2024-11-05 23:42:08 +01:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}: {
|
2024-11-05 22:52:56 +01:00
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
|
|
|
];
|
2024-11-04 14:39:20 +01:00
|
|
|
|
|
|
|
# Nix
|
|
|
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
time.timeZone = "Europe/Paris";
|
|
|
|
|
2024-11-05 22:52:56 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
2024-11-20 08:17:47 +01:00
|
|
|
podman-compose
|
2024-11-05 22:52:56 +01:00
|
|
|
helix
|
2024-11-20 08:17:47 +01:00
|
|
|
unzip
|
|
|
|
htop
|
|
|
|
ncdu
|
|
|
|
wget
|
2024-11-05 22:52:56 +01:00
|
|
|
git
|
|
|
|
];
|
|
|
|
|
2024-11-04 14:39:20 +01:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
ports = [22];
|
|
|
|
settings = {
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyRXFQ6iA5p0vDuoGSHZfajiVZPAGIyqhTziM7QgBV gaspard@nixos"
|
|
|
|
];
|
2024-11-05 23:06:13 +01:00
|
|
|
|
2024-11-20 08:08:17 +01:00
|
|
|
# Podman
|
|
|
|
virtualisation = {
|
|
|
|
containers.enable = true;
|
|
|
|
oci-containers.backend = "podman";
|
|
|
|
podman = {
|
2024-11-05 23:06:13 +01:00
|
|
|
enable = true;
|
2024-11-20 08:08:17 +01:00
|
|
|
# Required for containers under podman-compose to be able to talk to each other.
|
|
|
|
defaultNetwork.settings.dns_enabled = true;
|
2024-11-05 23:06:13 +01:00
|
|
|
};
|
|
|
|
};
|
2024-11-05 23:42:08 +01:00
|
|
|
|
|
|
|
# SOPS
|
|
|
|
sops.defaultSopsFile = ../../secrets/pi4/default.yaml;
|
|
|
|
sops.secrets."wireguard/private_key".owner = "root";
|
|
|
|
|
|
|
|
# Wireguard
|
|
|
|
networking.firewall = {
|
|
|
|
allowedUDPPorts = [51820];
|
|
|
|
};
|
2024-11-06 01:02:16 +01:00
|
|
|
networking.wg-quick.interfaces = {
|
2024-11-05 23:42:08 +01:00
|
|
|
wg0 = {
|
2024-11-06 01:02:16 +01:00
|
|
|
address = ["10.8.0.31/32"];
|
2024-11-05 23:42:08 +01:00
|
|
|
listenPort = 51820; # Should match firewall allowedUDPPorts
|
|
|
|
privateKeyFile = config.sops.secrets."wireguard/private_key".path;
|
|
|
|
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
publicKey = "KLULII6VEUWMhyIba6oxxHdZsVP3TMVlNY1Vz49q7jg=";
|
|
|
|
allowedIPs = ["0.0.0.0/0"];
|
|
|
|
endpoint = "vpn.gasdev.fr:993";
|
|
|
|
persistentKeepalive = 25;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2024-11-06 01:02:16 +01:00
|
|
|
|
|
|
|
system.stateVersion = "24.11";
|
2024-11-04 14:39:20 +01:00
|
|
|
}
|