From 0ae0f7489fb94bc122c3634107872c9b9437eda3 Mon Sep 17 00:00:00 2001 From: spl3g Date: Mon, 27 Oct 2025 23:49:28 +0300 Subject: feat: move servers to nixos-stable --- nixos/tw/configuration.nix | 76 ++++++++++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 29 deletions(-) (limited to 'nixos/tw') diff --git a/nixos/tw/configuration.nix b/nixos/tw/configuration.nix index f851d12..4078ba1 100644 --- a/nixos/tw/configuration.nix +++ b/nixos/tw/configuration.nix @@ -1,17 +1,34 @@ -{ modulesPath, config, lib, pkgs, ... }: { +{ + modulesPath, + config, + lib, + pkgs, + outputs, + inputs, + ... +}: let + domain = "kcu.su"; +in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") + "${inputs.nixpkgs}/nixos/modules/services/networking/headscale.nix" # replacing the options with ones for a newer version ./disk-config.nix ../serverModules/nginx.nix ]; + disabledModules = ["services/networking/headscale.nix"]; + + nixpkgs.overlays = [ + outputs.overlays.unstable-packages + ]; + sops = { defaultSopsFile = ../../secrets/ltrr-tw/secrets.yaml; defaultSopsFormat = "yaml"; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; }; - + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; @@ -19,10 +36,12 @@ networking = { interfaces.ens3 = { - ipv4.addresses = [{ - address = "77.232.139.132"; - prefixLength = 24; - }]; + ipv4.addresses = [ + { + address = "77.232.139.132"; + prefixLength = 24; + } + ]; }; defaultGateway = { address = "77.232.139.1"; @@ -30,7 +49,7 @@ }; }; - networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; + networking.nameservers = ["8.8.8.8" "1.1.1.1"]; networking.useDHCP = lib.mkDefault false; @@ -39,7 +58,7 @@ services.openssh = { enable = true; }; - + environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal @@ -63,22 +82,22 @@ networking.nat = { enable = true; externalInterface = "ens3"; - internalInterfaces = [ "wg0" ]; + internalInterfaces = ["wg0"]; }; - sops.secrets.wg_private_key = {}; + sops.secrets.wg-private-key = {}; networking.wg-quick = { interfaces.wg0 = { - address = [ "10.1.1.1/32" ]; + address = ["10.1.1.1/32"]; listenPort = 51820; - privateKeyFile = config.sops.secrets.wg_private_key.path; + privateKeyFile = config.sops.secrets.wg-private-key.path; preUp = "sysctl -w net.ipv4.ip_forward=1"; peers = [ { - allowedIPs = [ "10.1.1.2/32" ]; + allowedIPs = ["10.1.1.2/32"]; publicKey = "kzXzxJu1AdcRI5UwtGOrN6WuTZYqJo++PYRrXdOu/lY="; persistentKeepalive = 25; } @@ -86,9 +105,9 @@ }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 51820 ]; - + networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedUDPPorts = [51820]; + security.acme = { acceptTerms = true; defaults.email = "notspl3g+acme@duck.com"; @@ -98,7 +117,7 @@ enable = true; acme.enable = true; - domain = "kcu.su"; + inherit domain; subdomains = { "headscale" = { proxyPass = "http://127.0.0.1:8768"; @@ -115,24 +134,23 @@ }; }; - home = - let - homeConfig = import ../server/configuration.nix { inherit modulesPath config lib pkgs; }; - in { - subdomains = homeConfig.nginx.subdomains; - url = "http://10.1.1.2"; - }; + home = let + homeConfig = import ../server/configuration.nix {inherit modulesPath config lib pkgs;}; + in { + subdomains = homeConfig.nginx.subdomains; + url = "http://10.1.1.2"; + }; }; - services.headscale = { enable = true; + package = pkgs.unstable.headscale; port = 8768; settings = { - server_url = "https://headscale.kcu.su:443"; + server_url = "https://headscale.${domain}:443"; dns = { - base_domain = "tailnet.kcu.su"; - nameservers.global = [ "8.8.8.8" ]; + base_domain = "tailnet.${domain}"; + nameservers.global = ["8.8.8.8"]; }; }; }; -- cgit v1.2.3