swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-15 13:49:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat[server]: add firezone
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-01-01 02:30:10 +01:00
parent 2d766e8246
commit 2ff914d49d
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
69 changed files with 2415 additions and 1132 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/nixos/aarch64-linux/twothreetunnel/default.nix
View file

@ -1,4 +1,4 @@
{ self, lib, minimal, ... }:
{ self, config, lib, minimal, ... }:
{
imports = [
./hardware-configuration.nix
@ -12,6 +12,8 @@
icon = "devices.cloud-server";
};
globals.general.webProxy = config.node.name;
swarselsystems = {
flakePath = "/root/.dotfiles";
info = "VM.Standard.A1.Flex, 2 vCPUs, 8GB RAM";
@ -27,7 +29,6 @@
server = {
wireguard.interfaces = {
wgProxy = {
# ifName = "wg";
isServer = true;
peers = [
"moonside"
@ -47,8 +48,16 @@
swarselmodules.server = {
nginx = true;
oauth2-proxy = true;
dns-hostrecord = true;
wireguard = true;
firezone = true;
};
networking.nftables = {
firewall.zones.untrusted.interfaces = [ "lan" ];
chains.forward.dnat = {
after = [ "conntrack" ];
rules = [ "ct status dnat accept" ];
};
};
}