idk

2025-08-21 15:39:24 -05:00
parent 6025b6c4f1
commit bd64283f04
14 changed files with 768 additions and 346 deletions
--- a/systems/x86_64-linux/nas/default.nix
+++ b/systems/x86_64-linux/nas/default.nix
@@ -17,7 +17,7 @@
    ./boot.nix
    ./apps.nix
    ./grafana.nix
-    ./networking.nix
+    # ./networking.nix - moved to modules/nixos/network
    ./ups.nix
    ./users.nix
    ./samba.nix
@@ -44,6 +44,67 @@
      ipv4 = {
        address = "10.0.1.3/24";
        method = "manual";
+        gateway = "10.0.1.1";
+        interface = "wlp6s0";
+      };
+      useNetworkd = true;
+      hostId = "4b501480";
+      nat = {
+        enable = true;
+        internalInterfaces = [ "ve-+" ];
+        externalInterface = "wlp6s0";
+        enableIPv6 = true;
+      };
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          8008 # restic
+          9000 # authentik
+          2342 # grafana
+          51820 # wireguard
+          1025
+          1143
+          10200
+          10300
+          8127
+          9980 # onlyoffice
+          4000 # netbootxyz
+          4080 # netbootxyz
+          3000 # gitea
+          2222 # gitea ssh
+          3300
+          9898
+          6754 # lubelogger
+          2283 # immich
+          4444 # code-server
+          9012
+          8192
+        ];
+        allowedUDPPorts = [
+          8008 # restic
+          9000 # authentik
+          2342 # grafana
+          51820 # wireguard
+          1025
+          1143
+          10200
+          10300
+          8127
+          9980 # onlyoffice
+          4000 # netbootxyz
+          4080 # netbootxyz
+          3000 # gitea
+          2222 # gitea ssh
+          3300
+          9898
+          6754 # lubelogger
+          2283 # immich
+          4444 # code-server
+          9012
+          8192
+        ];
+        trustedInterfaces = [ "tailscale0" ];
      };
    };
    user = {