mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 14:50:40 +02:00
Code Activity

feat: add paperless samba share and per-user consume folder

Browse source
This commit is contained in:
oddlama 2024-01-19 02:03:29 +01:00
parent 8446b8fa13
commit b466f8ab65
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
8 changed files with 245 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.stylua.toml
View file

@ -1,6 +0,0 @@
column_width = 120
line_endings = "Unix"
indent_type = "Tabs"
indent_width = 1
quote_style = "AutoPreferDouble"
no_call_parentheses = true

112
flake.lock generated
View file

@ -85,6 +85,22 @@
}
},
"base16-alacritty": {
"flake": false,
"locked": {
"lastModified": 1703982197,
"narHash": "sha256-TNxKbwdiUXGi4Z4chT72l3mt3GSvOcz6NZsUH8bQU/k=",
"owner": "aarowill",
"repo": "base16-alacritty",
"rev": "c95c200b3af739708455a03b5d185d3d2d263c6e",
"type": "github"
},
"original": {
"owner": "aarowill",
"repo": "base16-alacritty",
"type": "github"
}
},
"base16-alacritty-yaml": {
"flake": false,
"locked": {
"lastModified": 1674275109,
@ -97,6 +113,7 @@
"original": {
"owner": "aarowill",
"repo": "base16-alacritty",
"rev": "63d8ae5dfefe5db825dd4c699d0cdc2fc2c3eaf7",
"type": "github"
}
},
@ -335,11 +352,11 @@
]
},
"locked": {
"lastModified": 1705348229,
"narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=",
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"type": "github"
},
"original": {
@ -531,11 +548,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
@ -762,11 +779,11 @@
]
},
"locked": {
"lastModified": 1705347059,
"narHash": "sha256-MSdJZDeyBIjf1SAZ7OvA44b00zUGTrDxkAm9vVR+XRk=",
"lastModified": 1705535278,
"narHash": "sha256-V5+XKfNbiY0bLKLQlH+AXyhHttEL7XcZBH9iSbxxexA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8c3b2a0cab64a464de9e41a470eecf1318ccff57",
"rev": "b84191db127c16a92cbdf7f7b9969d58bb456699",
"type": "github"
},
"original": {
@ -817,11 +834,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1705320633,
"narHash": "sha256-ZFHqXr8f1zPAUJGLxB2qFapQCs7Dc8R75/mKIiw3sP0=",
"lastModified": 1705423846,
"narHash": "sha256-PULm77CvMZ9cQ4MaTXgvJom2ePB9c38p39JB4TFXEdw=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "b170b6a80de0a6df07d73594290dcd6d26ef7bbb",
"rev": "1d0951ca1b3721ff4e6049c3a37df56c78c60c65",
"type": "github"
},
"original": {
@ -854,11 +871,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1705263072,
"narHash": "sha256-DCqqaNWn9G81U+0Myyr36JrOKitcmS34oBWxqiHjabk=",
"lastModified": 1705592620,
"narHash": "sha256-97/yDm6n9C6fma0pSM/mMQeMLfmEOZPGbpKARNoKeG4=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "088ba565537eaef1041a87be5a44ca0daa4e1908",
"rev": "ccf44d60393a571b549448167fa03882693a5a3d",
"type": "github"
},
"original": {
@ -979,11 +996,11 @@
"pre-commit-hooks": "pre-commit-hooks_3"
},
"locked": {
"lastModified": 1705283066,
"narHash": "sha256-uYvo7hr28saTQuzZ+t0v2dPAxfcVLs4WirMuFl/ykAA=",
"lastModified": 1705582795,
"narHash": "sha256-hfP3TcXu76XHtwkIoTQSQLAe00yHrS1/Vt+pMZdsNRg=",
"owner": "oddlama",
"repo": "nixos-extra-modules",
"rev": "cab2f4b0408cc072a8f9405daa542298b11ea87b",
"rev": "dca8158b4f4354d7898439f4d449d0bfc4f6ebac",
"type": "github"
},
"original": {
@ -1000,11 +1017,11 @@
]
},
"locked": {
"lastModified": 1701689616,
"narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
"lastModified": 1705400161,
"narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "246219bc21b943c6f6812bb7744218ba0df08600",
"rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234",
"type": "github"
},
"original": {
