3 files changed,
17 insertions(+),
32 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-02-12 21:39:07 +0200
Parent:
7c73152
M
nix/hosts/thought/configuration.nix
@@ -5,7 +5,7 @@ ./disko-config.nix
./hardware-configuration.nix ]; - system.stateVersion = "24.05"; + system.stateVersion = "25.11"; swapDevices = [ {@@ -24,14 +24,10 @@ i18n.defaultLocale = "en_US.UTF-8";
networking = { hostName = "vps"; - useDHCP = true; - # Interface names will be auto-detected in hardware-configuration.nix - # Using generic DHCP setting interfaces = { }; firewall = { enable = true; allowedTCPPorts = [ - 22 80 443 2222@@ -39,14 +35,7 @@ ];
}; }; - environment.systemPackages = with pkgs; [ - neovim - git - htop - tmux - ]; - - age.identityPaths = [ "/keys.txt" ]; # TODO: i dont like that i overwrites literally everything + age.identityPaths = [ "/keys.txt" ]; services = { caddy = {@@ -80,4 +69,10 @@ "flakes"
]; }; }; + + environment.systemPackages = with pkgs; [ + neovim + git + htop + ]; }
M
nix/modules/mugit.nix
@@ -4,6 +4,7 @@ services.caddy.virtualHosts."git.olexsmir.xyz".extraConfig = ''
reverse_proxy localhost:8008 ''; + networking.firewall.allowedTCPPorts = [ 22 ]; services.mugit = { enable = true; openFirewall = true;
M
nix/modules/wireguard.nix
@@ -1,43 +1,32 @@
{ config, pkgs, ... }: { - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - }; - networking.firewall.allowedUDPPorts = [ 51820 ]; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + networking.nat = { enable = true; externalInterface = "ens3"; internalInterfaces = [ "wg0" ]; }; - age.secrets.wg-private-key = { - file = ../secrets/wg-private-key.age; - }; + age.secrets.wg-private-key.file = ../secrets/wg-private-key.age; + networking.firewall.allowedUDPPorts = [ 51820 ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.100.0.1/24" ]; listenPort = 51820; privateKeyFile = config.age.secrets.wg-private-key.path; - # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; + postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE''; + postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE''; peers = [ { - # laptop - publicKey = "cF0abpqZiMrofQUgFHS4D+FuXq3ZoCPBQUlr6WuvBwM="; + publicKey = "cF0abpqZiMrofQUgFHS4D+FuXq3ZoCPBQUlr6WuvBwM="; # laptop allowedIPs = [ "10.100.0.2/32" ]; } { - # phone - publicKey = "GodHMXUBh/0aEyz+XBJID7pm/Hi8xnZv6YzkQbl/Uwc="; + publicKey = "GodHMXUBh/0aEyz+XBJID7pm/Hi8xnZv6YzkQbl/Uwc="; # phone allowedIPs = [ "10.100.0.3/32" ]; } ];