f1d565225a
- Renamed SSH match block from 'vps' to 'linode' in jawz.nix for clarity. - Updated IP addresses in toggles.nix and other configuration files to reflect the new Linode setup. - Removed deprecated fail2ban configuration from linode's configuration.nix. - Adjusted WireGuard interface settings to use the correct IP for linode. - Cleaned up hardware configuration by removing unnecessary GRUB loader settings. - Updated secrets management in wireguard.yaml to streamline key handling.
47 lines
936 B
Nix
47 lines
936 B
Nix
{
|
|
pkgs,
|
|
config,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./wireguard-linode.nix
|
|
../../config/base.nix
|
|
inputs.nixos-generators.nixosModules.linode
|
|
];
|
|
my = import ./toggles.nix { inherit config inputs; } // {
|
|
nix.cores = 2;
|
|
users.nixremote.enable = false;
|
|
network.firewall = {
|
|
enabledServicePorts = true;
|
|
additionalPorts = [ ];
|
|
};
|
|
};
|
|
networking.hostName = "linode";
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
startWhenNeeded = false;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
};
|
|
environment.systemPackages = builtins.attrValues {
|
|
inherit (pkgs)
|
|
htop
|
|
iotop
|
|
tcpdump
|
|
wireguard-tools
|
|
;
|
|
};
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "weekly";
|
|
allowReboot = true;
|
|
};
|
|
}
|