2023-10-24 13:54:04 +00:00
|
|
|
{
|
|
|
|
|
flake,
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
networking.hostName = "frikandel";
|
|
|
|
|
networking.hostId = "44234773";
|
2023-11-12 17:33:58 +00:00
|
|
|
networking.nameservers = [
|
|
|
|
|
"193.110.81.0#dns0.eu"
|
|
|
|
|
"2a0f:fc80::#dns0.eu"
|
|
|
|
|
"185.253.5.0#dns0.eu"
|
|
|
|
|
"2a0f:fc81::#dns0.eu"
|
|
|
|
|
];
|
2023-10-24 13:54:04 +00:00
|
|
|
|
2023-10-24 15:56:14 +00:00
|
|
|
services.openssh.openFirewall = true;
|
|
|
|
|
|
2023-10-24 13:54:04 +00:00
|
|
|
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
|
|
|
|
|
networking.useDHCP = false;
|
|
|
|
|
networking.interfaces.enp1s0 = {
|
|
|
|
|
ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
|
|
|
|
|
ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
|
|
|
|
|
};
|
|
|
|
|
networking.defaultGateway = {
|
|
|
|
|
address = "172.31.1.1";
|
|
|
|
|
interface = "enp1s0";
|
|
|
|
|
};
|
|
|
|
|
networking.defaultGateway6 = {
|
|
|
|
|
address = "fe80::1";
|
|
|
|
|
interface = "enp1s0";
|
|
|
|
|
};
|
2023-11-12 17:33:58 +00:00
|
|
|
|
2023-11-12 20:45:02 +00:00
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
2023-11-12 17:33:58 +00:00
|
|
|
# Caddy reverse proxy for local services like cups
|
|
|
|
|
services.caddy = {
|
|
|
|
|
globalConfig = ''
|
|
|
|
|
default_bind 128.140.109.213 2a01:4f8:c2c:b60::
|
|
|
|
|
# auto_https off
|
|
|
|
|
email acme@benjaminbaedorf.eu
|
|
|
|
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
|
|
|
|
'';
|
|
|
|
|
};
|
2023-10-24 13:54:04 +00:00
|
|
|
}
|
