53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
system.stateVersion = "24.11";
|
|
|
|
networking.hostName = "noisebridge-pi";
|
|
|
|
networking.wireless = {
|
|
enable = true;
|
|
networks."Noisebridge".psk = "noisebridge";
|
|
};
|
|
|
|
services.avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
publish = {
|
|
enable = true;
|
|
addresses = true;
|
|
};
|
|
};
|
|
|
|
# Decrypted at runtime by agenix
|
|
age.secrets.tailscale-auth-key.file = ./secrets/tailscale-auth-key.age;
|
|
|
|
age.secrets.api-key.file = ./secrets/api-key.age;
|
|
age.secrets.inbound-api-key.file = ./secrets/inbound-api-key.age;
|
|
|
|
services.noisebell = {
|
|
enable = true;
|
|
port = 80;
|
|
endpointUrl = "https://noisebell.extremist.software/webhook";
|
|
apiKeyFile = config.age.secrets.api-key.path;
|
|
inboundApiKeyFile = config.age.secrets.inbound-api-key.path;
|
|
};
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
services.tailscale = {
|
|
enable = true;
|
|
authKeyFile = config.age.secrets.tailscale-auth-key.path;
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
|
|
networking.firewall = {
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
allowedUDPPorts = [ config.services.tailscale.port ];
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
|
|
];
|
|
}
|