61 lines
1.5 KiB
Nix
61 lines
1.5 KiB
Nix
{ config, ... }:
|
|
{
|
|
imports = [ ../disko/zfs-impermanence.nix ];
|
|
|
|
custom = {
|
|
impermanence.enable = true;
|
|
vm.enable = true;
|
|
nextcloud = {
|
|
enable = true;
|
|
domain = "idacloud.sinerva.eu";
|
|
collabora = {
|
|
enable = true;
|
|
domain = "idacollab.sinerva.eu";
|
|
};
|
|
};
|
|
};
|
|
networking.hostId = "43ce8e3f";
|
|
system.stateVersion = "25.05";
|
|
|
|
sops = {
|
|
secrets = {
|
|
priv-idacloud-wg = {
|
|
sopsFile = ../secrets/idacloud.yaml;
|
|
restartUnits = [ "wg-quick-wg0.service" ];
|
|
};
|
|
psk-laptop-idacloud-wg = {
|
|
sopsFile = ../secrets/idacloud.yaml;
|
|
restartUnits = [ "wg-quick-wg0.service" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
# Networking conf including WireGuard
|
|
networking = {
|
|
firewall.allowedUDPPorts = [ 51822 ];
|
|
|
|
wg-quick.interfaces = {
|
|
wg0 = {
|
|
address = [ "10.1.0.1/24" ];
|
|
privateKeyFile = config.sops.secrets.priv-idacloud-wg.path;
|
|
listenPort = 51822;
|
|
|
|
peers = [
|
|
# Laptop
|
|
{
|
|
publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";
|
|
presharedKeyFile = config.sops.secrets.psk-laptop-idacloud-wg.path;
|
|
allowedIPs = [ "10.1.0.2/32" ];
|
|
}
|
|
# Phone
|
|
# {
|
|
# publicKey = "TODO";
|
|
# presharedKeyFile = "/root/wireguard-keys/psk2";
|
|
# presharedKeyFile = config.sops.secrets.psk-phone-idacloud-wg.path;
|
|
# allowedIPs = [ "10.1.0.3/32" ];
|
|
# }
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|