2024-01-23 22:27:45 -08:00
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running `nixos-help`).
|
|
|
|
|
|
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[ # Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
networking.hostName = "gemini";
|
|
|
|
|
time.timeZone = "America/Los_Angeles";
|
|
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
|
settings.KbdInteractiveAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
2024-01-23 23:02:48 -08:00
|
|
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
networking.wg-quick.interfaces = {
|
|
|
|
|
wg0 = {
|
|
|
|
|
address = [
|
|
|
|
|
"10.100.0.4/32"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
listenPort = 51820;
|
|
|
|
|
|
|
|
|
|
# Path to the private key file.
|
|
|
|
|
privateKeyFile = "/etc/nixos/hosts/gemini/wg.key";
|
|
|
|
|
|
|
|
|
|
peers = [{
|
|
|
|
|
publicKey = "atXy3zi3FLoxP8hgzJIIeLGks4Te9HrKkQGoaobholM=";
|
|
|
|
|
presharedKey = "Z3pRS99HKCOuQV7az2GqlR3X4XbX3PlfQrC5AoT3XkA=";
|
|
|
|
|
allowedIPs = [ "10.100.0.0/24" ];
|
|
|
|
|
endpoint = "moms_wg.wg.stitchy.moe:47111";
|
|
|
|
|
persistentKeepalive = 25;
|
|
|
|
|
}];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-01-23 22:27:45 -08:00
|
|
|
|
|
|
|
|
system.stateVersion = "23.05"; # Did you read the comment?
|
|
|
|
|
}
|
|
|
|
|
|
