jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-configuration/hosts/aluminium/configuration.nix
Jakob Lechner 8cec9745da Add sops defaults
2025-09-01 16:06:04 +02:00

142 lines
3.2 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, ... }:
{
imports = [
./hardware-configuration.nix
../../users/jalr
./services
./ports.nix
];
services.openssh.enable = true;
security.sudo.wheelNeedsPassword = false;
networking = {
hostName = "aluminium";
useDHCP = false;
vlans = {
lechner = {
id = 1;
interface = "enp1s0";
};
voice = {
id = 2;
interface = "enp1s0";
};
iot = {
id = 3;
interface = "enp1s0";
};
pv = {
id = 10;
interface = "enp1s0";
};
heizung = {
id = 11;
interface = "enp1s0";
};
sprechanlage = {
id = 12;
interface = "enp1s0";
};
};
interfaces = {
lechner.ipv4.addresses = [{
address = "192.168.0.1";
prefixLength = 24;
}];
voice.ipv4.addresses = [{
address = "192.168.1.1";
prefixLength = 24;
}];
iot.ipv4.addresses = [{
address = "192.168.2.1";
prefixLength = 24;
}];
pv.ipv4.addresses = [{
address = "192.168.10.1";
prefixLength = 30;
}];
heizung.ipv4.addresses = [{
address = "192.168.10.5";
prefixLength = 30;
}];
sprechanlage.ipv4.addresses = [{
address = "192.168.10.9";
prefixLength = 30;
}];
enp2s0.useDHCP = false;
};
nat = {
enable = true;
externalInterface = "ppp0";
internalInterfaces = [
"lechner"
"voice"
];
};
firewall.extraInputRules = ''
iifname "voice" udp dport 5059 accept
ip saddr 217.10.68.150 udp dport 5060 accept
'';
nftables.tables.pppoe = {
family = "ip";
content = ''
chain clamp {
type filter hook forward priority mangle;
oifname "ppp0" tcp flags syn tcp option maxseg size set rt mtu comment "clamp MSS to Path MTU"
}
'';
};
};
environment.etc."ppp/pap-secrets".source = config.sops.secrets.pap-secrets.path;
services.pppd = {
enable = true;
peers = {
pyur = {
enable = true;
name = "pyur";
config = ''
#debug
defaultroute
hide-password
holdoff 5
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 10
lcp-echo-interval 60
maxfail 0
#mtu 1470
name pyur
noauth
noccp
noipdefault
noipv6
novjccomp
persist
plugin pppoe.so enp2s0
user l8545506
'';
};
};
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 60;
priority = 1;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink