swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-15 05:39:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat[server]: add firezone

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-01-01 02:30:10 +01:00 committed by Leon Schwarzäugl
parent c8f7739326
commit 4da9291223
69 changed files with 2415 additions and 1132 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/nixos/aarch64-linux/twothreetunnel/default.nix
View file

@ -1,4 +1,4 @@
{ self, lib, minimal, ... }:
{ self, config, lib, minimal, ... }:
{
imports = [
./hardware-configuration.nix
@ -12,6 +12,8 @@
icon = "devices.cloud-server";
};
globals.general.webProxy = config.node.name;
swarselsystems = {
flakePath = "/root/.dotfiles";
info = "VM.Standard.A1.Flex, 2 vCPUs, 8GB RAM";
@ -27,7 +29,6 @@
server = {
wireguard.interfaces = {
wgProxy = {
# ifName = "wg";
isServer = true;
peers = [
"moonside"
@ -47,8 +48,16 @@
swarselmodules.server = {
nginx = true;
oauth2-proxy = true;
dns-hostrecord = true;
wireguard = true;
firezone = true;
};
networking.nftables = {
firewall.zones.untrusted.interfaces = [ "lan" ];
chains.forward.dnat = {
after = [ "conntrack" ];
rules = [ "ct status dnat accept" ];
};
};
}