From 3460347630fbb50f7fc6abf11e997e75e48c5318 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Fri, 14 May 2021 00:33:28 +0200 Subject: [PATCH] Remove server hosts --- host/bachtel.nix | 92 ----------------- host/calanda.nix | 77 -------------- host/etzel.nix | 118 ---------------------- host/lindberg/default.nix | 25 ----- host/lindberg/filesystems.nix | 57 ----------- host/lindberg/networking.nix | 15 --- host/montalin/applications/cloud.nix | 19 ---- host/montalin/applications/default.nix | 12 --- host/montalin/applications/feedreader.nix | 18 ---- host/montalin/backup.nix | 32 ------ host/montalin/database.nix | 13 --- host/montalin/default.nix | 25 ----- host/montalin/filesystems.nix | 38 ------- host/montalin/networking.nix | 48 --------- host/stompert.nix | 88 ---------------- 15 files changed, 677 deletions(-) delete mode 100644 host/bachtel.nix delete mode 100644 host/calanda.nix delete mode 100644 host/etzel.nix delete mode 100644 host/lindberg/default.nix delete mode 100644 host/lindberg/filesystems.nix delete mode 100644 host/lindberg/networking.nix delete mode 100644 host/montalin/applications/cloud.nix delete mode 100644 host/montalin/applications/default.nix delete mode 100644 host/montalin/applications/feedreader.nix delete mode 100644 host/montalin/backup.nix delete mode 100644 host/montalin/database.nix delete mode 100644 host/montalin/default.nix delete mode 100644 host/montalin/filesystems.nix delete mode 100644 host/montalin/networking.nix delete mode 100644 host/stompert.nix diff --git a/host/bachtel.nix b/host/bachtel.nix deleted file mode 100644 index 78dfd1f..0000000 --- a/host/bachtel.nix +++ /dev/null @@ -1,92 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: { - - imports = [ ../defaults/base ../hardware/apu.nix ../hardware/wle900vx.nix ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/360a6bc9-fc4e-4803-bd53-69320ac32ac5"; - fsType = "btrfs"; - options = [ "defaults" "subvol=nixos" "noatime" ]; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/73f91e99-d856-4504-b6b2-d60f855d6d95"; }]; - - services.qois.wwan = { - enable = true; - apn = "gprs.swisscom.ch"; - networkInterface = "wwp0s19u1u3i12"; - }; - - services.qois.router = { - enable = true; - wanInterface = "wwp0s19u1u3i12"; - wirelessInterfaces = [ "wlp5s0" ]; - lanInterfaces = [ "enp1s0" "enp2s0" "enp3s0" "enp4s0" ]; - internalRouterIP = "10.2.1.1"; - dhcp = { - enable = true; - localDomain = "rappi.fh2.ch"; - dhcpRange = "10.2.1.2,10.2.1.249"; - }; - recursiveDns = { - enable = true; - networkIdIp = "10.2.1.0"; - }; - wireless = { - enable = true; - #wleInterface24Ghz = "wlp4s0"; - wleInterface5Ghz = "wlp5s0"; - ssid = "hauser"; - passphrase = "mifatielma"; - }; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - networking.hostName = "bachtel"; # Define your hostname. - #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - #networking.wireless.networks = { - # yummi = { - # psk = "cookies!"; - # }; - #}; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List services that you want to enable: - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.09"; # Did you read the comment? - -} diff --git a/host/calanda.nix b/host/calanda.nix deleted file mode 100644 index 5156cd3..0000000 --- a/host/calanda.nix +++ /dev/null @@ -1,77 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = [ ../hardware/apu.nix ../hardware/wle200nx.nix ../defaults/base ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/16efc5db-0697-4f39-b64b-fc18ac318625"; - fsType = "btrfs"; - options = [ "defaults" "subvol=nixos" "noatime" ]; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/b5104a7c-4a4a-4048-a9f8-44ddb0082632"; }]; - - services.qois.router = { - enable = true; - wanInterface = "enp4s0"; - wirelessInterfaces = [ "wlp5s0" ]; - lanInterfaces = [ "enp2s0" ]; - internalRouterIP = "10.2.1.1"; - dhcp = { - enable = true; - localDomain = "ilanz.fh2.ch"; - dhcpRange = "10.1.1.2,10.1.1.249"; - }; - recursiveDns = { - enable = true; - networkIdIp = "10.1.1.0"; - }; - wireless = { - enable = true; - wleInterface24Ghz = "wlp5s0"; - #wleInterface5Ghz = "wlp5s0"; - ssid = "hauser"; - passphrase = "mifatielma"; - }; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - networking.hostName = "calanda"; - networking.domain = "ilanz.fh2.ch"; - networking.enableIPv6 = false; # TODO - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List services that you want to enable: - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.03"; # Did you read the comment? - -} diff --git a/host/etzel.nix b/host/etzel.nix deleted file mode 100644 index ef86cc3..0000000 --- a/host/etzel.nix +++ /dev/null @@ -1,118 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = [ - ../hardware/apu1.nix - ../hardware/wle200nx.nix - ../hardware/wle600vx.nix - ../defaults/base - ]; - - nix.distributedBuilds = true; - - nix.buildMachines = [{ - hostName = "10.2.1.38"; - system = "x86_64-linux"; - sshUser = "fhauser"; - sshKey = "/root/.ssh/id_ed25519"; - # if the builder supports building for multiple architectures, - # replace the previous line by, e.g., - # systems = ["x86_64-linux" "aarch64-linux"]; - maxJobs = 4; - speedFactor = 2; - supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - mandatoryFeatures = [ ]; - }]; - - services.qois.router = { - enable = true; - wanInterface = "enp2s0"; - #wirelessInterfaces = [ "wlp4s0" "wlp6s0" ]; - lanInterfaces = [ "enp1s0" "enp3s0" ]; - internalRouterIP = "10.2.2.1"; - dhcp = { - enable = true; - localDomain = "test.rappi.fh2.ch"; - dhcpRange = "10.2.2.2,10.2.2.200"; - }; - recursiveDns = { - enable = true; - networkIdIp = "10.2.2.0"; - }; - wireless = { - enable = true; - wleInterface24Ghz = "wlp4s0"; - wleInterface5Ghz = "wlp6s0"; - ssid = "testnet"; - passphrase = "testnettestnet"; - }; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - boot.initrd.luks.devices = { - "root" = { - device = "/dev/disk/by-uuid/196202a2-ecb2-4c43-9a62-9e58f4d5de95"; - keyFile = "/etc/luks.keyfile"; - }; - "swap" = { - device = "/dev/disk/by-uuid/a268e9e6-8636-42b1-84bc-0a432e493d0d"; - keyFile = "/etc/luks.keyfile"; - }; - }; - boot.initrd.secrets."/etc/luks.keyfile" = /boot/luks.keyfile; - - fileSystems = { - "/" = { - device = "/dev/mapper/root"; - fsType = "btrfs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/14a4d9dc-2d3b-44e1-938e-1429f1639507"; - fsType = "ext4"; - }; - }; - - swapDevices = [{ device = "/dev/mapper/swap"; }]; - - networking.hostName = "etzel"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp1s0.useDHCP = true; - networking.interfaces.enp2s0.useDHCP = true; - networking.interfaces.enp3s0.useDHCP = true; - networking.interfaces.wlp4s0.useDHCP = true; - networking.interfaces.wlp6s0.useDHCP = true; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? - -} - diff --git a/host/lindberg/default.nix b/host/lindberg/default.nix deleted file mode 100644 index 79aaf1d..0000000 --- a/host/lindberg/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./networking.nix - ./filesystems.nix - - ../../hardware/asrock.nix - - ../../defaults/base - ]; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? - -} - diff --git a/host/lindberg/filesystems.nix b/host/lindberg/filesystems.nix deleted file mode 100644 index 99aa799..0000000 --- a/host/lindberg/filesystems.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, pkgs, ... }: { - - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.initrd.luks.devices = { - "system".device = "/dev/disk/by-uuid/ba646016-2618-4d9b-acf2-41986ab76f7e"; - "data".device = "/dev/disk/by-uuid/6cfe504d-992f-4b11-be3e-31d00c3e108d"; - "backup".device = "/dev/disk/by-uuid/772017c5-f176-4473-9db6-4aa3769cf056"; - "swap".device = "/dev/disk/by-uuid/c2f2bf21-51a8-4404-944c-ba83a9d7cf21"; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/system"; - fsType = "btrfs"; - }; - "/mnt/data" = { - device = "/dev/mapper/data"; - fsType = "btrfs"; - }; - "/mnt/backup" = { - device = "/dev/mapper/backup"; - fsType = "btrfs"; - }; - "/boot-primary" = { - device = "/dev/disk/by-uuid/7D11-F31D"; - fsType = "vfat"; - }; - "/boot-secondary" = { - device = "/dev/disk/by-uuid/ED1A-59BF"; - fsType = "vfat"; - }; - }; - - swapDevices = [{ device = "/dev/mapper/swap"; }]; - - # TODO: RAID Monitoring - # TODO: Set spin-down time of physical disks - - # Use the systemd-boot EFI boot loader. - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - efiSupport = true; - mirroredBoots = [ - { - devices = [ "nodev" ]; - path = "/boot-primary"; - efiBootloaderId = "NixOS primary"; - } - { - devices = [ "nodev" ]; - path = "/boot-secondary"; - efiBootloaderId = "NixOS secondary"; - } - ]; - }; -} diff --git a/host/lindberg/networking.nix b/host/lindberg/networking.nix deleted file mode 100644 index 1919153..0000000 --- a/host/lindberg/networking.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, ... }: - -let meta = import ../../meta; -in { - networking.hostName = "lindberg"; # TODO: Extract into meta - - networking.useDHCP = false; - networking.interfaces.enp5s0.useDHCP = true; - - services.qois.luks-ssh = { - enable = true; - interface = "eth0"; - sshPort = 2222; - }; -} diff --git a/host/montalin/applications/cloud.nix b/host/montalin/applications/cloud.nix deleted file mode 100644 index 3b2daf9..0000000 --- a/host/montalin/applications/cloud.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: -let host = "cloud.qo.is"; -in { - - imports = [ - - ../../../defaults/nextcloud - ]; - - services.nextcloud = { - hostName = host; - package = pkgs.nextcloud20; - }; - services.nginx.virtualHosts."${host}" = { - forceSSL = true; - enableACME = true; - }; - -} diff --git a/host/montalin/applications/default.nix b/host/montalin/applications/default.nix deleted file mode 100644 index 3bfdfb2..0000000 --- a/host/montalin/applications/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ... }: { - - imports = [ - ./cloud.nix - ./feedreader.nix - #./dns.nix #TODO - #./wallabag.nix #TODO - #./id.nix #TODO - #./mx.nix #TODO - #./mail.nix #TODO - ]; -} diff --git a/host/montalin/applications/feedreader.nix b/host/montalin/applications/feedreader.nix deleted file mode 100644 index 1668dd2..0000000 --- a/host/montalin/applications/feedreader.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: -let host = "feedreader.qo.is"; -in { - - imports = [ - - ../../../defaults/tt-rss - ]; - - services.tt-rss = { - selfUrlPath = "https://${host}/"; - virtualHost = host; - }; - services.nginx.virtualHosts."${host}" = { - forceSSL = true; - enableACME = true; - }; -} diff --git a/host/montalin/backup.nix b/host/montalin/backup.nix deleted file mode 100644 index a899546..0000000 --- a/host/montalin/backup.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, pkgs, ... }: - -let - mountService = "var-backup-disk.mount"; - backupDisk = "/var/backup/disk"; - repo = "${backupDisk}/montalin"; -in { - services.borgbackup.jobs = { - data = { - exclude = [ backupDisk "/var/tmp" "/var/cache" ]; - paths = [ "/etc" "/home" "/root" "/var" "/secrets" ]; - preHook = "systemctl start ${mountService}"; - postHook = "systemctl stop ${mountService}"; - readWritePaths = [ backupDisk ]; - prune.keep = { - within = "14d"; - weekly = 4; - monthly = 6; - yearly = -1; - - }; - removableDevice = true; - encryption = { - mode = "authenticated"; - passphrase = ""; - }; - repo = repo; - startAt = "07:00"; - environment.BORG_BASE_DIR = "${repo}/borg-base-dir"; - }; - }; -} diff --git a/host/montalin/database.nix b/host/montalin/database.nix deleted file mode 100644 index 5343a4c..0000000 --- a/host/montalin/database.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: - -{ - - imports = [ ../../defaults/database ]; - services.postgresql = { - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - }]; - }; -} diff --git a/host/montalin/default.nix b/host/montalin/default.nix deleted file mode 100644 index 5c1966e..0000000 --- a/host/montalin/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: { - - imports = [ - ./networking.nix - ./filesystems.nix - ./database.nix - ./backup.nix - ./applications - - ../../hardware/nuc.nix - - ../../defaults/base - ../../defaults/webserver - ]; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "20.03"; # Did you read the comment? - -} diff --git a/host/montalin/filesystems.nix b/host/montalin/filesystems.nix deleted file mode 100644 index 7d16773..0000000 --- a/host/montalin/filesystems.