SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-22 11:41:26 +00:00
Code Issues Projects Releases Wiki Activity

Added fixes for disk expansion and VPN networking

Browse source
This commit is contained in:
Illia Chub 2022-02-06 11:44:00 +02:00
parent 8878832ff9
commit d1620a9680
3 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,3 +1 @@
userdata/userdata.json userdata/userdata.json
hardware-configuration.nix
networking.nix

6
configuration.nix
View file

@ -6,7 +6,6 @@ in
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./variables-module.nix ./variables-module.nix
./variables.nix ./variables.nix
./files.nix ./files.nix
@ -34,9 +33,14 @@ in
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
networking = { networking = {
hostName = config.services.userdata.hostname; hostName = config.services.userdata.hostname;
usePredictableInterfaceNames = false;
firewall = { firewall = {
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ]; allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
allowedUDPPorts = lib.mkForce [ 8443 ]; allowedUDPPorts = lib.mkForce [ 8443 ];
extraCommands = ''
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface vpn00 -j ACCEPT
'';
}; };
nameservers = [ "1.1.1.1" "1.0.0.1" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ];
}; };

9
hardware-configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda";
fileSystems = {
"/" = { device = "/dev/sda1"; fsType = "ext4"; };
"/var" = { device = "/dev/sdb"; fsType = "ext4"; };
};
}