From ed8578cb356c5e714df07a8c3f4717b1a342d9a7 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Wed, 24 Jan 2024 16:22:40 +0900
Subject: feat(nixos/kanata): add blocky

---
 nixos/default.nix              |  1 +
 nixos/kanata/configuration.nix | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

(limited to 'nixos')

diff --git a/nixos/default.nix b/nixos/default.nix
index dc7e5ef..1e4cc94 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -38,6 +38,7 @@
       ../modules/cachix
       ../modules/trayscale.nix
       ../modules/tailscale-initrd.nix
+      ../modules/services/blocky
       inputs.sops-nix.nixosModules.sops
       inputs.impermanence.nixosModules.impermanence
     ];
diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix
index aac02f5..6bde8a6 100644
--- a/nixos/kanata/configuration.nix
+++ b/nixos/kanata/configuration.nix
@@ -94,6 +94,24 @@ in
   powerManagement.cpuFreqGovernor = "ondemand";
 
   sops.secrets.zfs-smol-key = { };
+  # sops.secrets.nextcloud-admin-pass = { };
+
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+
+  networking.firewall.enable = true;
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "enp3s0";
+    # Lazy IPv6 connectivity for the container
+    enableIPv6 = true;
+  };
+
+  modules = {
+    services.blocky.enable = true;
+  };
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-- 
cgit 1.4.1