diff options
| author | Alex Auvolat <alex@adnab.me> | 2023-03-24 12:01:38 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2023-03-24 12:01:38 +0100 |
| commit | 53b9cfd8385a4cf60176df02eea7a3804b3891fb (patch) | |
| tree | 0b797276cd000ed72320e625252ebf71d33674dd /nix | |
| parent | 5cd69a9ba1c2f87d9a1e294f06b74945e745e475 (diff) | |
| download | nixcfg-53b9cfd8385a4cf60176df02eea7a3804b3891fb.tar.gz nixcfg-53b9cfd8385a4cf60176df02eea7a3804b3891fb.zip | |
wgautomesh actually on prod
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/configuration.nix | 3 | ||||
| -rw-r--r-- | nix/deuxfleurs.nix | 9 | ||||
| -rw-r--r-- | nix/wgautomesh.nix | 4 |
3 files changed, 7 insertions, 9 deletions
diff --git a/nix/configuration.nix b/nix/configuration.nix index 0b07056..9d3169b 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -84,5 +84,8 @@ SystemMaxUse=1G dns = [ "172.17.0.1" ]; })}"; }; + + nix.gc.automatic = true; + nix.gc.options = "--delete-older-than 30d"; } diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index ba8cdfc..f7b70d7 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -31,11 +31,6 @@ in default = null; description = "Wireguard endpoint on the public Internet"; }; - lan_endpoint = mkOption { - type = nullOr str; - description = "Wireguard endpoint for nodes in the same site"; - default = null; - }; }; }; in @@ -271,7 +266,7 @@ in # listenPort = cfg.wireguard_port; # privateKeyFile = "/var/lib/deuxfleurs/wireguard-keys/private"; # mtu = 1420; - # peers = map ({ publicKey, endpoint, IP, site_name, lan_endpoint, ... }: { + # peers = map ({ publicKey, endpoint, IP, ... }: { # inherit publicKey endpoint; # allowedIPs = [ "${IP}/32" ]; # persistentKeepalive = 25; @@ -332,7 +327,7 @@ in services.nomad.enable = true; systemd.services.nomad.after = [ "wg-quick-wg0.service" ]; - services.nomad.package = pkgs.nomad_1_3; + services.nomad.package = pkgs.nomad_1_4; services.nomad.extraPackages = [ pkgs.glibc pkgs.zstd diff --git a/nix/wgautomesh.nix b/nix/wgautomesh.nix index c64c4af..55aa73f 100644 --- a/nix/wgautomesh.nix +++ b/nix/wgautomesh.nix @@ -118,8 +118,8 @@ in User = "wgautomesh"; StateDirectory = "wgautomesh"; StateDirectoryMode = "0700"; - AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; - CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE"; + AmbientCapabilities = "CAP_NET_ADMIN"; + CapabilityBoundingSet = "CAP_NET_ADMIN"; }; wantedBy = [ "multi-user.target" ]; }; |