Merge branch 'main' of github.com:DarkGuibrine/NixConfig

hosts/Alfa/conf/GM/Pkgs/pkgs.nix

@@ -22,6 +22,7 @@
     ## Segurança / rede
     bitwarden-desktop
     tailscale
+    netbird
     zerotierone
     cloudflared
     sunshine

hosts/darkgui-vps/config/imp.nix

@@ -12,5 +12,5 @@
     ./nix-helper.nix
     ./self-host/self-host.nix
     ./self-host/firewall.nix
-  ];
+    ];
 }

hosts/darkgui-vps/config/pkgs.nix

@@ -18,6 +18,10 @@
     unrar
     zerotierone
     ookla-speedtest
+    just
+    cargo
+    gcc
+    netbird
 
     ## Git
     gitFull
@@ -31,7 +35,6 @@
     python3
 
     ## Segurança
-    unbound
     dig
   ];
 }

hosts/darkgui-vps/config/self-host/firewall.nix

@@ -6,22 +6,34 @@
   ...
 }:
 {
-
   # Open ports in the firewall.
   networking.firewall = {
-    enable = false;
+    enable = true;
     allowedTCPPorts = [
+      22
       80
+      81
       443
+      3000
       5335
       7777
+      9000
+      11000
     ];
-    allowedTCPPorts = [
+
-      5335
-      7777
-    ];
     trustedInterfaces = [ "tailscale0" "docker0" ];
-    allowedUDPPorts = [ config.services.tailscale.port ];
+    allowedUDPPorts = [
+      config.services.tailscale.port
+      53
+      5300
+      7777
+      40000
+    ];
+    extraCommands = ''
+      iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 80 -j REDIRECT --to-port 8000
+      iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 53 -j REDIRECT --to-port 5300
+      iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 53 -j REDIRECT --to-port 5300
+    '';
   };
 
 }

hosts/darkgui-vps/config/self-host/self-host.nix

@@ -16,35 +16,22 @@
     };
   };
 
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = false;
-    allowedTCPPorts = [
-      80
-      443
-    ];
-    allowedUDPPortRanges = [
-      {
-        from = 47998;
-        to = 48000;
-      }
-      {
-        from = 48002;
-        to = 48010;
-      }
-    ];
-    trustedInterfaces = [ "tailscale0" ];
-    allowedUDPPorts = [ config.services.tailscale.port ];
-  };
 
   boot.kernel.sysctl = {
     "net.ipv4.ip_unprivileged_port_start" = 53;
     "net.ipv6.conf.all.forwarding" = true;
+    "net.ipv6.conf.default.forwarding" = true;
   };
 
   users.groups.docker.gid = 131;
   virtualisation.docker = {
     enable = true;
+    daemon.settings = {
+        ipv6 = true;
+        fixed-cidr-v6 = "fd00:db8:1::/64";
+        ip6tables = true;
+        experimental = true;
+      };
   };
 
   services.tailscale = {
@@ -56,46 +43,4 @@
     ];
   };
 
-  services.unbound = {
-    enable = true;
-    settings = {
-      server = {
-        verbosity = 0;
-        interface = [ "0.0.0.0" "127.0.0.1" ];
-        port = 5335;
-
-        access-control = [
-          "127.0.0.0/8 allow"
-          "10.0.0.0/8 allow"
-          "172.16.0.0/12 allow"
-          "192.168.0.0/16 allow"
-        ];
-
-        do-ip4 = "yes";
-        do-udp = "yes";
-        do-tcp = "yes";
-        do-ip6 = "no";
-        prefer-ip6 = "no";
-
-        harden-glue = "yes";
-        harden-dnssec-stripped = "yes";
-        use-caps-for-id = "no";
-        edns-buffer-size = 1232;
-        prefetch = "yes";
-        num-threads = 1;
-        so-rcvbuf = "1m";
-
-        private-address = [
-          "192.168.0.0/16"
-          "169.254.0.0/16"
-          "172.16.0.0/12"
-          "10.0.0.0/8"
-          "fd00::/8"
-          "fe80::/10"
-          "100.0.0.0/8"
-        ];
-      };
-    };
-  };
-
 }