nixos-conf/hosts/idacloud/configuration.nix

59 lines
1.6 KiB
Nix
Raw Normal View History

2025-06-21 16:36:41 +03:00
{ config, ... }:
2025-04-07 01:16:03 +03:00
{
custom.nextcloud_domain = "idacloud.sinerva.eu";
services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
custom.collabora_domain = "idacollab.sinerva.eu";
2025-04-07 01:16:03 +03:00
imports = [
../../shared/base.nix
../../shared/disko/zfs-impermanence.nix
../../shared/hardware/impermanence.nix
2025-06-05 00:37:07 +03:00
../../shared/hardware/vm.nix
../../servers/nextcloud.nix
2025-04-07 01:16:03 +03:00
];
2025-06-21 16:36:41 +03:00
sops = {
secrets = {
priv-idacloud-wg = {
sopsFile = ../../secrets/idacloud.yaml;
restartUnits = [ "wg-quick-wg0.service" ];
};
psk-laptop-idacloud-wg = {
sopsFile = ../../secrets/idacloud.yaml;
restartUnits = [ "wg-quick-wg0.service" ];
};
};
};
2025-04-20 12:54:09 +03:00
# Networking conf including WireGuard
networking = {
firewall.allowedUDPPorts = [ 51822 ];
wg-quick.interfaces = {
wg0 = {
address = [ "10.1.0.1/24" ];
2025-06-21 16:36:41 +03:00
privateKeyFile = config.sops.secrets.priv-idacloud-wg.path;
2025-04-20 12:54:09 +03:00
listenPort = 51822;
peers = [
# Laptop
2025-05-25 19:54:16 +03:00
{
publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";
2025-06-21 16:36:41 +03:00
presharedKeyFile = config.sops.secrets.psk-laptop-idacloud-wg.path;
2025-05-25 19:54:16 +03:00
allowedIPs = [ "10.1.0.2/32" ];
}
2025-04-20 12:54:09 +03:00
# Phone
# {
# publicKey = "TODO";
# presharedKeyFile = "/root/wireguard-keys/psk2";
2025-06-21 16:36:41 +03:00
# presharedKeyFile = config.sops.secrets.psk-phone-idacloud-wg.path;
2025-04-20 12:54:09 +03:00
# allowedIPs = [ "10.1.0.3/32" ];
# }
];
};
};
};
2025-04-07 01:16:03 +03:00
}