61 lines
2.1 KiB
Nix
61 lines
2.1 KiB
Nix
{ config, pkgs, ... }:
|
|
let
|
|
secrets = (import ./secrets.nix).settings;
|
|
in
|
|
{
|
|
networking = {
|
|
useDHCP = false;
|
|
wireguard.enable = true;
|
|
useNetworkd = true;
|
|
# TODO: use custom dns
|
|
nameservers = [ "8.8.8.8" "1.1.1.1" ];
|
|
# defaultGateway = {
|
|
# address = secrets.defaultGateway;
|
|
# metric = 10;
|
|
# interface = "enp4s0";
|
|
# };
|
|
hostName = "media-server";
|
|
interfaces.enp4s0.useDHCP = true;
|
|
# interfaces.enp4s0 = {
|
|
# ipv4.addresses = [ {
|
|
# address = secrets.ip.address;
|
|
# prefixLength = 24;
|
|
# }];
|
|
# };
|
|
extraHosts = ''
|
|
163.172.167.207 bt.t-ru.org
|
|
163.172.167.207 bt2.t-ru.org
|
|
163.172.167.207 bt3.t-ru.org
|
|
163.172.167.207 bt4.t-ru.org
|
|
'';
|
|
firewall = {
|
|
enable = false;
|
|
checkReversePath = false;
|
|
allowedTCPPorts = secrets.tcp_ports;
|
|
allowedUDPPorts = secrets.udp_ports;
|
|
allowedTCPPortRanges = secrets.port_ranges;
|
|
allowedUDPPortRanges = secrets.port_ranges;
|
|
};
|
|
wireguard.interfaces = {
|
|
wg0 = {
|
|
ips = [ "${secrets.wg_settings.ip}/24" ];
|
|
listenPort = secrets.ports.wg.listen;
|
|
privateKeyFile = secrets.wg_settings.key;
|
|
peers = [
|
|
{
|
|
publicKey = secrets.wg_settings.node;
|
|
allowedIPs = [ "${secrets.wg_settings.allowed}/24" ];
|
|
endpoint = secrets.wg_settings.endpoint;
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
services.nfs.server.exports = ''
|
|
/export ${secrets.ip.address}/24(rw,fsid=0,no_subtree_check) ${secrets.wg_settings.allowed}/24(rw,fsid=0,no_subtree_check)
|
|
/export/cloud ${secrets.ip.address}/24(rw,nohide,insecure,no_subtree_check,all_squash) ${secrets.wg_settings.allowed}/24(rw,nohide,insecure,no_subtree_check,all_squash)
|
|
/export/plex ${secrets.ip.address}/24(rw,nohide,insecure,no_subtree_check,all_squash) ${secrets.wg_settings.allowed}/24(rw,nohide,insecure,no_subtree_check,all_squash)
|
|
'';
|
|
}
|