47 lines
1.1 KiB
Nix
47 lines
1.1 KiB
Nix
{
|
|
flake,
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
networking.hostName = "frikandel";
|
|
networking.hostId = "44234773";
|
|
networking.nameservers = [
|
|
"193.110.81.0" #dns0.eu
|
|
"2a0f:fc80::" #dns0.eu
|
|
"185.253.5.0" #dns0.eu
|
|
"2a0f:fc81::" #dns0.eu
|
|
];
|
|
|
|
services.openssh.openFirewall = true;
|
|
|
|
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
|
|
networking.useDHCP = false;
|
|
networking.interfaces.enp1s0 = {
|
|
ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
|
|
ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
|
|
};
|
|
networking.defaultGateway = {
|
|
address = "172.31.1.1";
|
|
interface = "enp1s0";
|
|
};
|
|
networking.defaultGateway6 = {
|
|
address = "fe80::1";
|
|
interface = "enp1s0";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
# Caddy reverse proxy for local services like cups
|
|
services.caddy = {
|
|
enable = true;
|
|
globalConfig = ''
|
|
default_bind 128.140.109.213 2a01:4f8:c2c:b60::
|
|
# auto_https off
|
|
email acme@benjaminbaedorf.eu
|
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
|
'';
|
|
};
|
|
}
|