{ inputs, profiles, ... }:
{
imports = [
./hardware.nix
./home-julien.nix
./stalwart.nix
./nsd.nix
];
machine.meta = {
arch = "x86_64-linux";
nixpkgs_version = inputs.unstable;
hm_version = inputs.home-manager-unstable;
ips = {
public.ipv4 = "163.172.91.82";
public.ipv6 = "2001:0bc8:3d24::45";
vpn.ipv4 = "100.100.45.33";
};
profiles = with profiles; [ server ];
};
disko = import ./disko.nix;
environment.persistence."/persistent" = {
hideMounts = true;
directories = [
"/var/lib"
"/var/log"
"/srv"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
fileSystems."/srv".neededForBoot = true;
fileSystems."/persistent".neededForBoot = true;
services.fail2ban.enable = true;
networking.useNetworkd = true;
systemd.network = {
enable = true;
config.networkConfig.IPv4Forwarding = true;
networks = {
"10-wan" = {
matchConfig.Name = "enp0s20";
networkConfig = {
DHCP = "ipv6";
IPv6AcceptRA = true;
};
addresses = [
{ Address = "163.172.91.82/24"; }
{ Address = "2001:0bc8:3d24::45/64"; }
];
routes = [
{
Gateway = "163.172.91.1";
Destination = "0.0.0.0/0";
}
];
dhcpV6Config = {
DUIDRawData = "00:01:62:7c:0e:d3:27:5b";
DUIDType = "link-layer";
UseAddress = "no";
WithoutRA = "solicit";
};
ipv6AcceptRAConfig = {
DHCPv6Client = "always";
UseOnLinkPrefix = false;
UseAutonomousPrefix = false;
};
linkConfig.RequiredForOnline = "routable";
};
"30-wg0" = {
matchConfig.Name = "wg0";
address = [
"10.100.45.1/24"
"fc00::1/64"
];
networkConfig.IPMasquerade = "ipv4";
};
};
netdevs = {
"10-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = "/srv/wg-private";
ListenPort = 51821;
};
wireguardPeers = [
{
PublicKey = "axigTezuClSoQlxWvpdzXKXUDjrrQlswE50ox0uDLR0=";
AllowedIPs = [ "10.100.45.2/32" ];
}
{
PublicKey = "ElVrxNiYvV13hEDtqZNw4kLF7UiPTXziz8XgqABB0AU=";
AllowedIPs = [ "10.100.45.3/32" ];
}
];
};
};
};
networking.firewall.allowedUDPPorts = [
51821
];
networking.firewall.allowedTCPPorts = [
51821
];
system.stateVersion = "24.11";
}