diff --git a/nixos/hosts/nixos-rpi4-03/temp.nix b/nixos/hosts/nixos-rpi4-03/temp.nix index 7c56c317..45c5980c 100644 --- a/nixos/hosts/nixos-rpi4-03/temp.nix +++ b/nixos/hosts/nixos-rpi4-03/temp.nix @@ -2,6 +2,11 @@ networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 80 443 ]; # networking.firewall.allowedTCPPorts = [ 80 443 ]; +# Generate a test cert +# sudo openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \ +# -nodes -keyout test-ssl.key -out test-ssl.crt -subj "/CN=test-ssl" \ +# -addext "subjectAltName=DNS:test-ssl,DNS:*.test-ssl,IP:10.100.0.2" + services.nginx = { enable = true; httpConfig = '' @@ -12,6 +17,14 @@ server_name_in_redirect off; root /var/www/test; } + server { + listen 443 ssl; + server_name _; + server_name_in_redirect off; + root /var/www/test-ssl; + ssl_certificate /etc/ssl/nginx/test-ssl.crt; + ssl_certificate_key /etc/ssl/nginx/test-ssl.key; + } ''; }; } \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/wireguard.nix b/nixos/hosts/osaka-vultr-01/wireguard.nix index 0b57e217..f8d20dfc 100644 --- a/nixos/hosts/osaka-vultr-01/wireguard.nix +++ b/nixos/hosts/osaka-vultr-01/wireguard.nix @@ -18,7 +18,6 @@ "net.ipv4.conf.all.forwarding" = 1; "net.ipv4.conf.default.forwarding" = 1; }; - networking.firewall.allowPing = true; networking.wireguard = { enable = true; interfaces = { @@ -26,12 +25,8 @@ ips = [ "10.100.0.1/24" ]; listenPort = 51820; privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01"; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE - ''; + postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE''; + postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE''; peers = [ { # nixos-rpi4-03 publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";