xqtc/nixos-config
1
0
Fork 0
mirror of https://git.gay/xqtc/nixos-config synced 2024-11-25 22:53:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

NFS config; switch from iptables-legacy to nftables

Browse source
This commit is contained in:
xqtc161 2024-06-16 00:39:47 +02:00
parent 8a61160ee8
commit 31b71ff6ac
3 changed files with 47 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/x86_64-linux/beleth/default.nix
View file

@ -135,6 +135,7 @@ with lib; {
services.mullvad-vpn.enable = true; services.mullvad-vpn.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.package = pkgs.nftables;
networking.firewall.allowedTCPPorts = [22 80 443]; networking.firewall.allowedTCPPorts = [22 80 443];
networking.firewall.allowedUDPPorts = [51820]; networking.firewall.allowedUDPPorts = [51820];

46
hosts/x86_64-linux/beleth/nfs.nix Normal file
View file

@ -0,0 +1,46 @@
{
config,
lib,
inputs,
...
}: {
# "2a0f:be01:0:100::/64"
# "2a0f:be01:0:200::/64"
# "2a0f:be01:fe:f00::/56"
services.nfs = {
server = {
enable = true;
exports = ''
/export 2a0f:be01:0:100::/64(ro,async,fsid=0,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,fsid=0,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,fsid=0,no_subtree_check)
/export/shows 2a0f:be01:0:100::/64(ro,async,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,no_subtree_check)
/export/movies 2a0f:be01:0:100::/64(ro,async,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,no_subtree_check)
/export/music 2a0f:be01:0:100::/64(ro,async,no_subtree_check) 2a0f:be01:0:200::/64(ro,async,no_subtree_check) 2a0f:be01:fe:f00::/56(ro,async,no_subtree_check)
'';
};
};
networking.firewall.allowedTCPPorts = [ 2049 ];
networking.firewall.extraInputRules = ''
iifname wg0 ip6 saddr {
2a0f:be01:0:100::/64,
2a0f:be01:0:200::/64,
2a0f:be01:fe:f00::/56,
} tcp dport 2049 accept
'';
fileSystems = {
"/export/shows" = {
device = "/home/xqtc/jellyfin/shows";
options = [ "bind" ];
};
"/export/movies" = {
device = "/home/xqtc/jellyfin/movies";
options = [ "bind" ];
};
"/export/music" = {
device = "/home/xqtc/jellyfin/music";
options = [ "bind" ];
};
};
}

9
hosts/x86_64-linux/beleth/systemd-mount.nix
View file

@ -1,9 +0,0 @@
{
config,
lib,
inputs,
...
}: {
systemd.mounts."frotting" = {
};
}