diff --git a/hosts/shan/adguard.nix b/hosts/shan/adguard.nix index 73d2993..664d7d2 100644 --- a/hosts/shan/adguard.nix +++ b/hosts/shan/adguard.nix @@ -22,7 +22,10 @@ in auth_attempts = 5; block_auth_min = 10; dns = { - bind_hosts = [ "0.0.0.0" ]; + bind_hosts = [ + "192.168.178.27" + "100.64.0.4" + ]; port = 53; upstream_mode = "load_balance"; upstream_dns_file = config.age.secrets.adguard-dns-list.path; diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix index 7eb8342..4f84e63 100644 --- a/hosts/shan/default.nix +++ b/hosts/shan/default.nix @@ -159,20 +159,29 @@ }; }; }; - }; - networking.firewall.allowedTCPPorts = [ 5232 ]; - # security.acme = { - #acceptTerms = true; - #certs = { - #"ccnlc.eu" = { - #email = "dns@ccnlc.eu"; - #dnsProvider = "ovh"; - #extraDomainNames = [ "*.ccnlc.eu" ]; - #environmentFile = "/var/secrets/ovh-ccnlc"; - #}; - #}; - #}; + ntfy-sh = { + enable = true; + settings = + let + root = "/var/lib/ntfy-sh"; + in + { + base-url = "https://ntfy.ccnlc.eu"; + listen-http = "0.0.0.0:9393"; + auth-default-access = "deny-all"; + behind-proxy = true; + attachment-cache-dir = "${root}/attachments"; + enable-signup = true; + enable-login = true; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 5232 + 9393 + ]; fileSystems = { "/mnt/shows" = { diff --git a/options/container/default.nix b/options/container/default.nix index e96acb7..d5287d8 100644 --- a/options/container/default.nix +++ b/options/container/default.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let cfg = config.modules.container; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkEnableOption mkForce; in { imports = [ @@ -20,7 +20,7 @@ in dockerCompat = true; defaultNetwork.settings = { # Required for container networking to be able to use names. - dns_enabled = false; + dns_enabled = mkForce false; }; }; virtualisation.oci-containers.backend = "podman";