74 lines
2.3 KiB
Nix
74 lines
2.3 KiB
Nix
{ pkgs, ... }: {
|
|
imports = [
|
|
# Core Features
|
|
../../nixos/features/base.nix
|
|
../../nixos/features/tui-apps.nix
|
|
../../nixos/features/openssh-server.nix
|
|
|
|
# Core Tweaks
|
|
../../nixos/tweaks/zram.nix
|
|
../../nixos/tweaks/enable_flakes.nix
|
|
../../nixos/tweaks/disable_nixos_user.nix
|
|
../../nixos/tweaks/systemd-resolved_nonsense.nix
|
|
|
|
# Lauren Base
|
|
../../users/lauren_lagarde/lauren_lagarde.nix
|
|
|
|
# Dotspace
|
|
../../secrets/dotspace.nix
|
|
../../nixos/features/stronghold-binary-cache.nix
|
|
|
|
# Docker Host Stuff
|
|
../../nixos/tweaks/disable_firewall.nix
|
|
../../nixos/features/virtualization/docker.nix
|
|
../../nixos/features/virtualization/dockge.nix
|
|
|
|
# UEFI SSH ZFS
|
|
#../../nixos/tweaks/zfs.nix
|
|
#../../nixos/features/initrd-ssh.nix
|
|
#../../nixos/features/virtualization/libvirt-guest-uefi.nix
|
|
|
|
#../../nixos/disko/libvirt/uefi-zfs-base.nix
|
|
#../../nixos/disko/libvirt/zfs-encrypted.nix
|
|
];
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Networking
|
|
|
|
# To generate keys:
|
|
# sudo mkdir -p /root/wireguard && wg genkey | sudo tee /root/wireguard/dotspace.priv | wg pubkey
|
|
networking.wireguard.enable = true;
|
|
networking.wireguard.interfaces."wg.dotspace" = {
|
|
ips = [ "10.13.13.2" ];
|
|
listenPort = 51820;
|
|
privateKeyFile = "/root/wireguard/dotspace.priv";
|
|
};
|
|
|
|
systemd.network = {
|
|
networks = {
|
|
"90-tinc-dotspace" = {
|
|
matchConfig.Name = "tinc.dotspace";
|
|
address = [ "10.86.84.3/32" ];
|
|
routes = [ { Destination = "10.86.84.0/24"; } ];
|
|
};
|
|
};
|
|
};
|
|
|
|
# To Generate Keys:
|
|
# sudo tinc -b -n dotspace generate-ed25519-keys; cat /etc/tinc/dotspace/hosts/$(hostname) | grep "^Ed"
|
|
services.tinc.networks.dotspace = {
|
|
name = "stronghold";
|
|
ed25519PrivateKeyFile = "/etc/tinc/dotspace/ed25519_key.priv";
|
|
|
|
chroot = false;
|
|
settings.ConnectTo = [ "fortress" "citadel" ];
|
|
};
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Services
|
|
}
|