arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

NAS cleanup

Browse source
This commit is contained in:
Gabriel Simmer 2023-12-24 01:06:55 +00:00
parent 92c3da6e0e
commit 886496c6db
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
1 changed files with 3 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
nix/nas/configuration.nix
View file

@ -388,26 +388,12 @@
hostName = "vancouver";
domain = "gmem.ca";
firewall = {
trustedInterfaces = ["tailscale0" "virbr0"];
trustedInterfaces = ["tailscale0"];
checkReversePath = "loose";
enable = true;
allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 22000 5201 ];
allowedUDPPorts = [ 53 41641 22000 21027 ];
allowedTCPPorts = [ 22 80 443 9798 2049 ];
allowedUDPPorts = [ 41641 ];
};
# useDHCP = false;
# bridges = {
# "br0" = {
# interfaces = [ "eno1" ];
# };
# };
# interfaces.br0.ipv4.addresses = [
# {
# address = "192.168.50.229";
# prefixLength = 24;
# }
# ];
# defaultGateway = "192.168.50.1";
nameservers = ["45.90.28.116" "45.90.30.116"];
nftables.enable = true;
};
environment.systemPackages = with pkgs; [
@ -441,14 +427,7 @@
};
environment.shells = with pkgs; [ zsh fish ];
users.groups = {
k3s = { };
};
users.users = {
k3s = {
isSystemUser = true;
group = "k3s";
};
gsimmer = {
shell = pkgs.fish;
isNormalUser = true;
@ -513,21 +492,6 @@
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare-dns.path;
};
security.acme.certs."vancouver.gmem.ca" = {
domain = "vancouver.gmem.ca";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare-dns.path;
};
security.acme.certs."request-media.gmem.ca" = {
domain = "request-media.gmem.ca";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare-dns.path;
};
security.acme.certs."flood.gmem.ca" = {
domain = "flood.gmem.ca";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare-dns.path;
};
system.stateVersion = "23.05";
}