os/hosts/pie/networking.nix

49 lines
1.3 KiB
Nix

{
flake,
config,
pkgs,
lib,
...
}: {
networking.hostId = "34234773";
networking.hostName = "pie";
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0 = {
ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ];
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ];
};
networking.hosts = (flake.self.lib.addLocalHostname ["caddy.local"]) // {
"128.140.109.213" = [ "vpn.b12f.io" ];
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.openssh.openFirewall = true;
# Caddy reverse proxy for local services like cups
services.caddy = {
globalConfig = ''
default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:2:: 10.0.1.2 fd00:b12f:acab:1312:acab:2::
# auto_https off
email acme@benjaminbaedorf.eu
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
'';
};
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
pub-solar.wireguard-client = {
ownIPs = [
"10.0.1.2/32"
"fd00:b12f:acab:1312:acab:2::/96"
];
wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
};
}