Update network config

author: Alex Auvolat <alex@adnab.me> 2021-11-02 17:33:54 +0100
committer: Alex Auvolat <alex@adnab.me> 2021-11-02 17:33:54 +0100
commit: 17ae5ac6b67c214f5f52e9294e252ed11d7e408f (patch)
tree: c9c58c99439dd3c5f7c58eaa3a2e51038e84e619 /configuration.nix
parent: 4d16e394560c64f2aa9a26f2b18d4b31009f86fc (diff)
download: nixcfg-17ae5ac6b67c214f5f52e9294e252ed11d7e408f.tar.gz
nixcfg-17ae5ac6b67c214f5f52e9294e252ed11d7e408f.zip
1 files changed, 35 insertions, 4 deletions
diff --git a/configuration.nix b/configuration.nix
index 6dcf30e..1a4ce2d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -35,6 +35,13 @@ in
   networking.useDHCP = false;
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
+  # Route internet traffic via USB modem (=phone) on other computer
+  networking.nameservers = [ "9.9.9.9" ];
+  networking.defaultGateway = {
+    address = "192.168.1.14";
+    interface = "eno1";
+  };
+
   # Set your time zone.
   time.timeZone = "Europe/Paris";
 
@@ -78,8 +85,9 @@ in
   users.users.lx = {
     isNormalUser = true;
     extraGroups = [
-      "wheel" # Enable ‘sudo’ for the user.
-      "video" # Having fun with links -g
+      "wheel"    # Enable ‘sudo’ for the user.
+      "video"    # Having fun with links -g
+      "docker"   # Enable management of Docker containers
     ];
     openssh.authorizedKeys.keys = [
       # Keys for accessing nodes from outside
@@ -101,6 +109,8 @@ in
   environment.systemPackages = with pkgs; [
     vim
     tmux
+    ncdu
+    iotop
     wget
     htop
     links
@@ -160,11 +170,32 @@ in
       enabled = true;
       network_interface = "eno1";
     };
+    plugin = [
+      {
+        docker = [
+          {
+            config = [
+              {
+                volumes.enabled = true;
+              }
+            ];
+          }
+        ];
+      }
+    ];
   };
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 4646 4647 4648 8500 8300 8301 8302 ];
-  networking.firewall.allowedUDPPorts = [ 4648 8301 8302 ];
+  networking.firewall.allowedTCPPorts = [
+    22                      # SSH
+    3900 3901               # Garage (internal RPC traffic)
+    4646 4647 4648          # Nomad
+    8500 8300 8301 8302     # Consul
+  ];
+  networking.firewall.allowedUDPPorts = [
+    4648                    # Nomad
+    8301 8302               # Consul
+  ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
author	Alex Auvolat <alex@adnab.me>	2021-11-02 17:33:54 +0100
committer	Alex Auvolat <alex@adnab.me>	2021-11-02 17:33:54 +0100
commit	17ae5ac6b67c214f5f52e9294e252ed11d7e408f (patch)
tree	c9c58c99439dd3c5f7c58eaa3a2e51038e84e619 /configuration.nix
parent	4d16e394560c64f2aa9a26f2b18d4b31009f86fc (diff)
download	nixcfg-17ae5ac6b67c214f5f52e9294e252ed11d7e408f.tar.gz nixcfg-17ae5ac6b67c214f5f52e9294e252ed11d7e408f.zip