karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add dedicated jupiter ip

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-03-03 17:30:23 +00:00
parent a271e892c3
commit 4354a2149b
7 changed files with 62 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/jupiter-vps/configs/haproxy/default.nix
View File

@@ -1,26 +0,0 @@
{ ... }:
{
# TODO: Some way to automatically configure?
services.haproxy = {
enable = true;
config = ''
global
maxconn 4096
defaults
mode tcp
timeout connect 5s
timeout client 30s
timeout server 30s
frontend http
bind *:80
bind *:443
default_backend main
backend main
server jupiter 10.0.0.2:80 send-proxy-v2
server jupiter_ssl 10.0.0.2:443 send-proxy-v2
'';
};
}

8
hosts/jupiter-vps/configs/sshd/default.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
{
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
];
}

11
hosts/jupiter-vps/configs/wireguard/default.nix
View File

@@ -2,9 +2,13 @@
let
jupiterConfig = inputs.self.nixosConfigurations.jupiter.config;
wireguardPort = 51820;
jupiterPublicIPv4 = "51.89.210.124";
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv4.conf.all.proxy_arp" = 1;
};
sops.secrets."wireguard" = { };
@@ -22,7 +26,10 @@ in
peers = [
{
name = "jupiter";
allowedIPs = [ "10.0.0.2/32" ];
allowedIPs = [
"10.0.0.2/32"
"${jupiterPublicIPv4}/32"
];
publicKey = "Lvx7bpyqI8rUrxYVDolz7T+EPuRWDohJAAToq7kH7EU=";
}
];

6
hosts/jupiter-vps/default.nix
View File

@@ -17,12 +17,14 @@
../common/configs/system/zsh
./configs/boot
./configs/haproxy
./configs/sshd
./configs/wireguard
];
networking.hostName = "jupiter-vps";
environment.impermanence.enable = lib.mkForce false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
];
}