Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-03 18:50:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated lisa config

Browse source
This commit is contained in:
Julien Malka 2022-05-10 06:56:35 +02:00
parent 1f00356b81
commit 6b369314b6
Signed by: Luj
GPG key ID: 6FC74C847011FD83
1 changed files with 15 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
machines/lisa/default.nix
View file

@ -50,8 +50,13 @@
}; };
# make the tailscale command usable to users
environment.systemPackages = [ pkgs.tailscale ];
# enable the tailscale service
services.tailscale.enable = true; services.tailscale.enable = true;
environment.systemPackages = with pkgs; [ tailscale ];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
@ -72,7 +77,14 @@
prefixLength = 120; prefixLength = 120;
}]; }];
networking.nameservers = [ "10.100.0.2" ]; networking.nameservers = [ "100.127.245.71" "9.9.9.9" ];
environment.etc."resolv.conf" = with lib; with pkgs; {
source = writeText "resolv.conf" ''
${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
options edns0
'';
};
networking.hostId = "fbb334ae"; networking.hostId = "fbb334ae";
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
@ -80,77 +92,13 @@
system.stateVersion = "21.11"; system.stateVersion = "21.11";
networking.firewall = {
allowedUDPPorts = [ 51820 41641 ];
};
networking.nat.enable = true;
networking.nat.externalInterface = "ens20";
networking.nat.internalInterfaces = [ "wg0" ];
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens20 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens20 -j MASQUERADE
'';
privateKeyFile = "/root/wg-private";
peers = [
{
allowedIPs = [ "10.100.0.2/32" ];
publicKey = "WQoOWKT6VFn9p8vyLdI1n8tg8IRX1t7tCWXOa1zcHRU=";
}
{
allowedIPs = [ "10.100.0.3/32" ];
publicKey = "Pp4dQhhdokqYD1JBh+HLoqBbC+FEs64qzXHWfXyu2VE=";
}
{
allowedIPs = [ "10.100.0.4/32" ];
publicKey = "1d10sX645HAbXeXbvAs2zgjsoYgfg7d2UCQV1xKoY3s=";
}
{
allowedIPs = [ "10.100.0.5/32" ];
publicKey = "3BlHbLcL05UObnlIWrC/TMjZKdxrH8HTm8h0xxzAWA8=";
}
{
allowedIPs = [ "10.100.0.6/32" ];
publicKey = "ifMWTkMWpjibnthrRNPtfp2xcgqGQGng3XieVO7Lvzg=";
}
{
allowedIPs = [ "10.100.0.7/32" ];
publicKey = "TAIP4faPBx6gk1cifC6fdfIP6slo1ir+HMVKxQXBejo=";
}
{
allowedIPs = [ "10.100.0.8/32" ];
publicKey = "EmWRWnZfr60ekm4ZLdwa6gXU6V3p39p6tWOZ03dL+DA=";
}
{
allowedIPs = [ "10.100.0.9/32" ];
publicKey = "z85y4nc+7O7t2I4VqP0SAKJOD46PlkXoEPiuGOBS+SI=";
}
{
allowedIPs = [ "10.100.0.10/32" ];
publicKey = "SJ9tflQps1kssFsgVGLhqSSVKNPDspd+5xVMSu/aqk4=";
}
];
};
};
services.nginx.virtualHosts."jellyfin.mondon.me" = { services.nginx.virtualHosts."jellyfin.mondon.me" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://10.100.0.4"; proxyPass = "http://100.74.49.77";
}; };
}; };