1
0

Compare commits

..

3 Commits

Author SHA1 Message Date
a29b9c648a Move clerie.de to web-2 2021-01-23 13:27:43 +01:00
7337e2100b carbon pin wireguard to ipv4 2021-01-23 13:27:06 +01:00
bf3f70a4e7 dn42 hosts disable reverse path check 2021-01-23 13:24:16 +01:00
4 changed files with 35 additions and 10 deletions

View File

@ -10,6 +10,8 @@
"net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.all.forwarding" = true;
}; };
networking.firewall.checkReversePath = false;
# Open Firewall for BGP # Open Firewall for BGP
networking.firewall.allowedTCPPorts = [ 179 ]; networking.firewall.allowedTCPPorts = [ 179 ];
# Open Fireall for OSPF # Open Fireall for OSPF

View File

@ -53,27 +53,27 @@
networking.wireguard.enable = true; networking.wireguard.enable = true;
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
wg-gatekeeper = { wg-gatekeeper4 = {
ips = [ "fe80::127:2/64" "169.254.127.2/24" ]; ips = [ "fe80::127:2/64" "169.254.127.2/24" ];
peers = [ { peers = [ {
allowedIPs = [ "0.0.0.0/0" "::/0" ]; allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "gatekeeper.net.clerie.de:50127"; endpoint = "78.47.183.82:50127";
publicKey = "y+Bk5eIHgmnq9xuBDD+fk/OIkKRZU6AE4ISx4RdDDyg="; publicKey = "y+Bk5eIHgmnq9xuBDD+fk/OIkKRZU6AE4ISx4RdDDyg=";
persistentKeepalive = 25; persistentKeepalive = 25;
} ]; } ];
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper"; privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper4";
}; };
wg-porter = { wg-porter4 = {
ips = [ "fe80::138:2/64" "169.254.138.2/24" ]; ips = [ "fe80::138:2/64" "169.254.138.2/24" ];
peers = [ { peers = [ {
allowedIPs = [ "0.0.0.0/0" "::/0" ]; allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "porter.net.clerie.de:50138"; endpoint = "188.34.158.206:50138";
publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM="; publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM=";
persistentKeepalive = 25; persistentKeepalive = 25;
} ]; } ];
allowedIPsAsRoutes = false; allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-porter"; privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
}; };
}; };
@ -218,11 +218,11 @@
export all; export all;
}; };
area 0 { area 0 {
interface "wg-gatekeeper" { interface "wg-gatekeeper4" {
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
interface "wg-porter" { interface "wg-porter4" {
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
@ -236,11 +236,11 @@
export all; export all;
}; };
area 0 { area 0 {
interface "wg-gatekeeper" { interface "wg-gatekeeper4" {
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };
interface "wg-porter" { interface "wg-porter4" {
cost 80; cost 80;
type pointopoint; type pointopoint;
}; };

22
hosts/web-2/clerie.nix Normal file
View File

@ -0,0 +1,22 @@
{ ... }:
{
services.nginx.virtualHosts = {
"www.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 https://clerie.de$request_uri";
};
};
"clerie.de" = {
enableACME = true;
forceSSL = true;
root = fetchGit {
url = "https://git.clerie.de/clerie/clerie.de.git";
rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
};
};
};
}

View File

@ -6,6 +6,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../configuration/common ../../configuration/common
./bubblesort.nix ./bubblesort.nix
./clerie.nix
./gitea.nix ./gitea.nix
./ip.nix ./ip.nix
./meow.nix ./meow.nix