{ config, ... }: { imports = [ ../../modules/server/mogma ]; # Networking networking = { hostName = "zora"; domain = "lyes.eu"; hostId = "233c35ca"; enableIPv6 = false; nameservers = [ "9.9.9.9" "149.112.112.112" "1.1.1.1" "1.0.0.1" ]; firewall = { enable = true; allowedTCPPorts = [ 22 80 443 ]; allowedUDPPorts = [ 80 443 ]; }; interfaces = { ens2f0 = { ipv4 = { addresses = [ { address = "185.230.78.13"; prefixLength = 24; } ]; routes = [ { address = "0.0.0.0"; prefixLength = 0; via = "185.230.78.99"; } ]; }; }; }; }; # VPN networking.vpn-netns = { wireguardInterface = "mogma"; nameserver = "10.2.0.1"; interfaceNamespace = "netns-mogma"; vethInterfaceName = "veth-mogma"; vethIP = "192.168.2.2"; vethOuterIP = "192.168.2.1"; wireguardOptions = { privateKeyFile = config.age.secrets.mogma-privatekey.path; ips = [ "10.2.0.2/32" ]; peers = [ { publicKey = "W4XqVNXMdnhtiRxWNzWThy3f7hRoT9NTx/HYu/jTaRU="; allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "79.127.169.89:51820"; persistentKeepalive = 25; } ]; }; restrictedServices = [ "qbittorrent" "suwayomi-server" ]; portForwarding = { enable = true; }; }; age.secrets = { mogma-privatekey = { file = ../../secrets/zora/services/mogma-privatekey.age; mode = "755"; }; }; # Imposing a bandwidth limit to avoid Aurore/Crans disruptions # networking.nftables = { # tables.rate_limit = { # name = "rate_limit"; # family = "inet"; # enable = true; # content = '' # limit lim { rate over 20 mbytes/second burst 40 mbytes ; comment "use to limit taffic" ; } # chain IN { # type filter hook input priority filter; policy drop; # tcp dport 80 limit name "lim" accept # tcp dport 443 limit name "lim" accept # } # ''; # }; # }; }