diff options
| author | Kjetil Ørbekk <kj@orbekk.com> | 2017-12-06 19:23:40 -0500 |
|---|---|---|
| committer | Kjetil Ørbekk <kj@orbekk.com> | 2017-12-06 19:23:40 -0500 |
| commit | 650231500e8b3e26cd7c7f149b49944fb51a3ab3 (patch) | |
| tree | f9720585a26d73189663f56b6569f60f2bb3be1e | |
| parent | 8fdab961a3f5e86e700a982b073e80583ec14f75 (diff) | |
dragon config
| -rw-r--r-- | config/web-server.nix | 1 | ||||
| -rw-r--r-- | machines/dragon.nix | 36 |
2 files changed, 26 insertions, 11 deletions
diff --git a/config/web-server.nix b/config/web-server.nix index 78750f7..2e0d56f 100644 --- a/config/web-server.nix +++ b/config/web-server.nix @@ -10,6 +10,7 @@ # This is a workaround to deal with closed connections on # large downloads. proxy_buffering off; + charset utf-8; ''; virtualHosts = let template = { enableACME = true; diff --git a/machines/dragon.nix b/machines/dragon.nix index 492441c..bab7b97 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ + ../config/borg-backup.nix ../config/common.nix ../config/users.nix ../config/weechat.nix @@ -26,20 +27,28 @@ packages = [ pkgs.lxc ]; }; - boot.kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; - boot.loader.grub.extraConfig = '' - GRUB_TERMINAL="serial" - GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" - ''; - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = ["/dev/sda" "/dev/sdb"]; + + boot = { + kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; + kernel.sysctl = { + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; + }; + + loader.grub.extraConfig = '' + GRUB_TERMINAL="serial" + GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" + ''; + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.devices = ["/dev/sda" "/dev/sdb"]; + }; networking = { hostName = lib.mkForce "dragon"; firewall.allowPing = true; - # firewall.checkReversePath = "loose"; + firewall.checkReversePath = "loose"; bridges = { br0 = { @@ -56,8 +65,8 @@ sleep 10 echo setting up routes ip -6 addr add 2001:470:8e2e:20::d/64 dev br0 || true - ip -6 route change default via fe80::822a:a8ff:fe4d:f5d6 dev br0 metric 0 src 2001:470:8e2e:20::d || true - ip route change default via 10.0.20.1 dev br0 metric 0 || true + ip -6 route replace default via fe80::822a:a8ff:fe4d:f5d6 dev br0 metric 0 src 2001:470:8e2e:20::d || true + ip route replace default via 10.0.20.1 dev br0 metric 0 || true ''; }; @@ -74,6 +83,11 @@ fsType = "btrfs"; options = [ "subvol=storage" ]; }; + "/staging" = { + device = "/dev/sda3"; + fsType = "btrfs"; + options = [ "subvol=staging" ]; + }; }; system.stateVersion = lib.mkForce "17.09"; |