diff options
Diffstat (limited to 'nixos/tw/configuration.nix')
| -rw-r--r-- | nixos/tw/configuration.nix | 159 |
1 files changed, 0 insertions, 159 deletions
diff --git a/nixos/tw/configuration.nix b/nixos/tw/configuration.nix deleted file mode 100644 index 4078ba1..0000000 --- a/nixos/tw/configuration.nix +++ /dev/null @@ -1,159 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - outputs, - inputs, - ... -}: let - domain = "kcu.su"; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - "${inputs.nixpkgs}/nixos/modules/services/networking/headscale.nix" # replacing the options with ones for a newer version - ./disk-config.nix - ../serverModules/nginx.nix - ]; - - disabledModules = ["services/networking/headscale.nix"]; - - nixpkgs.overlays = [ - outputs.overlays.unstable-packages - ]; - - sops = { - defaultSopsFile = ../../secrets/ltrr-tw/secrets.yaml; - defaultSopsFormat = "yaml"; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - }; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - networking = { - interfaces.ens3 = { - ipv4.addresses = [ - { - address = "77.232.139.132"; - prefixLength = 24; - } - ]; - }; - defaultGateway = { - address = "77.232.139.1"; - interface = "ens3"; - }; - }; - - networking.nameservers = ["8.8.8.8" "1.1.1.1"]; - - networking.useDHCP = lib.mkDefault false; - - networking.hostName = "ltrr-tw"; - - services.openssh = { - enable = true; - }; - - environment.systemPackages = map lib.lowPrio [ - pkgs.curl - pkgs.gitMinimal - ]; - - users.users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - }; - }; - - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 2 * 1024; - } - ]; - - networking.nat = { - enable = true; - externalInterface = "ens3"; - internalInterfaces = ["wg0"]; - }; - - sops.secrets.wg-private-key = {}; - networking.wg-quick = { - interfaces.wg0 = { - address = ["10.1.1.1/32"]; - listenPort = 51820; - - privateKeyFile = config.sops.secrets.wg-private-key.path; - - preUp = "sysctl -w net.ipv4.ip_forward=1"; - - peers = [ - { - allowedIPs = ["10.1.1.2/32"]; - publicKey = "kzXzxJu1AdcRI5UwtGOrN6WuTZYqJo++PYRrXdOu/lY="; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - networking.firewall.allowedUDPPorts = [51820]; - - security.acme = { - acceptTerms = true; - defaults.email = "notspl3g+acme@duck.com"; - }; - - nginx = { - enable = true; - acme.enable = true; - - inherit domain; - subdomains = { - "headscale" = { - proxyPass = "http://127.0.0.1:8768"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; - - extraVirtualHosts = { - "_" = { - locations."/" = { - return = 444; - }; - }; - }; - - home = let - homeConfig = import ../server/configuration.nix {inherit modulesPath config lib pkgs;}; - in { - subdomains = homeConfig.nginx.subdomains; - url = "http://10.1.1.2"; - }; - }; - - services.headscale = { - enable = true; - package = pkgs.unstable.headscale; - port = 8768; - settings = { - server_url = "https://headscale.${domain}:443"; - dns = { - base_domain = "tailnet.${domain}"; - nameservers.global = ["8.8.8.8"]; - }; - }; - }; - - system.stateVersion = "24.05"; -} |