{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./coturn.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; system.stateVersion = "21.05"; # Did you read the comment? boot.loader.grub.devices = [ "/dev/sda" ]; services.openssh.permitRootLogin = "prohibit-password"; services.openssh.passwordAuthentication = false; services.openssh.enable = true; networking = { useDHCP = false; hostName = "proxy"; nameservers = [ "10.4.0.2" "1.1.1.1" ]; firewall.allowedTCPPorts = [ 22 ]; interfaces.ens3.useDHCP = true; nat = { enable = true; externalInterface = "ens3"; internalInterfaces = ["wg0"]; forwardPorts = [ { destination = "10.4.0.2:1194"; proto = "udp"; sourcePort = 1194; } ]; }; wireguard = { interfaces."wg0" = { listenPort = 1195; ips = [ "10.4.0.1/24" ]; privateKeyFile = "/secrets/wireguard/server.key"; postSetup = '' /run/current-system/sw/bin/iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE ''; postShutdown = '' /run/current-system/sw/bin/iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE ''; peers = [ { allowedIPs = [ "10.4.0.2" "10.3.0.0/24" ]; publicKey = "73oFhyQA3mgX4GmN6ul5HuOsgxa4INlzCPsyuXna0AA="; } ]; }; }; }; services = { fail2ban.enable = true; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuURERnIFe2XbNu6AsPe2DO11RuaHxVGUcaoJUsIB1F+VOggOVLhxSenOPYLm6NvvGeXVi95G5Sm1UZRcJEEkvxus4bSViV4t/Q2azfYFE27yRH/IeMMoWNPGYNm5Bok2qFb4vHifra9FffwXnOzr0nDDTdHXCft4TO5nsenLJwqu5zOO1CR7J52otY7LheNPyzbGxgIkB3Y7LeOj1+/xXSOJ379NOL2RQBobsg7k442WCX7tU6AC1ct3W+93tcJUUdzJKTT9TJ+XmhdjXNWhDd+QZUNAMr+nKoEdExHp0H40/wIhcLD2OV95gX4i/YBzCg4OQOqZqWiibiEQfGTSAh5aD+nX/PqjXf0XSLEUOA81biLFu28oO8gocjwnhgqmlghvO4SG1rs6uZ8EyPyWsrVMjy8B9FX4aloKqua3aicgC+upjLl3x+KkMJizlMB5Ew7KOjPsjXwMqeJmeBOEd6TSEctttR+lIp+/368FtwXeBxzx9MBT4620mnjWtVKM= giulio@gAluminum" ]; }