mirror of
https://github.com/materusPL/nixos-config
synced 2026-04-19 11:27:22 +02:00
95 lines
2.3 KiB
Nix
95 lines
2.3 KiB
Nix
|
{
|
||
|
|
pkgs,
|
||
|
|
lib,
|
||
|
|
materusArgs,
|
||
|
|
mkk,
|
||
|
|
...
|
||
|
|
}:
|
||
|
|
{
|
||
|
|
boot.supportedFilesystems = [
|
||
|
|
"ntfs"
|
||
|
|
"btrfs"
|
||
|
|
"vfat"
|
||
|
|
"exfat"
|
||
|
|
"ext4"
|
||
|
|
];
|
||
|
|
|
||
|
|
boot.tmp.useTmpfs = true;
|
||
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
||
|
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||
|
|
boot.loader.grub = {
|
||
|
|
enable = true;
|
||
|
|
efiSupport = true;
|
||
|
|
device = "nodev";
|
||
|
|
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
|
||
|
|
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
|
||
|
|
useOSProber = true;
|
||
|
|
memtest86.enable = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
boot.plymouth.enable = true;
|
||
|
|
|
||
|
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||
|
|
boot.kernelParams = [ "ip=${mkk.local}" ];
|
||
|
|
# Use latest kernel.
|
||
|
|
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
|
||
|
|
|
||
|
|
boot.initrd = {
|
||
|
|
|
||
|
|
availableKernelModules = [
|
||
|
|
"r8169"
|
||
|
|
"wireguard"
|
||
|
|
];
|
||
|
|
luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
|
||
|
|
luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
|
||
|
|
secrets."/etc/secrets/30-wg-initrd.key" = "/mkk/keys/wireguard";
|
||
|
|
systemd = {
|
||
|
|
enable = true;
|
||
|
|
network = {
|
||
|
|
netdevs."30-wg-initrd" = {
|
||
|
|
netdevConfig = {
|
||
|
|
Kind = "wireguard";
|
||
|
|
Name = "wg-initrd";
|
||
|
|
};
|
||
|
|
wireguardConfig = {
|
||
|
|
PrivateKeyFile = "/etc/secrets/30-wg-initrd.key";
|
||
|
|
};
|
||
|
|
wireguardPeers = [
|
||
|
|
{
|
||
|
|
AllowedIPs = [
|
||
|
|
"${mkk.wireguard.ip-masks.main}"
|
||
|
|
"${mkk.wireguard.peers.valkyrie.ip}/32"
|
||
|
|
];
|
||
|
|
PublicKey = "${mkk.wireguard.peers.valkyrie.pubKey}";
|
||
|
|
Endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
|
||
|
|
PersistentKeepalive = 25;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
networks."30-wg-initrd" = {
|
||
|
|
name = "wg-initrd";
|
||
|
|
addresses = [ { Address = "${mkk.wireguard.peers.materusPC.ip}/32"; } ];
|
||
|
|
};
|
||
|
|
networks."10-lan" = {
|
||
|
|
matchConfig.Name = "eno1";
|
||
|
|
networkConfig.DHCP = "yes";
|
||
|
|
};
|
||
|
|
|
||
|
|
};
|
||
|
|
};
|
||
|
|
network = {
|
||
|
|
enable = true;
|
||
|
|
flushBeforeStage2 = true;
|
||
|
|
ssh = {
|
||
|
|
enable = true;
|
||
|
|
port = 22;
|
||
|
|
authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ];
|
||
|
|
hostKeys = [
|
||
|
|
"/mkk/keys/ssh_host_ed25519_key"
|
||
|
|
"/mkk/keys/ssh_host_rsa_key"
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|