rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

falkenstein.vpn -> falkenstein

Browse source
This commit is contained in:
Rouven Seifert 2024-03-09 12:40:02 +01:00
parent 525b92a65d
commit 05dc9b4671
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
4 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/falkenstein/modules/mail/default.nix
View file

@ -44,7 +44,8 @@ in
sslKey = "/var/lib/acme/${hostname}/key.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem";
config = { config = {
home_mailbox = "Maildir/"; home_mailbox = "Maildir/";
smtp_helo_name = "falkenstein.vpn.rfive.de"; smtp_helo_name = config.networking.fqdn;
smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name";
smtp_use_tls = true; smtp_use_tls = true;
smtpd_use_tls = true; smtpd_use_tls = true;
smtpd_tls_protocols = [ smtpd_tls_protocols = [
@ -220,7 +221,6 @@ in
"dkim_signing.conf".text = '' "dkim_signing.conf".text = ''
selector = "rspamd"; selector = "rspamd";
allow_username_mismatch = true; allow_username_mismatch = true;
allow_hdrfrom_mismatch = true;
path = /var/lib/rspamd/dkim/$domain.key; path = /var/lib/rspamd/dkim/$domain.key;
''; '';
}; };

6
hosts/falkenstein/modules/networks/default.nix
View file

@ -31,6 +31,10 @@
"2620:fe::fe" "2620:fe::fe"
"2620:fe::9" "2620:fe::9"
]; ];
extraConfig = ''
[Resolve]
DNSStubListener=no
'';
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
@ -72,7 +76,7 @@
wireguardPeerConfig = { wireguardPeerConfig = {
PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path; PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path;
Endpoint = "dorm.vpn.rfive.de:51820"; Endpoint = "nuc.rfive.de:51820";
AllowedIPs = "192.168.42.0/24, 192.168.43.0/24"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
}; };
} }

2
hosts/thinkpad/modules/networks/default.nix
View file

@ -151,7 +151,7 @@
wireguardPeerConfig = { wireguardPeerConfig = {
PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path; PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path;
Endpoint = "dorm.vpn.rfive.de:51820"; Endpoint = "nuc.rfive.de:51820";
AllowedIPs = "192.168.42.0/24, 192.168.43.0/24"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24";
}; };
} }

2
users/rouven/modules/ssh/default.nix
View file

@ -22,7 +22,7 @@ in
identityFile = git; identityFile = git;
}; };
"rfive.de" = { "rfive.de" = {
hostname = "falkenstein.vpn.rfive.de"; hostname = "falkenstein.rfive.de";
user = "root"; user = "root";
extraOptions = { extraOptions = {
VerifyHostKeyDNS = "yes"; VerifyHostKeyDNS = "yes";