balsoft/nixos-config
1
0
Fork 0
Code Issues Releases Wiki Activity

Add random-things server

Browse Source
This commit is contained in:
Alexander Bantyev 2021-03-18 13:03:09 +03:00
parent 654f707059
commit ae6c4c3343
Signed by: balsoft
GPG Key ID: E081FF12ADCB4AD5
5 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock
View File

@ -57,11 +57,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1611390584, "lastModified": 1614654775,
"narHash": "sha256-KajML9i3j8Hrxv8AfG0NjJWttpgRgeldhWZbwPi5rkU=", "narHash": "sha256-3mLxoxIXSWUuKE8YgIuqM5AZzXFd1aWxkTlplEDeXIA=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "726d758768d7b8071dcffa14560a14f588460406", "rev": "6278b9bef5ad624676a565980417cbbef42d5227",
"type": "github" "type": "github"
}, },
"original": { "original": {

30
machines/AMD-Workstation/default.nix
View File

@ -1,4 +1,4 @@
{ inputs, ... }: { { config, inputs, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.self.nixosProfiles.desktop inputs.self.nixosProfiles.desktop
@ -20,4 +20,32 @@
deviceSpecific.isHost = true; deviceSpecific.isHost = true;
services.apcupsd.enable = true; services.apcupsd.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
secrets.wireguard-serokell = { };
networking.wireguard.interfaces.serokell = {
listenPort = 51820;
ips = [
"172.20.0.52/32"
# "fd73:7272:ed50::52/128"
];
privateKeyFile = config.secrets.wireguard-serokell.decrypted;
peers = [{
allowedIPs = [
"0.0.0.0/0"
# "::/0"
];
# endpoint = "serokell.net:35944";
endpoint = "147.75.100.17:35944";
publicKey = "sgLUARawWJejANs2CwuCptwJO55c4jkmnP0L14FNCyw=";
persistentKeepalive = 24;
}];
};
# restart when the service fails to resolve DNS
systemd.services.wireguard-serokell.serviceConfig = {
Restart = "on-failure";
RestartSec = "30s";
};
} }

26
modules/network.nix
View File

@ -28,30 +28,4 @@ in {
systemd.services.ModemManager.wantedBy = systemd.services.ModemManager.wantedBy =
lib.optional (config.device == "T490s-Laptop") "network.target"; lib.optional (config.device == "T490s-Laptop") "network.target";
secrets.wireguard-serokell = { };
networking.wireguard.interfaces.serokell = {
listenPort = 51820;
ips = [
"172.20.0.52/32"
# "fd73:7272:ed50::52/128"
];
privateKeyFile = config.secrets.wireguard-serokell.decrypted;
peers = [{
allowedIPs = [
"0.0.0.0/0"
# "::/0"
];
# endpoint = "serokell.net:35944";
endpoint = "147.75.100.17:35944";
publicKey = "sgLUARawWJejANs2CwuCptwJO55c4jkmnP0L14FNCyw=";
persistentKeepalive = 24;
}];
};
# restart when the service fails to resolve DNS
systemd.services.wireguard-serokell.serviceConfig = {
Restart = "on-failure";
RestartSec = "30s";
};
} }

3
modules/servers/nginx.nix
View File

@ -37,6 +37,9 @@
"share.balsoft.ru" = { "share.balsoft.ru" = {
locations."/" = { root = "/var/lib/share"; }; locations."/" = { root = "/var/lib/share"; };
} // default; } // default;
"things.balsoft.ru" = {
locations."/" = { root = "/nix/var/nix/profiles/per-user/nginx/random-things/www"; };
} // default;
}; };
}; };
security.acme = { security.acme = {

5
modules/workspace/gpg.nix
View File

@ -1,9 +1,10 @@
{ { pkgs, ... }: {
services.dbus.packages = [ pkgs.gcr ];
home-manager.users.balsoft = { home-manager.users.balsoft = {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
pinentryFlavor = "gtk2"; pinentryFlavor = "gnome3";
}; };
programs.gpg.enable = true; programs.gpg.enable = true;
}; };