Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ma gum.r: network config changes, add tor

Browse Source
This commit is contained in:
makefu 2017-12-08 13:38:57 +01:00
parent 8dcf39d383
commit 6d07e8aec1
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
1 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
makefu/1systems/gum/config.nix
View File

@ -46,7 +46,7 @@ in {
# services # services
<stockholm/makefu/2configs/share/gum.nix> <stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/sabnzbd.nix> # <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/vpn/openvpn-server.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix>
@ -65,6 +65,8 @@ in {
<stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix>
{ {
services.taskserver.enable = true; services.taskserver.enable = true;
services.taskserver.fqdn = config.krebs.build.host.name; services.taskserver.fqdn = config.krebs.build.host.name;
@ -84,13 +86,40 @@ in {
# Temporary: # Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix> # <stockholm/makefu/2configs/temp/rst-issue.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
#{
# services.dockerRegistry.enable = true;
# networking.firewall.allowedTCPPorts = [ 8443 ];
# services.nginx.virtualHosts."euer.krebsco.de" = {
# forceSSL = true;
# enableACME = true;
# extraConfig = ''
# client_max_body_size 1000M;
# '';
# locations."/".proxyPass = "http://localhost:5000";
# };
#}
{ # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ];
#networking.wireguard.interfaces.wg0 = {
# ips = [ "10.244.0.1/24" ];
# privateKeyFile = (toString <secrets>) + "/wireguard.key";
# allowedIPsAsRoutes = true;
# peers = [{
# allowedIPs = [ "0.0.0.0/0" "::/0" ];
# publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
# }];
#};
}
]; ];
makefu.dl-dir = "/var/download"; makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [ services.openssh.hostKeys = [
{ bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; } { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ]; { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable ###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum; krebs.build.host = config.krebs.hosts.gum;