about summary refs log tree commit diff
path: root/configurations/varda
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-08-12 22:53:53 +0300
committerAzat Bahawi <azat@bahawi.net>2022-08-12 22:53:53 +0300
commit61b94f0dd06cac0f7dcd38cce80f2a7ab8376098 (patch)
treeb703a9fe11eae6c4cae4e4682f02caf0caa171d0 /configurations/varda
2022-08-12
Diffstat (limited to 'configurations/varda')
-rw-r--r--configurations/varda/default.nix95
1 files changed, 95 insertions, 0 deletions
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix
new file mode 100644
index 0000000..b9d84f7
--- /dev/null
+++ b/configurations/varda/default.nix
@@ -0,0 +1,95 @@
+{
+  config,
+  inputs,
+  lib,
+  this,
+  ...
+}:
+with lib; {
+  secrets.wireguard-private-key-varda.file = "${inputs.self}/secrets/wireguard-private-key-varda";
+
+  nixfiles.modules = {
+    wireguard = {
+      privateKeyFile = config.secrets.wireguard-private-key-varda.path;
+      client.enable = true;
+    };
+
+    acme.enable = true;
+
+    rss-bridge.enable = true;
+    radicale.enable = true;
+  };
+
+  networking = let
+    interface = "eth0";
+  in {
+    interfaces.${interface} = {
+      ipv4.addresses = [
+        {
+          inherit (this.ipv4) address;
+          prefixLength = 22;
+        }
+      ];
+
+      ipv6.addresses = [
+        {
+          inherit (this.ipv6) address;
+          prefixLength = 64;
+        }
+      ];
+    };
+
+    defaultGateway = {
+      inherit interface;
+      address = this.ipv4.gateway;
+    };
+
+    defaultGateway6 = {
+      inherit interface;
+      address = this.ipv6.gateway;
+    };
+  };
+
+  boot = {
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+    };
+
+    initrd = {
+      luks.devices.nixos = {
+        device = "/dev/sda2";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+
+      network = {
+        enable = true;
+        ssh = {
+          enable = true;
+          port = head config.services.openssh.ports;
+          hostKeys = map (k: k.path) config.services.openssh.hostKeys;
+          authorizedKeys = config.my.openssh.authorizedKeys.keys;
+        };
+      };
+
+      availableKernelModules = ["ata_piix" "sd_mod" "sr_mod" "uhci_hcd" "virtio_pci" "virtio_scsi"];
+    };
+  };
+
+  fileSystems = {
+    "/boot" = {
+      device = "LABEL=boot";
+      fsType = "xfs";
+      options = ["noatime"];
+    };
+
+    "/" = {
+      device = "LABEL=nixos";
+      fsType = "xfs";
+      options = ["noatime"];
+    };
+  };
+
+  system.stateVersion = "22.05";
+}

Consider giving Nix/NixOS a try! <3