From 3650d4c6f69f7b20c389088c99416527d4cb9e16 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Fri, 13 Oct 2023 12:06:45 +0000
Subject: Necessary system configuration for Akkoma instance

---
 machines/lapin.nix | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

(limited to 'machines')

diff --git a/machines/lapin.nix b/machines/lapin.nix
index ef92139..6de21d6 100644
--- a/machines/lapin.nix
+++ b/machines/lapin.nix
@@ -1,12 +1,9 @@
-{ ... }:
+{ lib, ... }:
 
-let
-  nameservers = [ "2a01:4ff:ff00::add:1" "2a01:4ff:ff00::add:2" ];
-in
 {
   networking = {
     defaultGateway = "172.31.1.1";
-    inherit nameservers;
+    nameservers = [ "2606:4700:4700::1111" "2606:4700:4700::1001" ];
   };
 
   systemd.network.enable = true;
@@ -17,6 +14,11 @@ in
     routes = [ { routeConfig.Gateway = "fe80::1"; } ];
   };
 
+  services.resolved = {
+    llmnr = "false";
+    dnssec = "false"; # DNSSEC breaks IPv6, for some reason :(
+  };  
+  
   virtualisation.docker.daemon.settings = {
     "experimental" = true;
     "ipv6" = true;
@@ -27,12 +29,22 @@ in
       { base = "172.17.0.0/16"; size = 24; }
       { base = "fc00:d0c::/32"; size = 48; }
     ];
-    "dns" = nameservers;
+    # This is the default Tailscale MTU.
+    # Necessary since we proxy IPv4 requests through another node
+    # and the container does not differentiate the IPv6 (enp1s0) and
+    # IPv4 (tailscale0) interfaces like the host.
+    # Can be removed when I find a better method to support IPv4 on
+    # IPv6 only hosts.
+    "mtu" = 1280;
   };
 
   services.nginx.virtualHosts = {
     "soc.rnrd.eu" = {
+      forceSSL = true;
+      enableACME = true;
+      
       locations."/" = {
+        recommendedProxySettings = true;
         proxyPass = "http://127.0.0.1:1111";
       };
     };
-- 
cgit 1.4.1