oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: misc hel1-1 tweaks

Browse Source
This commit is contained in:
Administrator
2025-11-18 14:21:19 +01:00
parent 0c25e3c660
commit 6c05a71290
2 changed files with 64 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
gw/hel1-1/default.nix
View File

@@ -1,40 +1,47 @@
{ pkgs }:
let
name = "hel1-gw-1";
name = "gw-hel1-1";
address = "37.27.203.38";
in
{
hel1-gw-1 =
hel1-1 =
{ config, pkgs, ... }:
with pkgs;
{
deployment.tags = [ "gw" ];
deployment.targetHost = address;
deployment.targetHost = "100.64.0.34";
services.openssh.openFirewall = false;
networking = {
useNetworkd = true;
useDHCP = false;
hostName = name;
firewall.interfaces.enp1s0 = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
firewall.interfaces.enp7s0 = {
allowedTCPPorts = [
111
2049
53
22
6819
];
allowedUDPPorts = [
111
2049
24007
24008
53
22
];
firewall = {
interfaces.enp1s0 = {
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
interfaces.enp7s0 = {
allowedTCPPorts = [
111
2049
53
22
6819
];
allowedUDPPorts = [
111
2049
24007
24008
53
22
];
};
extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o enp1s0 -j MASQUERADE
'';
};
};
@@ -46,8 +53,8 @@ in
};
networks."40-enp7s0" = {
matchConfig.Name = "enp7s0";
DHCP = "no";
address = [ "10.0.1.0/24" ];
DHCP = "yes";
# address = [ "10.0.1.1/24" ];
};
};
@@ -78,12 +85,10 @@ in
authKeyFile = "/var/lib/secrets/tailscale.key";
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server=https://headscale-router.adm.oceanbox.io"
"--login-server=https://headscale.svc.oceanbox.io"
"--accept-dns=true"
"--accept-routes=true"
"--snat-subnet-routes=false"
"--advertise-routes=10.0.1.0/24"
"--advertise-routes=tag:hel1-router"
"--advertise-routes=tag:hel1"
];
};
@@ -92,7 +97,5 @@ in
../default.nix
../../users.nix
];
services.openssh.openFirewall = false;
};
}

49
gw/hel1-1/hardware-configuration.nix
View File

@@ -1,33 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/01e1966b-8621-4a99-9260-a4a94f9d1641";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/01e1966b-8621-4a99-9260-a4a94f9d1641";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4EF7-97DA";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/vol" =
{ device = "/dev/disk/by-uuid/f6b6572c-48bf-4595-8e33-69a7b6e830d8";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4EF7-97DA";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];