Compare commits
3 commits
75ea05b3ec
...
3388639bac
Author | SHA1 | Date | |
---|---|---|---|
Casper V. Kristensen | 3388639bac | ||
Casper V. Kristensen | 6d90e5df32 | ||
Casper V. Kristensen | ad7db51d8b |
14
flake.lock
14
flake.lock
|
@ -120,11 +120,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1713013257,
|
||||
"narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
|
||||
"lastModified": 1713145326,
|
||||
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
|
||||
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -165,11 +165,11 @@
|
|||
},
|
||||
"secrets": {
|
||||
"locked": {
|
||||
"lastModified": 1712706448,
|
||||
"narHash": "sha256-ekO1azljI9rKc5u+cRp+33Xe8VVxvDxxseXFvtypHI8=",
|
||||
"lastModified": 1713224959,
|
||||
"narHash": "sha256-WnZVnnu1L/PyODRrjwU/K4xcJx4HlCX72Dm3KBzgSA0=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "fe08a4769ba195e2ee515967d33a520c8692420c",
|
||||
"revCount": 16,
|
||||
"rev": "17e318fd2ae0272999e89a43279298517b9444b4",
|
||||
"revCount": 17,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
|
||||
},
|
||||
|
|
|
@ -45,10 +45,9 @@
|
|||
"${config.security.acme.certs."caspervk.net".directory}/fullchain.pem",
|
||||
"${config.security.acme.certs."caspervk.net".directory}/key.pem"
|
||||
)
|
||||
-- Cache is stored in /var/cache/knot-resolver, which is mounted as
|
||||
-- tmpfs. Allow using 90% of the partition for caching.
|
||||
-- Cache is stored in /var/cache/knot-resolver, which is mounted as tmpfs
|
||||
-- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html
|
||||
cache.size = math.floor(cache.fssize() * 0.9)
|
||||
cache.size = 1.5 * GB
|
||||
-- The predict module helps to keep the cache hot by prefetching
|
||||
-- records. Any time the resolver answers with records that are about to
|
||||
-- expire, they get refreshed.
|
||||
|
|
11
hosts/sigma/acme.nix
Normal file
11
hosts/sigma/acme.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{...}: {
|
||||
security.acme.certs."caspervk.net" = {
|
||||
domain = "*.caspervk.net";
|
||||
reloadServices = [
|
||||
"caddy.service"
|
||||
];
|
||||
};
|
||||
users.groups.acme.members = [
|
||||
"caddy"
|
||||
];
|
||||
}
|
3
hosts/sigma/caddy.nix
Normal file
3
hosts/sigma/caddy.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
{secrets, ...}: {
|
||||
services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
|
||||
}
|
|
@ -3,9 +3,11 @@
|
|||
../../overlays
|
||||
../../modules/base
|
||||
../../modules/server
|
||||
./hardware.nix
|
||||
#./borg.nix
|
||||
./acme.nix
|
||||
#./borg.nix TODO!
|
||||
./caddy.nix
|
||||
./gitea.nix
|
||||
./hardware.nix
|
||||
./network.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -132,16 +132,23 @@
|
|||
allowedUDPPorts = lib.mkForce [];
|
||||
allowedTCPPortRanges = lib.mkForce [];
|
||||
allowedUDPPortRanges = lib.mkForce [];
|
||||
|
||||
interfaces = {
|
||||
"enp5s0" = {
|
||||
allowedTCPPorts = [22];
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
];
|
||||
};
|
||||
"wg-sigma-public" = {
|
||||
allowedTCPPorts = [22];
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
80 # Caddy
|
||||
443 # Caddy
|
||||
];
|
||||
};
|
||||
"wg-sigma-p2p" = {
|
||||
allowedTCPPorts = [1337];
|
||||
allowedTCPPorts = [
|
||||
1337 # random testing (TODO)
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue