"fixes"

2026-02-04 06:31:41 -06:00
parent efe5cb0f99
commit 3f13527e51
8 changed files with 141 additions and 53 deletions
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -1,6 +1,7 @@
 {
  lib,
  inputs,
+  pkgs,
  ...
 }:
 {
@@ -10,6 +11,7 @@
  ];
  my = {
    secureHost = true;
+    enableProxy = true;
    users.nixremote = {
      enable = true;
      authorizedKeys = inputs.self.lib.getSshKeys [
@@ -18,12 +20,28 @@
        "nixminiserver"
      ];
    };
-    services.network.enable = true;
    interfaces = lib.mkMerge [
      {
        vps = "eth0";
      }
    ];
+    services = {
+      network.enable = true;
+      wireguard.enable = true;
+    };
+  };
+  environment.etc."iptables.rules".source = ../../iptables;
+  networking.firewall.enable = false;
+  networking.nftables.enable = false;
+  systemd.services.iptables-restore = {
+    description = "Apply iptables ruleset";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network-pre.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${pkgs.iptables}/bin/iptables-restore --wait /etc/iptables.rules";
+    };
  };
  image.modules.linode = { };
  networking.hostName = "vps";
@@ -32,5 +50,23 @@
    keyFile = "/var/lib/sops-nix/key.txt";
    sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  };
+  users = {
+    groups = {
+      deploy = { };
+      lidarr-reports = { };
+    };
+    users = {
+      deploy = {
+        isSystemUser = true;
+        group = "deploy";
+        openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_deploy.pub ];
+      };
+      lidarr-reports = {
+        isSystemUser = true;
+        group = "lidarr-reports";
+        openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_lidarr-reports.pub ];
+      };
+    };
+  };
  environment.systemPackages = [ ];
 }