Refactor Linode configuration and update WireGuard settings

- Renamed SSH match block from 'vps' to 'linode' in jawz.nix for clarity.
- Updated IP addresses in toggles.nix and other configuration files to reflect the new Linode setup.
- Removed deprecated fail2ban configuration from linode's configuration.nix.
- Adjusted WireGuard interface settings to use the correct IP for linode.
- Cleaned up hardware configuration by removing unnecessary GRUB loader settings.
- Updated secrets management in wireguard.yaml to streamline key handling.

config/jawz.nix

@@ -31,9 +31,8 @@ in
     programs.ssh = lib.mkIf config.my.secureHost {
       enable = true;
       matchBlocks = {
-        vps = {
+        linode = {
           hostname = config.my.ips.vps;
-          user = "fedora";
           port = 3456;
           identityFile = config.sops.secrets."private_keys/${hostName}".path;
         };

hosts/linode/configuration.nix

@@ -9,6 +9,7 @@
     ./hardware-configuration.nix
     ./wireguard-linode.nix
     ../../config/base.nix
+    inputs.nixos-generators.nixosModules.linode
   ];
   my = import ./toggles.nix { inherit config inputs; } // {
     nix.cores = 2;
@@ -29,11 +30,6 @@
       KbdInteractiveAuthentication = false;
     };
   };
-  security.fail2ban = {
-    enable = true;
-    maxretry = 5;
-    bantime = "1h";
-  };
   environment.systemPackages = builtins.attrValues {
     inherit (pkgs)
       htop

hosts/linode/hardware-configuration.nix

@@ -14,10 +14,6 @@
       "net.ipv4.conf.all.send_redirects" = 0;
       "net.ipv4.tcp_syncookies" = 1;
     };
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-    };
     kernelModules = [
       "virtio_pci"
       "virtio_blk"

hosts/linode/toggles.nix

@@ -1,25 +1,16 @@
 _: {
   timeZone = "America/Mexico_City";
-  locale = "en_US.UTF-8";
+  services = {
-  wireguard.enable = true;
     network.enable = true;
+    wireguard.enable = true;
+  };
   secureHost = false;
+  interfaces.linode = "eth0";
   ips = {
-    vps = "51.222.141.104";
+    linode = "51.222.141.104";
-    wg-vps = "10.77.0.1";
+    wg-linode = "10.77.0.1";
     wg-server = "10.77.0.2";
     wg-friend1 = "10.8.0.2";
     wg-friends = "10.8.0.0";
   };
-  interfaces = {
-    linode = "eth0";
-  };
-  dev = {
-    nix.enable = true;
-    sh.enable = true;
-  };
-  shell = {
-    tools.enable = true;
-    config.enable = true;
-  };
 }

hosts/linode/wireguard-linode.nix

@@ -40,7 +40,7 @@
       };
       wireguard.interfaces.wg0 = {
         ips = [
-          "${config.my.ips.wg-vps}/24"
+          "${config.my.ips.wg-linode}/24"
           "${config.my.ips.wg-friends}/24"
         ];
         listenPort = 51820;

hosts/server/configuration.nix

@@ -52,9 +52,9 @@
       peers = [
         {
           publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
-          endpoint = "${config.my.ips.vps}:51820";
+          endpoint = "${config.my.ips.linode}:51820";
           allowedIPs = [
-            "${config.my.ips.wg-vps}/32"
+            "${config.my.ips.wg-linode}/32"
             "${config.my.ips.wg-friends}/24"
           ];
           persistentKeepalive = 25;

modules/modules.nix

@@ -49,8 +49,8 @@ in
         server = "192.168.100.15";
         miniserver = "192.168.1.100";
         workstation = "192.168.100.18";
-        vps = "51.222.141.104";
+        linode = "51.222.141.104";
-        wg-vps = "10.77.0.1";
+        wg-linode = "10.77.0.1";
         wg-server = "10.77.0.2";
         wg-friend1 = "10.8.0.2";
         wg-friends = "10.8.0.0";

