fix: fixes to networking and pie services
This commit is contained in:
parent
747481c4ea
commit
6fabfdc431
|
@ -57,8 +57,8 @@
|
||||||
./pie
|
./pie
|
||||||
self.nixosModules.yule
|
self.nixosModules.yule
|
||||||
self.nixosModules.printing
|
self.nixosModules.printing
|
||||||
# self.nixosModules.paperless
|
self.nixosModules.paperless
|
||||||
# self.nixosModules.docker
|
self.nixosModules.docker
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ in {
|
||||||
|
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
"boot.shell_on_fail=1"
|
"boot.shell_on_fail=1"
|
||||||
"ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::auto6"
|
"ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::off"
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.network.enable = true;
|
boot.initrd.network.enable = true;
|
||||||
|
@ -36,27 +36,6 @@ in {
|
||||||
|
|
||||||
pub-solar.core.disk-encryption-active = false;
|
pub-solar.core.disk-encryption-active = false;
|
||||||
|
|
||||||
networking.hostId = "34234773";
|
|
||||||
networking.hostName = "pie";
|
|
||||||
networking.defaultGateway = {
|
|
||||||
address = "192.168.178.1";
|
|
||||||
interface = "enabcm6e4ei0";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "192.168.178.2";
|
|
||||||
prefixLength = 24;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
|
|
||||||
{
|
|
||||||
address = "fe80::dea6:32ff:fe5c:3164";
|
|
||||||
prefixLength = 64;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
security.sudo.extraRules = [
|
security.sudo.extraRules = [
|
||||||
{
|
{
|
||||||
users = ["${psCfg.user.name}"];
|
users = ["${psCfg.user.name}"];
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
./networking.nix
|
||||||
./unbound.nix
|
./unbound.nix
|
||||||
./dhcpd.nix
|
./dhcpd.nix
|
||||||
./wake-droppie.nix
|
./wake-droppie.nix
|
||||||
./ddclient.nix
|
./ddclient.nix
|
||||||
# ./firefly.nix
|
./firefly.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,10 +80,10 @@
|
||||||
|
|
||||||
subnet6 = [
|
subnet6 = [
|
||||||
{
|
{
|
||||||
subnet = "2a02:908:500:b::/64";
|
subnet = "2a02:908:5b1:e3c0::/64";
|
||||||
|
|
||||||
pools = [
|
pools = [
|
||||||
{ pool = "2a02:908:500:b::/64"; }
|
{ pool = "2a02:908:5b1:e3c0::/64"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
option-data = [
|
option-data = [
|
||||||
|
@ -92,7 +92,7 @@
|
||||||
code = 23;
|
code = 23;
|
||||||
space = "dhcp6";
|
space = "dhcp6";
|
||||||
csv-format = true;
|
csv-format = true;
|
||||||
data = "2a02:908:500:b:3077:4e39:7763:b5b7";
|
data = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -101,14 +101,14 @@
|
||||||
hostname = "droppie.local";
|
hostname = "droppie.local";
|
||||||
hw-address = "08:f1:ea:97:0f:0c";
|
hw-address = "08:f1:ea:97:0f:0c";
|
||||||
ip-addresses = [
|
ip-addresses = [
|
||||||
"2a02:908:500:b:3077:4e39:7763:b5b8"
|
"2a02:908:5b1:e3c0:3077:4e39:7763:b5b8"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "pie.local";
|
hostname = "pie.local";
|
||||||
hw-address = "dc:a6:32:5c:31:64";
|
hw-address = "dc:a6:32:5c:31:64";
|
||||||
ip-addresses = [
|
ip-addresses = [
|
||||||
"2a02:908:500:b:3077:4e39:7763:b5b7"
|
"2a02:908:5b1:e3c0:3077:4e39:7763:b5b7"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -23,10 +23,10 @@
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
firefly.b12f.io {
|
firefly.b12f.io:80 {
|
||||||
reverse_proxy localhost:8080
|
reverse_proxy localhost:8080
|
||||||
}
|
}
|
||||||
firefly-importer.b12f.io {
|
firefly-importer.b12f.io:80 {
|
||||||
reverse_proxy localhost:8081
|
reverse_proxy localhost:8081
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
@ -77,9 +77,6 @@
|
||||||
containers."firefly-importer" = {
|
containers."firefly-importer" = {
|
||||||
image = "fireflyiii/data-importer:latest";
|
image = "fireflyiii/data-importer:latest";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
volumes = [
|
|
||||||
"/var/lib/firefly/db:/var/lib/postgresql/data"
|
|
||||||
];
|
|
||||||
extraOptions = [ "--network=firefly" ];
|
extraOptions = [ "--network=firefly" ];
|
||||||
ports = [ "8081:8080" ];
|
ports = [ "8081:8080" ];
|
||||||
environmentFiles = [
|
environmentFiles = [
|
||||||
|
|
39
hosts/pie/networking.nix
Normal file
39
hosts/pie/networking.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
networking.hostId = "34234773";
|
||||||
|
networking.hostName = "pie";
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.178.1";
|
||||||
|
interface = "enabcm6e4ei0";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.178.2";
|
||||||
|
prefixLength = 32;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
|
||||||
|
prefixLength = 128;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
|
||||||
|
# Caddy reverse proxy for local services like cups
|
||||||
|
services.caddy = {
|
||||||
|
globalConfig = ''
|
||||||
|
default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7
|
||||||
|
auto_https off
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,8 +9,14 @@
|
||||||
include = [
|
include = [
|
||||||
"\"${pkgs.adlist.unbound-adblockStevenBlack}\""
|
"\"${pkgs.adlist.unbound-adblockStevenBlack}\""
|
||||||
];
|
];
|
||||||
interface = [ "0.0.0.0" ];
|
interface = [
|
||||||
access-control = [ "192.168.178.0/24 allow" ];
|
"0.0.0.0"
|
||||||
|
"::0"
|
||||||
|
];
|
||||||
|
access-control = [
|
||||||
|
"192.168.178.0/24 allow"
|
||||||
|
"2a02:908:5b1:e3c0::/64 allow"
|
||||||
|
];
|
||||||
local-zone = [
|
