Fix dns for hera
This commit is contained in:
parent
0ceba9bbb2
commit
e6d6dd2721
|
@ -76,9 +76,10 @@ with lib; {
|
|||
hera-p = "${p}::3";
|
||||
v4-p = "10.0.0";
|
||||
in {
|
||||
hera = "${p}::1";
|
||||
|
||||
hera-v4 = "213.136.94.190";
|
||||
hera = {
|
||||
AAAA = "${p}::1";
|
||||
A = "213.136.94.190";
|
||||
};
|
||||
|
||||
hera-intern = "${hera-p}:1";
|
||||
chor-cloud = "${hera-p}:b";
|
||||
|
|
|
@ -81,8 +81,8 @@ in {
|
|||
(lib.concatStringsSep "\n"
|
||||
(builtins.filter (x: !builtins.elem x nonMailboxDomains)
|
||||
config.mailserver.domains)));
|
||||
smtp_bind_address = hosts.hera-v4;
|
||||
smtp_bind_address6 = hosts.hera;
|
||||
smtp_bind_address = hosts.hera.A;
|
||||
smtp_bind_address6 = hosts.hera.AAAA;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,7 +7,7 @@ in {
|
|||
m-0.tailscale-routes = "fd42:ccc:da:64::/64,172.20.64.0/24";
|
||||
systemd.network.networks."10-wan" = {
|
||||
matchConfig.Name = "ens18";
|
||||
address = [ "213.136.94.190/24" "${hosts.hera}/128" ];
|
||||
address = [ "${hosts.hera.A}/24" "${hosts.hera.AAAA}/128" ];
|
||||
routes = [
|
||||
{ routeConfig.Gateway = "213.136.94.1"; }
|
||||
{ routeConfig.Gateway = "fe80::1"; }
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
fqdn = "${config.networking.hostName}.${config.networking.domain}";
|
||||
key_dir = config.security.acme.certs."${fqdn}".directory;
|
||||
in {
|
||||
users.users.turnserver.extraGroups = [ "nginx" ]; # For read access to certs;
|
||||
networking.firewall = let
|
||||
range = [{
|
||||
from = config.services.coturn.min-port;
|
||||
to = config.services.coturn.max-port;
|
||||
}];
|
||||
ports = [
|
||||
config.services.coturn.listening-port
|
||||
config.services.coturn.alt-listening-port
|
||||
config.services.coturn.tls-listening-port
|
||||
config.services.coturn.alt-tls-listening-port
|
||||
];
|
||||
in {
|
||||
allowedUDPPortRanges = range;
|
||||
allowedTCPPortRanges = range;
|
||||
allowedTCPPorts = ports;
|
||||
allowedUDPPorts = ports;
|
||||
};
|
||||
security.acme.certs = {
|
||||
"${fqdn}".postRun = "systemctl restart coturn.service";
|
||||
};
|
||||
services = {
|
||||
coturn = {
|
||||
enable = true;
|
||||
use-auth-secret = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
min-port = 52000;
|
||||
max-port = 52100;
|
||||
pkey = "${key_dir}/key.pem";
|
||||
cert = "${key_dir}/fullchain.pem";
|
||||
static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
|
||||
"matrix/server-secrets").turn_shared_secret;
|
||||
realm = fqdn;
|
||||
listening-ips = [ config.m-0.hosts.hera config.m-0.hosts.hera-v4 ];
|
||||
extraConfig = ''
|
||||
fingerprint
|
||||
|
||||
denied-peer-ip=10.0.0.0-10.255.255.255
|
||||
denied-peer-ip=192.168.0.0-192.168.255.255
|
||||
denied-peer-ip=172.16.0.0-172.31.255.255
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -24,9 +24,10 @@ in {
|
|||
useNetworkd = true;
|
||||
useDHCP = false; # enabled per interface
|
||||
hosts = lib.zipAttrs (lib.mapAttrsToList (host: ip:
|
||||
if builtins.typeOf ip == "set" then
|
||||
{ }
|
||||
else {
|
||||
if builtins.typeOf ip == "set" then {
|
||||
${ip.AAAA or null} = "${host} ${host}.m-0.eu";
|
||||
${ip.A or null} = "${host} ${host}.m-0.eu";
|
||||
} else {
|
||||
"${ip}" = "${host} ${host}.m-0.eu";
|
||||
}) config.m-0.hosts ++ lib.mapAttrsToList (host: ips:
|
||||
let
|
||||
|
|
Loading…
Reference in a new issue