aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-11-02 17:33:54 +0100
committerAlex Auvolat <alex@adnab.me>2021-11-02 17:33:54 +0100
commit17ae5ac6b67c214f5f52e9294e252ed11d7e408f (patch)
treec9c58c99439dd3c5f7c58eaa3a2e51038e84e619
parent4d16e394560c64f2aa9a26f2b18d4b31009f86fc (diff)
downloadnixcfg-17ae5ac6b67c214f5f52e9294e252ed11d7e408f.tar.gz
nixcfg-17ae5ac6b67c214f5f52e9294e252ed11d7e408f.zip
Update network config
-rw-r--r--configuration.nix39
-rw-r--r--node/caribou.nix7
2 files changed, 35 insertions, 11 deletions
diff --git a/configuration.nix b/configuration.nix
index 6dcf30e..1a4ce2d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -35,6 +35,13 @@ in
networking.useDHCP = false;
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+ # Route internet traffic via USB modem (=phone) on other computer
+ networking.nameservers = [ "9.9.9.9" ];
+ networking.defaultGateway = {
+ address = "192.168.1.14";
+ interface = "eno1";
+ };
+
# Set your time zone.
time.timeZone = "Europe/Paris";
@@ -78,8 +85,9 @@ in
users.users.lx = {
isNormalUser = true;
extraGroups = [
- "wheel" # Enable ‘sudo’ for the user.
- "video" # Having fun with links -g
+ "wheel" # Enable ‘sudo’ for the user.
+ "video" # Having fun with links -g
+ "docker" # Enable management of Docker containers
];
openssh.authorizedKeys.keys = [
# Keys for accessing nodes from outside
@@ -101,6 +109,8 @@ in
environment.systemPackages = with pkgs; [
vim
tmux
+ ncdu
+ iotop
wget
htop
links
@@ -160,11 +170,32 @@ in
enabled = true;
network_interface = "eno1";
};
+ plugin = [
+ {
+ docker = [
+ {
+ config = [
+ {
+ volumes.enabled = true;
+ }
+ ];
+ }
+ ];
+ }
+ ];
};
# Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [ 22 4646 4647 4648 8500 8300 8301 8302 ];
- networking.firewall.allowedUDPPorts = [ 4648 8301 8302 ];
+ networking.firewall.allowedTCPPorts = [
+ 22 # SSH
+ 3900 3901 # Garage (internal RPC traffic)
+ 4646 4647 4648 # Nomad
+ 8500 8300 8301 8302 # Consul
+ ];
+ networking.firewall.allowedUDPPorts = [
+ 4648 # Nomad
+ 8301 8302 # Consul
+ ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
diff --git a/node/caribou.nix b/node/caribou.nix
index ca64293..5b81c21 100644
--- a/node/caribou.nix
+++ b/node/caribou.nix
@@ -13,13 +13,6 @@
}
];
- # Route internet traffic via USB modem (=phone) on other computer
- networking.nameservers = [ "9.9.9.9" ];
- networking.defaultGateway = {
- address = "192.168.1.14";
- interface = "eno1";
- };
-
# OR use USB modem plugged in here
#networking.interfaces.enp0s20u1.useDHCP = true;