VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions
nixos-conf/machine-confs/lithium.nix

86 lines
2.2 KiB
Nix
Raw Blame History

{ pkgs, ... }:
{
networking = {
hostName = "lithium";
tempAddresses = "disabled"; # For IP-based filtering to work better
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [
"fd08:d473:bcca:f0::3/64"
"2001:14ba:a08c:2df0::3/64"
];
dns = [
"fd08:d473:bcca::1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/root/wireguard-keys/psk-home";
allowedIPs = [
"fd08:d473:bcca::/64"
"fd08:d473:bcca:f0::/64"
"::/0"
];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
};
};
# Dirty hack to fix autostart failing due to DNS lookups
systemd.services."wg-quick-wg0".serviceConfig = {
Restart = "on-failure";
RestartSec = "1s";
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "2001:14ba:a08c:2df0::f3";
};
systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
services.openssh.enable = pkgs.lib.mkForce false;
services.fail2ban.enable = pkgs.lib.mkForce false;
imports = [
../base.nix
../users/vili.nix
../desktop.nix
../development.nix
../onlykey.nix
../services/syncthing.nix
../services/redshift.nix
../services/moonlight.nix
../hardware-specific/keychron-q11.nix
../hardware-specific/trackball.nix
../hardware-specific/usb-automount.nix
../hardware-specific/intel-laptop.nix
];
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
swapDevices = pkgs.lib.mkForce [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
loader.timeout = 10;
initrd.luks = {
fido2Support = true;
devices."nixos".fido2 = {
passwordLess = true;
credential = "f29b0760a6ec3b18b0a9958d77d8be8b15ff4fd90d42c3ceaeeb5d24a19c8f81315f52dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014225afa01";
};
};
resumeDevice = "/dev/mapper/nixos";
kernelParams = [ "resume_offset=39292928" ];
};
}
View git blame Copy permalink