From b9ed0b1f2913541725ba87dae375b1795491cb2f Mon Sep 17 00:00:00 2001 From: Alexander Szczepanski Date: Sun, 4 Dec 2022 13:02:11 +0100 Subject: [PATCH] changed vps3 --- configs/common.nix | 2 -- machine/vps3.nix | 72 ++++++---------------------------------------- 2 files changed, 8 insertions(+), 66 deletions(-) diff --git a/configs/common.nix b/configs/common.nix index c404a31..48f39f1 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -22,8 +22,6 @@ in { "10MB" "-listen" "127.0.0.1:53" - "-forwarder" - secrets.nextdnsforwarder "-report-client-info" ]; }; diff --git a/machine/vps3.nix b/machine/vps3.nix index 42ec3e7..cc9fb6c 100644 --- a/machine/vps3.nix +++ b/machine/vps3.nix @@ -10,45 +10,20 @@ in { time.timeZone = "Europe/Berlin"; networking = { - hostName = "vpse"; # Define your hostname. + hostName = "vps3"; # Define your hostname. useDHCP = false; interfaces.ens18 = { useDHCP = true; }; wireguard.interfaces = { wg0 = { - ips = [ "10.100.0.1/24" ]; - listenPort = 51820; - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE - ''; - privateKey = secrets.wireguard-vps-private; + ips = [ "10.100.0.100/32" ]; + privateKey = secrets.wireguard-vps3-private; peers = [ { - publicKey = secrets.wireguard-desktop-public; + publicKey = secrets.wireguard-vps-public; presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.2/32" ]; - } - { - publicKey = secrets.wireguard-mini-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.3/32" "192.168.178.0/24" ]; - } - { - publicKey = secrets.wireguard-mbp-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.4/32" ]; - } - { - publicKey = secrets.wireguard-phone1-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.5/32" ]; - } - { - publicKey = secrets.wireguard-raspberrypi-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.6/32" ]; + allowedIPs = [ "10.100.0.0/24" ]; + endpoint = "szczepan.ski:51820"; + persistentKeepalive = 25; } ]; }; @@ -62,27 +37,17 @@ in { allowedUDPPorts = [ 80 # web 443 # web - 51820 # wireguard ]; - # interfaces.wg0 = { - # allowedTCPPorts = [ - # 2049 - # 61208 # foo - # ]; - # }; }; }; - environment.systemPackages = with pkgs; [ goaccess xd nyx ]; + environment.systemPackages = with pkgs; [ ]; programs = { mtr.enable = true; fuse.userAllowOther = true; }; - security.acme.defaults.email = "webmaster@szczepan.ski"; - security.acme.acceptTerms = true; - services = { fail2ban = { enable = true; @@ -98,27 +63,6 @@ in { enabled = true ''; }; - - borgbackup.jobs.home = rec { - compression = "auto,zstd"; - encryption = { - mode = "repokey-blake2"; - passphrase = secrets.borg-key; - }; - extraCreateArgs = - "--stats --verbose --checkpoint-interval 600 --exclude-caches"; - environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_rsa"; - paths = [ "/home/alex" "/var/lib" ]; - repo = secrets.borg-repo; - startAt = "daily"; - prune.keep = { - daily = 7; - weekly = 4; - monthly = 6; - }; - extraPruneArgs = "--save-space --stats"; - exclude = [ "/home/alex/.cache" ]; - }; }; # Limit stack size to reduce memory usage