main
1{ pkgs, ... }:
2{
3 config = {
4 # Platform
5 nixpkgs.hostPlatform = "aarch64-linux";
6
7 # System packages
8 environment.systemPackages = with pkgs; [
9 docker
10 docker-compose
11 kind
12 wireguard-tools
13 syncthing
14 vim
15 htop
16 curl
17 git
18 ];
19
20 # Docker systemd service
21 systemd.services.docker = {
22 description = "Docker Application Container Engine";
23 wants = [ "network-online.target" ];
24 after = [
25 "network-online.target"
26 "containerd.service"
27 ];
28 wantedBy = [ "system-manager.target" ];
29 path = [
30 pkgs.docker
31 pkgs.kmod
32 pkgs.iptables
33 ];
34 serviceConfig = {
35 Type = "notify";
36 ExecStart = "${pkgs.docker}/bin/dockerd";
37 ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
38 TimeoutStartSec = "0";
39 RestartSec = "2";
40 Restart = "always";
41 Delegate = "yes";
42 KillMode = "process";
43 LimitNOFILE = "infinity";
44 LimitNPROC = "infinity";
45 TasksMax = "infinity";
46 };
47 };
48
49 # Containerd systemd service (required by Docker)
50 systemd.services.containerd = {
51 description = "containerd container runtime";
52 wants = [ "network-online.target" ];
53 after = [ "network-online.target" ];
54 wantedBy = [ "system-manager.target" ];
55 serviceConfig = {
56 Type = "notify";
57 ExecStart = "${pkgs.docker}/bin/containerd";
58 Restart = "always";
59 Delegate = "yes";
60 KillMode = "process";
61 LimitNOFILE = "1048576";
62 TasksMax = "infinity";
63 };
64 };
65
66 # WireGuard wg0 service
67 systemd.services.wireguard-wg0 = {
68 description = "WireGuard VPN (wg0)";
69 wants = [ "network-online.target" ];
70 after = [ "network-online.target" ];
71 wantedBy = [ "system-manager.target" ];
72 serviceConfig = {
73 Type = "oneshot";
74 RemainAfterExit = true;
75 ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0";
76 ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0";
77 };
78 };
79
80 # WireGuard configuration file
81 # NOTE: Private key must be added manually to /etc/wireguard/private.key
82 environment.etc."wireguard/wg0.conf" = {
83 text = ''
84 [Interface]
85 PrivateKey = PLACEHOLDER_REPLACE_MANUALLY
86 Address = 10.100.0.80/24
87
88 [Peer]
89 PublicKey = PQD1dtxhy9NMbmfy2OQPeLiQg0Alcfa1Mo4HVN5WqgA=
90 AllowedIPs = 10.100.0.0/24
91 Endpoint = 46.224.100.116:51820
92 PersistentKeepalive = 25
93 '';
94 mode = "0600";
95 };
96 };
97}