flake update
This commit is contained in:
parent
70e557af91
commit
6165689b69
3 changed files with 25 additions and 15 deletions
18
flake.lock
18
flake.lock
|
@ -400,11 +400,11 @@
|
||||||
"wlroots": "wlroots"
|
"wlroots": "wlroots"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664023338,
|
"lastModified": 1664050038,
|
||||||
"narHash": "sha256-S2f84PqAS75UXK0Mdf9uBn89a4UVNthA3RnSKB+sP7k=",
|
"narHash": "sha256-Q+dLA0bPW0RqYs9ONiu5/KalJYVjoFX2kG6p9G/hzDc=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "Hyprland",
|
"repo": "Hyprland",
|
||||||
"rev": "73dbacd16d16d8a58d9c12e2a3ebcf4538faf55b",
|
"rev": "fad5fc587d4281a5d399e61dc1243bc333d94d4d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -511,11 +511,11 @@
|
||||||
"utils": "utils_4"
|
"utils": "utils_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1663984587,
|
"lastModified": 1664070839,
|
||||||
"narHash": "sha256-BNq/NWT74mCg5eYo1NC9K+oJ1KqwQOL+fDesyO20a3E=",
|
"narHash": "sha256-7nBBrjhSLVtAo/skhqCR+5kfQyaRm7T2Ac2EVg17iLc=",
|
||||||
"owner": "jyooru",
|
"owner": "jyooru",
|
||||||
"repo": "nix-minecraft-servers",
|
"repo": "nix-minecraft-servers",
|
||||||
"rev": "03e15c3aa8220c59d8b8c7454a288fc163fdf646",
|
"rev": "c58fd256602b7bda6fecdced6b881a4731a1af1a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -637,11 +637,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1663945282,
|
"lastModified": 1664101652,
|
||||||
"narHash": "sha256-vfYvUrzeaJUxndH76VsRJiqcQz6C090rqduGC3y6X4g=",
|
"narHash": "sha256-cgr3fHJxF59yz3zVMsQYf4PuGEnDOAOIPUltsMFNRWE=",
|
||||||
"owner": "NULLx76",
|
"owner": "NULLx76",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "28444d170b02c92ae8cc9c103631c53e594f75e6",
|
"rev": "e64f013182bc9003121a03de0a0af30cf3ffe762",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -33,16 +33,17 @@ let vs = config.vault-secrets.secrets; in
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.0x76.dev";
|
fqdn = "mail.0x76.dev";
|
||||||
domains = [ "0x76.dev" ];
|
domains = [ "0x76.dev" ];
|
||||||
|
certificateScheme = 3;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"v@0x76.dev" = {
|
"v@0x76.dev" = {
|
||||||
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
|
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
|
||||||
};
|
};
|
||||||
|
"keycloak@0x76.dev" = {
|
||||||
|
hashedPasswordFile = "${vs.mailserver}/keycloak@0x76.dev";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
certificateScheme = 3;
|
|
||||||
|
|
||||||
|
|
||||||
indexDir = "/var/lib/dovecot/indices";
|
indexDir = "/var/lib/dovecot/indices";
|
||||||
fullTextSearch = {
|
fullTextSearch = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -56,6 +57,9 @@ let vs = config.vault-secrets.secrets; in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.postfix.relayHost = "smtp.ziggozakelijk.nl";
|
||||||
|
services.postfix.relayPort = 587;
|
||||||
|
|
||||||
services.roundcube = {
|
services.roundcube = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
||||||
|
@ -82,5 +86,5 @@ let vs = config.vault-secrets.secrets; in
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "victor@xirion.net";
|
security.acme.defaults.email = "v@0x76.dev";
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
networking.firewall.allowedUDPPorts = [
|
networking.firewall.allowedUDPPorts = [
|
||||||
config.networking.wireguard.interfaces.wg0.listenPort
|
config.networking.wireguard.interfaces.wg0.listenPort
|
||||||
];
|
];
|
||||||
|
networking.firewall.checkReversePath = false;
|
||||||
|
|
||||||
vault-secrets.secrets.wireguard = {
|
vault-secrets.secrets.wireguard = {
|
||||||
services = [ "wireguard-wg0" ];
|
services = [ "wireguard-wg0" ];
|
||||||
|
@ -30,10 +31,15 @@ let vs = config.vault-secrets.secrets; in
|
||||||
|
|
||||||
networking.nat = {
|
networking.nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
internalInterfaces = [ "wg0" ];
|
internalInterfaces = [ "wg0" "eth0" ];
|
||||||
externalInterface = "eth0";
|
externalInterface = "eth0";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.ipv4.ip_forward" = 1;
|
||||||
|
"net.ipv6.conf.all.forwarding" = 1;
|
||||||
|
};
|
||||||
|
|
||||||
services.prometheus.exporters.wireguard = {
|
services.prometheus.exporters.wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
|
@ -65,7 +71,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
# Useful setup video for opnsense: https://www.youtube.com/watch?v=RoXHe5dqCM0
|
# Useful setup video for opnsense: https://www.youtube.com/watch?v=RoXHe5dqCM0
|
||||||
# https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
|
# https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
|
||||||
publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI=";
|
publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI=";
|
||||||
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24"];
|
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24" ];
|
||||||
endpoint = "80.60.83.220:51820";
|
endpoint = "80.60.83.220:51820";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue