s0me1newithhand7s/reNixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

treewide: upstreaming changes

Browse source 
Signed-off-by: s0me1newithhand7s <117505144+s0me1newithhand7s@users.noreply.github.com>
This commit is contained in:
s0me1newithhand7s 2025-10-24 20:48:35 +03:00
parent d159232b37
commit e4e1b03c7e
No known key found for this signature in database
160 changed files with 3408 additions and 5474 deletions
Download patch file Download diff file Expand all files Collapse all files

16
s0mev1rtn0de-nix/networking/dns.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
networking = {
nameservers = [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.8.4.4"
"2606:4700:4700::1111"
"2606:4700:4700::1001"
"2001:4860:4860::8888"
"2001:4860:4860::8844"
"2620:119:35::35"
"2620:119:53::53"
];
};
}

11
s0mev1rtn0de-nix/networking/firewall.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
networking = {
firewall = {
enable = true;
allowPing = true;
checkReversePath = false;
};
useNetworkd = true;
};
}

21
s0mev1rtn0de-nix/networking/firewall/ens3.nix Normal file
View file

@ -0,0 +1,21 @@
{...}: {
networking = {
firewall = {
interfaces = {
ens3 = {
allowedUDPPorts = [
443
53590
53570
];
allowedTCPPorts = [
443
53590
53570
];
};
};
};
};
}

17
s0mev1rtn0de-nix/networking/firewall/wt0.nix Normal file
View file

@ -0,0 +1,17 @@
{...}: {
networking = {
firewall = {
interfaces = {
wt0 = {
allowedUDPPorts = [
39856
];
allowedTCPPorts = [
39856
];
};
};
};
};
}

5
s0mev1rtn0de-nix/networking/hostname.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
networking = {
hostName = "s0mev1rtn0de-nix";
};
}

16
s0mev1rtn0de-nix/networking/interfaces/ens3.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
networking = {
interfaces = {
ens3 = {
ipv6 = {
addresses = [
{
address = "";
prefixLength = 128;
}
];
};
};
};
};
}

12
s0mev1rtn0de-nix/networking/nat.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
networking = {
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens3";
internalInterfaces = [
"wg0"
];
};
};
}

7
s0mev1rtn0de-nix/networking/nftables.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
networking = {
nftables = {
enable = false;
};
};
}

50
s0mev1rtn0de-nix/networking/wg-quick.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
pkgs,
lib,
...
}: {
networking = {
wg-quick = {
interfaces = {
wg0 = {
type = "wireguard";
listenPort = 53590;
privateKeyFile = config.sops.secrets.privateWgKey;
address = [
"10.100.0.1/24"
];
postUp = ''
${lib.getExe' pkgs.iptables "iptables"} -A FORWARD -i wg0 -j ACCEPT
${lib.getExe' pkgs.iptables "iptables"} -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE
'';
preDown = ''
${lib.getExe' pkgs.iptables "iptables"} -D FORWARD -i wg0 -j ACCEPT
${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE
'';
peers = [
{
publicKey = "{}";
presharedKeyFile = config.sops.secrets.presharedWgKey1;
allowedIPs = [
"10.100.0.2/32"
];
}
{
publicKey = "{}";
presharedKeyFile = config.sops.secrets.presharedWgKey2;
allowedIPs = [
"10.100.0.3/32"
];
}
];
};
};
};
};
}

7
s0mev1rtn0de-nix/networking/wireguard.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
networking = {
wireguard = {
enable = true;
};
};
}