WIP everything
This commit is contained in:
parent
2a23c7fdbe
commit
26f0bde4b3
29 changed files with 1630 additions and 423 deletions
|
|
@ -1,13 +1,14 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
repoFlake,
|
||||
nodeName,
|
||||
...
|
||||
}: let
|
||||
{ pkgs
|
||||
, lib
|
||||
, config
|
||||
, repoFlake
|
||||
, nodeName
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
wireguardPort = 51820;
|
||||
in {
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../snippets/systemd-resolved.nix
|
||||
];
|
||||
|
|
@ -31,14 +32,14 @@ in {
|
|||
|
||||
networking.interfaces.eth0 = {
|
||||
mtu = 1400;
|
||||
useDHCP = false;
|
||||
useDHCP = true;
|
||||
ipv4.addresses = [
|
||||
{
|
||||
"address" = "167.233.1.14";
|
||||
"prefixLength" = 29;
|
||||
}
|
||||
];
|
||||
ipv6.addresses = [];
|
||||
ipv6.addresses = [ ];
|
||||
};
|
||||
|
||||
networking.defaultGateway = {
|
||||
|
|
@ -53,7 +54,7 @@ in {
|
|||
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["ve-*" "wg*"];
|
||||
internalInterfaces = [ "ve-*" "wg*" ];
|
||||
externalInterface = "eth0";
|
||||
};
|
||||
|
||||
|
|
@ -78,7 +79,7 @@ in {
|
|||
privateKeyFile = config.sops.secrets.wg0-private.path;
|
||||
peers = [
|
||||
{
|
||||
allowedIPs = ["192.168.99.2/32"];
|
||||
allowedIPs = [ "192.168.99.2/32" ];
|
||||
publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
|
||||
presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
|
||||
}
|
||||
|
|
@ -86,12 +87,12 @@ in {
|
|||
};
|
||||
|
||||
# virtualization
|
||||
virtualisation = {docker.enable = false;};
|
||||
virtualisation = { docker.enable = false; };
|
||||
|
||||
services.spice-vdagentd.enable = true;
|
||||
services.qemuGuest.enable = true;
|
||||
|
||||
nix.gc = {automatic = true;};
|
||||
nix.gc = { automatic = true; };
|
||||
|
||||
containers = {
|
||||
mailserver = import ../../containers/mailserver.nix {
|
||||
|
|
@ -108,17 +109,17 @@ in {
|
|||
|
||||
webserver =
|
||||
import ../../containers/webserver.nix
|
||||
{
|
||||
inherit repoFlake;
|
||||
{
|
||||
inherit repoFlake;
|
||||
|
||||
autoStart = true;
|
||||
autoStart = true;
|
||||
|
||||
hostAddress = "192.168.100.12";
|
||||
localAddress = "192.168.100.13";
|
||||
hostAddress = "192.168.100.12";
|
||||
localAddress = "192.168.100.13";
|
||||
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
httpPort = 80;
|
||||
httpsPort = 443;
|
||||
};
|
||||
|
||||
syncthing = import ../../containers/syncthing.nix {
|
||||
autoStart = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue