Upgrade to nixos 20.09

meta/network.nix

@@ -46,18 +46,33 @@
     };
   };
 
-  virtual-networks = {
+  virtual = {
     mgmt = {
+      # TODO: Introduce virtual network type
       v4 = {
         id = "10.249.0.0";
         bitmask = 23;
       };
+      server = { hostname = "montalin"; };
 
       hosts = {
-        montalin.v4.ip = "10.249.0.1";
+        montalin = {
-        calanda.v4.ip = "10.249.0.2";
+          v4.ip = "10.249.0.1";
-        cavistrau.v4.ip = "10.249.0.3";
+          endpoint = "calanda.plessur.net.qo.is:12913";
-        stompert.v4.ip = "10.249.0.4";
+          publicKey = "76nV1jgexHJ898hTLbMRz1BjguFp6YCHpoV52GuNDzc=";
+          presharedKeyFile = "/secrets/wireguard/preshared/mgmt-montalin";
+          persistentKeepalive = null;
+        };
+        #calanda.v4.ip    = "10.249.0.2";
+        #cavistrau.v4.ip  = "10.249.0.3";
+        #stompert.v4.ip   = "10.249.0.4";
+        hummelberg = {
+          v4.ip = "10.249.0.5";
+          endpoint = null;
+          publicKey = "dvv3ad9mWU9opTa8R9yPN4l1xfwdcMH0e/Rrv0GXPS4=";
+          presharedKeyFile = "/secrets/wireguard/preshared/mgmt-hummelberg";
+          persistentKeepalive = 25; # Might be behind NAT
+        };
       };
     };
 

role/dropbear/default.nix

@@ -61,9 +61,8 @@ in {
               user.openssh.authorizedKeys.keys
             else
               [ ]) config.users.users);
-        hostRSAKey = /boot/dropbear_rsa_host_key;
+        # Generate hostkey with ssh-keygen -t ed25519 -N "" -f /secrets/initrd_ssh_key_ed25519
-        hostECDSAKey = /boot/dropbear_ecdsa_host_key;
+        hostKeys = [ "/secrets/initrd_ssh_key_ed25519" ];
-        # Key generation with dropbearkey -t <type> -f <output-keyfile>
       };
       postCommands = ''
         echo 'cryptsetup-askpass' >> /root/.profile

role/nextcloud/default.nix

@@ -6,7 +6,6 @@
     enable = true;
     https = true;
     webfinger = true;
-    nginx.enable = true;
     maxUploadSize = "1G";
 
     config = {