From f7b7b731a54948b2dc01bdf2ae0047ecf99f75c8 Mon Sep 17 00:00:00 2001 From: albert Date: Sat, 2 Dec 2023 22:36:39 +0900 Subject: [PATCH] Test from server --- nixos/hosts/framework-server/default.nix | 11 ++++++++--- nixos/hosts/framework-server/docker.nix | 20 ++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index 87c09401..439ef511 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -42,6 +42,13 @@ "tailscaled-autoconnect.service" ]; }; + services.tailscale.extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=10.2.0.0/24" + ]; + + boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; + services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server"; boot.initrd.services.udev.rules = '' # This is used to change the default configuration of Realtek USB ethernet adapters @@ -58,6 +65,4 @@ LABEL="usb_realtek_net_end" ''; - - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server"; -} \ No newline at end of file +} diff --git a/nixos/hosts/framework-server/docker.nix b/nixos/hosts/framework-server/docker.nix index 8708f87f..99e7fb0d 100644 --- a/nixos/hosts/framework-server/docker.nix +++ b/nixos/hosts/framework-server/docker.nix @@ -3,6 +3,7 @@ "fs.inotify.max_user_watches" = 10485760; "fs.inotify.max_user_instances" = 1024; }; + virtualisation.docker = { enable = true; enableOnBoot = true; @@ -13,4 +14,23 @@ }; environment.systemPackages = with pkgs; [ docker-compose ]; + + networking.firewall.allowedUDPPorts = [ + 3478 # Headscale DERP UDP + 10000 # Jitsi + ]; + networking.firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # HTTPS + 25 # Mail + 465 # Mail + 587 # Mail + 143 # Mail + 993 # Mail + 4190 # Mail + 42420 # Vintage Story + 25565 # Minecraft + 1443 # Headscale DERP + 4443 # Jitsi + ]; }