nixos-config/config/host-config/fimbria.nix

{ config, lib, pkgs, ... }:

with lib;
let primaryIp = "10.0.0.2";
in {
  config = {
    networking = {
      interfaces = {
        enp1s0.useDHCP = true;
        intif0 = {
          useDHCP = false;
          ipv4 = {
            addresses = [{
              address = primaryIp;
              prefixLength = 16;
            }];
            routes = [{
              address = "192.168.86.0";
              prefixLength = 24;
              via = "10.0.0.3";
            }];
          };
        };
      };
      enableIPv6 = false;

      firewall = {
        # Until it becomes the gateway, this is necessary
        enable = mkForce true;
        allowedTCPPorts = [ 80 443 25565 config.services.murmur.port ];
        allowedUDPPorts = [ 25565 34197 ];
      };

      nat.forwardPorts = [
        # Minecraft
        {
          destination = "10.0.0.12:25555";
          proto = "tcp";
          sourcePort = 25565;
        }
        {
          destination = "10.0.0.12:25555";
          proto = "udp";
          sourcePort = 25565;
        }
        # Factorio
        {
          destination = "10.0.0.12:34197";
          proto = "udp";
          sourcePort = 34197;
        }
      ];
    };

    fudo = {
      hosts.fimbria.external-interfaces = [ "enp1s0" ];
      client.dns.external-interface = "enp1s0";
      services = {
        local-network = {
          enable = true;
          internal-interfaces = [ "intif0" ];
          external-interface = "enp1s0";
          dns-filter-proxy.enable = true;
        };

        metrics = {
          prometheus.state-directory = "/state/services/prometheus";
        };

        auth.kerberos.state-directory = "/state/services/heimdal-kdc";
      };
    };

    security.acme.defaults.email = "niten@fudo.org";

    systemd.services.nginx.requires = [ "bind.service" ];

    services = {
      ## TODO: enable when ready
      # nginx = {
      #   enable = true;
      #   recommendedGzipSettings = true;
      #   recommendedOptimisation = true;
      #   recommendedProxySettings = true;

      #   virtualHosts = {
      #     "sea-home.fudo.link" = {
      #       enableACME = true;
      #       forceSSL = true;
      #       locations."/" = {
      #         proxyPass = "http://home-assist.sea.fudo.org/";
      #         extraConfig = ''
      #           proxy_http_version 1.1;
      #           proxy_set_header Upgrade $http_upgrade;
      #           proxy_set_header Connection "Upgrade";
      #         '';
      #       };
      #     };
      #   };
      # };

      murmur = {
        enable = true;
        port = 64738;
        bonjour = true;
        password = "thelittleschool";
      };

      openssh = {
        hostKeys = [
          {
            path = "/state/ssh/ssh_host_ed25519_key";
            type = "ed25519";
          }
          {
            path = "/state/ssh/ssh_host_rsa_key";
            type = "rsa";
            bits = 4096;
          }
        ];
      };
    };
  };
}
Tons of changes 2023-11-13 10:59:41 -08:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let primaryIp = "10.0.0.2";`
			`in {`
			`config = {`
			`networking = {`
			`interfaces = {`
			`enp1s0.useDHCP = true;`
			`intif0 = {`
			`useDHCP = false;`
			`ipv4 = {`
			`addresses = [{`
			`address = primaryIp;`
			`prefixLength = 16;`
			`}];`
			`routes = [{`
			`address = "192.168.86.0";`
			`prefixLength = 24;`
			`via = "10.0.0.3";`
			`}];`
			`};`
			`};`
			`};`
			`enableIPv6 = false;`

			`firewall = {`
			`# Until it becomes the gateway, this is necessary`
			`enable = mkForce true;`
			`allowedTCPPorts = [ 80 443 25565 config.services.murmur.port ];`
			`allowedUDPPorts = [ 25565 34197 ];`
			`};`

			`nat.forwardPorts = [`
			`# Minecraft`
			`{`
			`destination = "10.0.0.12:25555";`
			`proto = "tcp";`
			`sourcePort = 25565;`
			`}`
			`{`
			`destination = "10.0.0.12:25555";`
			`proto = "udp";`
			`sourcePort = 25565;`
			`}`
			`# Factorio`
			`{`
			`destination = "10.0.0.12:34197";`
			`proto = "udp";`
			`sourcePort = 34197;`
			`}`
			`];`
			`};`

			`fudo = {`
			`hosts.fimbria.external-interfaces = [ "enp1s0" ];`
			`client.dns.external-interface = "enp1s0";`
			`services = {`
			`local-network = {`
			`enable = true;`
			`internal-interfaces = [ "intif0" ];`
			`external-interface = "enp1s0";`
			`dns-filter-proxy.enable = true;`
			`};`

			`metrics = {`
			`prometheus.state-directory = "/state/services/prometheus";`
			`};`

			`auth.kerberos.state-directory = "/state/services/heimdal-kdc";`
			`};`
			`};`

			`security.acme.defaults.email = "niten@fudo.org";`

			`systemd.services.nginx.requires = [ "bind.service" ];`

			`services = {`
			`## TODO: enable when ready`
			`# nginx = {`
			`# enable = true;`
			`# recommendedGzipSettings = true;`
			`# recommendedOptimisation = true;`
			`# recommendedProxySettings = true;`

			`# virtualHosts = {`
			`# "sea-home.fudo.link" = {`
			`# enableACME = true;`
			`# forceSSL = true;`
			`# locations."/" = {`
			`# proxyPass = "http://home-assist.sea.fudo.org/";`
			`# extraConfig = ''`
			`# proxy_http_version 1.1;`
			`# proxy_set_header Upgrade $http_upgrade;`
			`# proxy_set_header Connection "Upgrade";`
			`# '';`
			`# };`
			`# };`
			`# };`
			`# };`

			`murmur = {`
			`enable = true;`
			`port = 64738;`
			`bonjour = true;`
			`password = "thelittleschool";`
			`};`

			`openssh = {`
			`hostKeys = [`
			`{`
			`path = "/state/ssh/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
			`{`
			`path = "/state/ssh/ssh_host_rsa_key";`
			`type = "rsa";`
			`bits = 4096;`
			`}`
			`];`
			`};`
			`};`
			`};`
			`}`