mirror of
https://git.gay/xqtc/nixos-config
synced 2024-11-25 21:53:55 +01:00
beleth: wg config; disable dhcp
This commit is contained in:
parent
e1c3cae409
commit
e072028205
|
@ -76,7 +76,7 @@
|
||||||
};
|
};
|
||||||
"alastor" = lib.nixosSystem {
|
"alastor" = lib.nixosSystem {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [ inputs.nixos-aarch64-widevine.overlays.default ];}];
|
modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [inputs.nixos-aarch64-widevine.overlays.default];}];
|
||||||
specialArgs = {inherit inputs;};
|
specialArgs = {inherit inputs;};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -236,7 +236,7 @@ with inputs; {
|
||||||
"browser.theme.toolbar-theme" = "0";
|
"browser.theme.toolbar-theme" = "0";
|
||||||
"browser.newtabpage.activity-stream.showSponsored" = false;
|
"browser.newtabpage.activity-stream.showSponsored" = false;
|
||||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||||
"media.eme.enabled" = true;
|
"media.eme.enabled" = true;
|
||||||
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" =
|
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" =
|
||||||
false;
|
false;
|
||||||
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" =
|
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" =
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
{config, lib, inputs, pkgs, ...}:
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
qt.style.package = pkgs.catppuccin-kde.override {
|
qt.style.package = pkgs.catppuccin-kde.override {
|
||||||
accents = ["pink"];
|
accents = ["pink"];
|
||||||
size = "compact";
|
size = "compact";
|
||||||
tweaks = ["rimless"];
|
tweaks = ["rimless"];
|
||||||
variant = "mocha";
|
variant = "mocha";
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
|
|
||||||
services.pcscd.enable = true;
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
environment.sessionVariables.MOZ_GMP_PATH = [ "${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed" ];
|
environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed"];
|
||||||
|
|
||||||
networking.hostName = "alastor"; # Define your hostname.
|
networking.hostName = "alastor"; # Define your hostname.
|
||||||
# Pick only one of the below networking options.
|
# Pick only one of the below networking options.
|
||||||
|
|
|
@ -24,42 +24,42 @@ with lib; {
|
||||||
enable = true;
|
enable = true;
|
||||||
email = "xqtc@tutanota.com";
|
email = "xqtc@tutanota.com";
|
||||||
configFile = pkgs.writeText "Caddyfile" ''
|
configFile = pkgs.writeText "Caddyfile" ''
|
||||||
heroin.trade {
|
heroin.trade {
|
||||||
root * /var/www/website/public/
|
root * /var/www/website/public/
|
||||||
handle_errors {
|
handle_errors {
|
||||||
rewrite * /404.html
|
rewrite * /404.html
|
||||||
file_server
|
file_server
|
||||||
|
}
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
syncthing.heroin.trade {
|
||||||
|
reverse_proxy http://localhost:8384 {
|
||||||
|
header_up Host {upstream_hostport}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
demos.heroin.trade {
|
||||||
|
root * /var/www/demos/
|
||||||
|
file_server browse
|
||||||
|
}
|
||||||
|
git.heroin.trade {
|
||||||
|
reverse_proxy http://localhost:3002
|
||||||
}
|
}
|
||||||
file_server
|
|
||||||
}
|
|
||||||
syncthing.heroin.trade {
|
|
||||||
reverse_proxy http://localhost:8384 {
|
|
||||||
header_up Host {upstream_hostport}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
demos.heroin.trade {
|
|
||||||
root * /var/www/demos/
|
|
||||||
file_server browse
|
|
||||||
}
|
|
||||||
git.heroin.trade {
|
|
||||||
reverse_proxy http://localhost:3002
|
|
||||||
}
|
|
||||||
|
|
||||||
jellyfin.heroin.trade {
|
jellyfin.heroin.trade {
|
||||||
reverse_proxy http://127.0.0.1:8096
|
reverse_proxy http://127.0.0.1:8096
|
||||||
}
|
}
|
||||||
|
|
||||||
calibre.heroin.trade {
|
calibre.heroin.trade {
|
||||||
reverse_proxy http://localhost:3000
|
reverse_proxy http://localhost:3000
|
||||||
}
|
}
|
||||||
|
|
||||||
grafana.heroin.trade {
|
grafana.heroin.trade {
|
||||||
reverse_proxy http://127.0.0.1:2342
|
reverse_proxy http://127.0.0.1:2342
|
||||||
}
|
}
|
||||||
|
|
||||||
uptime.heroin.trade {
|
uptime.heroin.trade {
|
||||||
reverse_proxy 127.0.0.1:3001
|
reverse_proxy 127.0.0.1:3001
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
{config, lib, ...}:
|
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
virtualisation.docker.autoPrune.enable = true;
|
virtualisation.docker.autoPrune.enable = true;
|
||||||
virtualisation.docker.autoPrune.dates = "daily";
|
virtualisation.docker.autoPrune.dates = "daily";
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
{lib, inputs, ...}:
|
|
||||||
{
|
{
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.server = {
|
settings.server = {
|
||||||
|
@ -8,8 +11,8 @@
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
service = {
|
service = {
|
||||||
DISABLE_REGISTRATION = true;
|
DISABLE_REGISTRATION = true;
|
||||||
REQUIRE_SIGNIN_VIEW = true;
|
REQUIRE_SIGNIN_VIEW = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
# networking.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
28
hosts/x86_64-linux/beleth/networking.nix
Normal file
28
hosts/x86_64-linux/beleth/networking.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [./wireguard.nix];
|
||||||
|
networking.interfaces = {
|
||||||
|
enp0s31f6 = {
|
||||||
|
ipv4 = {
|
||||||
|
adresses = [
|
||||||
|
{
|
||||||
|
address = "88.99.90.90";
|
||||||
|
prefixLength = 26;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
ipv6 = {
|
||||||
|
adresses = [
|
||||||
|
{
|
||||||
|
address = "2a01:4f8:10a:1aab::2";
|
||||||
|
prefixLength = 80;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
30
hosts/x86_64-linux/beleth/wireguard.nix
Normal file
30
hosts/x86_64-linux/beleth/wireguard.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# networking.nat.enable = true;
|
||||||
|
# networking.nat.externalInterface = "enp0s31f6";
|
||||||
|
# networking.nat.internalInterfaces = "wg0";
|
||||||
|
networking.firewall = {
|
||||||
|
allowedUDPPorts = [51820];
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
ips = ["2a01:4f8:10a:1aab::2/64"];
|
||||||
|
|
||||||
|
listenPort = 51820;
|
||||||
|
|
||||||
|
privateKeyFile = "/home/xqtc/wireguard-keys/private";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
#anner
|
||||||
|
publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So=";
|
||||||
|
allowedIPs = ["2a0f:be01::/48"];
|
||||||
|
endpoint = "[2a0f:be01::1]:51822";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue