v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

flake update

Browse source
This commit is contained in:
Vivian 2022-09-25 12:44:52 +02:00
parent 3d2fe5cc9e
commit 409e77a283
3 changed files with 25 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nixos/hosts/olympus/mailserver/configuration.nix
View file

@ -33,16 +33,17 @@ let vs = config.vault-secrets.secrets; in
enable = true;
fqdn = "mail.0x76.dev";
domains = [ "0x76.dev" ];
certificateScheme = 3;
loginAccounts = {
"v@0x76.dev" = {
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
};
"keycloak@0x76.dev" = {
hashedPasswordFile = "${vs.mailserver}/keycloak@0x76.dev";
};
};
certificateScheme = 3;
indexDir = "/var/lib/dovecot/indices";
fullTextSearch = {
enable = true;
@ -56,6 +57,9 @@ let vs = config.vault-secrets.secrets; in
};
};
services.postfix.relayHost = "smtp.ziggozakelijk.nl";
services.postfix.relayPort = 587;
services.roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
@ -82,5 +86,5 @@ let vs = config.vault-secrets.secrets; in
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "victor@xirion.net";
security.acme.defaults.email = "v@0x76.dev";
}

10
nixos/hosts/olympus/wireguard/configuration.nix
View file

@ -23,6 +23,7 @@ let vs = config.vault-secrets.secrets; in
networking.firewall.allowedUDPPorts = [
config.networking.wireguard.interfaces.wg0.listenPort
];
networking.firewall.checkReversePath = false;
vault-secrets.secrets.wireguard = {
services = [ "wireguard-wg0" ];
@ -30,10 +31,15 @@ let vs = config.vault-secrets.secrets; in
networking.nat = {
enable = true;
internalInterfaces = [ "wg0" ];
internalInterfaces = [ "wg0" "eth0" ];
externalInterface = "eth0";
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
services.prometheus.exporters.wireguard = {
enable = true;
openFirewall = true;
@ -65,7 +71,7 @@ let vs = config.vault-secrets.secrets; in
# Useful setup video for opnsense: https://www.youtube.com/watch?v=RoXHe5dqCM0
# https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI=";
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24"];
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24" ];
endpoint = "80.60.83.220:51820";
}
];