pub-solar-os/hosts/droppie/droppie.nix
2022-10-03 03:09:12 +02:00

67 lines
1.7 KiB
Nix

{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
hardware.cpu.intel.updateMicrocode = true;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [
{
users = [ "${psCfg.user.name}" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
services.openssh.knownHosts = {
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
};
systemd.services.ssh-tunnel-cloud-pub-solar = {
unitConfig = {
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
After = [ "network.target" ];
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
User = psCfg.user.name;
Group = "users";
Restart = "always";
RestartSec = "5s";
};
wantedBy = [ "default.target" ];
};
services.ddclient = {
enable = true;
ipv6 = true;
domains = [ "backup.b12f.io" ];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = "root";
};
};
}