Add ssh keys for VPS, add fallback internal traefik route

This commit is contained in:
Evie Litherland-Smith 2023-05-27 16:27:21 +01:00
parent d83dd577bc
commit 46cf3b2a13
2 changed files with 10 additions and 2 deletions

View file

@ -24,6 +24,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1tJFdbiyJApuVZFvo9E9kjlBwvXZeySqVuS2qGdxha tux@monarch"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI1dWlS16Keil0MGPWmMsBzx8F9ylfz+fRwxUr8/tZ/ ion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAcvAQ8W71Bn8pdMYst1hoVCmVJ+0h4HBlJzu1C6dwy xenia@Northstar"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDI44C35I2x9tqzeZDmIpbzmGJWXfATn/Wp5KzVRdlCi root@debian"
];
};
home-manager.users.root = import ./home/Vanguard/root.nix;
@ -40,7 +41,7 @@
# Requirements for Star Citizen
boot.kernel.sysctl."vm.max_map_count" = 16777216;
environment.systemPackages = with pkgs; [mesa lutris wine-wayland winetricks];
environment.systemPackages = with pkgs; [mesa lutris wine-wayland mono winetricks];
# Extra hardware configuration
hardware.openrazer = {

View file

@ -14,6 +14,7 @@
};
https = {address = ":443";};
ssh = {address = ":2222";};
traefik-internal = {address = ":8080";};
};
certificatesResolvers = {
default = {
@ -33,6 +34,12 @@
middlewares = ["auth"];
tls = {certResolver = "default";};
};
routers.api-internal = {
rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["traefik-internal"];
service = "api@internal";
middlewares = ["auth"];
};
middlewares = {
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."];
hsts.headers = {
@ -44,6 +51,6 @@
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 2222];
allowedTCPPorts = [80 443 2222 8080];
};
}