1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
{
system = "x86_64-linux";
nixpkgsStable = true;
id = 3;
domain = "fc9f.de";
sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/7udhktYVZHHZ2RXQeKHt0ACfcG5dmTpyd5LMw4U0O root@nixos";
wgPublicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY=";
syncthingId = "QI2EPUE-4VMZ3XV-LXX3GXP-RHCWTRY-AACLSGL-YG7MIYV-THST74N-KJGIBQ6";
hardware = {
cpuVendor = "intel";
allowHibernation = false;
};
networking = {
primaryInterface = "enp1s0";
ip4IsPrivate = true;
ip4Address = "192.168.2.111";
ip4PrefixLength = 24;
defaultGateway4 = "192.168.2.1";
ip6IsPrivate = false;
ip6Address = "2a03:4000:4d:5e:acab::3";
ip6PrefixLength = 128;
dn42 = {
ip6Address = "fd6b:6174:6a61::3";
ip6PrefixLength = 128;
};
};
nixosConfiguration = _: {
boot.initrd.systemd.emergencyAccess = true;
boot.kernel.sysctl."net.ipv6.conf.all.proxy_ndp" = true;
sops.secrets = {
wgPrivateKey = {
owner = "systemd-network";
group = "systemd-network";
};
};
common = {
profiles.nvme.enable = true;
configure = {
primaryNetworkInterface = {
enable = true;
acceptRouterAdvertisements = true;
ip6Address = null;
};
rootDisk.swap = {
enable = true;
size = "2G";
};
};
};
zpha = {
websites = {
"fedi.home.ctu.cx".enable = true;
"music.zaphyra.eu" = {
enable = true;
subdomain = "music2";
};
};
configure = {
syncthing.enable = true;
netcupTunnel.enable = true;
};
profiles = {
zaphyra.enable = true;
dn42.enable = true;
resticBackupTarget = {
enable = true;
path = "/persist/system/restic-backups";
keys = {
cuvier-navidrome = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0vCwn4H04RqiLFUVK06N1ZOhEvNgdBod1Eedu82LHP";
cuvier-things = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9ME2e9a2BbFgTxVY5OSL0VupYxZ10SjcLeO27qBBIF";
cuvier-immich = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA8a7B0GzYf1J1Of8iwSMFQUON6CWCwnJW94K3uX95ij";
cuvier-gotosocial = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvl23IonsUnU5nDVMjNp0W56HcT1TTuXRvFrkOay0iM";
isodon-gotosocial = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID85l2Im1ff0JGp8vH8IngnjKB3K/cFiur/grPxWJbUE";
isodon-navidrome = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv54uqcNCmcbYWzA1mGPeKrh29E2+/sr08caX3jihQc";
cautus-gotosocial = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADOmcKGelaxzS9oObFMOdfUdm/PWS6Og9IJFZlLrsvm";
cautus-memos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJZ4Y87FvE9ejTh2X01u73+iUYAbSxHz0SzgQ/oMW7W";
cautus-continuwuity = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICnwja11WL5lX7uUnuapINM5NydD9reJ1N6uIR8IrUnO";
cautus-radicale = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK98eqmXaUpbm6PrRi/n2WmQ+Oo0x8z/JQathF8OPzNU";
cautus-prosody = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDe5En9owlKsj15sgWoq0zOFuAfc7VX3ON5DJ8TPIXAP";
cautus-vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrsALG/N1wAA9T4MzMkbdA8LKNSsi38I4AsrmKi3eN2";
cautus-gitolite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxAUyM6a7Rw1vjK+OyOR+9bYrWfV3L7bu05w9IPG+h";
cautus-mailserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsKAXf8yLKv+B8FIrIssxlryqRPtuajPLJ7hVRh0dbz";
};
};
};
};
};
}