parts/images.nix

@@ -1,8 +1,5 @@
 { inputs, ... }:
 {
-  flake.packages.x86_64-linux.linode-image = inputs.nixos-generators.nixosGenerate {
+  flake.packages.x86_64-linux.linode-image =
-    system = "x86_64-linux";
+    inputs.self.nixosConfigurations.linode.config.system.build.linodeImage;
-    modules = [ inputs.self.nixosConfigurations.linode.config.system.build.toplevel.outPath ];
-    format = "linode";
-  };
 }

secrets/wireguard.yaml

@@ -1,19 +1,13 @@
-wireguard:
+server:
+    private: ENC[AES256_GCM,data:8/wwIn29F5DxRIjFz51GgBUmAdaOeyS4cDN/vFzypagyNyOJ1VygiT1NXMA=,iv:uUk55wrayGJ6YRNC67z51T4DW6r/LVOol39/JJKYZxg=,tag:uuAuAqzTUOJjkLsDrZig2A==,type:str]
+    public: ENC[AES256_GCM,data:J3j3AlG2liVRZERvlpClWekGa4AZWBfACe9J5YegzG1liU5/ZkPzMOzdf4I=,iv:8o9IpQWh0QtdwDj1knpsEOrPLorSZPQKiO8QJxBlPco=,tag:QDHai1bzFXS7vuTpIJqClA==,type:str]
 linode:
-        private: ENC[AES256_GCM,data:PejimzNOiJGlTbMZjlyZIFYCnhu/ZAisG/we03ZJo8VO4cwclm+ztXCE89c=,iv:iw3hIUxMyx7rIQ56Nc4zPXBdRn8HYL44AXOu57VfiX0=,tag:zZcGrTU+1k6FRtTG5zj4pw==,type:str]
-        public: ENC[AES256_GCM,data:G3p/wGLeNq8/icpKbIUGEMC/l8rqptUv7tpB2md+fmo0UJieK3s3lWy79u8=,iv:4LQ8RfT3VkzdrxkOn+XROKdnBqdhbBdRzw+x/j+t/BY=,tag:+s4eCnDp6XSE+w4wlB+QLA==,type:str]
     server:
-        private: ENC[AES256_GCM,data:owBMyfOeeizHMbRp7yqaE95otpyEsH5HUk0RcltEqgzvTGfTWBLP8ZvMhPA=,iv:KtGd+w4WtRGJ6ux+70SOU6eq21Ak4r0obFimvPWWSjE=,tag:2eYP41vhKNyUi/3zyOY+Vg==,type:str]
+        private: ENC[AES256_GCM,data:ReI4nnGcR4GbLuQOkosYG9CtQWc/YSV/BVVwY2lfM9miskRIh+aw4kudSNM=,iv:B2JrRpD7tYF+PtdQddyzUl0kp36VVXSNFrHOAoUgwA4=,tag:GV3joCZbl85tvlMAq/Kqug==,type:str]
-        public: ENC[AES256_GCM,data:9GcLl+xpcZZ7XU4c0eDqvUjc9VVvs8C4ZhRUfB9WjuGIu3we/Syxh8pGC8c=,iv:IdXada3p+GVpLgm9mOGjAObPPFfXzSNVfBm01Liyz4s=,tag:uzB5BpVNT4F+wUO3gwsunQ==,type:str]
+        public: ENC[AES256_GCM,data:VKYak059lumcQy3QtCanYwBwmsKkkSVEQilOu+KUYmMykirV+DUpI23jloY=,iv:5NYbyrMQTlC8qp/fmGToK+ZpKhDcP8UWbmRNoWzn64k=,tag:fi46BRJAksrUuDYP+5Nvmw==,type:str]
-        private_old: ENC[AES256_GCM,data:T6SIjKfNJSyapmF1IFkoSBT0S8/bsvbivRqbS8FubQ0UnZ+SfMRIEHVPXgg=,iv:OnQw4OKfRmDhOzBUq834oqTDCobE5RW2EKqFYUf1Xt8=,tag:4hJ8pumr4KDMyM1Sygy57g==,type:str]
