nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull requests Releases Wiki Activity

LoutreOS: update to 24.11

Browse source 
flake.lock: Update

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14)
  → 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca' (2024-12-19)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13)
  → 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33' (2024-12-17)
• Updated input 'simple-nixos-mailserver':
    'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11)
  → 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7' (2024-12-16)
• Removed input 'simple-nixos-mailserver/nixpkgs-24_05'
• Added input 'simple-nixos-mailserver/nixpkgs-24_11':
    follows 'nixpkgs'
• Removed input 'simple-nixos-mailserver/utils'
• Removed input 'simple-nixos-mailserver/utils/systems'
This commit is contained in:
nyanloutre 2024-12-20 16:54:36 +01:00
parent 1a414771ba
commit 17ff809406
5 changed files with 57 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

1
systems/LoutreOS/configuration.nix
View file

@ -2,7 +2,6 @@
{
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix"
../common-cli.nix
./hardware-configuration.nix
./network.nix

108
systems/LoutreOS/network.nix
View file

@ -134,7 +134,7 @@
#############################################
# Redirect local network request from server external IP to internal IP
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true
iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
'';
@ -190,22 +190,16 @@
MTUBytes = "1450";
};
wireguardConfig = {
PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0";
# Wait for 24.11
# PrivateKey = "@network.wireguard.private.wg0";
PrivateKey = "@network.wireguard.private.wg0";
RouteTable = routeTables.vpn;
};
wireguardPeers = [
{
wireguardPeerConfig = {
Endpoint = "89.234.141.83:8095";
PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0";
# Wait for 24.11
# PresharedKey = "@network.wireguard.preshared.wg0";
AllowedIPs = ["0.0.0.0/0" "::/0"];
PersistentKeepalive = 15;
};
Endpoint = "89.234.141.83:8095";
PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
PresharedKey = "@network.wireguard.preshared.wg0";
AllowedIPs = ["0.0.0.0/0" "::/0"];
PersistentKeepalive = 15;
}
];
};
@ -243,19 +237,15 @@
# Route everything to fiber link with a priority of 40000
routingPolicyRules = [
{
routingPolicyRuleConfig = {
FirewallMark = 1;
Table = routeTables.fiber;
Priority = 41000;
Family = "both";
};
FirewallMark = 1;
Table = routeTables.fiber;
Priority = 41000;
Family = "both";
}
{
routingPolicyRuleConfig = {
Table = routeTables.fiber;
Priority = 51000;
Family = "both";
};
Table = routeTables.fiber;
Priority = 51000;
Family = "both";
}
];
};
@ -274,19 +264,15 @@
# Route all to lte link with a priority of 50000
routingPolicyRules = [
{
routingPolicyRuleConfig = {
FirewallMark = 2;
Table = routeTables.lte;
Priority = 42000;
Family = "both";
};
FirewallMark = 2;
Table = routeTables.lte;
Priority = 42000;
Family = "both";
}
{
routingPolicyRuleConfig = {
Table = routeTables.lte;
Priority = 52000;
Family = "both";
};
Table = routeTables.lte;
Priority = 52000;
Family = "both";
}
];
};
@ -305,23 +291,19 @@
routingPolicyRules = [
# Route outgoing emails to VPN table
{
routingPolicyRuleConfig = {
IncomingInterface = "lo";
DestinationPort = "25";
Table = routeTables.vpn;
Priority = 60;
Family = "both";
};
IncomingInterface = "lo";
DestinationPort = "25";
Table = routeTables.vpn;
Priority = 60;
Family = "both";
}
# Route packets originating from wg0 device to VPN table
# Allow server to respond on the wg0 interface requests
{
routingPolicyRuleConfig = {
FirewallMark = 3;
Table = routeTables.vpn;
Priority = 43000;
Family = "both";
};
FirewallMark = 3;
Table = routeTables.vpn;
Priority = 43000;
Family = "both";
}
];
};
@ -349,38 +331,28 @@
dhcpServerStaticLeases = [
# IPMI
{
dhcpServerStaticLeaseConfig = {
Address = "10.30.1.1";
MACAddress = "ac:1f:6b:4b:01:15";
};
Address = "10.30.1.1";
MACAddress = "ac:1f:6b:4b:01:15";
}
# paul-fixe
{
dhcpServerStaticLeaseConfig = {
Address = "10.30.50.1";
MACAddress = "b4:2e:99:ed:24:26";
};
Address = "10.30.50.1";
MACAddress = "b4:2e:99:ed:24:26";
}
# salonled
{
dhcpServerStaticLeaseConfig = {
Address = "10.30.40.1";
MACAddress = "e0:98:06:85:e9:ce";
};
Address = "10.30.40.1";
MACAddress = "e0:98:06:85:e9:ce";
}
# miroir-bleu
{
dhcpServerStaticLeaseConfig = {
Address = "10.30.40.2";
MACAddress = "e0:98:06:86:38:fc";
};
Address = "10.30.40.2";
MACAddress = "e0:98:06:86:38:fc";
}
# miroir-orange
{
dhcpServerStaticLeaseConfig = {
Address = "10.30.40.3";
MACAddress = "50:02:91:78:be:be";
};
Address = "10.30.40.3";
MACAddress = "50:02:91:78:be:be";
}
];
ipv6SendRAConfig = {

2
systems/LoutreOS/web.nix
View file

@ -392,7 +392,7 @@ in
nextcloud = {
enable = true;
package = pkgs.nextcloud29;
package = pkgs.nextcloud30;
hostName = "cloud.nyanlout.re";
database.createLocally = true;
https = true;