{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ../../configuration/router ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; networking.hostName = "porter"; networking.useDHCP = false; # Network networking.interfaces.ens3.ipv4.addresses = [ { address = "5.45.100.191"; prefixLength = 22; } ]; networking.interfaces.ens3.ipv6.addresses = [ { address = "2a03:4000:6:48d::1"; prefixLength = 64; } ]; networking.defaultGateway = { address = "5.45.100.1"; interface = "ens3"; }; networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; networking.nameservers = [ "46.38.255.230" "46.38.252.230" ]; services.nginx.enable = true; services.nginx.virtualHosts.default = lib.mkForce {}; services.nginx.virtualHosts."*.schule.clerie.de" = { locations."/" = { proxyPass = "http://schule.net.clerie.de"; }; }; services.sniproxy = { enable = true; config = '' error_log { filename /var/log/sniproxy/error.log } access_log { filename /var/log/sniproxy/access.log } listen 443 { proto tls } table { ^.*\.schule\.clerie\.de$ [2001:638:904:ffcb::d] } ''; }; clerie.nginx-port-forward = { enable = true; tcpPorts."2022" = { host = "nonat.net.clerie.de"; port = 22; }; }; services.chisel-server = { enable = false; host = "[::1]"; port = 3765; authfile = "/var/src/secrets/chisel/users.json"; }; services.snowflake-proxy.enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedUDPPorts = []; clerie.monitoring = { enable = true; id = "102"; pubkey = "+mJN+ustPo2ehP0wqajYs3nTdJ0SPuIDyiZQSHFIK3o="; blackbox = true; }; system.stateVersion = "21.03"; }