foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover: update state variables and services

Browse Source 
This is just made in advanced for the upcoming config updates of each
services.
This commit is contained in:
Gabriel Arazas 2024-09-19 21:27:22 +08:00
parent 9705646f30
commit 6e26946312
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
2 changed files with 35 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
configs/nixos/plover/default.nix
View File

@ -32,11 +32,41 @@
fail2ban.enable = true;
# The self-hosted services.
atuin.enable = true;
gitea.enable = true;
grafana.enable = true;
vaultwarden.enable = true;
wireguard.enable = true;
tailscale.enable = true;
};
state.network = {
ipv4 = lib.mkDefault "65.109.224.213";
ipv6 = lib.mkDefault "2a01:4f9:c012:607a::1";
interfaces = {
lan = {
ipv4 = "10.0.0.2";
ipv6 = "";
};
};
secondaryNameservers = [
# ns1.first-ns.de
"213.239.242.238"
"2a01:4f8:0:a101::a:1"
# robotns2.second-ns.de
"213.133.105.6"
"2a01:4f8:d0a:2004::2"
# robotns3.second-ns.com
"193.47.99.3"
"2001:67c:192c::add:a3"
];
};
state.paths = {
dataDir = "/var/lib";
cacheDir = "/var/cache";
logDir = "/var/log";
runtimeDir = "/run";
};
# Offline SSH!?!
@ -61,7 +91,7 @@
email = "admin+acme@foodogsquared.one";
dnsProvider = "rfc2136";
dnsResolver = "1.1.1.1";
credentialsFile = config.sops.secrets."lego/env".path;
credentialsFile = config.sops.secrets."lego/env".path or "/var/lib/secrets/acme.env";
};
# Enable generating new DH params.

95
configs/nixos/plover/modules/hardware/networks.nix
View File

@ -9,69 +9,6 @@ rec {
# The thing is generated using a ULA generator.
privateIPv6Prefix = "fd89:c181:8016";
# These blocks should be used sparingly with how wide these blocks cover.
# Plus, they shouldn't be treated as subnets.
clientNetworks = [
"172.24.0.0/13"
"10.128.0.0/9"
"fd00::/8"
];
serverNetworks = [
"172.16.0.0/13"
"10.0.0.0/9"
"fc00::/8"
];
interfaces =
let
ploverInternalNetworkGateway = "172.16.0.1";
ipv6Gateway = "fe80::1";
in
{
# This is the public-facing interface. Any interface name with a prime
# symbol means it's a public-facing interface.
wan = {
ifname = "ens3";
# The gateways for the public addresses are retrieved from the following
# pages:
#
# * https://docs.hetzner.com/cloud/networks/faq/#are-any-ip-addresses-reserved
# * https://docs.hetzner.com/robot/dedicated-server/ip/additional-ip-adresses/#gateway
IPv4 = {
address = "65.109.224.213";
gateway = "172.31.1.1";
};
IPv6 = {
address = "2a01:4f9:c012:607a::1";
gateway = ipv6Gateway;
};
};
lan = {
ifname = "ens10";
IPv4 = {
address = "172.27.0.1";
gateway = ploverInternalNetworkGateway;
};
IPv6 = {
address = "${privateIPv6Prefix}::1";
gateway = ipv6Gateway;
};
};
wireguard0 = {
ifname = "wireguard0";
IPv4 = {
address = "172.28.0.1";
gateway = ploverInternalNetworkGateway;
};
IPv6 = {
address = "${wireguardIPv6Prefix}::1";
gateway = ipv6Gateway;
};
};
};
# Wireguard-related things.
wireguardPort = 51820;
@ -80,36 +17,4 @@ rec {
# This IPv6 network prefix should have /64 for the entire Wireguard network.
wireguardIPv6Prefix = "${privateIPv6Prefix}:ffff";
# These are all fixed IP addresses. However, they should be assigned in /16
# and /64 for IPv4 and IPv6 block respectively.
wireguardPeers = {
server = with interfaces.wireguard0; {
IPv4 = IPv4.address;
IPv6 = IPv6.address;
};
desktop = {
IPv4 = "${wireguardIPv4Prefix}.2";
IPv6 = "${wireguardIPv6Prefix}::2";
};
phone = {
IPv4 = "${wireguardIPv4Prefix}.3";
IPv6 = "${wireguardIPv6Prefix}::3";
};
};
secondaryNameServers = {
"ns1.first-ns.de." = {
IPv4 = [ "213.239.242.238" ];
IPv6 = [ "2a01:4f8:0:a101::a:1" ];
};
"robotns2.second-ns.de." = {
IPv4 = [ "213.133.105.6" ];
IPv6 = [ "2a01:4f8:d0a:2004::2" ];
};
"robotns3.second-ns.com." = {
IPv4 = [ "193.47.99.3" ];
IPv6 = [ "2001:67c:192c::add:a3" ];
};
};
}