fix: fixes to networking and pie services

2023-10-09 10:43:53 +02:00 · 2023-10-09 10:43:53 +02:00 · 6fabfdc431
parent 747481c4ea
commit 6fabfdc431
13 changed files with 88 additions and 70 deletions
--- a/hosts/chocolatebar/factorio/default.nix
+++ b/hosts/chocolatebar/factorio/default.nix
@ -40,7 +40,7 @@ in {
      ];
    };

-    networking.firewall.allowedUDPPorts = [34197];
-    networking.firewall.allowedTCPPorts = [34197];
+    networking.firewall.allowedUDPPorts = [ 34197 ];
+    networking.firewall.allowedTCPPorts = [ 34197 ];
  };
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -57,8 +57,8 @@
          ./pie
          self.nixosModules.yule
          self.nixosModules.printing
-          # self.nixosModules.paperless
-          # self.nixosModules.docker
+          self.nixosModules.paperless
+          self.nixosModules.docker
        ];
      };

--- a/hosts/pie/configuration.nix
+++ b/hosts/pie/configuration.nix
@ -23,7 +23,7 @@ in {

  boot.kernelParams = [
    "boot.shell_on_fail=1"
-    "ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::auto6"
+    "ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::off"
  ];

  boot.initrd.network.enable = true;
@ -36,27 +36,6 @@ in {

  pub-solar.core.disk-encryption-active = false;

-  networking.hostId = "34234773";
-  networking.hostName = "pie";
-  networking.defaultGateway = {
-    address = "192.168.178.1";
-    interface = "enabcm6e4ei0";
-  };
-
-  networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
-    {
-      address = "192.168.178.2";
-      prefixLength = 24;
-    }
-  ];
-
-  networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
-    {
-      address = "fe80::dea6:32ff:fe5c:3164";
-      prefixLength = 64;
-    }
-  ];
-
  security.sudo.extraRules = [
    {
      users = ["${psCfg.user.name}"];
--- a/hosts/pie/default.nix
+++ b/hosts/pie/default.nix
@ -1,12 +1,13 @@
 {...}: {
  imports = [
-    ./configuration.nix
    ./hardware-configuration.nix
+    ./configuration.nix

+    ./networking.nix
    ./unbound.nix
    ./dhcpd.nix
    ./wake-droppie.nix
    ./ddclient.nix
-    # ./firefly.nix
+    ./firefly.nix
  ];
 }
--- a/hosts/pie/dhcpd.nix
+++ b/hosts/pie/dhcpd.nix
@ -80,10 +80,10 @@

      subnet6 = [
        {
-          subnet = "2a02:908:500:b::/64";
+          subnet = "2a02:908:5b1:e3c0::/64";

          pools = [
-            { pool = "2a02:908:500:b::/64"; }
+            { pool = "2a02:908:5b1:e3c0::/64"; }
          ];

          option-data = [
@ -92,7 +92,7 @@
               code = 23;
               space = "dhcp6";
               csv-format = true;
-               data = "2a02:908:500:b:3077:4e39:7763:b5b7";
+               data = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
            }
          ];

@ -101,14 +101,14 @@
              hostname = "droppie.local";
              hw-address = "08:f1:ea:97:0f:0c";
              ip-addresses = [
-                "2a02:908:500:b:3077:4e39:7763:b5b8"
+                "2a02:908:5b1:e3c0:3077:4e39:7763:b5b8"
              ];
            }
            {
              hostname = "pie.local";
              hw-address = "dc:a6:32:5c:31:64";
              ip-addresses = [
-                "2a02:908:500:b:3077:4e39:7763:b5b7"
+                "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7"
              ];
            }
          ];
--- a/hosts/pie/firefly.nix
+++ b/hosts/pie/firefly.nix
@ -23,12 +23,12 @@
  services.caddy = {
    enable = true;
    extraConfig = ''
-    firefly.b12f.io {
-      reverse_proxy localhost:8080
-    }
-    firefly-importer.b12f.io {
-      reverse_proxy localhost:8081
-    }
+      firefly.b12f.io:80 {
+        reverse_proxy localhost:8080
+      }
+      firefly-importer.b12f.io:80 {
+        reverse_proxy localhost:8081
+      }
    '';
  };

