Add Linode host configuration and WireGuard setup

- Introduced new configuration files for Linode host, including hardware configuration, toggles, and WireGuard settings. - Updated flake.nix to include the new images.nix file for Linode image generation. - Adjusted SSH key paths and secrets management for WireGuard to ensure proper integration with the new host setup. - Enhanced firewall rules and NAT configuration for WireGuard to improve security and connectivity.
2025-10-28 13:30:35 -06:00
parent fd2962c306
commit 431e145992
13 changed files with 225 additions and 19 deletions
--- a/hosts/linode/hardware-configuration.nix
+++ b/hosts/linode/hardware-configuration.nix
@@ -0,0 +1,47 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot = {
+    tmp.cleanOnBoot = true;
+    kernel.sysctl = {
+      "net.core.default_qdisc" = "fq";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      "net.ipv4.conf.all.rp_filter" = 1;
+      "net.ipv4.conf.default.rp_filter" = 1;
+      "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
+      "net.ipv4.conf.all.accept_source_route" = 0;
+      "net.ipv6.conf.all.accept_source_route" = 0;
+      "net.ipv4.conf.all.send_redirects" = 0;
+      "net.ipv4.tcp_syncookies" = 1;
+    };
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+    };
+    kernelModules = [
+      "virtio_pci"
+      "virtio_blk"
+      "virtio_net"
+    ];
+    initrd = {
+      availableKernelModules = [
+        "virtio_pci"
+        "virtio_scsi"
+        "virtio_blk"
+        "virtio_net"
+        "9p"
+        "9pnet_virtio"
+      ];
+      kernelModules = [ ];
+    };
+    extraModulePackages = [ ];
+  };
+  fileSystems."/" = {
+    device = "/dev/sda";
+    fsType = "ext4";
+  };
+  swapDevices = [ { device = "/dev/sdb"; } ];
+  networking.useDHCP = lib.mkDefault true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.enableRedistributableFirmware = true;
+}