Add 'taupe' server serving as exit node

Signed-off-by: Mel <mel@rnrd.eu>

1 files changed, 51 insertions, 0 deletions

diff --git a/machines/taupe/devices.nix b/machines/taupe/devices.nix
new file mode 100644
index 0000000..5dcfee1
--- /dev/null
+++ b/machines/taupe/devices.nix
@@ -0,0 +1,51 @@
+{ lib, ... }:
+
+{
+  boot = {
+    loader.systemd-boot.enable = true;
+    kernelModules = [ "wireguard" ];
+  };
+
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+    swapDevices = 1;
+    memoryPercent = 50;
+  };
+
+  networking = {
+    useDHCP = false;
+    nameservers = [
+      "1.1.1.1" "1.0.0.1"
+      "2606:4700:4700::1111" "2606:4700:4700::1001"
+    ];
+  };
+
+  # Static IPv6 network configuration
+  # + soliciting of IPv4 via DHCP.
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    name = "enp1s0";
+    DHCP = "ipv4";
+    address = [ "2a01:4f9:c012:dce::1" ];
+    routes = [ { Gateway = "fe80::1"; } ];
+  };
+
+  services.resolved = {
+    llmnr = "false";
+    extraConfig = "MulticastDNS=no";
+    dnssec = "false"; 
+  };
+  
+  virtualisation.docker.daemon.settings = {
+    "experimental" = true;
+    "ipv6" = true;
+    "ip6tables" = true;
+    "fixed-cidr-v6" = "fc00:d0c:b1b1::/48";
+    "bip" = "172.17.0.1/24";
+    "default-address-pools" = [
+      { base = "172.17.0.0/16"; size = 24; }
+      { base = "fc00:d0c::/32"; size = 48; }
+    ];
+  };
+}