From 9ba5fb2b707d13440c1e14c5c3a42a860d4e12cf Mon Sep 17 00:00:00 2001
From: spl3g <spleefer6@yandex.ru>
Date: Sun, 24 Aug 2025 00:38:44 +0500
Subject: feat: add a tw config

---
 nixos/tw/configuration.nix | 143 +++++++++++++++++++++++++++++++++++++++++++++
 nixos/tw/disk-config.nix   |  55 +++++++++++++++++
 2 files changed, 198 insertions(+)
 create mode 100644 nixos/tw/configuration.nix
 create mode 100644 nixos/tw/disk-config.nix

(limited to 'nixos')

diff --git a/nixos/tw/configuration.nix b/nixos/tw/configuration.nix
new file mode 100644
index 0000000..cc7411f
--- /dev/null
+++ b/nixos/tw/configuration.nix
@@ -0,0 +1,143 @@
+{ modulesPath, config, lib, pkgs, ... }: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+    ../serverModules/nginx.nix
+  ];
+
+  sops = {
+    defaultSopsFile = ../../secrets/ltrr-tw/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
+  
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  networking = {
+    interfaces.ens3 = {
+      ipv4.addresses = [{
+        address = "77.232.139.132";
+        prefixLength = 24;
+      }];
+    };
+    defaultGateway = {
+      address = "77.232.139.1";
+      interface = "ens3";
+    };
+  };
+
+  networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
+
+  networking.useDHCP = lib.mkDefault false;
+
+  networking.hostName = "ltrr-tw";
+
+  services.openssh = {
+    enable = true;
+  };
+  
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.gitMinimal
+  ];
+
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru"
+      ];
+    };
+  };
+
+  zramSwap = {
+    enable = true;
+  };
+
+  swapDevices = [{
+    device = "/var/lib/swapfile";
+    size = 2*1024;
+  }];
+
+  networking.nat = {
+    enable = true;
+    externalInterface = "ens3";
+    internalInterfaces = [ "wg0" ];
+  };
+
+  sops.secrets.wg_private_key = {};
+  networking.wg-quick = {
+    interfaces.wg0 = {
+      address = [ "10.1.1.1/32" ];
+      listenPort = 51820;
+
+      privateKeyFile = config.sops.secrets.wg_private_key.path;
+
+      preUp = "sysctl -w net.ipv4.ip_forward=1";
+
+      peers = [
+        {
+          allowedIPs = [ "10.1.1.2/32" ];
+          publicKey = "kzXzxJu1AdcRI5UwtGOrN6WuTZYqJo++PYRrXdOu/lY=";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+  
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "notspl3g+acme@duck.com";
+  };
+
+  nginx = {
+    enable = true;
+    acme.enable = true;
+
+    domain = "kcu.su";
+    subdomains = {
+      "headscale" = {
+        proxyPass = "http://127.0.0.1:8768";
+        proxyWebsockets = true;
+        recommendedProxySettings = true;
+      };
+    };
+
+    extraVirtualHosts = {
+      "_" = {
+        locations."/" = {
+          return = 444;
+        };
+      };
+    };
+
+    home =
+      let
+        homeConfig = import ../server/configuration.nix { inherit modulesPath config lib pkgs; };
+      in {
+        subdomains = homeConfig.nginx.subdomains;
+        url = "http://10.1.1.2";
+      };
+  };
+
+
+  services.headscale = {
+    enable = true;
+    port = 8768;
+    settings = {
+      server_url = "https://headscale.kcu.su:443";
+      dns = {
+        base_domain = "tailnet.kcu.su";
+        nameservers.global = [ "8.8.8.8" ];
+      };
+    };
+  };
+
+  system.stateVersion = "24.05";
+}
diff --git a/nixos/tw/disk-config.nix b/nixos/tw/disk-config.nix
new file mode 100644
index 0000000..1641339
--- /dev/null
+++ b/nixos/tw/disk-config.nix
@@ -0,0 +1,55 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
-- 
cgit v1.2.3