From 6b369314b6869de93a4032f4fbb56bef03c26ec6 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Tue, 10 May 2022 06:56:35 +0200
Subject: [PATCH] Updated lisa config

---
 machines/lisa/default.nix | 82 +++++++--------------------------------
 1 file changed, 15 insertions(+), 67 deletions(-)

diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix
index 7f2ab44..0b4c4fd 100644
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@@ -50,8 +50,13 @@
 
   };
 
+
+
+  # make the tailscale command usable to users
+  environment.systemPackages = [ pkgs.tailscale ];
+
+  # enable the tailscale service
   services.tailscale.enable = true;
-  environment.systemPackages = with pkgs; [ tailscale ];
 
 
   nix.maxJobs = lib.mkDefault 4;
@@ -72,7 +77,14 @@
     prefixLength = 120;
   }];
 
-  networking.nameservers = [ "10.100.0.2" ];
+  networking.nameservers = [ "100.127.245.71" "9.9.9.9" ];
+  environment.etc."resolv.conf" = with lib; with pkgs; {
+    source = writeText "resolv.conf" ''
+      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
+      options edns0
+    '';
+  };
+
   networking.hostId = "fbb334ae";
   services.zfs.autoSnapshot.enable = true;
   services.zfs.autoScrub.enable = true;
@@ -80,77 +92,13 @@
   system.stateVersion = "21.11";
 
 
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 41641 ];
-  };
-  networking.nat.enable = true;
-  networking.nat.externalInterface = "ens20";
-  networking.nat.internalInterfaces = [ "wg0" ];
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.100.0.1/24" ];
-      listenPort = 51820;
-      postSetup = ''
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens20 -j MASQUERADE
-      '';
-
-      # This undoes the above command
-      postShutdown = ''
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens20 -j MASQUERADE
-      '';
-
-      privateKeyFile = "/root/wg-private";
-      peers = [
-        {
-          allowedIPs = [ "10.100.0.2/32" ];
-          publicKey = "WQoOWKT6VFn9p8vyLdI1n8tg8IRX1t7tCWXOa1zcHRU=";
-        }
-        {
-          allowedIPs = [ "10.100.0.3/32" ];
-          publicKey = "Pp4dQhhdokqYD1JBh+HLoqBbC+FEs64qzXHWfXyu2VE=";
-        }
-        {
-          allowedIPs = [ "10.100.0.4/32" ];
-          publicKey = "1d10sX645HAbXeXbvAs2zgjsoYgfg7d2UCQV1xKoY3s=";
-        }
-        {
-          allowedIPs = [ "10.100.0.5/32" ];
-          publicKey = "3BlHbLcL05UObnlIWrC/TMjZKdxrH8HTm8h0xxzAWA8=";
-        }
-        {
-          allowedIPs = [ "10.100.0.6/32" ];
-          publicKey = "ifMWTkMWpjibnthrRNPtfp2xcgqGQGng3XieVO7Lvzg=";
-        }
-        {
-          allowedIPs = [ "10.100.0.7/32" ];
-          publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo=";
-        }
-        {
-          allowedIPs = [ "10.100.0.8/32" ];
-          publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA=";
-        }
-        {
-          allowedIPs = [ "10.100.0.9/32" ];
-          publicKey = "z85y4nc+7O7t2I4VqP0SAKJOD46PlkXoEPiuGOBS+SI=";
-        }
-        {
-          allowedIPs = [ "10.100.0.10/32" ];
-          publicKey = "SJ9tflQps1kssFsgVGLhqSSVKNPDspd+5xVMSu/aqk4=";
-        }
-      ];
-
-    };
-  };
-
-
-
 
   services.nginx.virtualHosts."jellyfin.mondon.me" = {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
       proxyWebsockets = true;
-      proxyPass = "http://10.100.0.4";
+      proxyPass = "http://100.74.49.77";
     };
   };