2023-10-23 17:15:54 +02:00
|
|
|
# This is your system's configuration file.
|
|
|
|
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
|
|
|
{
|
|
|
|
inputs,
|
|
|
|
outputs,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
2024-12-06 19:42:52 +01:00
|
|
|
config,
|
2023-10-23 17:15:54 +02:00
|
|
|
...
|
|
|
|
}: {
|
|
|
|
# You can import other NixOS modules here
|
|
|
|
imports = [
|
2023-10-27 13:58:20 +02:00
|
|
|
# Import home-manager's NixOS module
|
|
|
|
inputs.home-manager.nixosModules.home-manager
|
2023-10-23 17:15:54 +02:00
|
|
|
# If you want to use modules your own flake exports (from modules/nixos):
|
|
|
|
# outputs.nixosModules.example
|
|
|
|
|
|
|
|
# Or modules from other flakes (such as nixos-hardware):
|
|
|
|
# inputs.hardware.nixosModules.common-cpu-amd
|
|
|
|
# inputs.hardware.nixosModules.common-ssd
|
|
|
|
|
|
|
|
# You can also split up your configuration and import pieces of it here:
|
|
|
|
# ./users.nix
|
|
|
|
|
2024-02-07 13:50:03 +01:00
|
|
|
../../desktop
|
2023-11-13 21:26:22 +01:00
|
|
|
|
2024-02-21 10:23:51 +01:00
|
|
|
../../../disko/EDI
|
2024-02-12 16:36:27 +01:00
|
|
|
|
2023-10-23 17:15:54 +02:00
|
|
|
# Import your generated (nixos-generate-config) hardware configuration
|
|
|
|
./hardware-configuration.nix
|
|
|
|
];
|
|
|
|
|
2024-02-21 12:19:42 +01:00
|
|
|
sops.defaultSopsFile = ./secrets/sops.yaml;
|
|
|
|
|
2023-10-27 13:58:20 +02:00
|
|
|
home-manager = {
|
2023-10-27 13:59:34 +02:00
|
|
|
extraSpecialArgs = {inherit inputs outputs;};
|
2023-10-27 13:58:20 +02:00
|
|
|
users = {
|
|
|
|
# Import your home-manager configuration
|
2024-02-07 13:50:03 +01:00
|
|
|
lillian = import ../../../home-manager/hosts/EDI;
|
2023-10-27 13:58:20 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-02-06 13:31:04 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
];
|
|
|
|
|
2023-10-23 17:15:54 +02:00
|
|
|
networking.hostName = "EDI";
|
|
|
|
|
2024-12-06 19:42:52 +01:00
|
|
|
sops.secrets."wg-private-key".mode = "0440";
|
|
|
|
sops.secrets."wg-private-key".owner = config.users.users.root.name;
|
|
|
|
|
|
|
|
networking.wireguard.enable = true;
|
|
|
|
|
|
|
|
networking.wg-quick.interfaces = {
|
|
|
|
wg0 = {
|
|
|
|
autostart = true;
|
2024-12-06 22:40:12 +01:00
|
|
|
address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"];
|
|
|
|
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
|
|
|
listenPort = 51821;
|
2024-12-06 19:42:52 +01:00
|
|
|
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
2024-12-06 22:10:12 +01:00
|
|
|
endpoint = "84.87.146.85:51821";
|
2024-12-06 22:40:12 +01:00
|
|
|
allowedIPs = ["0.0.0.0/0" "::/0"];
|
|
|
|
persistentKeepalive = 25;
|
2024-12-06 19:42:52 +01:00
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-02-15 14:27:03 +01:00
|
|
|
# Lanzaboote currently replaces the systemd-boot module.
|
|
|
|
# This setting is usually set to true in configuration.nix
|
|
|
|
# generated at installation time. So we force it to false
|
|
|
|
# for now.
|
2024-08-29 13:58:18 +02:00
|
|
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
2024-02-27 11:29:55 +01:00
|
|
|
boot.initrd.systemd.enable = true;
|
2024-02-15 14:28:44 +01:00
|
|
|
|
2024-08-29 13:58:18 +02:00
|
|
|
boot.lanzaboote = {
|
|
|
|
enable = true;
|
|
|
|
pkiBundle = "/etc/secureboot";
|
|
|
|
};
|
2024-02-15 14:27:03 +01:00
|
|
|
|
2023-10-23 17:15:54 +02:00
|
|
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
2024-05-25 16:30:53 +02:00
|
|
|
system.stateVersion = "24.11";
|
2023-10-23 17:15:54 +02:00
|
|
|
}
|