Compare commits

...

3 commits

Author SHA1 Message Date
Casper V. Kristensen 3388639bac flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/90055d5e616bd943795d38808c94dbf0dd35abe8' (2024-04-13)
  → 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15)
• Updated input 'secrets':
    'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=fe08a4769ba195e2ee515967d33a520c8692420c' (2024-04-09)
  → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=17e318fd2ae0272999e89a43279298517b9444b4' (2024-04-15)
2024-04-16 02:08:18 +02:00
Casper V. Kristensen 6d90e5df32 knot-resolver: chill cache size
Allows rebuilding the system again (lol).
2024-04-16 02:08:18 +02:00
Casper V. Kristensen ad7db51d8b caddy: sigma 2024-04-16 02:08:18 +02:00
6 changed files with 38 additions and 16 deletions

View file

@ -120,11 +120,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1713013257,
"narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
"lastModified": 1713145326,
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
"type": "github"
},
"original": {
@ -165,11 +165,11 @@
},
"secrets": {
"locked": {
"lastModified": 1712706448,
"narHash": "sha256-ekO1azljI9rKc5u+cRp+33Xe8VVxvDxxseXFvtypHI8=",
"lastModified": 1713224959,
"narHash": "sha256-WnZVnnu1L/PyODRrjwU/K4xcJx4HlCX72Dm3KBzgSA0=",
"ref": "refs/heads/master",
"rev": "fe08a4769ba195e2ee515967d33a520c8692420c",
"revCount": 16,
"rev": "17e318fd2ae0272999e89a43279298517b9444b4",
"revCount": 17,
"type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
},

View file

@ -45,10 +45,9 @@
"${config.security.acme.certs."caspervk.net".directory}/fullchain.pem",
"${config.security.acme.certs."caspervk.net".directory}/key.pem"
)
-- Cache is stored in /var/cache/knot-resolver, which is mounted as
-- tmpfs. Allow using 90% of the partition for caching.
-- Cache is stored in /var/cache/knot-resolver, which is mounted as tmpfs
-- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html
cache.size = math.floor(cache.fssize() * 0.9)
cache.size = 1.5 * GB
-- The predict module helps to keep the cache hot by prefetching
-- records. Any time the resolver answers with records that are about to
-- expire, they get refreshed.

11
hosts/sigma/acme.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
};
users.groups.acme.members = [
"caddy"
];
}

3
hosts/sigma/caddy.nix Normal file
View file

@ -0,0 +1,3 @@
{secrets, ...}: {
services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
}

View file

@ -3,9 +3,11 @@
../../overlays
../../modules/base
../../modules/server
./hardware.nix
#./borg.nix
./acme.nix
#./borg.nix TODO!
./caddy.nix
./gitea.nix
./hardware.nix
./network.nix
];

View file

@ -132,16 +132,23 @@
allowedUDPPorts = lib.mkForce [];
allowedTCPPortRanges = lib.mkForce [];
allowedUDPPortRanges = lib.mkForce [];
interfaces = {
"enp5s0" = {
allowedTCPPorts = [22];
allowedTCPPorts = [
22 # SSH
];
};
"wg-sigma-public" = {
allowedTCPPorts = [22];
allowedTCPPorts = [
22 # SSH
80 # Caddy
443 # Caddy
];
};
"wg-sigma-p2p" = {
allowedTCPPorts = [1337];
allowedTCPPorts = [
1337 # random testing (TODO)
];
};
};
};