diff --git a/nixos/common/services/podman.nix b/nixos/common/services/podman.nix index 1724e5f0..c57b908f 100644 --- a/nixos/common/services/podman.nix +++ b/nixos/common/services/podman.nix @@ -11,9 +11,12 @@ dockerSocket.enable = true; dockerCompat = true; autoPrune = { - enable = true; - dates = "weekly"; - flags = [ "--all" ]; + enable = true; + dates = "weekly"; + flags = [ "--all" ]; + }; + defaultNetwork.settings = { + dns_enabled = true; }; }; diff --git a/nixos/hosts/milan-linode-01/default.nix b/nixos/hosts/milan-linode-01/default.nix index e15899b5..965b1f4f 100644 --- a/nixos/hosts/milan-linode-01/default.nix +++ b/nixos/hosts/milan-linode-01/default.nix @@ -39,4 +39,5 @@ networking.hostName = "milan-linode-01"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; + boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; } diff --git a/nixos/hosts/milan-linode-01/podman/derp.nix b/nixos/hosts/milan-linode-01/podman/derp.nix index da9efe34..ecd42b76 100644 --- a/nixos/hosts/milan-linode-01/podman/derp.nix +++ b/nixos/hosts/milan-linode-01/podman/derp.nix @@ -35,18 +35,10 @@ serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - after = [ - "podman-network-headscale-default.service" - ]; - requires = [ - "podman-network-headscale-default.service" - ]; - partOf = [ - "podman-compose-headscale-root.target" - ]; - wantedBy = [ - "podman-compose-headscale-root.target" - ]; + after = [ "podman-network-headscale-default.service" ]; + requires = [ "podman-network-headscale-default.service" ]; + partOf = [ "podman-compose-headscale-root.target" ]; + wantedBy = [ "podman-compose-headscale-root.target" ]; }; # Networks @@ -60,7 +52,7 @@ script = '' podman network inspect headscale-default || podman network create headscale-default --opt isolate=true ''; - partOf = [ "podman-compose-headscale-root.target" ]; + partOf = [ "podman-compose-headscale-root.target" ]; wantedBy = [ "podman-compose-headscale-root.target" ]; }; diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index 88ad4ac6..4965a801 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -38,9 +38,6 @@ iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443; # HTTPS iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420; # Vintage Story iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565; # Minecraft - # iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443; # Headscale DERP (tcp) - # iifname "enp0s4" udp dport 3478 dnat to 10.100.0.2:3478; # Headscale DERP (udp) - # iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000; # Headscale DERP (udp) iifname "enp0s4" tcp dport 4443 dnat to 10.100.0.2:4443; # Jitsi } } @@ -62,9 +59,6 @@ { sourcePort = 443; proto = "tcp"; destination = "10.100.0.2:443"; } # HTTPS { sourcePort = 42420; proto = "tcp"; destination = "10.100.0.2:42420"; } # Vintage Story { sourcePort = 25565; proto = "tcp"; destination = "10.100.0.2:25565"; } # Minecraft - # { sourcePort = 1443; proto = "tcp"; destination = "10.100.0.2:1443"; } # Headscale DERP (tcp) - # { sourcePort = 3478; proto = "udp"; destination = "10.100.0.2:3478"; } # Headscale DERP (udp) - # { sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; } # Headscale DERP (udp) { sourcePort = 4443; proto = "tcp"; destination = "10.100.0.2:4443"; } # Jitsi ]; }; diff --git a/nixos/hosts/piaware-rpi4/podman/piaware.nix b/nixos/hosts/piaware-rpi4/podman/piaware.nix index aa6d66d5..457fc2c9 100644 --- a/nixos/hosts/piaware-rpi4/podman/piaware.nix +++ b/nixos/hosts/piaware-rpi4/podman/piaware.nix @@ -22,9 +22,9 @@ serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - after = [ "podman-network-piaware-default.service" ]; + after = [ "podman-network-piaware-default.service" ]; requires = [ "podman-network-piaware-default.service" ]; - partOf = [ "podman-compose-piaware-root.target" ]; + partOf = [ "podman-compose-piaware-root.target" ]; wantedBy = [ "podman-compose-piaware-root.target" ]; }; @@ -39,7 +39,7 @@ script = '' podman network inspect piaware-default || podman network create piaware-default --opt isolate=true ''; - partOf = [ "podman-compose-piaware-root.target" ]; + partOf = [ "podman-compose-piaware-root.target" ]; wantedBy = [ "podman-compose-piaware-root.target" ]; };