Refactor Linode configuration and update WireGuard settings

- Renamed SSH match block from 'vps' to 'linode' in jawz.nix for clarity. - Updated IP addresses in toggles.nix and other configuration files to reflect the new Linode setup. - Removed deprecated fail2ban configuration from linode's configuration.nix. - Adjusted WireGuard interface settings to use the correct IP for linode. - Cleaned up hardware configuration by removing unnecessary GRUB loader settings. - Updated secrets management in wireguard.yaml to streamline key handling.
2025-10-28 13:42:23 -06:00
parent ac48e8c86b
commit f1d565225a
9 changed files with 26 additions and 53 deletions
--- a/hosts/linode/configuration.nix
+++ b/hosts/linode/configuration.nix
@@ -9,6 +9,7 @@
    ./hardware-configuration.nix
    ./wireguard-linode.nix
    ../../config/base.nix
+    inputs.nixos-generators.nixosModules.linode
  ];
  my = import ./toggles.nix { inherit config inputs; } // {
    nix.cores = 2;
@@ -29,11 +30,6 @@
      KbdInteractiveAuthentication = false;
    };
  };
-  security.fail2ban = {
-    enable = true;
-    maxretry = 5;
-    bantime = "1h";
-  };
  environment.systemPackages = builtins.attrValues {
    inherit (pkgs)
      htop
--- a/hosts/linode/hardware-configuration.nix
+++ b/hosts/linode/hardware-configuration.nix
@@ -14,10 +14,6 @@
      "net.ipv4.conf.all.send_redirects" = 0;
      "net.ipv4.tcp_syncookies" = 1;
    };
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-    };
    kernelModules = [
      "virtio_pci"
      "virtio_blk"
--- a/hosts/linode/toggles.nix
+++ b/hosts/linode/toggles.nix
@@ -1,25 +1,16 @@
 _: {
  timeZone = "America/Mexico_City";
-  locale = "en_US.UTF-8";
-  wireguard.enable = true;
-  network.enable = true;
+  services = {
+    network.enable = true;
+    wireguard.enable = true;
+  };
  secureHost = false;
+  interfaces.linode = "eth0";
  ips = {
-    vps = "51.222.141.104";
-    wg-vps = "10.77.0.1";
+    linode = "51.222.141.104";
+    wg-linode = "10.77.0.1";
    wg-server = "10.77.0.2";
    wg-friend1 = "10.8.0.2";
    wg-friends = "10.8.0.0";
  };
-  interfaces = {
-    linode = "eth0";
-  };
-  dev = {
-    nix.enable = true;
-    sh.enable = true;
-  };
-  shell = {
-    tools.enable = true;
-    config.enable = true;
-  };
 }
--- a/hosts/linode/wireguard-linode.nix
+++ b/hosts/linode/wireguard-linode.nix
@@ -40,7 +40,7 @@
      };
      wireguard.interfaces.wg0 = {
        ips = [
-          "${config.my.ips.wg-vps}/24"
+          "${config.my.ips.wg-linode}/24"
          "${config.my.ips.wg-friends}/24"
        ];
        listenPort = 51820;
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -52,9 +52,9 @@
      peers = [
        {
          publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
-          endpoint = "${config.my.ips.vps}:51820";
+          endpoint = "${config.my.ips.linode}:51820";
          allowedIPs = [
-            "${config.my.ips.wg-vps}/32"
+            "${config.my.ips.wg-linode}/32"
            "${config.my.ips.wg-friends}/24"
          ];
          persistentKeepalive = 25;