49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{
|
|
flake,
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
networking.hostId = "34234773";
|
|
networking.hostName = "pie";
|
|
networking.defaultGateway = {
|
|
address = "192.168.178.1";
|
|
interface = "enabcm6e4ei0";
|
|
};
|
|
|
|
networking.interfaces.enabcm6e4ei0 = {
|
|
ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ];
|
|
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ];
|
|
};
|
|
|
|
networking.hosts = (flake.self.lib.addLocalHostname ["caddy.local"]) // {
|
|
"128.140.109.213" = [ "vpn.b12f.io" ];
|
|
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.openssh.openFirewall = true;
|
|
|
|
# Caddy reverse proxy for local services like cups
|
|
services.caddy = {
|
|
globalConfig = ''
|
|
default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:2:: 10.0.1.2 fd00:b12f:acab:1312:acab:2::
|
|
# auto_https off
|
|
email acme@benjaminbaedorf.eu
|
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
|
'';
|
|
};
|
|
|
|
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
|
|
|
|
pub-solar.wireguard-client = {
|
|
ownIPs = [
|
|
"10.0.1.2/32"
|
|
"fd00:b12f:acab:1312:acab:2::/96"
|
|
];
|
|
wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
|
|
};
|
|
}
|