutStartSec=900s ''; network = let inherit (config.local.sys) nets; in { enable = true; netdevs = { wg-vpn = { netdevConfig = { Name = "wg-vpn"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/var/trust/wg/vpn/key.priv"; ListenPort = "51820"; }; wireguardPeers = [ { PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU="; PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk"; AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"]; } { PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks="; PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk"; AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"]; } ]; }; }; networks = { wg-vpn = { name = "wg-vpn"; networkConfig = { Address = [ nets.vpn-vps.hosts.vps.v6.cidr ]; }; routes = [ { Destination = nets.vpn.v6.cidr; } { Source = nets.vpn.v6.cidr; } ]; }; }; }; }; time.timeZone = "Europe/Amsterdam"; }