nix/nixos/hosts/nixos-rpi4-03/default.nix
2023-10-07 20:10:33 +09:00

88 lines
No EOL
3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Enable distributed Builds
nix.distributedBuilds = true;
#####################################################################################
# BEGIN hardware config
#####################################################################################
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
networking.hostName = "nixos-rpi4-03";
#####################################################################################
# END hardware config
#####################################################################################
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/nixos-rpi4-03" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-rpi4-03";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
# Temporary
# networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
# Set up the secrets file:
sops.secrets."wireguard_keys/nixos-rpi4-03" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
sops.secrets."wireguard_keys/preshared_key" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder
networking.wireguard = {
enable = true;
interfaces = {
"wireguard0" = {
ips = [ "10.100.0.2/24" ];
listenPort = 51820;
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03";
# Testing
peers = [
{ # osaka-vultr-01
publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
persistentKeepalive = 5;
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "64.176.54.57:51820";
}
];
};
};
};
}