Add Linode host configuration and WireGuard setup

- Introduced new configuration files for Linode host, including hardware configuration, toggles, and WireGuard settings. - Updated flake.nix to include the new images.nix file for Linode image generation. - Adjusted SSH key paths and secrets management for WireGuard to ensure proper integration with the new host setup. - Enhanced firewall rules and NAT configuration for WireGuard to improve security and connectivity.
2025-10-28 13:30:35 -06:00
parent fd2962c306
commit 431e145992
13 changed files with 225 additions and 19 deletions
--- a/hosts/linode/configuration.nix
+++ b/hosts/linode/configuration.nix
@@ -0,0 +1,50 @@
+{
+  pkgs,
+  config,
+  inputs,
+  ...
+}:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./wireguard-linode.nix
+    ../../config/base.nix
+  ];
+  my = import ./toggles.nix { inherit config inputs; } // {
+    nix.cores = 2;
+    users.nixremote.enable = false;
+    network.firewall = {
+      enabledServicePorts = true;
+      additionalPorts = [ ];
+    };
+  };
+  networking.hostName = "linode";
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    startWhenNeeded = false;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+      KbdInteractiveAuthentication = false;
+    };
+  };
+  security.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime = "1h";
+  };
+  environment.systemPackages = builtins.attrValues {
+    inherit (pkgs)
+      htop
+      iotop
+      tcpdump
+      wireguard-tools
+      ;
+  };
+  system.autoUpgrade = {
+    enable = true;
+    dates = "weekly";
+    allowReboot = true;
+  };
+}