foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-19 18:19:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

config: add more comments

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-08 19:53:20 +08:00
parent 29d990f33c
commit ab8ab4921c
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
4 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/plover/modules/hardware/hetzner-cloud-cx21.nix
View File

@ -86,6 +86,8 @@ in
"20-lan" = with interfaces.internal; { "20-lan" = with interfaces.internal; {
matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames; matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames;
# Take note of the private subnets set in your Hetzner Cloud instance
# (at least for IPv4 addresses)..
address = [ address = [
"${IPv4.address}/16" "${IPv4.address}/16"
"${IPv6.address}/64" "${IPv6.address}/64"
@ -102,8 +104,10 @@ in
"::1" "::1"
]; ];
# Force our own internal domain to be used in the system.
domains = [ config.networking.fqdn ]; domains = [ config.networking.fqdn ];
# Use the gateway to enable resolution of external domains.
gateway = [ gateway = [
IPv4.gateway IPv4.gateway
IPv6.gateway IPv6.gateway

4
hosts/plover/modules/services/coredns.nix
View File

@ -73,8 +73,8 @@ in
# Setting up the firewall to make less things to screw up in case anything is # Setting up the firewall to make less things to screw up in case anything is
# screwed up. # screwed up.
networking.firewall.extraInputRules = '' networking.firewall.extraInputRules = ''
meta l4proto {tcp, udp} th dport 53 ip saddr { ${lib.concatStringsSep ", " allowedIPs} } accept comment "Accept DNS queries from secondary nameservers" meta l4proto {tcp, udp} th dport 53 ip saddr { ${lib.concatStringsSep ", " allowedIPs} } accept comment "Accept DNS queries from secondary nameservers and private networks"
meta l4proto {tcp, udp} th dport 53 ip6 saddr { ${lib.concatStringsSep ", " allowedIPv6s} } accept comment "Accept DNS queries from secondary nameservers" meta l4proto {tcp, udp} th dport 53 ip6 saddr { ${lib.concatStringsSep ", " allowedIPv6s} } accept comment "Accept DNS queries from secondary nameservers and private networks"
''; '';
# The main DNS server. # The main DNS server.

2
hosts/plover/modules/services/keycloak.nix
View File

@ -12,7 +12,7 @@ let
keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username; keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username;
certs = config.security.acme.certs; certs = config.security.acme.certs;
host = "127.0.0.1"; host = "localhost";
in in
{ {
# Hey, the hub for your application sign-in. # Hey, the hub for your application sign-in.

3
hosts/plover/modules/services/wireguard.nix
View File

@ -27,6 +27,9 @@ in
filterForward = true; filterForward = true;
}; };
# Since we're using systemd-networkd to configure interfaces, we can control
# how each interface can handle things such as IP masquerading so no need for
# modifying sysctl settings like 'ipv4.ip_forward' or similar.
systemd.network = { systemd.network = {
wait-online.ignoredInterfaces = [ wireguardIFName ]; wait-online.ignoredInterfaces = [ wireguardIFName ];