xqtc/nixos-config
1
0
Fork 0
mirror of https://git.gay/xqtc/nixos-config synced 2024-11-22 09:30:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

beleth: wg config; disable dhcp

Browse source
This commit is contained in:
xqtc161 2024-06-09 20:48:07 +02:00
parent e1c3cae409
commit e072028205
10 changed files with 113 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -76,7 +76,7 @@
};
"alastor" = lib.nixosSystem {
system = "aarch64-linux";
modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [ inputs.nixos-aarch64-widevine.overlays.default ];}];
modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [inputs.nixos-aarch64-widevine.overlays.default];}];
specialArgs = {inherit inputs;};
};
};

2
home/modules/firefox.nix
View file

@ -236,7 +236,7 @@ with inputs; {
"browser.theme.toolbar-theme" = "0";
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"media.eme.enabled" = true;
"media.eme.enabled" = true;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" =
false;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" =

16
home/modules/qt.nix
View file

@ -1,10 +1,14 @@
{config, lib, inputs, pkgs, ...}:
{
config,
lib,
inputs,
pkgs,
...
}: {
qt.style.package = pkgs.catppuccin-kde.override {
accents = ["pink"];
size = "compact";
tweaks = ["rimless"];
variant = "mocha";
accents = ["pink"];
size = "compact";
tweaks = ["rimless"];
variant = "mocha";
};
}

2
hosts/aarch64-linux/alastor/default.nix
View file

@ -36,7 +36,7 @@
services.pcscd.enable = true;
environment.sessionVariables.MOZ_GMP_PATH = [ "${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed" ];
environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed"];
networking.hostName = "alastor"; # Define your hostname.
# Pick only one of the below networking options.

62
hosts/x86_64-linux/beleth/default.nix
View file

@ -24,42 +24,42 @@ with lib; {
enable = true;
email = "xqtc@tutanota.com";
configFile = pkgs.writeText "Caddyfile" ''
heroin.trade {
root * /var/www/website/public/
handle_errors {
rewrite * /404.html
file_server
heroin.trade {
root * /var/www/website/public/
handle_errors {
rewrite * /404.html
file_server
}
file_server
}
syncthing.heroin.trade {
reverse_proxy http://localhost:8384 {
header_up Host {upstream_hostport}
}
}
demos.heroin.trade {
root * /var/www/demos/
file_server browse
}
git.heroin.trade {
reverse_proxy http://localhost:3002
}
file_server
}
syncthing.heroin.trade {
reverse_proxy http://localhost:8384 {
header_up Host {upstream_hostport}
}
}
demos.heroin.trade {
root * /var/www/demos/
file_server browse
}
git.heroin.trade {
reverse_proxy http://localhost:3002
}
jellyfin.heroin.trade {
reverse_proxy http://127.0.0.1:8096
}
jellyfin.heroin.trade {
reverse_proxy http://127.0.0.1:8096
}
calibre.heroin.trade {
reverse_proxy http://localhost:3000
}
calibre.heroin.trade {
reverse_proxy http://localhost:3000
}
grafana.heroin.trade {
reverse_proxy http://127.0.0.1:2342
}
grafana.heroin.trade {
reverse_proxy http://127.0.0.1:2342
}
uptime.heroin.trade {
reverse_proxy 127.0.0.1:3001
}
uptime.heroin.trade {
reverse_proxy 127.0.0.1:3001
}
'';
};

5
hosts/x86_64-linux/beleth/docker.nix
View file

@ -1,5 +1,8 @@
{config, lib, ...}:
{
config,
lib,
...
}: {
virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
virtualisation.docker.autoPrune.dates = "daily";

9
hosts/x86_64-linux/beleth/git.nix
View file

@ -1,5 +1,8 @@
{lib, inputs, ...}:
{
lib,
inputs,
...
}: {
services.forgejo = {
enable = true;
settings.server = {
@ -8,8 +11,8 @@
};
settings = {
service = {
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = true;
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = true;
};
};
};

2
hosts/x86_64-linux/beleth/hardware-configuration.nix
View file

@ -33,7 +33,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

28
hosts/x86_64-linux/beleth/networking.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
inputs,
...
}: {
imports = [./wireguard.nix];
networking.interfaces = {
enp0s31f6 = {
ipv4 = {
adresses = [
{
address = "88.99.90.90";
prefixLength = 26;
}
];
};
ipv6 = {
adresses = [
{
address = "2a01:4f8:10a:1aab::2";
prefixLength = 80;
}
];
};
};
};
}

30
hosts/x86_64-linux/beleth/wireguard.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
inputs,
...
}: {
# networking.nat.enable = true;
# networking.nat.externalInterface = "enp0s31f6";
# networking.nat.internalInterfaces = "wg0";
networking.firewall = {
allowedUDPPorts = [51820];
};
networking.wireguard.interfaces = {
ips = ["2a01:4f8:10a:1aab::2/64"];
listenPort = 51820;
privateKeyFile = "/home/xqtc/wireguard-keys/private";
peers = [
{
#anner
publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So=";
allowedIPs = ["2a0f:be01::/48"];
endpoint = "[2a0f:be01::1]:51822";
}
];
};
}