pointfichiers/hosts/pi4/default.nix

75 lines
1.6 KiB
Nix
Raw Permalink Normal View History

{
config,
pkgs,
...
}: {
2024-11-05 22:52:56 +01:00
imports = [
./hardware-configuration.nix
];
2024-11-04 14:39:20 +01:00
# Nix
nix.settings.experimental-features = ["nix-command" "flakes"];
# Set your time zone.
time.timeZone = "Europe/Paris";
2024-11-05 22:52:56 +01:00
environment.systemPackages = with pkgs; [
2024-11-20 08:17:47 +01:00
podman-compose
2024-11-05 22:52:56 +01:00
helix
2024-11-20 08:17:47 +01:00
unzip
htop
ncdu
wget
2024-11-05 22:52:56 +01:00
git
];
2024-11-04 14:39:20 +01:00
services.openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyRXFQ6iA5p0vDuoGSHZfajiVZPAGIyqhTziM7QgBV gaspard@nixos"
];
2024-11-05 23:06:13 +01:00
2024-11-20 08:08:17 +01:00
# Podman
virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";
podman = {
2024-11-05 23:06:13 +01:00
enable = true;
2024-11-20 08:08:17 +01:00
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
2024-11-05 23:06:13 +01:00
};
};
# SOPS
sops.defaultSopsFile = ../../secrets/pi4/default.yaml;
sops.secrets."wireguard/private_key".owner = "root";
# Wireguard
networking.firewall = {
allowedUDPPorts = [51820];
};
networking.wg-quick.interfaces = {
wg0 = {
address = ["10.8.0.31/32"];
listenPort = 51820; # Should match firewall allowedUDPPorts
privateKeyFile = config.sops.secrets."wireguard/private_key".path;
peers = [
{
publicKey = "KLULII6VEUWMhyIba6oxxHdZsVP3TMVlNY1Vz49q7jg=";
allowedIPs = ["0.0.0.0/0"];
endpoint = "vpn.gasdev.fr:993";
persistentKeepalive = 25;
}
];
};
};
system.stateVersion = "24.11";
2024-11-04 14:39:20 +01:00
}