fabian/nix_config
1
0
Fork 1
Code Issues 13 Pull requests Packages Projects Releases Wiki Activity
nix_config/sys/platforms/vps/default.nix

118 lines
2.4 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
flakes,
modulesPath,
...
}:
with lib; {
imports = [
flakes.vpsadminos.nixosConfigurations.container
flakes.home-manager.nixosModules.home-manager
flakes.impermanence.nixosModule
./hardware-configuration.nix
./srv
./networkMap.nix
];
local.sys = {
baseline.enable = true;
users.fabian = {
enable = true;
sshKeyPublicFile = [public_files/pki/fabian.ssh];
};
};
networking = {
hostName = "vps";
domain = "posixlycorrect.com";
};
services.openssh = {
settings.PasswordAuthentication = false;
};
programs.mosh.enable = true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit flakes;};
users.fabian = {
imports = [
flakes.impermanence.nixosModules.home-manager.impermanence
"${flakes.self}/home/platforms/fabian@vps"
"${flakes.self}/home"
];
};
};
networking.firewall.allowedUDPPorts = [51820]; #TODO
systemd = {
extraConfig = ''
DefaultTimeoutStartSec=900s
'';
network = let
inherit (config.local.sys) nets;
in {
enable = true;
netdevs = {
wg-vpn = {
netdevConfig = {
Name = "wg-vpn";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/var/trust/wg/vpn/key.priv";
ListenPort = "51820";
};
wireguardPeers = [
{
PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";
AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];
}
{
PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";
PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";
AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];
}
];
};
};
networks = {
wg-vpn = {
name = "wg-vpn";
networkConfig = {
Address = [
nets.vpn-vps.hosts.vps.v6.cidr
];
};
routes = [
{
Destination = nets.vpn.v6.cidr;
}
{
Source = nets.vpn.v6.cidr;
}
];
};
};
};
};
time.timeZone = "Europe/Amsterdam";
}
Reference in a new issue View git blame Copy permalink