{ flake, config, pkgs, lib, ... }: { networking.hostId = "34234773"; networking.hostName = "pie"; networking.defaultGateway = { address = "192.168.178.1"; interface = "enabcm6e4ei0"; }; networking.interfaces.enabcm6e4ei0 = { ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ]; ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ]; }; networking.hosts = (flake.self.lib.addLocalHostname ["caddy.local"]) // { "128.140.109.213" = [ "vpn.b12f.io" ]; "2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ]; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.openssh.openFirewall = true; # Caddy reverse proxy for local services like cups services.caddy = { globalConfig = '' default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:2:: 10.0.1.2 fd00:b12f:acab:1312:acab:2:: # auto_https off email acme@benjaminbaedorf.eu # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory ''; }; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age"; pub-solar.wireguard-client = { ownIPs = [ "10.0.1.2/32" "fd00:b12f:acab:1312:acab:2::/96" ]; wireguardPrivateKeyFile = "/run/agenix/wg-private-key"; }; }