current config

2025-12-03 17:38:31 +00:00 · 2025-12-03 17:38:31 +00:00 · c0a1f5495f
commit c0a1f5495f
parent 0a2fb9609c
2 changed files with 31 additions and 20 deletions
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@ -30,7 +30,7 @@

  users = {
    motd = "Welcome to the Server";
-    defaultUserShell = pkgs.nushell;
+    defaultUserShell = pkgs.zsh;
    users = {
      k = {
        isNormalUser = true;
@ -48,16 +48,14 @@
    };
  };

-  home-manager = {users = {"k" = import ./home.nix;};};
+  home-manager = {
+    backupFileExtension = "bk";
+    users = {"k" = import ./home.nix;};
+  };

  environment.systemPackages = with pkgs; [
    microcodeIntel
    firefox
-    (pkgs.kodi.withPackages (kodiPkgs:
-      with kodiPkgs; [
-        jellyfin
-        youtube
-      ]))
  ];

  hardware.bluetooth.enable = true;
--- a/hosts/server/service.nix
+++ b/hosts/server/service.nix
@ -6,11 +6,33 @@
  networking = {
    firewall = {
      enable = true;
-      allowedTCPPorts = [80 443 22 25565 26615 8080];
-      allowedUDPPorts = [26615 8080 1900];
+      allowedTCPPorts = [80 443 22 25565 26615 8080 53 19132 ];
+      allowedUDPPorts = [26615 8080 1900 51820 53 19132 ];
+    };
+    nat.externalInterface = "wlp0s20f3";
+    nat.internalInterfaces = [ "wg0" ];
+    wireguard.interfaces = {
+      wg0 = {
+        ips = ["10.0.0.1/24"];
+        listenPort = 51820;
+        privateKeyFile = "/keys/wg-private";
+       peers = [
+          { # laptop
+	    publicKey = "Ze2y3K+blI3aBc1AKTlvv90j+McBaitB+qSLazsuSFM=";
+            allowedIPs = ["10.0.0.2/32"];
+          }
+
+          { # phone
+            publicKey = "vcheBoHRxCrwzbMw0UI9ZsQfVDJizBWkeM+pF5/8+HE=";
+            allowedIPs = ["10.0.0.3/32"];
+          }
+        ];
+      };
    };
  };

+  networking.nat.enable = true;
+
  security.acme = {
    acceptTerms = true;
    defaults.email = "markers711@gmail.com";
@ -33,15 +55,6 @@

    i2p = {enable = true;};

-    cockpit = {
-      enable = true;
-      allowed-origins = ["https://pit.dhilton.xyz"];
-    };
-
-    pulseaudio = {
-      enable = true;
-    };
-
    nix-serve = {
      enable = true;
      secretKeyFile = "/var/cache-priv-key.pem";
@ -184,11 +197,11 @@
          };
        };

-        "pit.dhilton.xyz" = {
+        "map.dhilton.xyz" = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
-            proxyPass = "http://127.0.0.1:9090";
+            proxyPass = "http://127.0.0.1:8100";
            proxyWebsockets = true;
          };
        };