big refactor of a lot of files
This commit is contained in:
		
							parent
							
								
									7ee9d954ce
								
							
						
					
					
						commit
						6c64a962f4
					
				
					 12 changed files with 875 additions and 893 deletions
				
			
		|  | @ -29,8 +29,12 @@ | |||
|     # Import your generated (nixos-generate-config) hardware configuration | ||||
|     ./hardware-configuration.nix | ||||
|   ]; | ||||
|   sops = { | ||||
|     defaultSopsFile = ./secrets/sops.yaml; | ||||
| 
 | ||||
|   sops.defaultSopsFile = ./secrets/sops.yaml; | ||||
|     secrets."wg-private-key".mode = "0440"; | ||||
|     secrets."wg-private-key".owner = config.users.users.root.name; | ||||
|   }; | ||||
| 
 | ||||
|   home-manager = { | ||||
|     extraSpecialArgs = {inherit inputs outputs;}; | ||||
|  | @ -42,42 +46,41 @@ | |||
| 
 | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|   ]; | ||||
|   networking = { | ||||
|     hostName = "EDI"; | ||||
| 
 | ||||
|   networking.hostName = "EDI"; | ||||
|     wireguard.enable = true; | ||||
| 
 | ||||
|   sops.secrets."wg-private-key".mode = "0440"; | ||||
|   sops.secrets."wg-private-key".owner = config.users.users.root.name; | ||||
| 
 | ||||
|   networking.wireguard.enable = true; | ||||
| 
 | ||||
|   networking.wg-quick.interfaces = { | ||||
|     wg0 = { | ||||
|       autostart = true; | ||||
|       address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"]; | ||||
|       dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; | ||||
|       listenPort = 51821; | ||||
|       privateKeyFile = config.sops.secrets."wg-private-key".path; | ||||
|       peers = [ | ||||
|         { | ||||
|           publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; | ||||
|           endpoint = "84.87.146.85:51821"; | ||||
|           allowedIPs = ["0.0.0.0/0" "::/0"]; | ||||
|           persistentKeepalive = 25; | ||||
|         } | ||||
|       ]; | ||||
|     wg-quick.interfaces = { | ||||
|       wg0 = { | ||||
|         autostart = true; | ||||
|         address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"]; | ||||
|         dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; | ||||
|         listenPort = 51821; | ||||
|         privateKeyFile = config.sops.secrets."wg-private-key".path; | ||||
|         peers = [ | ||||
|           { | ||||
|             publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; | ||||
|             endpoint = "84.87.146.85:51821"; | ||||
|             allowedIPs = ["0.0.0.0/0" "::/0"]; | ||||
|             persistentKeepalive = 25; | ||||
|           } | ||||
|         ]; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|   boot = { | ||||
|     # Lanzaboote currently replaces the systemd-boot module. | ||||
|     # This setting is usually set to true in configuration.nix | ||||
|     # generated at installation time. So we force it to false | ||||
|     # for now. | ||||
|     loader.systemd-boot.enable = lib.mkForce false; | ||||
|     initrd.systemd.enable = true; | ||||
| 
 | ||||
|   # Lanzaboote currently replaces the systemd-boot module. | ||||
|   # This setting is usually set to true in configuration.nix | ||||
|   # generated at installation time. So we force it to false | ||||
|   # for now. | ||||
|   boot.loader.systemd-boot.enable = lib.mkForce false; | ||||
|   boot.initrd.systemd.enable = true; | ||||
| 
 | ||||
|   boot.lanzaboote = { | ||||
|     enable = true; | ||||
|     pkiBundle = "/etc/secureboot"; | ||||
|     lanzaboote = { | ||||
|       enable = true; | ||||
|       pkiBundle = "/etc/secureboot"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue