mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: add firezone gateway and allow trafic

Browse source
This commit is contained in:
oddlama 2025-03-16 22:38:03 +01:00
parent 3725789765
commit c4891afe7d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
10 changed files with 54 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/ward/default.nix
View file

@ -7,6 +7,21 @@
nodes,
...
}:
let
# FIXME: dont hardcode, filter global service domains by internal state
# FIXME: new entry here? make new adguardhome entry too.
# FIXME: new entry here? make new firezone entry too.
homeDomains = [
globals.services.grafana.domain
globals.services.immich.domain
globals.services.influxdb.domain
globals.services.loki.domain
globals.services.paperless.domain
globals.services.esphome.domain
globals.services.home-assistant.domain
"fritzbox.${globals.domains.personal}"
];
in
{
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
@ -63,6 +78,9 @@
rekeyFile = config.node.secretsDir + "/firezone-gateway-token.age";
};
networking.hosts.${globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv6} = homeDomains;
networking.hosts.${globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4} = homeDomains;
systemd.services.firezone-gateway.environment.HEALTH_CHECK_ADDR = "127.0.0.1:17999";
services.firezone.gateway = {
enable = true;
name = "ward";