diff options
Diffstat (limited to 'configurations/varda')
-rw-r--r-- | configurations/varda/default.nix | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix new file mode 100644 index 0000000..b9d84f7 --- /dev/null +++ b/configurations/varda/default.nix @@ -0,0 +1,95 @@ +{ + config, + inputs, + lib, + this, + ... +}: +with lib; { + secrets.wireguard-private-key-varda.file = "${inputs.self}/secrets/wireguard-private-key-varda"; + + nixfiles.modules = { + wireguard = { + privateKeyFile = config.secrets.wireguard-private-key-varda.path; + client.enable = true; + }; + + acme.enable = true; + + rss-bridge.enable = true; + radicale.enable = true; + }; + + networking = let + interface = "eth0"; + in { + interfaces.${interface} = { + ipv4.addresses = [ + { + inherit (this.ipv4) address; + prefixLength = 22; + } + ]; + + ipv6.addresses = [ + { + inherit (this.ipv6) address; + prefixLength = 64; + } + ]; + }; + + defaultGateway = { + inherit interface; + address = this.ipv4.gateway; + }; + + defaultGateway6 = { + inherit interface; + address = this.ipv6.gateway; + }; + }; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + }; + + initrd = { + luks.devices.nixos = { + device = "/dev/sda2"; + allowDiscards = true; + bypassWorkqueues = true; + }; + + network = { + enable = true; + ssh = { + enable = true; + port = head config.services.openssh.ports; + hostKeys = map (k: k.path) config.services.openssh.hostKeys; + authorizedKeys = config.my.openssh.authorizedKeys.keys; + }; + }; + + availableKernelModules = ["ata_piix" "sd_mod" "sr_mod" "uhci_hcd" "virtio_pci" "virtio_scsi"]; + }; + }; + + fileSystems = { + "/boot" = { + device = "LABEL=boot"; + fsType = "xfs"; + options = ["noatime"]; + }; + + "/" = { + device = "LABEL=nixos"; + fsType = "xfs"; + options = ["noatime"]; + }; + }; + + system.stateVersion = "22.05"; +} |