xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use custom local subdomains for prometheus and adguard webui

Browse source
This commit is contained in:
xunuwu 2025-04-21 23:03:58 +02:00
parent fb2b347ec0
commit dababfe6ee
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
4 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

16
sys/machines/hopper/lab/vpn-namespace.nix
View file

@ -3,6 +3,22 @@
lib,
...
}: {
networking.firewall = let
allowTcpFromVPNToDefaultPorts = [
config.services.prometheus.port
config.services.adguardhome.port
];
in {
extraCommands = builtins.concatStringsSep "\n" (map
(port: "iptables -A nixos-fw -p tcp -s ${config.vpnNamespaces."wg".namespaceAddress} --dport ${toString port} -j nixos-fw-accept")
allowTcpFromVPNToDefaultPorts);
extraStopCommands = builtins.concatStringsSep "\n" (
map
(port: "iptables -D nixos-fw -p tcp -s ${config.vpnNamespaces."wg".namespaceAddress} --dport ${toString port} -j nixos-fw-accept || true")
allowTcpFromVPNToDefaultPorts
);
};
vpnNamespaces."wg" = {
enable = true;
wireguardConfigFile = config.sops.secrets.wireguard.path;