nixos-config/decoysnail.nix

{ config, pkgs, ... }:

{
  imports =
    [
      ./common.nix
      ./large-sw.nix
      ./uefi.nix
      ./fstrim.nix
    ];

  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';
  boot.initrd.luks.devices = [
    {
      name = "sda2_crypt";
      device = "/dev/disk/by-uuid/6c687d35-1b43-4799-b71c-a5b5c21b3e2a";
      preLVM = true;
    }
    {
      name = "sdb2_crypt";
      device = "/dev/disk/by-uuid/d3485d00-8399-40cc-8bce-80b9bd24e63a";
      preLVM = true;
      allowDiscards = true;
    }
  ];

  networking = {
    hostName = "decoysnail";
    hostId = "cf04f682";
  };

  services.openssh.enable = true;

  hardware.cpu.intel.updateMicrocode = true;

  services.thermald.enable = true;

  virtualisation.docker = {
    enable = true;
    storageDriver = "overlay2";
  };
  users.extraUsers.gebner.extraGroups = [ "docker" ];

  hardware.opengl.driSupport32Bit = true;

  services.avahi.nssmdns = true;

  services.openssh.forwardX11 = true;

  system.stateVersion = "18.03";

  networking.wireguard.interfaces.wg0 = {
    ips = ["10.59.0.4/16"];
    privateKeyFile = "/etc/wgkeys/decoysnail";
    allowedIPsAsRoutes = true;
    postSetup = ''
      printf "nameserver 10.57.0.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
    '';
    postShutdown = ''
      ${pkgs.openresolv}/bin/resolvconf -d wg0
    '';
    peers = [{
      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
      endpoint = "mtlaa-gw.gebner.org:35869";
    }];
  };

}
decoysnail 2017-08-24 14:18:58 +02:00			`{ config, pkgs, ... }:`

			`{`
			`imports =`
			`[`
			`./common.nix`
			`./large-sw.nix`
			`./uefi.nix`
decoysnail: enable fstrim 2018-11-05 18:06:19 +01:00			`./fstrim.nix`
decoysnail 2017-08-24 14:18:58 +02:00			`];`

decoysnail: allow discards 2018-11-05 18:13:27 +01:00			`environment.etc."lvm/lvm.conf".text = ''`
			`devices {`
			`issue_discards = 1`
			`}`
			`'';`
decoysnail 2017-08-24 14:18:58 +02:00			`boot.initrd.luks.devices = [`
			`{`
			`name = "sda2_crypt";`
			`device = "/dev/disk/by-uuid/6c687d35-1b43-4799-b71c-a5b5c21b3e2a";`
			`preLVM = true;`
decoysnail: add ssd 2018-10-09 10:40:33 +02:00			`}`
			`{`
			`name = "sdb2_crypt";`
			`device = "/dev/disk/by-uuid/d3485d00-8399-40cc-8bce-80b9bd24e63a";`
			`preLVM = true;`
decoysnail: allow discards 2018-11-05 18:13:27 +01:00			`allowDiscards = true;`
decoysnail 2017-08-24 14:18:58 +02:00			`}`
			`];`

			`networking = {`
			`hostName = "decoysnail";`
			`hostId = "cf04f682";`
			`};`

			`services.openssh.enable = true;`

			`hardware.cpu.intel.updateMicrocode = true;`

			`services.thermald.enable = true;`

			`virtualisation.docker = {`
			`enable = true;`
			`storageDriver = "overlay2";`
			`};`
			`users.extraUsers.gebner.extraGroups = [ "docker" ];`

			`hardware.opengl.driSupport32Bit = true;`

			`services.avahi.nssmdns = true;`

decoysnail: enable ssh x11 forwarding 2018-02-19 10:31:12 +01:00			`services.openssh.forwardX11 = true;`

decoysnail: add wireguard tunnel 2018-10-08 11:50:19 +02:00			`system.stateVersion = "18.03";`

			`networking.wireguard.interfaces.wg0 = {`
			`ips = ["10.59.0.4/16"];`
			`privateKeyFile = "/etc/wgkeys/decoysnail";`
			`allowedIPsAsRoutes = true;`
			`postSetup = ''`
			`printf "nameserver 10.57.0.1" \| ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0`
			`'';`
			`postShutdown = ''`
			`${pkgs.openresolv}/bin/resolvconf -d wg0`
			`'';`
			`peers = [{`
			`publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";`
			`allowedIPs = ["10.56.0.0/14" "10.60.1.1"];`
			`endpoint = "mtlaa-gw.gebner.org:35869";`
			`}];`
			`};`
decoysnail: add stateVersion 2018-06-11 13:20:18 +02:00
decoysnail 2017-08-24 14:18:58 +02:00			`}`