61 lines
1.7 KiB
Nix
61 lines
1.7 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, ... }:
|
||
|
||
{
|
||
# Bootloader.
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
imports =
|
||
[ # Include the results of the hardware scan.
|
||
./hardware-configuration.nix
|
||
../common.nix
|
||
];
|
||
|
||
networking.hostName = "dmeiburg"; # Define your hostname.
|
||
networking.firewall.trustedInterfaces = [ "docker0" ];
|
||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||
networking.nat.enable = true;
|
||
networking.nat.externalInterface = "enp3s0";
|
||
networking.nat.internalInterfaces = [ "wg0" ];
|
||
|
||
networking.wireguard.interfaces = {
|
||
wg0 = {
|
||
ips = [ "10.100.0.1/24" ];
|
||
listenPort = 51820;
|
||
|
||
privateKeyFile = "/home/dm/.wireguard/dmeiburg";
|
||
|
||
peers = [
|
||
{ # p14s
|
||
publicKey = "BTIuA08t8lwPZa418EJ7vcni3MxC8ihhadem6uicnAA=";
|
||
allowedIPs = [ "10.100.0.2/32" ];
|
||
}
|
||
{ # pinix
|
||
publicKey = "Zhnl8OJXjCk4zmuTg6xFnWPyf3Asnkhk/yW09s6yJCc=";
|
||
allowedIPs = [ "10.100.0.3/32" ];
|
||
}
|
||
];
|
||
};
|
||
};
|
||
|
||
environment.systemPackages = with pkgs; [
|
||
gnupg
|
||
pinentry
|
||
];
|
||
|
||
virtualisation.docker.enable = true;
|
||
users.users.dm.extraGroups = [ "docker" ];
|
||
|
||
programs = {
|
||
gnupg.agent = {
|
||
enable = true;
|
||
};
|
||
};
|
||
|
||
system.stateVersion = "23.11"; # Did you read the comment?
|
||
}
|