2023-11-19 11:13:15 +01:00
|
|
|
{ self, lib, config, ... }:
|
2023-10-24 17:34:54 +02:00
|
|
|
let
|
2023-10-24 17:33:05 +02:00
|
|
|
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
|
2023-10-24 17:34:54 +02:00
|
|
|
in
|
|
|
|
{
|
2023-10-24 17:33:05 +02:00
|
|
|
imports = [
|
|
|
|
self.nixosModules.nixos-wiki
|
|
|
|
self.nixosModules.nixos-wiki-backup
|
|
|
|
self.nixosModules.hcloud
|
|
|
|
];
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
security.acme.defaults.email = "joerg.letsencrypt@thalheim.io";
|
2023-11-19 11:13:15 +01:00
|
|
|
|
|
|
|
sops.secrets.nixos-wiki.owner = config.services.phpfpm.pools.mediawiki.user;
|
|
|
|
sops.secrets.nixos-wiki-github-client-secret.owner = config.services.phpfpm.pools.mediawiki.user;
|
|
|
|
|
2024-02-17 20:01:42 +01:00
|
|
|
networking = {
|
|
|
|
hostName = "wiki";
|
|
|
|
domain = "nixos.org";
|
|
|
|
};
|
|
|
|
|
2023-11-19 11:13:15 +01:00
|
|
|
services.nixos-wiki = {
|
2024-04-01 13:30:03 +02:00
|
|
|
hostname = "wiki.nixos.org";
|
2023-11-19 11:13:15 +01:00
|
|
|
adminPasswordFile = config.sops.secrets.nixos-wiki.path;
|
2024-03-06 22:00:11 +01:00
|
|
|
githubClientId = "Iv1.fcbe65bcecdda275";
|
2023-11-19 11:13:15 +01:00
|
|
|
githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path;
|
2024-04-01 13:30:03 +02:00
|
|
|
emergencyContact = "wiki@nixos.org";
|
|
|
|
passwordSender = "wiki@nixos.org";
|
|
|
|
noReplyAddress = "wiki-no-reply@nixos.org";
|
2023-11-19 11:13:15 +01:00
|
|
|
};
|
|
|
|
|
2024-02-17 20:46:46 +01:00
|
|
|
services.cloud-init.enable = lib.mkForce false;
|
|
|
|
|
|
|
|
systemd.network.networks."10-wan" = {
|
|
|
|
# match the interface by name
|
|
|
|
matchConfig.MACAddress = "96:00:03:02:b6:04";
|
|
|
|
address = [
|
|
|
|
# configure addresses including subnet mask
|
|
|
|
"65.21.240.250/32"
|
2024-02-20 08:32:56 +01:00
|
|
|
# TODO: drop this ip and only keep ::1
|
2024-02-17 20:46:46 +01:00
|
|
|
"2a01:4f9:c012:8178::/64"
|
2024-02-20 08:32:56 +01:00
|
|
|
"2a01:4f9:c012:8178::1/64"
|
2024-02-17 20:46:46 +01:00
|
|
|
];
|
|
|
|
routes = [
|
|
|
|
# create default routes for both IPv6 and IPv4
|
|
|
|
{ routeConfig.Gateway = "fe80::1"; }
|
|
|
|
# or when the gateway is not on the same network
|
|
|
|
{
|
|
|
|
routeConfig = {
|
|
|
|
Gateway = "172.31.1.1";
|
|
|
|
GatewayOnLink = true;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
];
|
|
|
|
# make the routes on this interface a dependency for network-online.target
|
|
|
|
linkConfig.RequiredForOnline = "routable";
|
|
|
|
};
|
|
|
|
|
2024-02-17 17:26:38 +01:00
|
|
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
2023-10-24 17:33:05 +02:00
|
|
|
boot.loader.grub.devices = lib.mkForce [ "/dev/sda" ];
|
|
|
|
}
|