Commit ecd8df9eb341
Changed files (3)
accounts.nix.example → assets/accounts.nix.example
File renamed without changes
machine/kerkouane.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }: {
+ imports = [
+ ../hardware-configuration.nix
+ ../networking.nix # generated at runtime by nixos-infect
+ ../profiles/server.nix
+ ../profiles/gitconfig.nix
+ ../profiles/users.nix
+ ../profiles/wireguard.server.nix
+ ];
+
+ boot.cleanTmpDir = true;
+ networking.firewall.allowPing = true;
+ services.openssh.enable = true;
+ programs.fish.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
+ ];
+ time.timeZone = "Europe/Paris";
+}
profiles/wireguard.server.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./wireguard.nix
+ ];
+
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ networking.firewall.extraCommands = ''
+ iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
+ '';
+ networking.firewall.allowedUDPPorts = [ 51820 ];
+ networking.wireguard.interfaces = with import ../assets/wireguard.nix; {
+ "wg0" = {
+ ips = kerkouane.allowedIPs;
+ listenPort = main.listenPort;
+ privateKeyFile = "/etc/nixos/wireguard.private.key";
+ peers = [ shikoku california ];
+ };
+ };
+}
\ No newline at end of file