palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

...

3 commits
9a33ca1283 ... 55eaa80e98

Author SHA1 Message Date
Ingolf Wagner
55eaa80e98
⬆️ update nixos-healthchecks 2025-02-16 16:26:42 +13:00
Ingolf Wagner
3aacad45f3
🐛 fix wireguard forwarding 2025-02-16 16:26:18 +13:00
Ingolf Wagner
f721410bdd
install nixos-healthchecks 2025-02-14 23:36:56 +13:00
4 changed files with 10 additions and 5 deletions

6
flake.lock generated
View file

@ -595,11 +595,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1739521936, "lastModified": 1739592950,
"narHash": "sha256-jqFt4Xc/YqsZER+BAB72zJYJWD3rkZ23LpitUzhwpAE=", "narHash": "sha256-d3XN13HyvYKUaC/f0bE4BtmtbZhVCLVfmBvEiXy8ypw=",
"owner": "mrvandalo", "owner": "mrvandalo",
"repo": "nixos-healthchecks", "repo": "nixos-healthchecks",
"rev": "ab6b0a8e9158755b26196861d95b8ab99f8b4481", "rev": "1f419e233d009a97d668e3568ed5e442d29e4c73",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -307,7 +307,9 @@
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10; boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10; boot.loader.grub.configurationLimit = lib.mkDefault 10;
environment.systemPackages = [ pkgs.systemctl-find-service-config ]; environment.systemPackages = [
pkgs.systemctl-find-service-config
];
} }
) )
# My Structure # My Structure

3
machines/orbi/configuration.nix
View file

@ -56,8 +56,11 @@
components.network.enable = true; components.network.enable = true;
components.network.nginx.landingpage.enable = false; components.network.nginx.landingpage.enable = false;
components.network.wifi.enable = false; components.network.wifi.enable = false;
components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly
components.virtualisation.podman.enable = false; components.virtualisation.podman.enable = false;
components.virtualisation.virtualbox.enable = false;
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
features.network.fail2ban.enable = true; features.network.fail2ban.enable = true;

2
machines/orbi/network-wireguard.nix
View file

@ -31,7 +31,7 @@ in
ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value} ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value}
''; '';
boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot.kernel.sysctl."net.ipv4.conf.wg0.forwarding" = true;
# Enable WireGuard # Enable WireGuard
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {