71 lines
1.3 KiB
Nix
71 lines
1.3 KiB
Nix
{ ... }:
|
|
|
|
{
|
|
# Networking
|
|
networking = {
|
|
hostName = "zora";
|
|
domain = "lyes.eu";
|
|
hostId = "233c35ca";
|
|
|
|
enableIPv6 = false;
|
|
|
|
nameservers = [
|
|
"9.9.9.9"
|
|
"149.112.112.112"
|
|
"1.1.1.1"
|
|
"1.0.0.1"
|
|
];
|
|
|
|
firewall = {
|
|
enable = true;
|
|
|
|
allowedTCPPorts = [
|
|
22
|
|
80
|
|
443
|
|
];
|
|
allowedUDPPorts = [
|
|
80
|
|
443
|
|
];
|
|
};
|
|
|
|
interfaces = {
|
|
ens2f0 = {
|
|
ipv4 = {
|
|
addresses = [
|
|
{
|
|
address = "185.230.78.13";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
routes = [
|
|
{
|
|
address = "0.0.0.0";
|
|
prefixLength = 0;
|
|
via = "185.230.78.99";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Imposing a bandwidth limit to avoid Aurore/Crans disruptions
|
|
networking.nftables = {
|
|
tables.rate_limit = {
|
|
name = "rate_limit";
|
|
family = "inet";
|
|
enable = true;
|
|
content = ''
|
|
limit lim { rate over 20 mbytes/second burst 1 gbytes ; comment "use to limit taffic" ; }
|
|
|
|
chain IN {
|
|
type filter hook input priority filter; policy drop;
|
|
tcp dport 80 limit name "lim" accept
|
|
tcp dport 443 limit name "lim" accept
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
}
|