@ -1036,31 +1053,31 @@
]
},
"locked": {
"lastModified": 1703019250,
"narHash": "sha256-Ykp/kh2tF33sVsiEYdIVssIi1gepN+TGnjZsabycJbo=",
"owner": "oddlama",
"lastModified": 1703279052,
"narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=",
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"rev": "f5b43e40755f7519085236980ad971025db8985f",
"rev": "3bf23aeb346e772d157816e6b72a742a6c97db80",
"type": "github"
},
"original": {
"owner": "oddlama",
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705351535,
"narHash": "sha256-l6UP54vksO6IRhNRTcTEFmrIEWt86VPKA5XHZHGnpkk=",
"owner": "oddlama",
"lastModified": 1705496572,
"narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6cfc951b5237de6d62e43e235e65690e063e09bc",
"rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19",
"type": "github"
},
"original": {
"owner": "oddlama",
"ref": "fix-kanidm-build",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -1172,11 +1189,11 @@
]
},
"locked": {
"lastModified": 1705323114,
"narHash": "sha256-VOrbI0RLWenZ4H70DcD1WxpFkY2IG/F/3gMZUujAZaM=",
"lastModified": 1705585910,
"narHash": "sha256-5pvcEdTiVn5F+6gpyQbTxeLhcRlV/oN8nNiwjgLqigs=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "25ea5dd63dab3d63f679071a30994ae711c906ba",
"rev": "5b2b874c87882a5fc7f30be353410432e685ca0d",
"type": "github"
},
"original": {
@ -1230,11 +1247,11 @@
]
},
"locked": {
"lastModified": 1705268857,
"narHash": "sha256-IMaCyPTp5Za0xVUorHRxq39VaUrEDuWA9MbV1z6eHR8=",
"lastModified": 1705581923,
"narHash": "sha256-ms+6X+Sbx7Je8vMzux4ricuUR6JNHGoMZJLqhjGLxn8=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "9e04eb3c3c6fcb6ea31e4d3633ea5fd7378906cb",
"rev": "df7a90127b079a39bfaba3eae1885ce6ab3a062a",
"type": "github"
},
"original": {
@ -1411,11 +1428,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1702865809,
"narHash": "sha256-K7caQe+KqjqTBFmJawmBjmm25S6bza5CXhAqbXFLyH8=",
"lastModified": 1705112162,
"narHash": "sha256-IAM0+Uijh/fwlfoeDrOwau9MxcZW3zeDoUHc6Z3xfqM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "b2aafcee4a8842cecfc877ff7dd271f333dc0fa8",
"rev": "9e0af26ffe52bf955ad5575888f093e41fba0104",
"type": "github"
},
"original": {
@ -1444,6 +1461,7 @@
"inputs": {
"base16": "base16",
"base16-alacritty": "base16-alacritty",
"base16-alacritty-yaml": "base16-alacritty-yaml",
"base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix",
@ -1459,11 +1477,11 @@
]
},
"locked": {
"lastModified": 1704308480,
"narHash": "sha256-88ICCdJyYYtsolRnPhI9IF+bhUIVUyhJ7nrKcKPgf6M=",
"lastModified": 1705504375,
"narHash": "sha256-oRVxuJ6sCljsgfoWb+SsIK2MvUjsxrXQHRoVTUDVC40=",
"owner": "danth",
"repo": "stylix",
"rev": "9bc1900b6888efdda39c2e02c7c8666911b72608",
"rev": "2d59480b4531ce8d062d20a42560a266cb42b9d0",
"type": "github"
},
"original": {
@ -1653,11 +1671,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1705313011,
"narHash": "sha256-ASZCgwE1rTnhlMfooTrcLIaxaQBdFKcpX7r8rYtrpE8=",
"lastModified": 1705487953,
"narHash": "sha256-6oh1H7/74v57m3AtK8jQLvN9LtKqyeT862krjJasOJs=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "2857b543b2fc0d1471ceb5409c846fbaa4ed8062",
"rev": "fe0f02af93b09e5fe689c948a557e466b99d9a58",
"type": "github"
},
"original": {

5
flake.nix
View file

@ -63,12 +63,11 @@
};
nixos-nftables-firewall = {
url = "github:oddlama/nixos-nftables-firewall";
url = "github:thelegy/nixos-nftables-firewall";
inputs.nixpkgs.follows = "nixpkgs";
};
# BUG: nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:oddlama/nixpkgs/fix-kanidm-build";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";

