containers/fluorite: socks5 via tailscale
Some checks are pending
CI / Build linux-lava for x86_64-linux (push) Waiting to run
Some checks are pending
CI / Build linux-lava for x86_64-linux (push) Waiting to run
This commit is contained in:
parent
4b19491ec7
commit
20b5d96686
GPG key ID:
6500251E087653C9
6 changed files with 33 additions and 3 deletions
|
|
@ -1,16 +1,30 @@
|
|||
{ ... }: {
|
||||
system.stateVersion = "25.11";
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /persist/slskd/Downloads 755 slskd slskd"
|
||||
"d /persist/slskd/downloads 755 slskd slskd"
|
||||
];
|
||||
fileSystems."/var/lib/slskd" = {
|
||||
device = "/persist/slskd";
|
||||
fsType = "none";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
fileSystems."/var/lib/tailscale" = {
|
||||
device = "/persist/tailscale";
|
||||
fsType = "none";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 5030 50300 ];
|
||||
networking.firewall.allowedUDPPorts = [ 5030 50300 ];
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = "/binds/tailscale_auth";
|
||||
openFirewall = true;
|
||||
interfaceName = "userspace-networking";
|
||||
extraDaemonFlags = [ "--socks5-server=localhost:1055" ];
|
||||
extraUpFlags = [ "--exit-node=dandelion" ];
|
||||
};
|
||||
|
||||
services.slskd = {
|
||||
enable = true;
|
||||
domain = null;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
./configuration.nix
|
||||
{
|
||||
networking.useHostResolvConf = false;
|
||||
networking.nameservers = [ host ];
|
||||
networking.nameservers = [ 8.8.8.8 ];
|
||||
}
|
||||
];
|
||||
in {
|
||||
|
|
@ -97,6 +97,11 @@
|
|||
mountPoint = "/binds/slskd_env";
|
||||
isReadOnly = true;
|
||||
};
|
||||
bindMounts."tailscale_auth" = {
|
||||
hostPath = config.age.secrets.tailscale_auth.path;
|
||||
mountPoint = "/binds/tailscale_auth";
|
||||
isReadOnly = true;
|
||||
};
|
||||
# flake = "path:" + ./.;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@
|
|||
modules.services.soulbeet
|
||||
modules.services.syncthing
|
||||
|
||||
inputs.c-fluorite.nixosModule
|
||||
inputs.c-garnet.nixosModule
|
||||
|
||||
./filesystem.nix
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@
|
|||
inputs.c-citrine.nixosModule
|
||||
inputs.c-diamond.nixosModule
|
||||
inputs.c-emerald.nixosModule
|
||||
inputs.c-fluorite.nixosModule
|
||||
|
||||
./filesystem.nix
|
||||
./kernel.nix
|
||||
|
|
|
|||
|
|
@ -4,6 +4,17 @@
|
|||
networking.firewall.trustedInterfaces = [ "tailscale0" ];
|
||||
networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
|
||||
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "tailscaled0" ];
|
||||
forwardPorts = [
|
||||
{
|
||||
sourcePort = 50300;
|
||||
proto = "tcp";
|
||||
destination = "100.67.2.101:50300";
|
||||
}
|
||||
];
|
||||
};
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.age.secrets.tailscale_auth.path;
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue