patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity
nix-config/hosts/elisabeth/net.nix

105 lines
3.2 KiB
Nix
Raw Normal View History

reformat
2024-07-26 22:12:48 +02:00
{ config, lib, ... }:
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
{
networking = {
inherit (config.secrets.secrets.local.networking) hostId;
};
systemd.network.networks = {
feat: setup elisabeth
2024-01-13 16:07:55 +01:00
"10-lan01" = {
reformat
2024-07-26 22:12:48 +02:00
address = [
(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips.${config.node.name}
config.secrets.secrets.global.net.privateSubnetv4
)
];
gateway = [ (lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4) ];
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
#matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
matchConfig.Name = "lan";
feat: added local IPv6
2024-02-10 17:53:16 +01:00
dhcpV6Config.UseDNS = false;
dhcpV4Config.UseDNS = false;
feat: nextcloud send mail
2024-02-11 00:40:30 +01:00
ipv6AcceptRAConfig.UseDNS = false;
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
networkConfig = {
fix: fixed dns config
2024-04-02 23:33:22 +02:00
MulticastDNS = true;
};
};
"40-lan01" = {
dhcpV6Config.UseDNS = false;
dhcpV4Config.UseDNS = false;
ipv6AcceptRAConfig.UseDNS = false;
networkConfig = {
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
MulticastDNS = true;
};
};
};
boot.initrd.systemd.network = {
enable = true;
networks = {
# redo the network cause the livesystem has macvlans
feat: setup elisabeth
2024-01-13 16:07:55 +01:00
"10-lan01" = {
reformat
2024-07-26 22:12:48 +02:00
address = [
(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips.${config.node.name}
config.secrets.secrets.global.net.privateSubnetv4
)
];
gateway = [ (lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4) ];
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
feat: added local IPv6
2024-02-10 17:53:16 +01:00
dhcpV6Config.UseDNS = false;
dhcpV4Config.UseDNS = false;
fix: fixed dns config
2024-04-02 23:33:22 +02:00
ipv6AcceptRAConfig.UseDNS = false;
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
networkConfig = {
IPv6PrivacyExtensions = "yes";
MulticastDNS = true;
};
};
};
};
reformat
2024-07-26 22:12:48 +02:00
networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" ];
feat: added local wireguard routing
2024-03-14 23:08:42 +01:00
wireguard.elisabeth.server = {
reformat
2024-07-26 22:12:48 +02:00
host =
lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name}
config.secrets.secrets.global.net.privateSubnetv4;
reservedAddresses = [
"10.42.0.0/20"
"fd00:1764::/112"
];
feat: added local wireguard routing
2024-03-14 23:08:42 +01:00
openFirewall = true;
};
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
# To be able to ping containers from the host, it is necessary
# to create a macvlan on the host on the VLAN 1 network.
networking.macvlans.lan = {
interface = "lan01";
mode = "bridge";
};
feat: forgejo backups feat: maddy
2024-01-27 23:21:42 +01:00
age.secrets.cloudflare_token_acme = {
rekeyFile = ./secrets/cloudflare_api_token.age;
mode = "440";
group = "acme";
};
security.acme = {
acceptTerms = true;
defaults = {
email = config.secrets.secrets.global.devEmail;
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
reformat
2024-07-26 22:12:48 +02:00
reloadServices = [ "nginx" ];
feat: forgejo backups feat: maddy
2024-01-27 23:21:42 +01:00
credentialFiles = {
"CF_DNS_API_TOKEN_FILE" = config.age.secrets.cloudflare_token_acme.path;
"CF_ZONE_API_TOKEN_FILE" = config.age.secrets.cloudflare_token_acme.path;
};
};
};
security.acme.certs.web = {
domain = config.secrets.secrets.global.domains.web;
reformat
2024-07-26 22:12:48 +02:00
extraDomainNames = [ "*.${config.secrets.secrets.global.domains.web}" ];
feat: forgejo backups feat: maddy
2024-01-27 23:21:42 +01:00
};
reformat
2024-07-26 22:12:48 +02:00
users.groups.acme.members = [ "nginx" ];
feat: forgejo backups feat: maddy
2024-01-27 23:21:42 +01:00
environment.persistence."/state".directories = [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
mode = "0755";
}
];
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
}
Reference in a new issue Copy permalink