nixos-wiki-infra/targets/nixos-wiki.nixos.org/configuration.nix

63 lines
1.9 KiB
Nix
Raw Normal View History

{ self, lib, config, ... }:
2023-10-24 17:34:54 +02:00
let
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
2023-10-24 17:34:54 +02:00
in
{
imports = [
self.nixosModules.nixos-wiki
self.nixosModules.nixos-wiki-backup
self.nixosModules.hcloud
];
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
system.stateVersion = "23.11";
security.acme.defaults.email = "joerg.letsencrypt@thalheim.io";
sops.secrets.nixos-wiki.owner = config.services.phpfpm.pools.mediawiki.user;
sops.secrets.nixos-wiki-github-client-secret.owner = config.services.phpfpm.pools.mediawiki.user;
2024-02-17 20:01:42 +01:00
networking = {
hostName = "wiki";
domain = "nixos.org";
};
services.nixos-wiki = {
2024-04-01 13:30:03 +02:00
hostname = "wiki.nixos.org";
adminPasswordFile = config.sops.secrets.nixos-wiki.path;
2024-03-06 22:00:11 +01:00
githubClientId = "Iv1.fcbe65bcecdda275";
githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path;
2024-04-01 13:30:03 +02:00
emergencyContact = "wiki@nixos.org";
passwordSender = "wiki@nixos.org";
noReplyAddress = "wiki-no-reply@nixos.org";
};
services.cloud-init.enable = lib.mkForce false;
systemd.network.networks."10-wan" = {
# match the interface by name
matchConfig.MACAddress = "96:00:03:02:b6:04";
address = [
# configure addresses including subnet mask
"65.21.240.250/32"
# TODO: drop this ip and only keep ::1
"2a01:4f9:c012:8178::/64"
"2a01:4f9:c012:8178::1/64"
];
routes = [
# create default routes for both IPv6 and IPv4
{ routeConfig.Gateway = "fe80::1"; }
# or when the gateway is not on the same network
{
routeConfig = {
Gateway = "172.31.1.1";
GatewayOnLink = true;
};
}
];
# make the routes on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
2024-02-17 17:26:38 +01:00
sops.defaultSopsFile = ./secrets/secrets.yaml;
boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ];
}