mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-27 10:36:12 +01:00
8fb752ae01
Signed-off-by: Magic_RB <magic_rb@redalder.org>
137 lines
3 KiB
Nix
137 lines
3 KiB
Nix
{ pkgs, lib, secret, ... }:
|
|
let
|
|
inherit (lib)
|
|
getExe;
|
|
in
|
|
{
|
|
# boot.kernel.sysctl = {"net.ipv4.ip_forward" = "1";};
|
|
|
|
# https://github.com/NixOS/nixpkgs/issues/76671
|
|
# the rpc.statd daemon is not running when not mounting any nfs filesystems on boot
|
|
# and can't be manually started...
|
|
boot.supportedFilesystems = [ "nfs" ];
|
|
services.rpcbind.enable = true;
|
|
|
|
networking = {
|
|
hostName = "altra";
|
|
hostId = "4eb49917";
|
|
useDHCP = false;
|
|
interfaces.eth0.useDHCP = true;
|
|
firewall.enable = true;
|
|
|
|
# nameservers = [
|
|
# (secret.network.ips.blowhole.ip or "")
|
|
# "93.184.77.2"
|
|
# "67.207.67.3"
|
|
# ];
|
|
|
|
# wireguard = {
|
|
# enable = true;
|
|
# interfaces."wg0" =
|
|
# {
|
|
# postSetup = ''
|
|
# ${getExe pkgs.iptables} -I FORWARD -i wg0 -o wg0 -j ACCEPT
|
|
# '';
|
|
|
|
# postShutdown = ''
|
|
# ${getExe pkgs.iptables} -D FORWARD -i wg0 -o wg0 -j ACCEPT
|
|
# '';
|
|
# }
|
|
# // secret.wireguard."toothpick" or { privateKey = ""; };
|
|
# };
|
|
|
|
# defaultGateway = "64.225.96.1";
|
|
# defaultGateway6 = "";
|
|
# dhcpcd.enable = false;
|
|
# usePredictableInterfaceNames = lib.mkForce false;
|
|
|
|
# firewall = {
|
|
# extraCommands = ''
|
|
# iptables -P FORWARD DROP
|
|
# '';
|
|
|
|
# interfaces."eth0" = {
|
|
# allowedTCPPorts = [
|
|
# 80
|
|
# 443
|
|
# 6001
|
|
# ];
|
|
# allowedUDPPorts = [
|
|
# 6666
|
|
# ];
|
|
# };
|
|
|
|
# interfaces."nomad" = {
|
|
# allowedTCPPorts = [
|
|
# 8500
|
|
# ];
|
|
# };
|
|
|
|
# interfaces."wg0" = {
|
|
# allowedTCPPorts = [
|
|
# ## Consul
|
|
# 8600 # DNS
|
|
# 8500 # HTTP
|
|
# 8502 # gRPC
|
|
# 8300 # server
|
|
# 8301 # LAN serf
|
|
# 8302 # WAN serf
|
|
# 4646 # Nomad
|
|
# 4647
|
|
# 4648
|
|
# 10000
|
|
# ];
|
|
# allowedTCPPortRanges = [
|
|
# {
|
|
# from = 21000;
|
|
# to = 21255;
|
|
# }
|
|
# ];
|
|
# allowedUDPPorts = [
|
|
# ## Consul
|
|
# 8600 # DNS
|
|
# 8301 # LAN serf
|
|
# 8302 # WAN serf
|
|
# ];
|
|
# allowedUDPPortRanges = [
|
|
# {
|
|
# from = 21000;
|
|
# to = 21255;
|
|
# }
|
|
# ];
|
|
# };
|
|
# };
|
|
|
|
# interfaces = {
|
|
# eth0 = {
|
|
# ipv4.addresses = [
|
|
# {
|
|
# address = "64.225.104.221";
|
|
# prefixLength = 20;
|
|
# }
|
|
# {
|
|
# address = "10.19.0.6";
|
|
# prefixLength = 16;
|
|
# }
|
|
# ];
|
|
# ipv6.addresses = [
|
|
# {
|
|
# address = "fe80::8ce0:84ff:fefb:f981";
|
|
# prefixLength = 64;
|
|
# }
|
|
# ];
|
|
# ipv4.routes = [
|
|
# {
|
|
# address = "64.225.96.1";
|
|
# prefixLength = 32;
|
|
# }
|
|
# ];
|
|
# };
|
|
# };
|
|
};
|
|
|
|
services.udev.extraRules = ''
|
|
ATTR{address}=="96:00:02:4e:68:63", NAME="eth0"
|
|
'';
|
|
}
|