blob: bcb9aae740d783a392dccec009ad01fb01dec0e5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
/* TOP LEVEL DEVICE CONFIGURATION FOR
*
* hyperion (Hetzner EX41 root server)
*
* This file only contains settings that are specific to this one
* device (hardware and things outside of nix, like partitions).
*
* This file is part of LIBKOOKIE, a collection of nix expressions.
* LIBKOOKIE is licensed under the GPL-3.0 (or later) -- see LICENSE
*/
{ lib, config, pkgs, ... }:
{
imports = [
# General machine base setup
<home-manager/nixos>
../modules/nix
../modules/base
# Server base setup
../modules/server
../modules/server/nginx
# Modules enabled on this server
../modules/server/blog
#../modules/server/gitlab-ci
../modules/server/prosody
../modules/server/quassel
#../modules/server/syncthing
../modules/server/tor
# Define allowed ssh users
#../modules/users/spacekookie
#../modules/users/qyliss
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.copyKernels = true;
boot.loader.grub.efiSupport = false;
boot.zfs.devNodes = "/dev";
boot.loader.grub.zfsSupport = true;
boot.loader.grub.device = "/dev/sdb";
hardware.cpu.intel.updateMicrocode = true;
networking = {
dhcpcd.enable = false;
defaultGateway = "95.216.98.1";
nameservers = [ "1.1.1.1" ];
interfaces.enp0s31f6 = {
ipv4.addresses = [ { address = "95.216.98.55"; prefixLength = 26; } ];
};
# NAT settings for wireguard
nat.enable = true;
nat.externalInterface = "eth0";
nat.internalInterfaces = [ "intranet" ];
};
networking.hostName = "hyperion"; # Define your hostname.
networking.hostId = "d83bebd1";
networking.wireguard.interfaces."intranet" = {
ips = [ "10.13.12.1" ];
listenPort = 51820;
privateKeyFile = "/var/lib/wireguard/keys/private";
peers = [
{ publicKey = "NHMpnZW6h/MwxWcjztpwH5NN44jS9lB1b5T5jby1i1A=";
allowedIPs = [ "10.13.12.2/32" ]; }
{ publicKey = "U/EmC6uMGqrLOd+lqfquDcUShPHgoulN35Dan6RAqyU=";
allowedIPs = [ "10.13.12.3/32" ]; }
{ publicKey = "yh8gU4otkndmSsVBuaPMxxFHem45FE3POvSAWi8LEik=";
allowedIPs = [ "10.13.12.4/32" ]; }
{ publicKey = "cPvj0SPITg1twz3DprtQgehJDOAhOL/hnXlB5ZS6Fi4=";
endpoint = "85.119.82.108:51820";
allowedIPs = [ "10.172.171.0/24" ]; }
];
};
# FIXME: Change this, but I wanna know what will break first
time.timeZone = "Europe/Berlin";
# TODO: Should this be in here or `users` root?
users.mutableUsers = false;
system.stateVersion = "19.03";
}
|
