From 120cec699d6b14b4bf3661068ce8380ec9e92d7b Mon Sep 17 00:00:00 2001
From: Fabian <fabian@fh2.ch>
Date: Sat, 28 Nov 2020 20:46:40 +0000
Subject: [PATCH] Upgrade to nixos 20.09

---
 meta/network.nix           | 25 ++++++++++++++++++++-----
 role/dropbear/default.nix  |  5 ++---
 role/nextcloud/default.nix |  1 -
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/meta/network.nix b/meta/network.nix
index ed79d77..3ebd382 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -46,18 +46,33 @@
     };
   };
 
-  virtual-networks = {
+  virtual = {
     mgmt = {
+      # TODO: Introduce virtual network type
       v4 = {
         id = "10.249.0.0";
         bitmask = 23;
       };
+      server = { hostname = "montalin"; };
 
       hosts = {
-        montalin.v4.ip = "10.249.0.1";
-        calanda.v4.ip = "10.249.0.2";
-        cavistrau.v4.ip = "10.249.0.3";
-        stompert.v4.ip = "10.249.0.4";
+        montalin = {
+          v4.ip = "10.249.0.1";
+          endpoint = "calanda.plessur.net.qo.is:12913";
+          publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc=";
+          presharedKeyFile = "/secrets/wireguard/preshared/mgmt-montalin";
+          persistentKeepalive = null;
+        };
+        #calanda.v4.ip    = "10.249.0.2";
+        #cavistrau.v4.ip  = "10.249.0.3";
+        #stompert.v4.ip   = "10.249.0.4";
+        hummelberg = {
+          v4.ip = "10.249.0.5";
+          endpoint = null;
+          publicKey = "dvv3ad9mWU9opTa8R9yPN4l1xfwdcMH0e/Rrv0GXPS4=";
+          presharedKeyFile = "/secrets/wireguard/preshared/mgmt-hummelberg";
+          persistentKeepalive = 25; # Might be behind NAT
+        };
       };
     };
 
diff --git a/role/dropbear/default.nix b/role/dropbear/default.nix
index 071fcb5..9a09429 100644
--- a/role/dropbear/default.nix
+++ b/role/dropbear/default.nix
@@ -61,9 +61,8 @@ in {
               user.openssh.authorizedKeys.keys
             else
               [ ]) config.users.users);
-        hostRSAKey = /boot/dropbear_rsa_host_key;
-        hostECDSAKey = /boot/dropbear_ecdsa_host_key;
-        # Key generation with dropbearkey -t <type> -f <output-keyfile>
+        # Generate hostkey with ssh-keygen -t ed25519 -N "" -f /secrets/initrd_ssh_key_ed25519
+        hostKeys = [ "/secrets/initrd_ssh_key_ed25519" ];
       };
       postCommands = ''
         echo 'cryptsetup-askpass' >> /root/.profile
diff --git a/role/nextcloud/default.nix b/role/nextcloud/default.nix
index e59dbc5..04b74c8 100644
--- a/role/nextcloud/default.nix
+++ b/role/nextcloud/default.nix
@@ -6,7 +6,6 @@
     enable = true;
     https = true;
     webfinger = true;
-    nginx.enable = true;
     maxUploadSize = "1G";
 
     config = {