spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

thing

Browse source
This commit is contained in:
baritone 2025-03-18 10:36:12 +01:00
parent dd2cff4fb1
commit 1cc062bba4
3 changed files with 9 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configuration.nix
View file

@ -36,6 +36,7 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
timeout = 0; timeout = 0;
}; };
boot.kernel.sysctl = {"vm.swappiness" = 85;};
# Enable microcode updates # Enable microcode updates
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@ -48,7 +49,6 @@
# }; # };
# }; # };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
curl curl

69
services/auto-torrent.nix
View file

@ -92,26 +92,6 @@ in {
"8.8.4.4" "8.8.4.4"
]; ];
# systemd.services."wireguard-kill-switch" = {
# description = "Wireguard Kill Switch";
# after = ["network-online.target"];
# wants = ["network-online.target"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# type = "oneshot";
# ExecStart = pkgs.writeShellScript "wgconf.sh" ''
# # Block any traffic not going throug the vpn that isnt to the local network
# ${pkgs.iptables}/bin/iptables -I OUTPUT ! -o wg0 -m mark ! --mark 42 -m addrtype ! --dst-type LOCAL ! -d 10.0.0.0/32 -j REJECT
# # Route local traffic through wg0 except local traffic
# ${pkgs.iproute2}/bin/ip route add 0.0.0.0/1 dev wg0
# ${pkgs.iproute2}/bin/ip route add 10.0.0.0/32 dev eth0
# '';
# RemainAfterExit = "yes";
# };
# };
systemd.services."start-wireguard" = { systemd.services."start-wireguard" = {
description = "Start wireguard mullvad"; description = "Start wireguard mullvad";
after = ["network-online.target"]; after = ["network-online.target"];
@ -128,39 +108,6 @@ in {
}; };
networking.wireguard.enable = true; networking.wireguard.enable = true;
# systemd.network = {
# netdevs."10-wg0" = {
# netdevConfig = {
# Kind = "wireguard";
# Name = "wg0";
# MTUBytes = "1300";
# };
# wireguardConfig = {
# PrivateKeyFile = "${./wireguard-secret}";
# FirewallMark = 42;
# ListenPort = 51820;
# };
# wireguardPeers = [
# {
# PublicKey = "0qSP0VxoIhEhRK+fAHVvmfRdjPs2DmmpOCNLFP/7cGw=";
# AllowedIPs = ["0.0.0.0/0"];
# Endpoint = "193.32.248.66:51820";
# PersistentKeepalive = 25;
# }
# ];
# };
# networks."wg0" = {
# matchConfig.Name = "wg0";
# address = [
# "10.65.241.123/32"
# ];
# DHCP = "no";
# dns = ["10.64.0.1"];
# # gateway = [
# # "10.0.0.0"
# # ];
# };
# };
# Sleep them for a while to make sure everything is set up # Sleep them for a while to make sure everything is set up
systemd.services.sonarr.serviceConfig.ExecStartPre = pkgs.lib.mkIf enable-services "/run/current-system/sw/bin/sleep 1"; systemd.services.sonarr.serviceConfig.ExecStartPre = pkgs.lib.mkIf enable-services "/run/current-system/sw/bin/sleep 1";
@ -199,9 +146,11 @@ in {
}; };
# debugging # debugging
# users.users.root = { users.users.root = {
# password = "1"; openssh.authorizedKeys.keys = [
# }; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC562Woe/yT/3dNVceN9rKPJQcvgTFzIhJVdVGv7sqn1 baritone@server"
];
};
environment.systemPackages = [pkgs.wireguard-tools pkgs.tcpdump]; environment.systemPackages = [pkgs.wireguard-tools pkgs.tcpdump];
@ -217,14 +166,6 @@ in {
}; };
}; };
# networking.nat.forwardPorts = [
# {
# proto = "tcp";
# sourcePort = 8989;
# destination = "10.0.1.1:8989";
# }
# ];
# Sonarr # Sonarr
services.nginx.virtualHosts."sonarr.spoodythe.one" = { services.nginx.virtualHosts."sonarr.spoodythe.one" = {
addSSL = true; addSSL = true;

3
services/forgejo.nix
View file

@ -33,6 +33,9 @@ in {
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://${host}:${toString port}"; proxyPass = "http://${host}:${toString port}";
extraConfig = ''
client_max_body_size 100M;
'';
}; };
}; };