hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor, ssh changes

Browse source
This commit is contained in:
Henri Dohmen 2025-05-15 13:21:13 +02:00
parent 3c6fc1476a
commit bf05141776
7 changed files with 12 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

28
host/roam/services/networking.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }:
{
networking = {
enableIPv6 = true;
interfaces = {
"ens3".ipv6.addresses = [
{
address = "2a03:4000:3b:f99::";
prefixLength = 64;
}
];
};
defaultGateway6 = {
address = "fe80::1";
interface = "ens3";
};
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
};
}

9
host/roam/services/security.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
security = {
acme = {
acceptTerms = true;
defaults.email = "acme@henri-dohmen.de";
};
};
}

40
host/roam/services/services.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, ... }:
let
headscale-domain = "headscale.hdohmen.de";
in
{
services = {
# TODO: maybe just use wireguard...
headscale = {
enable = true;
address = "127.0.0.1";
port = 8080;
settings = {
server_url = "https://${headscale-domain}";
prefixes.v4 = "100.10.11.0/24";
prefixes.v6 = "fd7a:115c:1011::/48";
dns = {
magic_dns = true;
base_domain = "net.hdohmen.de";
};
};
};
nginx = {
enable = true;
virtualHosts.${headscale-domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
};
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
};
}