{ pkgs, lib, config, repoFlake, ... }: { networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ # iperf3 5201 ]; networking.firewall.logRefusedConnections = false; networking.usePredictableInterfaceNames = false; networking.dhcpcd.enable = false; networking.interfaces.eth0 = { mtu = 1400; useDHCP = false; ipv4.addresses = [ { "address" = "167.233.1.14"; "prefixLength" = 29; } ]; ipv6.addresses = []; }; networking.defaultGateway = { address = "167.233.1.9"; interface = "eth0"; }; networking.defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; networking.nameservers = ["1.1.1.1"]; networking.nat = { enable = true; internalInterfaces = ["ve-+"]; externalInterface = "eth0"; }; # Kubernetes # services.kubernetes.roles = ["master" "node"]; # virtualization virtualisation = {docker.enable = true;}; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; nix.gc = {automatic = true;}; containers = { mailserver = import ../../containers/mailserver.nix { inherit repoFlake; autoStart = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.11"; imapsPort = 993; sievePort = 4190; }; webserver = import ../../containers/webserver.nix { inherit repoFlake; autoStart = true; hostAddress = "192.168.100.12"; localAddress = "192.168.100.13"; httpPort = 80; httpsPort = 443; }; syncthing = import ../../containers/syncthing.nix { autoStart = true; hostAddress = "192.168.100.14"; localAddress = "192.168.100.15"; syncthingPort = 22000; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? }