stockholm/lass/1systems/yellow/config.nix

{ config, lib, pkgs, ... }: let
  vpnPort = 1637;
  torrentport = 56709; # port forwarded in airvpn webinterface
in {
  imports = [
    <stockholm/lass>
    <stockholm/lass/2configs>
    <stockholm/lass/2configs/retiolum.nix>
    <stockholm/lass/2configs/services/flix>
  ];

  krebs.build.host = config.krebs.hosts.yellow;

  krebs.sync-containers3.inContainer = {
    enable = true;
    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
  };

  networking.useHostResolvConf = false;
  networking.useNetworkd = true;

  networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
  services.transmission.settings.peer-port = torrentport;

  # only allow traffic through openvpn
  krebs.iptables = {
    enable = true;
    tables.filter.INPUT.rules = [
      { predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
      { predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
    ];
    tables.filter.OUTPUT = {
      policy = "DROP";
      rules = [
        { predicate = "-o lo"; target = "ACCEPT"; }
        { predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
        { predicate = "-o airvpn"; target = "ACCEPT"; }
        { predicate = "-o retiolum"; target = "ACCEPT"; }
        { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
        { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
        { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
      ];
    };
  };
}
l yellow.r: allow traffic only through vpn 2022-12-11 18:07:58 +00:00			`{ config, lib, pkgs, ... }: let`
l yellow.r: migrate to airvpn 2023-07-28 10:32:43 +00:00			`vpnPort = 1637;`
			`torrentport = 56709; # port forwarded in airvpn webinterface`
l yellow.r: allow traffic only through vpn 2022-12-11 18:07:58 +00:00			`in {`
l: move download stuff to yellow.r 2018-11-30 03:35:00 +00:00			`imports = [`
			`<stockholm/lass>`
			`<stockholm/lass/2configs>`
			`<stockholm/lass/2configs/retiolum.nix>`
l yellow.r: move flix to services 2023-02-21 10:15:26 +00:00			`<stockholm/lass/2configs/services/flix>`
l: move download stuff to yellow.r 2018-11-30 03:35:00 +00:00			`];`

			`krebs.build.host = config.krebs.hosts.yellow;`

sync-containers3: lass -> krebs 2023-01-30 19:53:24 +00:00			`krebs.sync-containers3.inContainer = {`
l yellow.r: move to neoprism, refactor 2023-01-02 00:23:42 +00:00			`enable = true;`
			`pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";`
			`};`

l yellow.r: allow traffic only through vpn 2022-12-11 18:07:58 +00:00			`networking.useHostResolvConf = false;`
			`networking.useNetworkd = true;`
l: move download stuff to yellow.r 2018-11-30 03:35:00 +00:00
l yellow.r: migrate to airvpn 2023-07-28 10:32:43 +00:00			`networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";`
			`services.transmission.settings.peer-port = torrentport;`
l yellow.r: add flix-index service 2020-09-15 20:33:29 +00:00
l yellow.r: migrate to airvpn 2023-07-28 10:32:43 +00:00			`# only allow traffic through openvpn`
l yellow.r: move flix to services 2023-02-21 10:15:26 +00:00			`krebs.iptables = {`
l yellow.r: add bazarr for subtitles 2023-01-08 11:35:37 +00:00			`enable = true;`
l yellow.r: migrate to airvpn 2023-07-28 10:32:43 +00:00			`tables.filter.INPUT.rules = [`
			`{ predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }`
			`{ predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }`
			`];`
l yellow.r: move flix to services 2023-02-21 10:15:26 +00:00			`tables.filter.OUTPUT = {`
			`policy = "DROP";`
			`rules = [`
			`{ predicate = "-o lo"; target = "ACCEPT"; }`
l yellow.r: migrate to airvpn 2023-07-28 10:32:43 +00:00			`{ predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }`
			`{ predicate = "-o airvpn"; target = "ACCEPT"; }`
l yellow.r: move flix to services 2023-02-21 10:15:26 +00:00			`{ predicate = "-o retiolum"; target = "ACCEPT"; }`
			`{ v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }`
			`{ v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }`
			`{ v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }`
			`];`
			`};`
l yellow.r: add bazarr for subtitles 2023-01-08 11:35:37 +00:00			`};`
l: move download stuff to yellow.r 2018-11-30 03:35:00 +00:00			`}`