box: clobber some networking bits

This commit is contained in:
Aaron Bieber 2022-10-21 09:38:41 -06:00
parent d163d868b8
commit ac44c31958
No known key found for this signature in database

View File

@ -107,27 +107,36 @@ in {
enableIPv6 = false;
hosts = { "127.0.0.1" = [ "git.tapenet.org" ]; };
defaultGateway = "10.20.30.1";
nameservers = [ "10.20.30.1" ];
interfaces.enp7s0 = {
ipv4 = {
routes = [{
address = "10.6.0.0";
prefixLength = 24;
via = "10.6.0.1";
}];
addresses = [{
address = "10.6.0.15";
prefixLength = 24;
}];
};
};
interfaces.enp8s0 = {
ipv4.addresses = [{
address = "10.20.30.15";
prefixLength = 24;
interfaces.enp7s0 = { useDHCP = true; };
firewall = {
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
allowedTCPPorts = config.services.openssh.ports
++ [ 80 443 config.services.gitea.ssh.clonePort ];
allowedUDPPortRanges = [{
from = 60000;
to = 61000;
}];
};
wireguard = {
enable = false;
interfaces = {
wg0 = {
listenPort = 7122;
ips = [ "192.168.112.4/32" ];
peers = [{
publicKey = "IMJ1gVK6KzRghon5Wg1dxv1JCB8IbdSqeFjwQAxJM10=";
endpoint = "23.29.118.127:7122";
allowedIPs = [ "192.168.112.3/32" ];
persistentKeepalive = 25;
}];
#privateKeyFile = "${config.sops.secrets.wireguard_private_key.path}";
privateKeyFile = "/root/wgpk";
};
};
};
};
nixpkgs.config.allowUnfree = true;
@ -164,42 +173,42 @@ in {
# openssh.authorizedKeys.keys = pubKeys;
#};
virtualisation.podman = {
enable = false;
#dockerCompat = true;
};
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
#kativa = {
# autoStart = true;
# ports = [ "127.0.0.1:5000:5000" ];
# image = "kizaing/kavita:0.5.2";
# volumes = [ "/media/books:/books" "/media/books/config:/kativa/config" ];
#};
photoprism = {
#user = "${toString config.users.users.photoprism.name}:${toString config.users.groups.photoprism.name}";
autoStart = true;
ports = [ "127.0.0.1:2343:2343" ];
image = "photoprism/photoprism:${photoPrismTag}";
workdir = "/photoprism";
volumes = [
"/media/pictures/photoprism/storage:/photoprism/storage"
"/media/pictures/photoprism/originals:/photoprism/originals"
"/media/pictures/photoprism/import:/photoprism/import"
];
environment = {
PHOTOPRISM_HTTP_PORT = "2343";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_DETECT_NSFW = "false";
PHOTOPRISM_UID = "${toString config.users.users.photoprism.uid}";
PHOTOPRISM_GID = "${toString config.users.groups.photoprism.gid}";
#PHOTOPRISM_SITE_URL = "https://photos.tapenet.org/";
PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
PHOTOPRISM_SETTINGS_HIDDEN = "false";
PHOTOPRISM_DATABASE_DRIVER = "sqlite";
};
};
};
#virtualisation.podman = {
# enable = false;
# #dockerCompat = true;
#};
#virtualisation.oci-containers.backend = "podman";
#virtualisation.oci-containers.containers = {
# #kativa = {
# # autoStart = true;
# # ports = [ "127.0.0.1:5000:5000" ];
# # image = "kizaing/kavita:0.5.2";
# # volumes = [ "/media/books:/books" "/media/books/config:/kativa/config" ];
# #};
# photoprism = {
# #user = "${toString config.users.users.photoprism.name}:${toString config.users.groups.photoprism.name}";
# autoStart = true;
# ports = [ "127.0.0.1:2343:2343" ];
# image = "photoprism/photoprism:${photoPrismTag}";
# workdir = "/photoprism";
# volumes = [
# "/media/pictures/photoprism/storage:/photoprism/storage"
# "/media/pictures/photoprism/originals:/photoprism/originals"
# "/media/pictures/photoprism/import:/photoprism/import"
# ];
# environment = {
# PHOTOPRISM_HTTP_PORT = "2343";
# PHOTOPRISM_UPLOAD_NSFW = "true";
# PHOTOPRISM_DETECT_NSFW = "false";
# PHOTOPRISM_UID = "${toString config.users.users.photoprism.uid}";
# PHOTOPRISM_GID = "${toString config.users.groups.photoprism.gid}";
# #PHOTOPRISM_SITE_URL = "https://photos.tapenet.org/";
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
# };
# };
#};
users.groups.media = {
name = "media";
@ -879,18 +888,6 @@ in {
# after = [ "postgresql.service" ];
#};
networking = {
firewall = {
interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; };
allowedTCPPorts = config.services.openssh.ports
++ [ 80 443 config.services.gitea.ssh.clonePort ];
allowedUDPPortRanges = [{
from = 60000;
to = 61000;
}];
};
};
users.users.qbit = userBase;
users.users.root = userBase;