10
hosts/sire/default.nix
View file

@ -47,6 +47,7 @@
mkGuest = guestName: {
enableStorageDataset ? false,
enableBunkerDataset ? false,
enablePaperlessDataset ? false,
...
}: {
autostart = true;
@ -67,6 +68,10 @@
pool = "storage";
dataset = "bunker/guests/${guestName}";
};
zfs."/paperless" = lib.mkIf enablePaperlessDataset {
pool = "storage";
dataset = "bunker/paperless";
};
modules = [
../../modules
./guests/common.nix
@ -116,11 +121,14 @@
// mkMicrovm "samba" {
enableStorageDataset = true;
enableBunkerDataset = true;
enablePaperlessDataset = true;
}
// mkMicrovm "grafana" {}
// mkMicrovm "influxdb" {}
// mkMicrovm "loki" {}
// mkMicrovm "paperless" {}
// mkMicrovm "paperless" {
enablePaperlessDataset = true;
}
#// mkMicrovm "minecraft"
#// mkMicrovm "immich"
#// mkMicrovm "firefly"

57
hosts/sire/guests/paperless.nix
View file

@ -6,19 +6,8 @@
sentinelCfg = nodes.sentinel.config;
paperlessDomain = "paperless.${sentinelCfg.repo.secrets.local.personalDomain}";
in {
# XXX: remove microvm.mem = 1024 * 12;
# XXX: remove microvm.vcpu = 4;
meta.wireguard-proxy.sentinel.allowedTCPPorts = [
config.services.paperless.port
];
age.secrets.paperless-admin-password = {
rekeyFile = config.node.secretsDir + "/paperless-admin-password.age";
generator.script = "alnum";
mode = "440";
group = "paperless";
};
microvm.mem = 1024 * 6;
microvm.vcpu = 8;
nodes.sentinel = {
networking.providedDomains.paperless = paperlessDomain;
@ -46,27 +35,49 @@ in {
};
};
# TODO environment.persistence."/persist".directories = [
# TODO {
# TODO directory = "/var/lib/???";
# TODO user = "???";
# TODO group = "???";
# TODO mode = "0700";
# TODO }
# TODO ];
meta.wireguard-proxy.sentinel.allowedTCPPorts = [
config.services.paperless.port
];
age.secrets.paperless-admin-password = {
rekeyFile = config.node.secretsDir + "/paperless-admin-password.age";
generator.script = "alnum";
mode = "440";
group = "paperless";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/paperless";
user = "paperless";
group = "paperless";
mode = "0750";
}
];
services.paperless = {
enable = true;
address = "0.0.0.0";
passwordFile = config.age.secrets.paperless-admin-password.path;
consumptionDir = "/paperless/consume";
mediaDir = "/paperless/media";
settings = {
PAPERLESS_URL = "https://${paperlessDomain}";
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
PAPERLESS_TRUSTED_PROXIES = sentinelCfg.meta.wireguard.proxy-sentinel.ipv4;
PAPERLESS_CONSUMER_ENABLE_BARCODES = true;
PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE = true;
PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
PAPERLESS_FILENAME_FORMAT = "{created_year}-{created_month}-{created_day}_{asn}_{title}";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_FILENAME_FORMAT = "{owner_username}/{created_year}-{created_month}-{created_day}_{asn}_{title}";
# Nginx does that better.
PAPERLESS_ENABLE_COMPRESSION = false;
#PAPERLESS_IGNORE_DATES = concatStringsSep "," ignoreDates;
PAPERLESS_NUMBER_OF_SUGGESTED_DATES = 4;
PAPERLESS_NUMBER_OF_SUGGESTED_DATES = 8;
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_TASK_WORKERS = 4;
PAPERLESS_WEBSERVER_WORKERS = 4;

