foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-24 18:19:01 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: update network state settings

Browse Source
This commit is contained in:
Gabriel Arazas 2024-09-29 12:25:38 +08:00
parent 1cd163a397
commit 98a0837731
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
configs/nixos/plover/default.nix
View File

@ -11,7 +11,6 @@
(foodogsquaredUtils.getUser "nixos" "admin") (foodogsquaredUtils.getUser "nixos" "admin")
(foodogsquaredUtils.getUser "nixos" "plover") (foodogsquaredUtils.getUser "nixos" "plover")
"${foodogsquaredModulesPath}/profiles/headless.nix"
"${foodogsquaredModulesPath}/profiles/hardened.nix" "${foodogsquaredModulesPath}/profiles/hardened.nix"
./disko.nix ./disko.nix
@ -19,6 +18,8 @@
./modules ./modules
]; ];
boot.supportedFilesystems = [ "btrfs" ];
# Host-specific modules structuring. # Host-specific modules structuring.
hosts.plover.services = { hosts.plover.services = {
networking.enable = true; networking.enable = true;
@ -36,9 +37,22 @@
# We're using our own VPN configuration for this one. # We're using our own VPN configuration for this one.
suites.vpn.personal.enable = true; suites.vpn.personal.enable = true;
# Post installation script to be executed manually by the provisioner.
system.build.postInstallationScript = pkgs.writeShellApplication {
name = "post-installation-script";
runtimeInputs = with pkgs; [
openssh
];
text = ''
sopsPrivateKey="''${1:-"key.txt"}"
sopsKeyfileDir="$(dirname ${lib.escapeShellArg config.sops.age.keyFile})"
mkdir -p "$sopsKeyfileDir" && mv "$sopsPrivateKey" "$sopsKeyfileDir"
'';
};
state.network = rec { state.network = rec {
ipv4 = "135.181.26.192"; ipv4 = "135.181.93.101";
ipv6 = "2a01:4f9:c011:b61e::1"; ipv6 = "2a01:4f9:c012:f88c::1";
interfaces = { interfaces = {
lan = { lan = {
@ -50,7 +64,7 @@
}; };
wan = { wan = {
ifname = "eth0"; ifname = "enp1s0";
inherit ipv4 ipv6; inherit ipv4 ipv6;
ipv4Gateway = "172.31.1.1"; ipv4Gateway = "172.31.1.1";
ipv6Gateway = "fe80::1"; ipv6Gateway = "fe80::1";
@ -63,8 +77,8 @@
"2a01:4f8:0:a101::a:1" "2a01:4f8:0:a101::a:1"
# robotns2.second-ns.de # robotns2.second-ns.de
"213.133.105.6" "213.133.100.103"
"2a01:4f8:d0a:2004::2" "2a01:4f8:0:1::5ddc:2"
# robotns3.second-ns.com # robotns3.second-ns.com
"193.47.99.3" "193.47.99.3"
@ -108,10 +122,10 @@
security.dhparams.enable = true; security.dhparams.enable = true;
# !!! The keys should be rotated at an interval here. # !!! The keys should be rotated at an interval here.
services.openssh.hostKeys = [{ services.openssh.hostKeys = lib.singleton {
path = config.sops.secrets."ssh-key".path; path = config.sops.secrets."ssh-key".path;
type = "ed25519"; type = "ed25519";
}]; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }