kitten.sh / system
Personal Nix setup
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

system / machines / ramune / configuration.nix
at main 70 lines 1.7 kB view raw
Phil Pluckthun Add common blocklist to nftables
2d25c70f
1{ user, ... }: 2 3{ 4 imports = [ 5 ./hardware.nix 6 ]; 7 8 users.users."${user}" = { 9 isNormalUser = true; 10 extraGroups = [ "wheel" ]; 11 hashedPassword = "$6$DEmCOeiSFe6ymGox$WMWddbT9PkkfDT6JS4WuJsM3mQHI0e9kg0t42UowO79dWAcSU0K//KKlcebSosoMRz5mUEw5TFvbrv1aRHqYa/"; 12 }; 13 14 modules = { 15 router = { 16 enable = true; 17 ipv6 = true; 18 upnp.enable = true; 19 ppp = { 20 enable = true; 21 mtu = 1500; 22 }; 23 interfaces = { 24 external = { 25 name = "extern0"; 26 macAddress = "ec:75:0c:2e:93:b0"; 27 adoptMacAddress = "64:20:9f:16:70:a6"; 28 address = "2a11:2646:11e9::1/48"; 29 }; 30 internal = { 31 name = "intern0"; 32 macAddress = "ec:75:0c:2e:92:1c"; 33 cidr = "10.0.0.1/24"; 34 cidrV6 = "2a11:2646:11e9:1::1/64"; 35 }; 36 }; 37 leases = [ 38 { macAddress = "98:ed:7e:c6:57:b2"; ipAddress = "10.0.0.102"; } # eero router 39 { macAddress = "c4:f1:74:51:4c:f2"; ipAddress = "10.0.0.124"; } # eero router 40 { macAddress = "1c:1d:d3:de:4b:06"; ipAddress = "10.0.0.35"; } # irnbru 41 ]; 42 nftables = { 43 blocklist.enable = true; 44 blockForward = [ 45 "ec:e5:12:1d:23:40" # tado 46 ]; 47 }; 48 }; 49 automation = { 50 enable = true; 51 mqtt.enable = true; 52 homebridge.enable = true; 53 }; 54 server = { 55 enable = true; 56 tailscale.enable = true; 57 caddy.enable = true; 58 vaultwarden.enable = true; 59 tangled.enable = true; 60 backup = { 61 enable = true; 62 r2AccountId = "a261b92e6b94f88e79c9c863e19accd4"; 63 bucket = "ramune-backup"; 64 }; 65 }; 66 }; 67 68 system.stateVersion = "24.11"; 69} 70