thing
This commit is contained in:
baritone
parent
dd2cff4fb1
commit
1cc062bba4
|
|
@ -36,6 +36,7 @@
|
|||
efi.canTouchEfiVariables = true;
|
||||
timeout = 0;
|
||||
};
|
||||
boot.kernel.sysctl = {"vm.swappiness" = 85;};
|
||||
|
||||
# Enable microcode updates
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
|
@ -48,7 +49,6 @@
|
|||
# };
|
||||
# };
|
||||
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
curl
|
||||
|
|
|
|||
|
|
@ -92,26 +92,6 @@ in {
|
|||
"8.8.4.4"
|
||||
];
|
||||
|
||||
# systemd.services."wireguard-kill-switch" = {
|
||||
# description = "Wireguard Kill Switch";
|
||||
# after = ["network-online.target"];
|
||||
# wants = ["network-online.target"];
|
||||
# wantedBy = ["multi-user.target"];
|
||||
|
||||
# serviceConfig = {
|
||||
# type = "oneshot";
|
||||
# ExecStart = pkgs.writeShellScript "wgconf.sh" ''
|
||||
# # Block any traffic not going throug the vpn that isnt to the local network
|
||||
# ${pkgs.iptables}/bin/iptables -I OUTPUT ! -o wg0 -m mark ! --mark 42 -m addrtype ! --dst-type LOCAL ! -d 10.0.0.0/32 -j REJECT
|
||||
|
||||
# # Route local traffic through wg0 except local traffic
|
||||
# ${pkgs.iproute2}/bin/ip route add 0.0.0.0/1 dev wg0
|
||||
# ${pkgs.iproute2}/bin/ip route add 10.0.0.0/32 dev eth0
|
||||
# '';
|
||||
# RemainAfterExit = "yes";
|
||||
# };
|
||||
# };
|
||||
|
||||
systemd.services."start-wireguard" = {
|
||||
description = "Start wireguard mullvad";
|
||||
after = ["network-online.target"];
|
||||
|
|
@ -128,39 +108,6 @@ in {
|
|||
};
|
||||
|
||||
networking.wireguard.enable = true;
|
||||
# systemd.network = {
|
||||
# netdevs."10-wg0" = {
|
||||
# netdevConfig = {
|
||||
# Kind = "wireguard";
|
||||
# Name = "wg0";
|
||||
# MTUBytes = "1300";
|
||||
# };
|
||||
# wireguardConfig = {
|
||||
# PrivateKeyFile = "${./wireguard-secret}";
|
||||
# FirewallMark = 42;
|
||||
# ListenPort = 51820;
|
||||
# };
|
||||
# wireguardPeers = [
|
||||
# {
|
||||
# PublicKey = "0qSP0VxoIhEhRK+fAHVvmfRdjPs2DmmpOCNLFP/7cGw=";
|
||||
# AllowedIPs = ["0.0.0.0/0"];
|
||||
# Endpoint = "193.32.248.66:51820";
|
||||
# PersistentKeepalive = 25;
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
# networks."wg0" = {
|
||||
# matchConfig.Name = "wg0";
|
||||
# address = [
|
||||
# "10.65.241.123/32"
|
||||
# ];
|
||||
# DHCP = "no";
|
||||
# dns = ["10.64.0.1"];
|
||||
# # gateway = [
|
||||
# # "10.0.0.0"
|
||||
# # ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# Sleep them for a while to make sure everything is set up
|
||||
systemd.services.sonarr.serviceConfig.ExecStartPre = pkgs.lib.mkIf enable-services "/run/current-system/sw/bin/sleep 1";
|
||||
|
|
@ -199,9 +146,11 @@ in {
|
|||
};
|
||||
|
||||
# debugging
|
||||
# users.users.root = {
|
||||
# password = "1";
|
||||
# };
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC562Woe/yT/3dNVceN9rKPJQcvgTFzIhJVdVGv7sqn1 baritone@server"
|
||||
];
|
||||
};
|
||||
|
||||
environment.systemPackages = [pkgs.wireguard-tools pkgs.tcpdump];
|
||||
|
||||
|
|
@ -217,14 +166,6 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# networking.nat.forwardPorts = [
|
||||
# {
|
||||
# proto = "tcp";
|
||||
# sourcePort = 8989;
|
||||
# destination = "10.0.1.1:8989";
|
||||
# }
|
||||
# ];
|
||||
|
||||
# Sonarr
|
||||
services.nginx.virtualHosts."sonarr.spoodythe.one" = {
|
||||
addSSL = true;
|
||||
|
|
|
|||
|
|
@ -33,6 +33,9 @@ in {
|
|||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${host}:${toString port}";
|
||||
extraConfig = ''
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue