hyl.st / helm
this repo has no description
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

clean up a lil

Anish Lakhwara ff117738 89068f10

+1 -61
+1
profiles/sealight-website/default.nix
··· 1 1 { 2 + # TODO add file/site to be deployed 2 3 # services.nginx = { 3 4 # enable = true; 4 5 # virtualHosts = {
-61
profiles/wireguard-box/default.nix
··· 1 - { config, pkgs, lib, ... }: 2 - 3 - { 4 - services.tailscale.enable = true; 5 - networking.firewall.allowedUDPPorts = [ 60990 ]; 6 - 7 - # Enable WireGuard 8 - networking.wireguard.interfaces = { 9 - # "wg0" is the network interface name. You can name the interface arbitrarily. 10 - wg0 = { 11 - # Determines the IP address and subnet of the client's end of the tunnel interface. 12 - ips = [ "10.0.69.4/24" ]; 13 - listenPort = 60990; # to match firewall allowedUDPPorts (without this wg uses random port numbers) 14 - 15 - # Path to the private key file. 16 - # 17 - # Note: The private key can also be included inline via the privateKey option, 18 - # but this makes the private key world-readable; thus, using privateKeyFile is 19 - # recommended. 20 - privateKeyFile = "/home/anish/wg/privkey"; 21 - 22 - peers = [ 23 - # For a client configuration, one peer entry for the server will suffice. 24 - { 25 - # Public key of the server (not a file path). 26 - publicKey = "c1J4p63rD3IlszugMZiki7UBV3YmDdqa3DU4UejXzAI="; 27 - 28 - # Forward all the traffic via VPN. 29 - allowedIPs = [ "10.0.69.0/24" ]; 30 - # Or forward only particular subnets 31 - #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ]; 32 - 33 - # Set this to the server IP and port. 34 - endpoint = "69.61.38.225:60990"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 35 - 36 - # Send keepalives every 25 seconds. Important to keep NAT tables alive. 37 - persistentKeepalive = 25; 38 - } 39 - ]; 40 - }; 41 - }; 42 - 43 - # boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ]; 44 - # environment.systemPackages = [ pkgs.wireguard ]; 45 - # networking.wireguard.enable = true; 46 - # networking.wireguard.interfaces = { 47 - # wg0 = { 48 - # ips = [ "10.0.69.4/32" ]; 49 - # privateKeyFile = "/home/anish/wg/privkey"; 50 - # listenPort = 60990; 51 - # 52 - # peers = [ 53 - # { # helix - server 54 - # publicKey = "{c1J4p63rD3IlszugMZiki7UBV3YmDdqa3DU4UejXzAI=}"; 55 - # allowedIPs = [ "10.0.69.1/24" ]; 56 - # endpoint = "sealight.xyz:60990"; 57 - # persistentKeepalive = 25; 58 - # } ]; 59 - # }; 60 - # }; 61 - }