132
hosts/sire/guests/samba.nix
View file

@ -46,7 +46,11 @@
}
);
mkUserShares = user: {enableBunker ? false, ...}:
mkUserShares = user: {
enableBunker ? false,
enablePaperless ? false,
...
}:
[
(mkShare user "/shares/users/${user}" {
"valid users" = user;
@ -56,6 +60,13 @@
mkShare "${user}-bunker" "/shares/users/${user}-bunker" {
"valid users" = user;
}
)
++ lib.optional enablePaperless (
mkShare "${user}-paperless" "/shares/users/${user}-paperless" {
"valid users" = user;
"force user" = "paperless";
"force group" = "paperless";
}
);
in {
age.secrets."samba-passdb.tdb" = {
@ -89,9 +100,8 @@ in {
'';
};
fileSystems."/storage".neededForBoot = true;
fileSystems."/bunker".neededForBoot = true;
environment.persistence = lib.mkMerge ([
environment.persistence = lib.mkMerge (
[
{
"/persist".files = [
"/etc/ssh/ssh_host_rsa_key"
@ -114,7 +124,13 @@ in {
mkPersistent "/bunker" "/shares/groups/${name}-bunker" name
)
)
));
)
);
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.samba = {
enable = true;
@ -188,6 +204,100 @@ in {
));
};
systemd.tmpfiles.settings = lib.mkMerge (
# Make sure the main paperless structure exists
[
{
"10-smb-paperless" = {
"/paperless/consume".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/media".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/media/documents".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/media/documents/archive".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/media/documents/originals".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
};
}
]
# For each paperless share, make sure the necessary sub-folders for that user are created
# at boot so we can bind-mount them into the shares.
++ lib.flatten (lib.flip lib.mapAttrsToList smbUsers (
user: userCfg:
lib.optional (userCfg.enablePaperless or false) {
"10-smb-paperless" = {
"/shares/users/${user}-paperless".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/consume/${user}".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/media/documents/archive/${user}".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
"/paperless/media/documents/originals/${user}".d = {
user = "paperless";
group = "paperless";
mode = "0750";
};
};
}
))
);
# For each paperless share, bind-mount create the necessary folders using tmpfiles.
fileSystems = lib.mkMerge (
[
{
"/storage".neededForBoot = true;
"/bunker".neededForBoot = true;
}
]
++ lib.flip lib.mapAttrsToList smbUsers (
user: userCfg:
lib.optionalAttrs (userCfg.enablePaperless or false) {
"/shares/users/${user}-paperless/consume" = {
fsType = "none";
options = ["bind"];
device = "/paperless/consume/${user}";
};
"/shares/users/${user}-paperless/documents" = {
fsType = "none";
options = ["bind" "ro"];
device = "/paperless/media/documents/archive/${user}";
};
"/shares/users/${user}-paperless/originals" = {
fsType = "none";
options = ["bind" "ro"];
device = "/paperless/media/documents/originals/${user}";
};
}
)
);
users.users = let
mkUser = name: id: groups: {
isNormalUser = true;
@ -210,10 +320,20 @@ in {
scanner.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJcWkqM2gXM9MJoKggCMpXLBJvgPP0fuoIO3UNy4h4uFzyDqMKAADjaJHCqyIQPq/s5vATVmuu4GQyajkc7Y3fBg/2rvAACzFx/2ufK2M4dkdDcYOX6kyNZL7XiJRmLfUR2cqda3P3bQxapkdfIOWfPQQJUAnYlVvUaIShoBxYw5HXRTr2jR5UAklfIRWZOmx07WKC6dZG5MIm1Luun5KgvqQmzQ9ErL5tz/Oi5pPdK30kdkS5WdeWD6KwL78Ff4KfC0DVTO0zb/C7WyKk4ZLu+UKCLHXDTzE4lhBAu6mSUfJ5nQhmdLdKg6Gvh1St/vRcsDJOZqEFBVn35/oK974l root@ADS_4300N_BRN000EC691D285"
];
paperless = {
group = "paperless";
uid = config.ids.uids.paperless;
home = "/var/empty";
};
}
];
users.groups = lib.mapAttrs (_: cfg: {gid = cfg.id;}) (smbUsers // smbGroups);
users.groups =
{
paperless.gid = config.ids.gids.paperless;
}
// lib.mapAttrs (_: cfg: {gid = cfg.id;}) (smbUsers // smbGroups);
# Backups
# ========================================================================

