{ config, pkgs, ... }: let secrets = (import ./secrets.nix).settings; in { networking = { useDHCP = false; wireguard.enable = true; useNetworkd = true; # TODO: use custom dns nameservers = [ "8.8.8.8" "1.1.1.1" ]; # defaultGateway = { # address = secrets.defaultGateway; # metric = 10; # interface = "enp4s0"; # }; hostName = "media-server"; interfaces.enp4s0.useDHCP = true; # interfaces.enp4s0 = { # ipv4.addresses = [ { # address = secrets.ip.address; # prefixLength = 24; # }]; # }; extraHosts = '' 163.172.167.207 bt.t-ru.org 163.172.167.207 bt2.t-ru.org 163.172.167.207 bt3.t-ru.org 163.172.167.207 bt4.t-ru.org ''; firewall = { enable = false; checkReversePath = false; allowedTCPPorts = secrets.tcp_ports; allowedUDPPorts = secrets.udp_ports; allowedTCPPortRanges = secrets.port_ranges; allowedUDPPortRanges = secrets.port_ranges; }; wireguard.interfaces = { wg0 = { ips = [ "${secrets.wg_settings.ip}/24" ]; listenPort = secrets.ports.wg.listen; privateKeyFile = secrets.wg_settings.key; peers = [ { publicKey = secrets.wg_settings.node; allowedIPs = [ "${secrets.wg_settings.allowed}/24" ]; endpoint = secrets.wg_settings.endpoint; persistentKeepalive = 25; } ]; }; }; }; services.nfs.server.exports = '' /export ${secrets.ip.address}/24(rw,fsid=0,no_subtree_check) ${secrets.wg_settings.allowed}/24(rw,fsid=0,no_subtree_check) /export/cloud ${secrets.ip.address}/24(rw,nohide,insecure,no_subtree_check,all_squash) ${secrets.wg_settings.allowed}/24(rw,nohide,insecure,no_subtree_check,all_squash) /export/plex ${secrets.ip.address}/24(rw,nohide,insecure,no_subtree_check,all_squash) ${secrets.wg_settings.allowed}/24(rw,nohide,insecure,no_subtree_check,all_squash) ''; }