44 lines
830 B
Nix
44 lines
830 B
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: {
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [dig traceroute];
|
|
|
|
services = {
|
|
resolved.enable = false;
|
|
openssh.ports = [4269];
|
|
|
|
frp = {
|
|
enable = true;
|
|
role = "server";
|
|
settings = {
|
|
bindPort = 7000;
|
|
auth = {
|
|
method = "token";
|
|
token = "{{ .Envs.FRP_TOKEN }}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
age.secrets.frpToken.file = ../../secrets/etna/frpToken.age;
|
|
systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
|
|
|
|
networking = {
|
|
networkmanager.dns = "default";
|
|
|
|
firewall = {
|
|
allowedTCPPorts = [22]; # forgejo-ssh
|
|
allowedTCPPortRanges = [
|
|
{
|
|
from = 6000;
|
|
to = 7000;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|