19
hosts/sire/secrets/samba/local.nix.age
View file

@ -1,12 +1,9 @@
age-encryption.org/v1
-> X25519 XPiCVTwoNp+wxBHO+VroeCoWNHVsdtjeSEX4cLCnHFY
RWmVk3RrtU3qOBjvBbYJ9qSf34PHXAUVhnC9fdFCEf4
-> piv-p256 xqSe8Q A4hKgmiwNm99B4RVisUnKDDj4r6KtOOpeVCBM35Z/V76
OLj3c+OIFfqbclocmoIKuKEaOengs0cCipI4wNRrbaQ
-> 46$NeX?-grease Z'&t |s}Wh:
P0L0T0ObtToRodYfse+ETpl3GWGAbLlVFrJJackWMgkOWIjkU8YvKmQHcQ7QTSc7
bFyyf1pDEkkAGAZEzoqnem+0sZN4bcqNuZJKqkzCaJDeJvrui0sCfyj0
--- HCDoDWmBPaPfC3oh/qroi2nMtBI3PvmAfhlRpPpktJk
e˛”> ~Đ/Ĭ÷Ć»oŞ!eÜŽş·Ý~Fhű��ý™¸±�eFd÷Âř¦R˲0%EâTxV\ę«7™ŇË% �óz˛BѢ&qžŐ’·Üe=pÇR¸ » KÎŤc¨Çî˛ôZŮľ¶±Ň4€ŕwć~Çs
b<[şu÷§Î<gý}W8uYá?Ëä`'źŮ\OÍT»(tJ}ßť5ns(W‚VÚRť"ŁdíLHGĽß1Î<Şm¸OYS·ý‰.Ŕ`†7A¤c¦ZŻĂčöy­¦1"`Ä.3 líŃččăsőg»7étçĚEmAemvGұ�•–ä$”^jŤ)*ᩦ‹¬©ž‹˙=hĄSa�YçPńš1]7Ű�ůą/-RśÇ5P˙qÂŁ"ú$)ÝűŮřť˛^Űý`Ę"~TuŻ.=;¨?.±m÷ű0Şňű-¸×?OŘ!…K,îžB˛„† ܸN?«ĂYhă=”Ł_żĂđ<ŰŻR[Ó>ŰÓĄ Z6Q‡ kŃË˙!ťÓŢńéć!$K[‡QU;fgä|šĺPě�†K‰ŢVQh~ŚŇđ
‹ČńeîąĂKŃE1äŢťAŚéÄôÎśt UD\; Ĺź
-> X25519 Q7D2vrZW1uTnMN/Z4EK9TbW1G2TY8Qb2Ws/hMLXu4i0
lR33X+3PHN4BwkuPmL9e3nl4RvM1li2bnCnhGt7mV54
-> piv-p256 xqSe8Q ApCyiAdPYwN34Nz/e3FdnmCNvNpDXKcmO3o9MOylggFi
uEAIcTjk4iOPjDzkdBKnXc9Mbu+17FKJXKJ+uWiXO60
-> !h<J'(Xn-grease o9_~ hZ&
BNE5AxqxXURYm7ZmQ88gLg
--- T55VcCw25vkWx2TucwlNIIQDaSkCZ4sEFbhUiS8w/nw
|ÙS ç²^ÍB¨Íu'!hD¹XY"iÂ|^ωðÄ"­?"u�ÃmîtÂ…má1yts•ÆS2s ëÁf"È�Q!ÿNr +>ç�_r懿ÂY´ßÀ#I[+ð9èG?u‡) ûvˆÂ´ÜkÔòžšØÚÊÔ_“PÑÆ@`Ø/ó¦iÏ㈭­%!X5`C‚r¤_Ú.\zýŒ’�ã2ÂúG>e}î!}¢�Oø¶aü4º¤œ‰i†‰ÆŸÒZDÙøß©m–PI2Z[ì„ñ!!w��îTí]p–ÕSç6êÐÁDÖÅSLxûøTÒ˜µ‹´©¥ÛçÁW@‡)8‡õ…U•nÁÞ1 2¶Ÿ„ó9튮Ǝ>éæx,«òÙ²RU¼o˜ñ¥Óùc–£²Ö¾Q‘�©z#'f­H¬ÝU1P¨"9Š°ªöÕk6‹dïΕfÁþkþ�ø-A8]ÁÍËB±QN» • îWŸÝ&�‘³�:ê—“á$ï»7z‘Ì …ÅeÀñ}&ÕáY²a…J÷� x$?}/P‡p~«sû½Ûùš˜ M"² ôp´ Æù|øåQ ˓톕Šï­kȘö¾è£±,r ëfÄë쬓 ìƆ´Á^QQ%.ô­

1
modules/wireguard-proxy.nix
View file

@ -65,6 +65,7 @@ in {
rules."${proxy}-to-local" = {
from = [proxy];
to = ["local"];
ignoreEmptyRule = true;
inherit
(cfg.${proxy})