Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-01 17:50:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
snowfield/machines/lisa/default.nix

109 lines
2.3 KiB
Nix
Raw Blame History

{ modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./hardware.nix
./home-julien.nix
];
luj = {
docs = {
enable = true;
nginx = {
enable = true;
subdomain = "docs";
};
};
mailserver.enable = true;
};
deployment.tags = [ "server" ];
services.fail2ban.enable = true;
networking.hostId = "fbb334ae";
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks = {
"10-wan" = {
matchConfig.Name = "ens20";
address = [ "212.129.40.11/32" ];
routes = [
{
routeConfig = {
Gateway = "212.129.40.11";
Destination = "0.0.0.0/0";
};
}
];
linkConfig.RequiredForOnline = "routable";
};
"20-wan" = {
matchConfig.Name = "ens18";
networkConfig.DHCP = "yes";
linkConfig.RequiredForOnline = "routable";
};
"30-wg0" = {
matchConfig.Name = "wg0";
address = [
"10.100.45.1/24"
"fc00::1/64"
];
networkConfig = {
IPMasquerade = "ipv4";
IPForward = true;
};
};
};
netdevs = {
"10-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = "/srv/wg-private";
ListenPort = 51821;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "axigTezuClSoQlxWvpdzXKXUDjrrQlswE50ox0uDLR0=";
AllowedIPs = [ "10.100.45.2/32" ];
};
}
{
wireguardPeerConfig = {
PublicKey = "ElVrxNiYvV13hEDtqZNw4kLF7UiPTXziz8XgqABB0AU=";
AllowedIPs = [ "10.100.45.3/32" ];
};
}
];
};
};
};
services.openssh.extraConfig = ''
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
HostKey /etc/ssh/ssh_host_ed25519_key
TrustedUserCAKeys /etc/ssh/ssh_user_key.pub
MaxAuthTries 20
'';
networking.firewall.allowedTCPPorts = [
51820
51821
];
networking.firewall.allowedUDPPorts = [
51820
51821
];
system.stateVersion = "21.11";
}
Reference in a new issue View git blame Copy permalink