2024-03-24 14:02:03 +01:00
|
|
|
{config, ...}: {
|
|
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
zramSwap.enable = true;
|
|
|
|
|
2024-07-18 11:11:54 +02:00
|
|
|
services.openssh.ports = [4269];
|
2024-03-24 14:02:03 +01:00
|
|
|
|
|
|
|
services.frp = {
|
|
|
|
enable = true;
|
|
|
|
role = "server";
|
|
|
|
settings = {
|
|
|
|
bindPort = 7000;
|
|
|
|
auth = {
|
|
|
|
method = "token";
|
|
|
|
token = "{{ .Envs.FRP_TOKEN }}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
age.secrets.frpToken.file = ../../secrets/etna/frpToken.age;
|
|
|
|
systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
|
2024-07-18 11:11:54 +02:00
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [22]; # forgejo-ssh
|
|
|
|
allowedTCPPortRanges = [
|
|
|
|
{
|
|
|
|
from = 6000;
|
|
|
|
to = 7000;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
2024-03-24 14:02:03 +01:00
|
|
|
}
|