88 lines
2.6 KiB
Nix
88 lines
2.6 KiB
Nix
{ inputs, self, pkgs, pkgs-unstable, ... }: {
|
|
networking.hostName = "stronghold";
|
|
networking.hostId = "c581a1cd";
|
|
|
|
imports = [
|
|
inputs.disko.nixosModules.default
|
|
inputs.lix-module.nixosModules.default
|
|
inputs.home-manager.nixosModules.home-manager
|
|
|
|
# Core Features
|
|
../../nixos/features/base.nix
|
|
../../nixos/features/tui-apps.nix
|
|
../../nixos/features/openssh-server.nix
|
|
|
|
# Core Tweaks
|
|
../../nixos/tweaks/zram.nix
|
|
../../nixos/tweaks/enable_flakes.nix
|
|
../../nixos/tweaks/systemd-resolved_nonsense.nix
|
|
|
|
# Dotspace
|
|
../../dotspace/configuration.nix
|
|
../../nixos/features/stronghold-binary-cache.nix
|
|
|
|
# Users
|
|
../../users/lauren_lagarde/configuration.nix
|
|
|
|
# Docker Host Stuff
|
|
../../nixos/tweaks/disable_firewall.nix
|
|
../../nixos/features/virtualization/docker.nix
|
|
|
|
../../secrets/dotspace.nix
|
|
|
|
# Local Config
|
|
#./gatus.nix
|
|
#./haproxy.nix
|
|
./wireguard.nix
|
|
];
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Services
|
|
|
|
services.smartd.enable = lib.mkForce false;
|
|
|
|
virtualisation.oci-containers.backend = "docker";
|
|
virtualisation.oci-containers.containers = {
|
|
dozzle = {
|
|
image = "amir20/dozzle:latest";
|
|
ports = [ "10.86.84.3:9999:8080" ];
|
|
volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
|
|
};
|
|
};
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Networking
|
|
|
|
# To generate keys:
|
|
# sudo mkdir -p /root/wireguard && wg genkey | sudo tee /root/wireguard/dotspace.priv | wg pubkey
|
|
|
|
networking.useNetworkd = true;
|
|
systemd.network = {
|
|
enable = true;
|
|
|
|
# TODO: Interfaces
|
|
};
|
|
|
|
##############################################################################
|
|
# Tinc
|
|
|
|
sops.secrets."dotspace/stronghold/keys/tinc/ed25519_key.priv" = { sopsFile = ./secrets.yaml; };
|
|
|
|
systemd.network.networks."90-tinc-dotspace" = {
|
|
matchConfig.Name = "tinc.dotspace";
|
|
address = [ "10.86.84.2/32" ]; # TODO: 2?
|
|
routes = [ { Destination = "10.86.84.0/24"; } ];
|
|
};
|
|
|
|
services.tinc.networks.dotspace = {
|
|
name = "stronghold";
|
|
ed25519PrivateKeyFile = "/run/secrets/dotspace/stronghold/keys/tinc/ed25519_key.priv";
|
|
|
|
chroot = false;
|
|
settings.ConnectTo = [ "fortress" ];
|
|
};
|
|
}
|