nixos-conf/hosts/idacloud.nix

61 lines
1.5 KiB
Nix

{ config, ... }:
{
imports = [ ../disko/zfs-impermanence.nix ];
custom = {
impermanence.enable = true;
vm.enable = true;
nextcloud = {
enable = true;
domain = "idacloud.sinerva.eu";
collabora = {
enable = true;
domain = "idacollab.sinerva.eu";
};
};
};
networking.hostId = "43ce8e3f";
system.stateVersion = "25.05";
sops = {
secrets = {
priv-idacloud-wg = {
sopsFile = ../secrets/idacloud.yaml;
restartUnits = [ "wg-quick-wg0.service" ];
};
psk-laptop-idacloud-wg = {
sopsFile = ../secrets/idacloud.yaml;
restartUnits = [ "wg-quick-wg0.service" ];
};
};
};
# Networking conf including WireGuard
networking = {
firewall.allowedUDPPorts = [ 51822 ];
wg-quick.interfaces = {
wg0 = {
address = [ "10.1.0.1/24" ];
privateKeyFile = config.sops.secrets.priv-idacloud-wg.path;
listenPort = 51822;
peers = [
# Laptop
{
publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";
presharedKeyFile = config.sops.secrets.psk-laptop-idacloud-wg.path;
allowedIPs = [ "10.1.0.2/32" ];
}
# Phone
# {
# publicKey = "TODO";
# presharedKeyFile = "/root/wireguard-keys/psk2";
# presharedKeyFile = config.sops.secrets.psk-phone-idacloud-wg.path;
# allowedIPs = [ "10.1.0.3/32" ];
# }
];
};
};
};
}