os/hosts/pie/networking.nix
2023-10-19 23:17:35 +02:00

52 lines
1.1 KiB
Nix

{
flake,
config,
pkgs,
lib,
...
}: {
networking.hostId = "34234773";
networking.hostName = "pie";
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 32;
}
];
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
prefixLength = 128;
}
];
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
networking.firewall.allowedTCPPorts = [ 80 ];
services.openssh.allowSFTP = true;
# Caddy reverse proxy for local services like cups
services.caddy = {
globalConfig = ''
default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7
auto_https off
'';
};
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
pub-solar.wireguard-client = {
ownIPs = [
"10.0.1.2/32"
"fd00:acab:1312:acab:2::/128"
];
wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
};
}