1
1
Fork 0
nixos-configs/machine/backyard/default.nix

60 lines
1.6 KiB
Nix
Raw Normal View History

{ pkgs, ... }:
2023-08-02 00:13:35 +00:00
{
imports = [
./hardware-configuration.nix
];
2023-08-02 00:13:35 +00:00
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
2023-08-02 00:13:35 +00:00
2023-08-02 01:59:06 +00:00
beatific.hostName = "backyard";
2023-08-02 00:13:35 +00:00
# Enable networking
networking.networkmanager.enable = true;
2023-08-02 15:18:26 +00:00
users.users.tvb.extraGroups = [ "networkmanager" ];
2023-08-02 00:13:35 +00:00
2023-08-02 15:39:25 +00:00
networking.firewall = {
enable = true;
allowedTCPPorts = [
80 # http
443 # https
];
};
2023-08-02 00:13:35 +00:00
2023-08-02 16:29:18 +00:00
services.nebula.networks.beatific = {
enable = true;
ca = "/etc/nebula/beatific/beatific.crt";
cert = "/etc/nebula/beatific/backyard.crt";
key = "/etc/nebula/beatific/backyard.key";
listen.port = 4242;
# Connect to the lighthouse at empyrean
# This should be a VPN address in the static host map
lighthouses = [ "10.22.20.1" ];
# Map the lighthouse address to its public address
staticHostMap = { "10.22.20.1" = [ "vpn.alogoulogoi.com:4242" ]; };
# Don't filter at the VPN level
firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];
settings = {
# Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
punchy = { punch = true; response = true; };
};
};
2023-08-02 15:39:25 +00:00
# This value governs how some stateful data, like databases, are handled
# across different versions of NixOS. This should not be changed to a new
# release unless the sysadmin has determined that no services would be
# adversely affected by changing this.
system.stateVersion = "23.05";
2023-08-02 00:13:35 +00:00
}