75 lines
1.8 KiB
Nix
75 lines
1.8 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
../../config/base.nix
|
|
../../config/stylix.nix
|
|
];
|
|
my = import ./toggles.nix { inherit config inputs; } // {
|
|
nix.cores = 6;
|
|
users.nixremote.enable = true;
|
|
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
|
"nixworkstation"
|
|
"nixminiserver"
|
|
];
|
|
network.firewall.enabledServicePorts = true;
|
|
network.firewall.additionalPorts = [
|
|
2049 # idk
|
|
8384 # syncthing gui
|
|
22000 # syncthing relay
|
|
3452 # sonarqube
|
|
8448 # synapse ssl
|
|
];
|
|
};
|
|
nix.buildMachines = [
|
|
{
|
|
hostName = "workstation";
|
|
system = "x86_64-linux";
|
|
sshUser = "nixremote";
|
|
maxJobs = 8;
|
|
speedFactor = 2;
|
|
supportedFeatures = config.my.nix.features;
|
|
}
|
|
];
|
|
sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost {
|
|
sopsFile = ../../secrets/wireguard.yaml;
|
|
};
|
|
networking = {
|
|
hostName = "server";
|
|
firewall = {
|
|
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
|
|
interfaces.wg0.allowedTCPPorts = [ 8081 ];
|
|
};
|
|
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
|
|
ips = [ "${config.my.ips.wg-server}/32" ];
|
|
privateKeyFile = config.sops.secrets."vps/home/private".path;
|
|
peers = [
|
|
{
|
|
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
|
|
endpoint = "${config.my.ips.vps}:51820";
|
|
allowedIPs = [
|
|
"${config.my.ips.wg-vps}/32"
|
|
"${config.my.ips.wg-friends}/24" # all friends
|
|
];
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
users.users.jawz.packages = builtins.attrValues {
|
|
inherit (pkgs) podman-compose attic-client;
|
|
};
|
|
services.btrfs.autoScrub = {
|
|
enable = true;
|
|
fileSystems = [
|
|
"/"
|
|
"/srv/pool"
|
|
];
|
|
};
|
|
}
|