1
0
Fork 0

Compare commits

..

No commits in common. "75ea05b3ece9eab5caee558665642c89f6313a57" and "c3ce52026eab09b872d134d909850f43f3fe4bb9" have entirely different histories.

5 changed files with 13 additions and 36 deletions

14
flake.lock generated
View file

@ -120,11 +120,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713145326, "lastModified": 1713013257,
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=", "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e", "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -165,11 +165,11 @@
}, },
"secrets": { "secrets": {
"locked": { "locked": {
"lastModified": 1713224959, "lastModified": 1712706448,
"narHash": "sha256-WnZVnnu1L/PyODRrjwU/K4xcJx4HlCX72Dm3KBzgSA0=", "narHash": "sha256-ekO1azljI9rKc5u+cRp+33Xe8VVxvDxxseXFvtypHI8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "17e318fd2ae0272999e89a43279298517b9444b4", "rev": "fe08a4769ba195e2ee515967d33a520c8692420c",
"revCount": 17, "revCount": 16,
"type": "git", "type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git" "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
}, },

View file

@ -1,11 +0,0 @@
{...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
};
users.groups.acme.members = [
"caddy"
];
}

View file

@ -1,3 +0,0 @@
{secrets, ...}: {
services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
}

View file

@ -3,11 +3,9 @@
../../overlays ../../overlays
../../modules/base ../../modules/base
../../modules/server ../../modules/server
./acme.nix
#./borg.nix TODO!
./caddy.nix
./gitea.nix
./hardware.nix ./hardware.nix
#./borg.nix
./gitea.nix
./network.nix ./network.nix
]; ];

View file

@ -132,23 +132,16 @@
allowedUDPPorts = lib.mkForce []; allowedUDPPorts = lib.mkForce [];
allowedTCPPortRanges = lib.mkForce []; allowedTCPPortRanges = lib.mkForce [];
allowedUDPPortRanges = lib.mkForce []; allowedUDPPortRanges = lib.mkForce [];
interfaces = { interfaces = {
"enp5s0" = { "enp5s0" = {
allowedTCPPorts = [ allowedTCPPorts = [22];
22 # SSH
];
}; };
"wg-sigma-public" = { "wg-sigma-public" = {
allowedTCPPorts = [ allowedTCPPorts = [22];
22 # SSH
80 # Caddy
443 # Caddy
];
}; };
"wg-sigma-p2p" = { "wg-sigma-p2p" = {
allowedTCPPorts = [ allowedTCPPorts = [1337];
1337 # random testing (TODO)
];
}; };
}; };
}; };