albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

Refactoring some things

Browse source
This commit is contained in:
albert 2025-02-24 13:21:23 -08:00
parent 7e749c68a6
commit 00029a7d3c
Signed by: albert
GPG key ID: 3895DD267CA11BA9
10 changed files with 19 additions and 36 deletions
nixos
common/containers
derp.nixpiaware.nix
hosts
backups-rpi4
default.nix
frankfurt-linode-01
default.nixfirewall.nix
milan-linode-01
default.nixfirewall.nix
osaka-linode-01
default.nixfirewall.nix
piaware-rpi4
default.nix

12
nixos/common/containers/derp.nix
View file

@ -32,4 +32,16 @@
log-driver = "journald";
extraOptions = [ "--network=host" ];
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
1443 # Headscale DERP (tcp)
];
allowedUDPPorts = [
3478 # Headscale DERP (udp)
];
};
};
}

0
nixos/hosts/piaware-rpi4/containers/piaware.nix → nixos/common/containers/piaware.nix
View file

4
nixos/hosts/backups-rpi4/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: {
{ hostname, ... }: {
imports = [
../../common/services/tailscale-autoconnect.nix
../../common/modules/raspberry-pi-4.nix
@ -8,7 +8,7 @@
];
time.timeZone = "Europe/Warsaw";
networking.hostName = "backups-rpi4";
networking.hostName = hostname;
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
}

2
nixos/hosts/frankfurt-linode-01/default.nix
View file

@ -3,7 +3,7 @@
(modulesPath + "/profiles/qemu-guest.nix")
(import ../../common/containers/derp.nix { domainName = "frankfurt.sysctl.io"; })
../../common/services/tailscale-autoconnect.nix
../../common/services/docker.nix
../../common/services/podman.nix
./firewall.nix
./wireguard.nix
];

2
nixos/hosts/frankfurt-linode-01/firewall.nix
View file

@ -7,7 +7,6 @@
443 # HTTPS
42420 # Vintage Story
25565 # Minecraft
1443 # Headscale DERP (tcp)
25 # Mailserver
143 # Mailserver
465 # Mailserver
@ -17,7 +16,6 @@
4443 # Jitsi
];
allowedUDPPorts = [
3478 # Headscale DERP (udp)
10000 # Jitsi Meet (udp)
15636 # Enshrouded - Game
15637 # Enshrouded - Query Port

5
nixos/hosts/milan-linode-01/default.nix
View file

@ -1,10 +1,9 @@
{ hostname, lib, modulesPath, ... }: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
../../common/services/tailscale-autoconnect.nix
../../common/services/docker.nix
./firewall.nix
(import ../../common/containers/derp.nix { domainName = "milan.sysctl.io"; })
../../common/services/tailscale-autoconnect.nix
../../common/services/podman.nix
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];

13
nixos/hosts/milan-linode-01/firewall.nix
View file

@ -1,13 +0,0 @@
{ ... }: {
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
1443 # Headscale DERP (tcp)
];
allowedUDPPorts = [
3478 # Headscale DERP (udp)
];
};
};
}

2
nixos/hosts/osaka-linode-01/default.nix
View file

@ -3,7 +3,7 @@
(modulesPath + "/profiles/qemu-guest.nix")
(import ../../common/containers/derp.nix { domainName = "osaka.sysctl.io"; })
../../common/services/tailscale-autoconnect.nix
../../common/services/docker.nix
../../common/services/podman.nix
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];

13
nixos/hosts/osaka-linode-01/firewall.nix
View file

@ -1,13 +0,0 @@
{ ... }: {
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
1443 # Headscale DERP (tcp)
];
allowedUDPPorts = [
3478 # Headscale DERP (udp)
];
};
};
}

2
nixos/hosts/piaware-rpi4/default.nix
View file

@ -3,7 +3,7 @@
../../common/services/tailscale-autoconnect.nix
../../common/services/podman.nix
../../common/modules/raspberry-pi-4.nix
./containers/piaware.nix
../../common/containers/piaware.nix
];
time.timeZone = "Europe/Warsaw";