@ -77,9 +77,6 @@
      containers."firefly-importer" = {
        image = "fireflyiii/data-importer:latest";
        autoStart = true;
-        volumes = [
-          "/var/lib/firefly/db:/var/lib/postgresql/data"
-        ];
        extraOptions = [ "--network=firefly" ];
        ports = [ "8081:8080" ];
        environmentFiles = [
--- a/hosts/pie/networking.nix
+++ b/hosts/pie/networking.nix
@ -0,0 +1,39 @@
+{
+  flake,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.hostId = "34234773";
+  networking.hostName = "pie";
+  networking.defaultGateway = {
+    address = "192.168.178.1";
+    interface = "enabcm6e4ei0";
+  };
+
+  networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
+    {
+      address = "192.168.178.2";
+      prefixLength = 32;
+    }
+  ];
+
+  networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
+    {
+      address = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
+      prefixLength = 128;
+    }
+  ];
+
+  networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  # Caddy reverse proxy for local services like cups
+  services.caddy = {
+    globalConfig = ''
+      default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7
+      auto_https off
+    '';
+  };
+}
--- a/hosts/pie/unbound.nix
+++ b/hosts/pie/unbound.nix
@ -9,8 +9,14 @@
        include = [
          "\"${pkgs.adlist.unbound-adblockStevenBlack}\""
        ];
-        interface = [ "0.0.0.0" ];
-        access-control = [ "192.168.178.0/24 allow" ];
+        interface = [
+          "0.0.0.0"
+          "::0"
+        ];
+        access-control = [
+          "192.168.178.0/24 allow"
+          "2a02:908:5b1:e3c0::/64 allow"
+        ];
        local-zone = [
          "\"b12f.io\" static"
          "\"local\" static"
@ -18,20 +24,24 @@
        ];
        local-data = [
          "\"droppie.local. 10800 IN A 192.168.178.3\""
-          "\"droppie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\""
+          "\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
          "\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
-          "\"droppie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\""
+          "\"droppie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
          "\"backup.b12f.io. 10800 IN A 192.168.178.3\""
-          "\"backup.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\""
+          "\"backup.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""

          "\"pie.local. 10800 IN A 192.168.178.2\""
-          "\"pie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
+          "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
          "\"pie.b12f.io. 10800 IN A 192.168.178.2\""
-          "\"pie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
+          "\"pie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
          "\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
-          "\"firefly.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
+          "\"firefly.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
+          "\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\""
+          "\"firefly-importer.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
          "\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
-          "\"paperless.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
+          "\"paperless.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
+          "\"cups.b12f.io. 10800 IN A 192.168.178.2\""
+          "\"cups.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""

          "\"fritz.box. 10800 IN A 192.168.178.1\""
          "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
--- a/modules/core/networking.nix
+++ b/modules/core/networking.nix
@ -17,17 +17,6 @@

  networking.firewall.enable = true;

-  networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
-
-  # Caddy reverse proxy for local services like cups
-  services.caddy = {
-    # don't enable by default
-    globalConfig = ''
-      default_bind 127.0.0.1
-      auto_https off
-    '';
-  };
-
  # For rage encryption, all hosts need a ssh key pair
  services.openssh = {
    enable = true;
--- a/modules/core/packages.nix
+++ b/modules/core/packages.nix
@ -21,5 +21,7 @@ in {
    exfat

    gitMinimal
+
+    btop
  ];
 }
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@ -23,7 +23,7 @@ in {
      PAPERLESS_OCR_LANGUAGE = "nld+deu";
      PAPERLESS_ADMIN_USER = psCfg.user.name;
      PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
-      PAPERLESS_URL = "http://paperless.local";
+      PAPERLESS_URL = "http://paperless.b12f.io";
    };
  };

@ -44,11 +44,10 @@ in {
    };
  };

-  networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
  services.caddy = {
    enable = true;
    extraConfig = ''
-      paperless.local:80 {
+      paperless.b12f.io:80 {
        request_header Host localhost:${builtins.toString config.services.paperless.port}
        reverse_proxy localhost:${builtins.toString config.services.paperless.port}
      }
--- a/modules/printing/default.nix
+++ b/modules/printing/default.nix
@ -5,6 +5,8 @@
  lib,
  ...
 }: {
+  services.avahi.enable = true;
+  services.avahi.ipv6 = true;
  services.avahi.nssmdns = true;
  services.avahi.publish.enable = true;
  services.avahi.publish.userServices = true;
@ -29,10 +31,10 @@
  services.caddy = {
    enable = true;
    extraConfig = ''
-    cups.local:80 {
-      request_header Host localhost:631
-      reverse_proxy unix//run/cups/cups.sock
-    }
+      cups.b12f.io:80 {
+        request_header Host localhost:631
+        reverse_proxy unix//run/cups/cups.sock
+      }
    '';
  };
 }
--- a/users/yule/default.nix
+++ b/users/yule/default.nix
@ -14,7 +14,7 @@ in {
      user = {
        name = "yule";
        description = "b12f";
-        password = "$6$pHMaL9DfxhvnLGy5$ka9bRU5p1lPTF0YHPZDM9Miq79iXuaXb6GLeALM1eX5djdsHYnpvVWjrmImWmcghGXsrDwpmXZPSJUU.gFpuA1";
+        password = "$y$j9T$x1nyqcXw/1iYKo3054cdB1$0TOuyE5t5ZV6z9Gzl9zIrmZGADBxupnwcUMTcMtMa73";
        fullName = "Benjamin Bädorf";
        email = "hello@benjaminbaedorf.eu";
        gpgKeyId = "4406E80E13CD656C";