Jake Hillion
7b221eda07
All checks were successful
flake / flake (push) Successful in 1m19s
Unsure why this host is using systemd-networkd, but leave that unchanged and have NixOS know about it to prevent a warning about loss of connectivity on build.
57 lines
1.3 KiB
Nix
57 lines
1.3 KiB
Nix
{ config, pkgs, lib, ... }:
|
||
|
||
{
|
||
imports = [
|
||
./hardware-configuration.nix
|
||
];
|
||
|
||
config = {
|
||
system.stateVersion = "23.11";
|
||
|
||
networking.hostName = "theon";
|
||
networking.domain = "storage.ts.hillion.co.uk";
|
||
|
||
boot.loader.grub.enable = false;
|
||
boot.loader.generic-extlinux-compatible.enable = true;
|
||
|
||
custom.defaults = true;
|
||
|
||
## Custom Services
|
||
custom = {
|
||
locations.autoServe = true;
|
||
};
|
||
|
||
## Networking
|
||
networking.useNetworkd = true;
|
||
systemd.network.enable = true;
|
||
|
||
networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
|
||
networking.firewall = {
|
||
trustedInterfaces = [ "tailscale0" ];
|
||
allowedTCPPorts = lib.mkForce [
|
||
22 # SSH
|
||
];
|
||
allowedUDPPorts = lib.mkForce [ ];
|
||
interfaces = {
|
||
end0 = {
|
||
allowedTCPPorts = lib.mkForce [ ];
|
||
allowedUDPPorts = lib.mkForce [ ];
|
||
};
|
||
};
|
||
};
|
||
|
||
## Tailscale
|
||
age.secrets."tailscale/theon.storage.ts.hillion.co.uk".file = ../../secrets/tailscale/theon.storage.ts.hillion.co.uk.age;
|
||
services.tailscale = {
|
||
enable = true;
|
||
authKeyFile = config.age.secrets."tailscale/theon.storage.ts.hillion.co.uk".path;
|
||
};
|
||
|
||
## Packages
|
||
environment.systemPackages = with pkgs; [
|
||
scrub
|
||
smartmontools
|
||
];
|
||
};
|
||
}
|