2025-01-02 15:46:08 +02:00
|
|
|
{ pkgs, ... }:
|
2024-07-11 16:43:26 +03:00
|
|
|
{
|
2024-08-31 17:19:50 +03:00
|
|
|
networking = {
|
|
|
|
|
hostName = "lithium";
|
|
|
|
|
|
2024-09-24 20:01:29 +03:00
|
|
|
wg-quick.interfaces = {
|
|
|
|
|
wg0 = {
|
|
|
|
|
autostart = true;
|
2025-02-19 03:40:26 +02:00
|
|
|
address = [ "2001:14ba:a090:39f0::3/64" ];
|
2024-09-24 20:01:29 +03:00
|
|
|
dns = [
|
2025-02-19 03:40:26 +02:00
|
|
|
"2001:14ba:a090:39f0::1"
|
2024-09-24 20:01:29 +03:00
|
|
|
"vsinerva.fi"
|
|
|
|
|
];
|
|
|
|
|
privateKeyFile = "/root/wireguard-keys/privatekey-home";
|
|
|
|
|
listenPort = 51820;
|
|
|
|
|
|
|
|
|
|
peers = [
|
|
|
|
|
{
|
|
|
|
|
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
|
2024-10-03 17:46:45 +03:00
|
|
|
presharedKeyFile = "/root/wireguard-keys/psk-home";
|
2025-02-19 03:40:26 +02:00
|
|
|
allowedIPs = [ "::/0" ];
|
2024-09-25 15:18:04 +03:00
|
|
|
endpoint = "wg.vsinerva.fi:51820";
|
2024-09-24 20:01:29 +03:00
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-08-31 17:19:50 +03:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
# Dirty hack to fix autostart failing due to DNS lookups
|
2024-09-25 13:38:25 +03:00
|
|
|
systemd.services."wg-quick-wg0".serviceConfig = {
|
2024-08-31 17:19:50 +03:00
|
|
|
Restart = "on-failure";
|
|
|
|
|
RestartSec = "1s";
|
|
|
|
|
};
|
2024-09-28 23:57:23 +03:00
|
|
|
services.clatd = {
|
|
|
|
|
enable = true;
|
2025-02-19 03:40:26 +02:00
|
|
|
settings.clat-v6-addr = "2001:14ba:a090:39f0::c3";
|
2024-09-28 23:57:23 +03:00
|
|
|
};
|
|
|
|
|
systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
|
2024-08-31 17:19:50 +03:00
|
|
|
|
|
|
|
|
services.openssh.enable = pkgs.lib.mkForce false;
|
|
|
|
|
services.fail2ban.enable = pkgs.lib.mkForce false;
|
2024-07-11 16:43:26 +03:00
|
|
|
|
2024-07-11 16:45:40 +03:00
|
|
|
imports = [
|
2024-07-11 16:43:26 +03:00
|
|
|
../base.nix
|
|
|
|
|
../users/vili.nix
|
2025-02-16 23:31:05 +02:00
|
|
|
../desktop-wayland.nix
|
2024-07-11 16:43:26 +03:00
|
|
|
../development.nix
|
2024-10-15 21:33:27 +03:00
|
|
|
../onlykey.nix
|
2024-08-31 18:13:04 +03:00
|
|
|
../services/syncthing.nix
|
2025-01-11 14:27:15 +02:00
|
|
|
../services/moonlight.nix
|
2024-08-31 17:19:50 +03:00
|
|
|
../hardware-specific/keychron-q11.nix
|
|
|
|
|
../hardware-specific/trackball.nix
|
2024-07-11 16:43:26 +03:00
|
|
|
../hardware-specific/usb-automount.nix
|
2025-01-13 17:59:00 +02:00
|
|
|
../hardware-specific/intel-laptop.nix
|
2024-07-11 16:43:26 +03:00
|
|
|
];
|
2024-07-31 22:50:08 +03:00
|
|
|
|
2024-09-09 15:52:21 +03:00
|
|
|
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
|
|
|
|
|
|
2024-08-28 11:52:00 +03:00
|
|
|
swapDevices = pkgs.lib.mkForce [
|
|
|
|
|
{
|
|
|
|
|
device = "/var/lib/swapfile";
|
|
|
|
|
size = 16 * 1024;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2024-07-31 22:50:08 +03:00
|
|
|
boot = {
|
2024-10-16 18:05:15 +03:00
|
|
|
loader.timeout = 10;
|
|
|
|
|
initrd.luks = {
|
|
|
|
|
fido2Support = true;
|
|
|
|
|
devices."nixos".fido2 = {
|
|
|
|
|
passwordLess = true;
|
|
|
|
|
credential = "f29b0760a6ec3b18b0a9958d77d8be8b15ff4fd90d42c3ceaeeb5d24a19c8f81315f52dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014225afa01";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-08-31 17:19:50 +03:00
|
|
|
resumeDevice = "/dev/mapper/nixos";
|
|
|
|
|
kernelParams = [ "resume_offset=39292928" ];
|
2024-07-31 22:50:08 +03:00
|
|
|
};
|
2024-07-11 16:43:26 +03:00
|
|
|
}
|
