Lander Van den Bulcke
fc2d98e503
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
87 lines
1.7 KiB
Nix
87 lines
1.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
allowedUDPPorts = [
|
|
51820
|
|
];
|
|
};
|
|
|
|
services.namespaced-vpn = {
|
|
enable = true;
|
|
ips = [
|
|
"10.64.244.95/32"
|
|
"fc00:bbbb:bbbb:bb01::1:f45e/128"
|
|
];
|
|
publicKey = "KkShcqgwbkX2A9n1hhST6qu+m3ldxdJ2Lx8Eiw6mdXw=";
|
|
endpoint = "146.70.117.226:51820";
|
|
privateKeyFile = config.sops.secrets.wireguardKey.path;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
gocryptfs
|
|
sshfs
|
|
];
|
|
|
|
programs.ssh.knownHosts.storageBox = {
|
|
hostNames = [ "u491729.your-storagebox.de" ];
|
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
|
|
};
|
|
|
|
fileSystems."/mnt/box" = {
|
|
device = "u491729@u491729.your-storagebox.de:/home";
|
|
fsType = "fuse.sshfs";
|
|
options = [
|
|
"defaults"
|
|
"_netdev"
|
|
"allow_other"
|
|
"default_permissions"
|
|
"port=23"
|
|
"compression=no"
|
|
"reconnect"
|
|
"ServerAliveInterval=15"
|
|
"IdentityFile=${config.sops.secrets.storageboxKey.path}"
|
|
];
|
|
};
|
|
|
|
fileSystems."/data" = {
|
|
depends = [
|
|
"/mnt/box"
|
|
];
|
|
device = "/mnt/box/crypt";
|
|
fsType = "fuse.gocryptfs";
|
|
options = [
|
|
"rw"
|
|
"allow_other"
|
|
"passfile=${config.sops.secrets.storageboxCryptKey.path}"
|
|
];
|
|
};
|
|
|
|
sops = {
|
|
defaultSopsFile = ./hosting-02.yaml;
|
|
secrets = {
|
|
wireguardKey = {
|
|
owner = "root";
|
|
};
|
|
storageboxKey = {
|
|
owner = "root";
|
|
};
|
|
storageboxCryptKey = {
|
|
owner = "root";
|
|
};
|
|
};
|
|
};
|
|
|
|
security.acme.defaults.email = "landervandenbulcke@gmail.com";
|
|
security.acme.acceptTerms = true;
|
|
|
|
system.stateVersion = "25.05";
|
|
}
|