yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

deploy wireguard

Browse source
This commit is contained in:
Yan Lin 2026-02-18 23:04:21 +01:00
parent a47d096503
commit e097126817
7 changed files with 84 additions and 202 deletions
Download patch file Download diff file Expand all files Collapse all files

67
hosts/nixos/nfss/proxy.nix
View file

@ -1,67 +0,0 @@
{ config, ... }:
{
# Traefik dynamic configuration for vps host
services.traefik.dynamic.files."proxy".settings = {
http = {
serversTransports = {
longTimeout = {
forwardingTimeouts = {
dialTimeout = "30s";
responseHeaderTimeout = "1200s";
idleConnTimeout = "1200s";
};
};
};
routers = {
deluge = {
rule = "Host(`deluge.home.yanlincs.com`)";
service = "deluge";
tls = {
certResolver = "cloudflare";
domains = [{
main = "*.home.yanlincs.com";
}];
};
};
photo = {
rule = "Host(`photo.home.yanlincs.com`)";
service = "photo";
tls = {
certResolver = "cloudflare";
domains = [{
main = "*.home.yanlincs.com";
}];
};
};
};
services = {
deluge = {
loadBalancer = {
servers = [{
url = "http://127.0.0.1:8112";
}];
};
};
photo = {
loadBalancer = {
serversTransport = "longTimeout";
servers = [{
url = "http://127.0.0.1:8080";
}];
};
};
};
};
};
}

15
hosts/nixos/nfss/system.nix
View file

@ -4,11 +4,9 @@
imports = [
./hardware-configuration.nix
./containers.nix
./proxy.nix
../system-default.nix
../../../modules/vpn/tailscale.nix
../../../modules/vpn/wireguard.nix
../../../modules/podman.nix
../../../modules/traefik.nix
../../../modules/borg/client.nix
../../../modules/media/server.nix
../../../modules/file-server/samba.nix
@ -132,9 +130,14 @@
};
};
services.tailscale-custom = {
exitNode = true;
subnetRoutes = [ "10.1.1.0/24" ];
services.wireguard-custom = {
enable = true;
mode = "client";
clientConfig = {
address = "10.2.2.10/24";
serverPublicKey = "46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM=";
serverEndpoint = "91.98.84.215:51820";
};
};
# Media server services

23
hosts/nixos/vps/proxy.nix
View file

@ -38,6 +38,17 @@
};
};
deluge = {
rule = "Host(`deluge.yanlincs.com`)";
service = "deluge";
tls = {
certResolver = "cloudflare";
domains = [{
main = "*.yanlincs.com";
}];
};
};
git = {
rule = "Host(`git.yanlincs.com`)";
service = "git";
@ -57,7 +68,7 @@
loadBalancer = {
serversTransport = "longTimeout";
servers = [{
url = "http://10.1.1.152:8080";
url = "http://10.2.2.10:8080";
}];
};
};
@ -65,7 +76,15 @@
music = {
loadBalancer = {
servers = [{
url = "http://10.1.1.152:4533";
url = "http://10.2.2.10:4533";
}];
};
};
deluge = {
loadBalancer = {
servers = [{
url = "http://10.2.2.10:8112";
}];
};
};

15
hosts/nixos/vps/system.nix
View file

@ -6,7 +6,7 @@
./containers.nix
./proxy.nix
../system-default.nix
../../../modules/vpn/tailscale.nix
../../../modules/vpn/wireguard.nix
../../../modules/podman.nix
../../../modules/traefik.nix
../../../modules/borg/client.nix
@ -44,7 +44,6 @@
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 27017 ];
trustedInterfaces = [ "tailscale0" ];
};
};
@ -71,7 +70,17 @@
];
};
services.tailscale-custom.exitNode = true;
services.wireguard-custom = {
enable = true;
mode = "server";
serverConfig = {
address = "10.2.2.1/24";
peers = [{
publicKey = "MCuSF/aFZy7Jq3nI6VpU7jbfZOuEGuMjgpxRWazxtmY=";
allowedIPs = [ "10.2.2.10/32" ];
}];
};
};
services.git-server-custom = {
enable = true;