From c0a1f5495f802ba3a358208482938d5e00d02d8d Mon Sep 17 00:00:00 2001
From: k <markers711@gmail.com>
Date: Wed, 3 Dec 2025 17:38:31 +0000
Subject: [PATCH] current config

---
 hosts/server/configuration.nix | 12 +++++------
 hosts/server/service.nix       | 39 ++++++++++++++++++++++------------
 2 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index e01d7b5..28e6384 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -30,7 +30,7 @@
 
   users = {
     motd = "Welcome to the Server";
-    defaultUserShell = pkgs.nushell;
+    defaultUserShell = pkgs.zsh;
     users = {
       k = {
         isNormalUser = true;
@@ -48,16 +48,14 @@
     };
   };
 
-  home-manager = {users = {"k" = import ./home.nix;};};
+  home-manager = {
+    backupFileExtension = "bk";
+    users = {"k" = import ./home.nix;};
+  };
 
   environment.systemPackages = with pkgs; [
     microcodeIntel
     firefox
-    (pkgs.kodi.withPackages (kodiPkgs:
-      with kodiPkgs; [
-        jellyfin
-        youtube
-      ]))
   ];
 
   hardware.bluetooth.enable = true;
diff --git a/hosts/server/service.nix b/hosts/server/service.nix
index 9c105a9..43c3cf4 100644
--- a/hosts/server/service.nix
+++ b/hosts/server/service.nix
@@ -6,11 +6,33 @@
   networking = {
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443 22 25565 26615 8080];
-      allowedUDPPorts = [26615 8080 1900];
+      allowedTCPPorts = [80 443 22 25565 26615 8080 53 19132 ];
+      allowedUDPPorts = [26615 8080 1900 51820 53 19132 ];
+    };
+    nat.externalInterface = "wlp0s20f3";
+    nat.internalInterfaces = [ "wg0" ];
+    wireguard.interfaces = {
+      wg0 = {
+        ips = ["10.0.0.1/24"];
+        listenPort = 51820;
+        privateKeyFile = "/keys/wg-private";
+       peers = [
+          { # laptop
+	    publicKey = "Ze2y3K+blI3aBc1AKTlvv90j+McBaitB+qSLazsuSFM=";
+            allowedIPs = ["10.0.0.2/32"];
+          }
+
+          { # phone
+            publicKey = "vcheBoHRxCrwzbMw0UI9ZsQfVDJizBWkeM+pF5/8+HE=";
+            allowedIPs = ["10.0.0.3/32"];
+          }
+        ];
+      };
     };
   };
 
+  networking.nat.enable = true;
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "markers711@gmail.com";
@@ -33,15 +55,6 @@
 
     i2p = {enable = true;};
 
-    cockpit = {
-      enable = true;
-      allowed-origins = ["https://pit.dhilton.xyz"];
-    };
-
-    pulseaudio = {
-      enable = true;
-    };
-
     nix-serve = {
       enable = true;
       secretKeyFile = "/var/cache-priv-key.pem";
@@ -184,11 +197,11 @@
           };
         };
 
-        "pit.dhilton.xyz" = {
+        "map.dhilton.xyz" = {
           forceSSL = true;
           enableACME = true;
           locations."/" = {
-            proxyPass = "http://127.0.0.1:9090";
+            proxyPass = "http://127.0.0.1:8100";
             proxyWebsockets = true;
           };
         };