{ config, lib, pkgs, ... }: with lib; let primaryIp = "10.0.0.2"; in { config = { networking = { interfaces = { enp1s0.useDHCP = true; intif0 = { useDHCP = false; ipv4 = { addresses = [{ address = primaryIp; prefixLength = 16; }]; routes = [{ address = "192.168.86.0"; prefixLength = 24; via = "10.0.0.3"; }]; }; }; }; enableIPv6 = false; firewall = { # Until it becomes the gateway, this is necessary enable = mkForce true; allowedTCPPorts = [ 80 443 25565 config.services.murmur.port ]; allowedUDPPorts = [ 25565 34197 ]; }; nat.forwardPorts = [ # Minecraft { destination = "10.0.0.12:25555"; proto = "tcp"; sourcePort = 25565; } { destination = "10.0.0.12:25555"; proto = "udp"; sourcePort = 25565; } # Factorio { destination = "10.0.0.12:34197"; proto = "udp"; sourcePort = 34197; } ]; }; fudo = { hosts.fimbria.external-interfaces = [ "enp1s0" ]; client.dns.external-interface = "enp1s0"; services = { local-network = { enable = true; internal-interfaces = [ "intif0" ]; external-interface = "enp1s0"; dns-filter-proxy.enable = true; }; metrics = { prometheus.state-directory = "/state/services/prometheus"; }; auth.kerberos.state-directory = "/state/services/heimdal-kdc"; }; }; security.acme.defaults.email = "niten@fudo.org"; systemd.services.nginx.requires = [ "bind.service" ]; services = { ## TODO: enable when ready # nginx = { # enable = true; # recommendedGzipSettings = true; # recommendedOptimisation = true; # recommendedProxySettings = true; # virtualHosts = { # "sea-home.fudo.link" = { # enableACME = true; # forceSSL = true; # locations."/" = { # proxyPass = "http://home-assist.sea.fudo.org/"; # extraConfig = '' # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; # ''; # }; # }; # }; # }; murmur = { enable = true; port = 64738; bonjour = true; password = "thelittleschool"; }; openssh = { hostKeys = [ { path = "/state/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/state/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; }; }; }; }