lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity Actions
nixfiles/hosts/zora/networking.nix
Lyes Saadi 5e22d64d04
Adding lanayru
2026-01-17 10:45:42 +01:00

120 lines
2.3 KiB
Nix
Raw Blame History

{ config, ... }:
{
imports = [
../../modules/server/mogma
];
# Networking
networking = {
hostName = "zora";
domain = "lyes.eu";
hostId = "233c35ca";
enableIPv6 = false;
nameservers = [
"9.9.9.9"
"149.112.112.112"
"1.1.1.1"
"1.0.0.1"
];
firewall = {
enable = true;
allowedTCPPorts = [
22
80
443
];
allowedUDPPorts = [
80
443
];
};
interfaces = {
ens2f0 = {
ipv4 = {
addresses = [
{
address = "185.230.78.13";
prefixLength = 24;
}
];
routes = [
{
address = "0.0.0.0";
prefixLength = 0;
via = "185.230.78.99";
}
];
};
};
};
};
# VPN
networking.vpn-netns = {
wireguardInterface = "mogma";
nameserver = "10.2.0.1";
interfaceNamespace = "netns-mogma";
vethInterfaceName = "veth-mogma";
vethIP = "192.168.2.2";
vethOuterIP = "192.168.2.1";
wireguardOptions = {
privateKeyFile = config.age.secrets.mogma-privatekey.path;
ips = [ "10.2.0.2/32" ];
peers = [
{
publicKey = "W4XqVNXMdnhtiRxWNzWThy3f7hRoT9NTx/HYu/jTaRU=";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "79.127.169.89:51820";
persistentKeepalive = 25;
}
];
};
restrictedServices = [
"qbittorrent"
"suwayomi-server"
];
portForwarding = {
enable = true;
};
};
age.secrets = {
mogma-privatekey = {
file = ../../secrets/zora/services/mogma-privatekey.age;
mode = "755";
};
};
# Imposing a bandwidth limit to avoid Aurore/Crans disruptions
# networking.nftables = {
# tables.rate_limit = {
# name = "rate_limit";
# family = "inet";
# enable = true;
# content = ''
# limit lim { rate over 20 mbytes/second burst 40 mbytes ; comment "use to limit taffic" ; }
# chain IN {
# type filter hook input priority filter; policy drop;
# tcp dport 80 limit name "lim" accept
# tcp dport 443 limit name "lim" accept
# }
# '';
# };
# };
}
Reference in a new issue View git blame Copy permalink