This commit is contained in:
Danilo Reyes
@@ -17,22 +17,26 @@ in
|
||||
];
|
||||
my = import ./toggles.nix { inherit config inputs; } // {
|
||||
nix.cores = 6;
|
||||
users.nixremote.enable = true;
|
||||
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
||||
"nixworkstation"
|
||||
"nixminiserver"
|
||||
];
|
||||
network.firewall.enabledServicePorts = true;
|
||||
network.firewall.additionalPorts = [
|
||||
2049 # idk
|
||||
config.my.ports.syncthingGui
|
||||
config.my.ports.syncthingRelay
|
||||
config.my.ports.sonarqube
|
||||
config.my.ports.synapseSsl
|
||||
config.my.ports.tdarr
|
||||
config.my.ports.mediaMap
|
||||
config.my.ports.qbittorrent
|
||||
];
|
||||
users.nixremote = {
|
||||
enable = true;
|
||||
authorizedKeys = inputs.self.lib.getSshKeys [
|
||||
"nixworkstation"
|
||||
"nixminiserver"
|
||||
];
|
||||
};
|
||||
network.firewall = {
|
||||
enabledServicePorts = true;
|
||||
additionalPorts = [
|
||||
2049 # idk
|
||||
config.my.ports.syncthingGui
|
||||
config.my.ports.syncthingRelay
|
||||
config.my.ports.sonarqube
|
||||
config.my.ports.synapseSsl
|
||||
config.my.ports.tdarr
|
||||
config.my.ports.mediaMap
|
||||
config.my.ports.qbittorrent
|
||||
];
|
||||
};
|
||||
};
|
||||
nix.buildMachines = [
|
||||
{
|
||||
@@ -65,10 +69,6 @@ in
|
||||
};
|
||||
networking = {
|
||||
hostName = "server";
|
||||
firewall = {
|
||||
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
|
||||
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
|
||||
};
|
||||
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
|
||||
ips = [ "${config.my.ips.wg-server}/32" ];
|
||||
privateKeyFile = config.sops.secrets."server/private".path;
|
||||
@@ -86,6 +86,10 @@ in
|
||||
}
|
||||
];
|
||||
};
|
||||
firewall = {
|
||||
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
|
||||
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
|
||||
};
|
||||
};
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs) podman-compose attic-client;
|
||||
@@ -116,14 +120,12 @@ in
|
||||
vpsHost = "lidarr-reports@${config.my.ips.vps}";
|
||||
vpsPath = "/var/www/html/lidarr-mb-gap";
|
||||
sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path;
|
||||
sshKnownHosts = {
|
||||
vps = {
|
||||
hostNames = [
|
||||
config.my.ips.vps
|
||||
"[${config.my.ips.vps}]:3456"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
|
||||
};
|
||||
sshKnownHosts.vps = {
|
||||
hostNames = [
|
||||
config.my.ips.vps
|
||||
"[${config.my.ips.vps}]:3456"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user