os/hosts/frikandel/networking.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

47 lines
1.1 KiB
Nix
Raw Permalink Normal View History

2023-10-24 13:54:04 +00:00
{
flake,
config,
pkgs,
lib,
...
}: {
networking.hostName = "frikandel";
networking.hostId = "44234773";
2023-11-12 17:33:58 +00:00
networking.nameservers = [
2023-11-12 23:19:53 +00:00
"193.110.81.0" #dns0.eu
"2a0f:fc80::" #dns0.eu
"185.253.5.0" #dns0.eu
"2a0f:fc81::" #dns0.eu
2023-11-12 17:33:58 +00:00
];
2023-10-24 13:54:04 +00:00
2023-10-24 15:56:14 +00:00
services.openssh.openFirewall = true;
2023-10-24 13:54:04 +00:00
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
networking.useDHCP = false;
networking.interfaces.enp1s0 = {
ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
};
networking.defaultGateway = {
address = "172.31.1.1";
interface = "enp1s0";
};
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
2023-11-12 17:33:58 +00:00
2023-11-12 20:45:02 +00:00
networking.firewall.allowedTCPPorts = [ 80 443 ];
2023-11-12 17:33:58 +00:00
# Caddy reverse proxy for local services like cups
services.caddy = {
2023-11-12 23:19:53 +00:00
enable = true;
2023-11-12 17:33:58 +00:00
globalConfig = ''
default_bind 128.140.109.213 2a01:4f8:c2c:b60::
# auto_https off
email acme@benjaminbaedorf.eu
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
'';
};
2023-10-24 13:54:04 +00:00
}