diff --git a/flake.lock b/flake.lock index b7d77cc..b0c845f 100644 --- a/flake.lock +++ b/flake.lock @@ -400,11 +400,11 @@ "wlroots": "wlroots" }, "locked": { - "lastModified": 1664023338, - "narHash": "sha256-S2f84PqAS75UXK0Mdf9uBn89a4UVNthA3RnSKB+sP7k=", + "lastModified": 1664050038, + "narHash": "sha256-Q+dLA0bPW0RqYs9ONiu5/KalJYVjoFX2kG6p9G/hzDc=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "73dbacd16d16d8a58d9c12e2a3ebcf4538faf55b", + "rev": "fad5fc587d4281a5d399e61dc1243bc333d94d4d", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1663984587, - "narHash": "sha256-BNq/NWT74mCg5eYo1NC9K+oJ1KqwQOL+fDesyO20a3E=", + "lastModified": 1664070839, + "narHash": "sha256-7nBBrjhSLVtAo/skhqCR+5kfQyaRm7T2Ac2EVg17iLc=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "03e15c3aa8220c59d8b8c7454a288fc163fdf646", + "rev": "c58fd256602b7bda6fecdced6b881a4731a1af1a", "type": "github" }, "original": { @@ -637,11 +637,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1663945282, - "narHash": "sha256-vfYvUrzeaJUxndH76VsRJiqcQz6C090rqduGC3y6X4g=", + "lastModified": 1664101652, + "narHash": "sha256-cgr3fHJxF59yz3zVMsQYf4PuGEnDOAOIPUltsMFNRWE=", "owner": "NULLx76", "repo": "nixpkgs", - "rev": "28444d170b02c92ae8cc9c103631c53e594f75e6", + "rev": "e64f013182bc9003121a03de0a0af30cf3ffe762", "type": "github" }, "original": { diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix index b0e7067..bcdfe2f 100644 --- a/nixos/hosts/olympus/mailserver/configuration.nix +++ b/nixos/hosts/olympus/mailserver/configuration.nix @@ -33,16 +33,17 @@ let vs = config.vault-secrets.secrets; in enable = true; fqdn = "mail.0x76.dev"; domains = [ "0x76.dev" ]; + certificateScheme = 3; loginAccounts = { "v@0x76.dev" = { hashedPasswordFile = "${vs.mailserver}/v@0x76.dev"; }; + "keycloak@0x76.dev" = { + hashedPasswordFile = "${vs.mailserver}/keycloak@0x76.dev"; + }; }; - certificateScheme = 3; - - indexDir = "/var/lib/dovecot/indices"; fullTextSearch = { enable = true; @@ -56,6 +57,9 @@ let vs = config.vault-secrets.secrets; in }; }; + services.postfix.relayHost = "smtp.ziggozakelijk.nl"; + services.postfix.relayPort = 587; + services.roundcube = { enable = true; package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]); @@ -82,5 +86,5 @@ let vs = config.vault-secrets.secrets; in }; security.acme.acceptTerms = true; - security.acme.defaults.email = "victor@xirion.net"; + security.acme.defaults.email = "v@0x76.dev"; } diff --git a/nixos/hosts/olympus/wireguard/configuration.nix b/nixos/hosts/olympus/wireguard/configuration.nix index f2c8364..355ad5e 100644 --- a/nixos/hosts/olympus/wireguard/configuration.nix +++ b/nixos/hosts/olympus/wireguard/configuration.nix @@ -23,6 +23,7 @@ let vs = config.vault-secrets.secrets; in networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; + networking.firewall.checkReversePath = false; vault-secrets.secrets.wireguard = { services = [ "wireguard-wg0" ]; @@ -30,10 +31,15 @@ let vs = config.vault-secrets.secrets; in networking.nat = { enable = true; - internalInterfaces = [ "wg0" ]; + internalInterfaces = [ "wg0" "eth0" ]; externalInterface = "eth0"; }; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + services.prometheus.exporters.wireguard = { enable = true; openFirewall = true; @@ -65,7 +71,7 @@ let vs = config.vault-secrets.secrets; in # Useful setup video for opnsense: https://www.youtube.com/watch?v=RoXHe5dqCM0 # https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI="; - allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24"]; + allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24" ]; endpoint = "80.60.83.220:51820"; } ];