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: { - boot.initrd.luks.devices = { - "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1"; - "swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49"; - "backup".device = "/dev/disk/by-uuid/a965933d-516c-46cf-8384-006b1770e46b"; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - "/var/backup/disk" = { - device = "/dev/mapper/backup"; - fsType = "ext4"; - options = [ "defaults" "noauto" "noatime" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/0065-E4EA"; - fsType = "vfat"; - options = [ "defaults" "noatime" ]; - }; - }; - - swapDevices = [{ device = "/dev/mapper/swap"; }]; - - # Set Spin-Down times of HDDs - # To get the disk identifier with `udevadm info -n /dev/sdX | grep ID_SERIAL_SHORT` - services.udev.extraRules = '' - ACTION=="add", KERNEL=="sd[a-z]", ENV{ID_SERIAL_SHORT}=="WD-WXH1A89L54LA", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k" - ''; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - -} diff --git a/host/montalin/networking.nix b/host/montalin/networking.nix deleted file mode 100644 index 50de8a2..0000000 --- a/host/montalin/networking.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, pkgs, ... }: - -let - meta = import ../../meta; - plessur-net = meta.network.physical-networks.plessur; - montalin-net = plessur-net.dmz.hosts.montalin; -in { - networking.hostName = "montalin"; # Define your hostname. - - networking.useDHCP = false; - networking.interfaces.eno1 = { - ipv4.addresses = [{ - address = montalin-net.v4.ip; - prefixLength = plessur-net.dmz.v4.bitmask; - }]; - }; - networking.interfaces.wlp1s0.useDHCP = true; - - networking.defaultGateway = plessur-net.dmz.v4.gateway; - networking.nameservers = plessur-net.dmz.v4.nameservers; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = - [ meta.network.virtual.mgmt.server.port ]; - - services.qois.luks-ssh = { - enable = true; - interface = "eno1"; - ip = montalin-net.v4.ip; - netmask = "255.255.255.0"; - gateway = plessur-net.dmz.v4.gateway; - sshPort = 2222; - }; - - networking.wireguard.enable = true; - networking.wireguard.interfaces = let - network = meta.network.virtual; - networkName = "mgmt"; - in { - "wg-${networkName}" = - pkgs.lib.qois.wireguard.makeInterface config.networking.hostName - networkName network.${networkName}; - }; -} diff --git a/host/stompert.nix b/host/stompert.nix deleted file mode 100644 index a082447..0000000 --- a/host/stompert.nix +++ /dev/null @@ -1,88 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = [ ../hardware/apu.nix ../defaults/base ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/ab5a598b-6609-465f-8ab8-b894b8a5e32a"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/mmcblk0"; # or "nodev" for efi only - - networking.hostName = "stompert"; # Define your hostname. - - networking.wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface arbitrarily. - wg0 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "192.168.2.7/24" ]; - - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = "/etc/wireguard/privkey"; - - peers = [ - # For a client configuration, one peer entry for the server will suffice. - { - # Public key of the server (not a file path). - publicKey = "EQEle/TXlS3ZE2wPxXhdAdo45dzK+DXi5nglgK6KDXs="; - - # Forward all the traffic via VPN. - # allowedIPs = [ "0.0.0.0/0" ]; - # Or forward only particular subnets - allowedIPs = [ "192.168.2.0/24" ]; - - # Set this to the server IP and port. - endpoint = "root.mgmt.vpn.qo.is:51820"; - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - ]; - }; - }; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List services that you want to enable: - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.03"; # Did you read the comment? - -}