-        public_old: ENC[AES256_GCM,data:teRFtsuKyrK/D5yag+RyHCsrtuuK1S0rC9By9I+eMCTGh00Jiw7T/kEdGm0=,iv:A8JAcZekzDnP+PNhH1YKigBhNVSKqsRC0UbIr+Af5ec=,tag:m852G+0tdrqzpY1J6YBxrg==,type:str]
-vps:
-    server:
-        private: ENC[AES256_GCM,data:wrP/069tuQs3ObYE8Q0MNVxe3+4vZ2HIImoIdZpj1uPgdBknboX1wmANv/k=,iv:FJL5KumHos8PoXra+BB2Uc6YedsF6MD3wWyuugXzJ+E=,tag:nVuTrW2P7JvnWnv6H1SmdQ==,type:str]
-        public: ENC[AES256_GCM,data:YnKOf9725v9FkzdNPDVf/iinMbY/YWn6ksqEz+mpB4KHVlOvpbV6vLSKRcs=,iv:aWQNy6mT4sxVbzaXKgRzZ9XVsiBCRsOlLORRqC+uiKE=,tag:mLWv6mr3VVfw0J5BrqByXg==,type:str]
     home:
-        private: ENC[AES256_GCM,data:YZ0jvBzkMv8Bwc9u3LDJzwSqQvPj8wPUxTIeBFiLYVQQIBjm8aS1dTYuPvo=,iv:mXuW7TVERxOMmGIit3a7Spmbk/EgYuGkO66AWJUnMF0=,tag:xM7C3F3JCiud/A9yPD5ydQ==,type:str]
+        private: ENC[AES256_GCM,data:Bo3Hzd9Xh4kufO8G4J6Gm2znsUcBc25OlB+ECI4u2roeo7QgQpRXxa8RamM=,iv:0D+FmQxqyZZeCA+iA/gMp0soZ2LtM9fNTP6hGIVrNaM=,tag:Bk18KYKZEDWBBEK5dHKO6w==,type:str]
-        public: ENC[AES256_GCM,data:DcwAHhHjIxFqRL5h7p/0nkFnWiI/iqR8Fws6AuFaxjgUHKYd/6l3D6q/O/0=,iv:bBJ0bsKRiGQUSlRmHqeLQWkOIUNfG5VVpuV6MOtKZO0=,tag:harMG6GDIfclmSq3D36bTw==,type:str]
+        public: ENC[AES256_GCM,data:sHXh/i9nBHgpgsBVPgvpiEJIHIXzlCa3EhG/eFYL1tKz6Iabcr4bnAUbe08=,iv:V6eSlQRenSCz5VRJMQTXafIb2TTB33p7jzOkixSwIM0=,tag:tjutVj+K6CdtN/FOZqqaHw==,type:str]
 sops:
     age:
         - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -52,7 +46,7 @@ sops:
             KzZFSWprL0l0MDdVdEVKbEV5eklZdTAK/1ZyGvElfp+LVloSR6aJUtvrgU0CrzaJ
             SQtO7vc4oDedkiTz6LKySta+uyn3e17Jzdyy9nU2D/Q5X+CpKGP3cg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-28T19:13:03Z"
+    lastmodified: "2025-10-28T19:42:02Z"
-    mac: ENC[AES256_GCM,data:Mp6sgr6VwoQqnOmqloCAeKuL/8kB4vNLxk94AXAzX1z/Wq+R3Y3I6Yh3hB+QeTRW8nJ5hmGjAEeVzFtjRFP7EcL3KKY3B7s7TU1O+I3lWYMgNuCG6+Z7do62x/1ZyeCGMRQDIc6Xzu13ktyxf4AeVxg/7w0qBHbt3QVa18UM08U=,iv:4jJ5mDEeNgSwd+ekzDuF1z8pSNy04M1XEPr7TIIrZ2M=,tag:ZwiHCXKQWONsBJ9NGsYo1w==,type:str]
+    mac: ENC[AES256_GCM,data:b6/AkxnYppuHIU2oOqOZFizfqhwGjHquzhaeKnBhinXUqmAwoYRgHH54w951HR0Qp9IXu4P7BmlmqET2IhtIXjTtfkDOz9LUUJT0kRmpW5uyXcgiaPQWFFT1r3FnUNPla1O3mBpaT8FD1LVZunEGJ7o3smHJ8aXStbV3RIwdUsQ=,iv:4yCLwkTxW9wMFyoUK9WvaRR+GI1r884uGRKLvmzVF2I=,tag:wLk0v/f06rLczCX+/UN4Ng==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0