Compare commits
3 Commits
166b35700a
...
a29b9c648a
Author | SHA1 | Date | |
---|---|---|---|
a29b9c648a | |||
7337e2100b | |||
bf3f70a4e7 |
@ -10,6 +10,8 @@
|
|||||||
"net.ipv6.conf.all.forwarding" = true;
|
"net.ipv6.conf.all.forwarding" = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.checkReversePath = false;
|
||||||
|
|
||||||
# Open Firewall for BGP
|
# Open Firewall for BGP
|
||||||
networking.firewall.allowedTCPPorts = [ 179 ];
|
networking.firewall.allowedTCPPorts = [ 179 ];
|
||||||
# Open Fireall for OSPF
|
# Open Fireall for OSPF
|
||||||
|
@ -53,27 +53,27 @@
|
|||||||
|
|
||||||
networking.wireguard.enable = true;
|
networking.wireguard.enable = true;
|
||||||
networking.wireguard.interfaces = {
|
networking.wireguard.interfaces = {
|
||||||
wg-gatekeeper = {
|
wg-gatekeeper4 = {
|
||||||
ips = [ "fe80::127:2/64" "169.254.127.2/24" ];
|
ips = [ "fe80::127:2/64" "169.254.127.2/24" ];
|
||||||
peers = [ {
|
peers = [ {
|
||||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||||
endpoint = "gatekeeper.net.clerie.de:50127";
|
endpoint = "78.47.183.82:50127";
|
||||||
publicKey = "y+Bk5eIHgmnq9xuBDD+fk/OIkKRZU6AE4ISx4RdDDyg=";
|
publicKey = "y+Bk5eIHgmnq9xuBDD+fk/OIkKRZU6AE4ISx4RdDDyg=";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
} ];
|
} ];
|
||||||
allowedIPsAsRoutes = false;
|
allowedIPsAsRoutes = false;
|
||||||
privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper";
|
privateKeyFile = "/var/src/secrets/wireguard/wg-gatekeeper4";
|
||||||
};
|
};
|
||||||
wg-porter = {
|
wg-porter4 = {
|
||||||
ips = [ "fe80::138:2/64" "169.254.138.2/24" ];
|
ips = [ "fe80::138:2/64" "169.254.138.2/24" ];
|
||||||
peers = [ {
|
peers = [ {
|
||||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||||
endpoint = "porter.net.clerie.de:50138";
|
endpoint = "188.34.158.206:50138";
|
||||||
publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM=";
|
publicKey = "aP6optNE7nVk6coo+USkSDtB62rAc/isfofRML9V2HM=";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
} ];
|
} ];
|
||||||
allowedIPsAsRoutes = false;
|
allowedIPsAsRoutes = false;
|
||||||
privateKeyFile = "/var/src/secrets/wireguard/wg-porter";
|
privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -218,11 +218,11 @@
|
|||||||
export all;
|
export all;
|
||||||
};
|
};
|
||||||
area 0 {
|
area 0 {
|
||||||
interface "wg-gatekeeper" {
|
interface "wg-gatekeeper4" {
|
||||||
cost 80;
|
cost 80;
|
||||||
type pointopoint;
|
type pointopoint;
|
||||||
};
|
};
|
||||||
interface "wg-porter" {
|
interface "wg-porter4" {
|
||||||
cost 80;
|
cost 80;
|
||||||
type pointopoint;
|
type pointopoint;
|
||||||
};
|
};
|
||||||
@ -236,11 +236,11 @@
|
|||||||
export all;
|
export all;
|
||||||
};
|
};
|
||||||
area 0 {
|
area 0 {
|
||||||
interface "wg-gatekeeper" {
|
interface "wg-gatekeeper4" {
|
||||||
cost 80;
|
cost 80;
|
||||||
type pointopoint;
|
type pointopoint;
|
||||||
};
|
};
|
||||||
interface "wg-porter" {
|
interface "wg-porter4" {
|
||||||
cost 80;
|
cost 80;
|
||||||
type pointopoint;
|
type pointopoint;
|
||||||
};
|
};
|
||||||
|
22
hosts/web-2/clerie.nix
Normal file
22
hosts/web-2/clerie.nix
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"www.clerie.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
return = "301 https://clerie.de$request_uri";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"clerie.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
root = fetchGit {
|
||||||
|
url = "https://git.clerie.de/clerie/clerie.de.git";
|
||||||
|
rev = "7fbb8042100fde4a8524eec656519eb8b48ae68a";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -6,6 +6,7 @@
|
|||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../configuration/common
|
../../configuration/common
|
||||||
./bubblesort.nix
|
./bubblesort.nix
|
||||||
|
./clerie.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
./ip.nix
|
./ip.nix
|
||||||
./meow.nix
|
./meow.nix
|
||||||
|
Loading…
Reference in New Issue
Block a user