]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo.nix
security: no longer depend upon upstream's hardening
[sourcephile-nix.git] / machines / losurdo.nix
1 # NixOS configuration of losurdo.sourcephile.fr
2 # Domenico Losurdo (1941-2018), historian for the working class
3 # https://www.monde-diplomatique.fr/2018/10/FONDU/59128
4 { inputs, ... }:
5 {
6 system = "x86_64-linux";
7 extraArgs = {
8 wireguard = rec {
9 wg-intra = {
10 ipv4 = "192.168.42.2";
11 listenPort = 43642;
12 #listenPort = null;
13 persistentKeepalive = 25;
14 peer = {
15 publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0=";
16 allowedIPs = [ "${wg-intra.ipv4}/32" ];
17 };
18 };
19 };
20 };
21 modules = [
22 ../nixos/defaults.nix
23 losurdo/acme.nix
24 losurdo/debug.nix
25 losurdo/fail2ban.nix
26 losurdo/fileSystems.nix
27 losurdo/freeciv.nix
28 losurdo/hardware.nix
29 losurdo/networking.nix
30 losurdo/nginx.nix
31 #losurdo/postgresql.nix
32 losurdo/prosody.nix
33 (inputs.secrets + "/machines/losurdo/prosody.nix")
34 losurdo/sanoid.nix
35 losurdo/security.nix
36 losurdo/syncoid.nix
37 losurdo/system.nix
38 losurdo/transmission.nix
39 losurdo/unbound.nix
40 losurdo/users.nix
41 (inputs.secrets + "/machines/losurdo/users.nix")
42 ];
43 }