Compare commits
No commits in common. "63d110acfeefef9afb9b15fae8501c82378fb60e" and "42577691d2f9a9f6dc046d2d7c8a6cd511cca912" have entirely different histories.
63d110acfe
...
42577691d2
1 changed files with 36 additions and 50 deletions
|
|
@ -31,49 +31,42 @@
|
|||
hostName = "heimdall";
|
||||
domain = "datarift.nl";
|
||||
|
||||
nameservers = [ "8.8.8.8" ];
|
||||
defaultGateway = "172.31.1.1";
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "eth0";
|
||||
};
|
||||
dhcpcd.enable = false;
|
||||
usePredictableInterfaceNames = lib.mkForce false;
|
||||
useDHCP = false;
|
||||
networkmanager.enable = false;
|
||||
useNetworkd = true;
|
||||
firewall.trustedInterfaces = [ "tailscale0" ];
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
|
||||
networks = {
|
||||
"40-eth0" = {
|
||||
matchConfig = {
|
||||
Name = "eth0";
|
||||
};
|
||||
|
||||
networkConfig = {
|
||||
Address = [
|
||||
"159.69.211.175/32"
|
||||
"2a01:4f8:1c1e:5fb2::1/64"
|
||||
"fe80::9400:2ff:fe12:a2eb/64"
|
||||
];
|
||||
DHCP = "no";
|
||||
Gateway = [
|
||||
"172.31.1.1"
|
||||
"fe80::1"
|
||||
];
|
||||
};
|
||||
|
||||
routes = [
|
||||
interfaces = {
|
||||
eth0 = {
|
||||
ipv4.addresses = [
|
||||
{
|
||||
routeConfig = {
|
||||
Destination = "172.31.1.1/32";
|
||||
Scope = "link";
|
||||
Protocol = "static";
|
||||
};
|
||||
address = "159.69.211.175";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
ipv6.addresses = [
|
||||
{
|
||||
address = "2a01:4f8:1c1e:5fb2::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
{
|
||||
routeConfig = {
|
||||
Destination = "fe80::1/128";
|
||||
Scope = "link";
|
||||
Protocol = "static";
|
||||
};
|
||||
address = "fe80::9400:2ff:fe12:a2eb";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
ipv4.routes = [
|
||||
{
|
||||
address = "172.31.1.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
ipv6.routes = [
|
||||
{
|
||||
address = "fe80::1";
|
||||
prefixLength = 128;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
@ -141,18 +134,11 @@
|
|||
};
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo-rs = {
|
||||
enable = true;
|
||||
};
|
||||
sudo.enable = false;
|
||||
|
||||
apparmor = {
|
||||
enable = true;
|
||||
killUnconfinedConfinables = true;
|
||||
};
|
||||
protectKernelImage = true;
|
||||
security.apparmor = {
|
||||
enable = true;
|
||||
killUnconfinedConfinables = true;
|
||||
};
|
||||
security.protectKernelImage = true;
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue