# Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; ##################################################################################### # BEGIN hardware config ##################################################################################### # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) boot.loader.grub.enable = false; # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; }; swapDevices = [ ]; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; networking.hostName = "nixos-rpi4-01"; ##################################################################################### # END hardware config ##################################################################################### # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: sops.secrets."tailscale_keys/nixos-rpi4-01" = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; restartUnits = [ "tailscaled.service" "tailscaled-autoconnect.service" ]; }; services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-rpi4-01"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; # Temporary # networking.firewall.allowedTCPPorts = [ 22 ]; # Set up the secrets file: sops.secrets."wireguard_keys/osaka-vultr-01" = { owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; sops.secrets."wireguard_keys/preshared_key" = { owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; # Wireguard Forwarder networking.wireguard = { enable = true; interfaces = { "wireguard0" = { privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01"; # Testing peers = [ { # osaka-vultr-01 publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE="; persistentKeepalive = 5; allowedIPs = [ "0.0.0.0/0" ]; endpoint = "64.176.54.57:51820"; presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; } ]; }; }; }; }