fedora-csb-system-manager
1{
2 libx,
3 globals,
4 ...
5}:
6{
7 imports = [
8 ../common/services/bind.nix
9 ../common/services/prometheus-exporters-node.nix
10 ../common/services/prometheus-exporters-bind.nix
11 ];
12
13 networking.firewall.enable = false;
14
15 # TODO make it an option ? (otherwise I'll add it for all)
16 users.users.vincent.linger = true;
17
18 # Age secrets for imapfilter
19 age.secrets."icloud-vdemeester-password" = {
20 file = ../../secrets/mails/icloud-vdemeester.age;
21 mode = "400";
22 owner = "vincent";
23 group = "users";
24 };
25
26 services = {
27 wireguard = {
28 enable = true;
29 ips = libx.wg-ips globals.machines.athena.net.vpn.ips;
30 endpoint = "${globals.net.vpn.endpoint}";
31 endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
32 };
33 };
34}