pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add ssh keys for VPS, add fallback internal traefik route

Browse source
This commit is contained in:
Evie Litherland-Smith 2023-05-27 16:27:21 +01:00
parent d83dd577bc
commit 46cf3b2a13
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Vanguard.nix
View file

@ -24,6 +24,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1tJFdbiyJApuVZFvo9E9kjlBwvXZeySqVuS2qGdxha tux@monarch" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1tJFdbiyJApuVZFvo9E9kjlBwvXZeySqVuS2qGdxha tux@monarch"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI1dWlS16Keil0MGPWmMsBzx8F9ylfz+fRwxUr8/tZ/ ion" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI1dWlS16Keil0MGPWmMsBzx8F9ylfz+fRwxUr8/tZ/ ion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAcvAQ8W71Bn8pdMYst1hoVCmVJ+0h4HBlJzu1C6dwy xenia@Northstar" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAcvAQ8W71Bn8pdMYst1hoVCmVJ+0h4HBlJzu1C6dwy xenia@Northstar"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDI44C35I2x9tqzeZDmIpbzmGJWXfATn/Wp5KzVRdlCi root@debian"
]; ];
}; };
home-manager.users.root = import ./home/Vanguard/root.nix; home-manager.users.root = import ./home/Vanguard/root.nix;
@ -40,7 +41,7 @@
# Requirements for Star Citizen # Requirements for Star Citizen
boot.kernel.sysctl."vm.max_map_count" = 16777216; boot.kernel.sysctl."vm.max_map_count" = 16777216;
environment.systemPackages = with pkgs; [mesa lutris wine-wayland winetricks]; environment.systemPackages = with pkgs; [mesa lutris wine-wayland mono winetricks];
# Extra hardware configuration # Extra hardware configuration
hardware.openrazer = { hardware.openrazer = {

9
services/traefik/default.nix
View file

@ -14,6 +14,7 @@
}; };
https = {address = ":443";}; https = {address = ":443";};
ssh = {address = ":2222";}; ssh = {address = ":2222";};
traefik-internal = {address = ":8080";};
}; };
certificatesResolvers = { certificatesResolvers = {
default = { default = {
@ -33,6 +34,12 @@
middlewares = ["auth"]; middlewares = ["auth"];
tls = {certResolver = "default";}; tls = {certResolver = "default";};
}; };
routers.api-internal = {
rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["traefik-internal"];
service = "api@internal";
middlewares = ["auth"];
};
middlewares = { middlewares = {
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."]; auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
hsts.headers = { hsts.headers = {
@ -44,6 +51,6 @@
}; };
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [80 443 2222]; allowedTCPPorts = [80 443 2222 8080];
}; };
} }