local-zone = [
|
||||||
"\"b12f.io\" static"
|
"\"b12f.io\" static"
|
||||||
"\"local\" static"
|
"\"local\" static"
|
||||||
|
@ -18,20 +24,24 @@
|
||||||
];
|
];
|
||||||
local-data = [
|
local-data = [
|
||||||
"\"droppie.local. 10800 IN A 192.168.178.3\""
|
"\"droppie.local. 10800 IN A 192.168.178.3\""
|
||||||
"\"droppie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\""
|
"\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
|
||||||
"\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
|
"\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
|
||||||
"\"droppie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\""
|
"\"droppie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
|
||||||
"\"backup.b12f.io. 10800 IN A 192.168.178.3\""
|
"\"backup.b12f.io. 10800 IN A 192.168.178.3\""
|
||||||
"\"backup.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\""
|
"\"backup.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
|
||||||
|
|
||||||
"\"pie.local. 10800 IN A 192.168.178.2\""
|
"\"pie.local. 10800 IN A 192.168.178.2\""
|
||||||
"\"pie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
|
"\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
|
||||||
"\"pie.b12f.io. 10800 IN A 192.168.178.2\""
|
"\"pie.b12f.io. 10800 IN A 192.168.178.2\""
|
||||||
"\"pie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
|
"\"pie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
|
||||||
"\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
|
"\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
|
||||||
"\"firefly.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
|
"\"firefly.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
|
||||||
|
"\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\""
|
||||||
|
"\"firefly-importer.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
|
||||||
"\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
|
"\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
|
||||||
"\"paperless.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\""
|
"\"paperless.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
|
||||||
|
"\"cups.b12f.io. 10800 IN A 192.168.178.2\""
|
||||||
|
"\"cups.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
|
||||||
|
|
||||||
"\"fritz.box. 10800 IN A 192.168.178.1\""
|
"\"fritz.box. 10800 IN A 192.168.178.1\""
|
||||||
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
|
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
|
||||||
|
|
|
@ -17,17 +17,6 @@
|
||||||
|
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
|
|
||||||
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
|
||||||
|
|
||||||
# Caddy reverse proxy for local services like cups
|
|
||||||
services.caddy = {
|
|
||||||
# don't enable by default
|
|
||||||
globalConfig = ''
|
|
||||||
default_bind 127.0.0.1
|
|
||||||
auto_https off
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# For rage encryption, all hosts need a ssh key pair
|
# For rage encryption, all hosts need a ssh key pair
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -21,5 +21,7 @@ in {
|
||||||
exfat
|
exfat
|
||||||
|
|
||||||
gitMinimal
|
gitMinimal
|
||||||
|
|
||||||
|
btop
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,7 +23,7 @@ in {
|
||||||
PAPERLESS_OCR_LANGUAGE = "nld+deu";
|
PAPERLESS_OCR_LANGUAGE = "nld+deu";
|
||||||
PAPERLESS_ADMIN_USER = psCfg.user.name;
|
PAPERLESS_ADMIN_USER = psCfg.user.name;
|
||||||
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
|
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
|
||||||
PAPERLESS_URL = "http://paperless.local";
|
PAPERLESS_URL = "http://paperless.b12f.io";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -44,11 +44,10 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
|
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
paperless.local:80 {
|
paperless.b12f.io:80 {
|
||||||
request_header Host localhost:${builtins.toString config.services.paperless.port}
|
request_header Host localhost:${builtins.toString config.services.paperless.port}
|
||||||
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
|
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
services.avahi.enable = true;
|
||||||
|
services.avahi.ipv6 = true;
|
||||||
services.avahi.nssmdns = true;
|
services.avahi.nssmdns = true;
|
||||||
services.avahi.publish.enable = true;
|
services.avahi.publish.enable = true;
|
||||||
services.avahi.publish.userServices = true;
|
services.avahi.publish.userServices = true;
|
||||||
|
@ -29,7 +31,7 @@
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
cups.local:80 {
|
cups.b12f.io:80 {
|
||||||
request_header Host localhost:631
|
request_header Host localhost:631
|
||||||
reverse_proxy unix//run/cups/cups.sock
|
reverse_proxy unix//run/cups/cups.sock
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ in {
|
||||||
user = {
|
user = {
|
||||||
name = "yule";
|
name = "yule";
|
||||||
description = "b12f";
|
description = "b12f";
|
||||||
password = "$6$pHMaL9DfxhvnLGy5$ka9bRU5p1lPTF0YHPZDM9Miq79iXuaXb6GLeALM1eX5djdsHYnpvVWjrmImWmcghGXsrDwpmXZPSJUU.gFpuA1";
|
password = "$y$j9T$x1nyqcXw/1iYKo3054cdB1$0TOuyE5t5ZV6z9Gzl9zIrmZGADBxupnwcUMTcMtMa73";
|
||||||
fullName = "Benjamin Bädorf";
|
fullName = "Benjamin Bädorf";
|
||||||
email = "hello@benjaminbaedorf.eu";
|
email = "hello@benjaminbaedorf.eu";
|
||||||
gpgKeyId = "4406E80E13CD656C";
|
gpgKeyId = "4406E80E13CD656C";
|
||||||
|
|
Loading…
Reference in a new issue