fix: fixes to networking and pie services

This commit is contained in:
Benjamin Bädorf 2023-10-09 10:43:53 +02:00
parent 747481c4ea
commit 6fabfdc431
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
13 changed files with 88 additions and 70 deletions

View file

@ -57,8 +57,8 @@
./pie ./pie
self.nixosModules.yule self.nixosModules.yule
self.nixosModules.printing self.nixosModules.printing
# self.nixosModules.paperless self.nixosModules.paperless
# self.nixosModules.docker self.nixosModules.docker
]; ];
}; };

View file

@ -23,7 +23,7 @@ in {
boot.kernelParams = [ boot.kernelParams = [
"boot.shell_on_fail=1" "boot.shell_on_fail=1"
"ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::auto6" "ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::off"
]; ];
boot.initrd.network.enable = true; boot.initrd.network.enable = true;
@ -36,27 +36,6 @@ in {
pub-solar.core.disk-encryption-active = false; pub-solar.core.disk-encryption-active = false;
networking.hostId = "34234773";
networking.hostName = "pie";
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 24;
}
];
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
{
address = "fe80::dea6:32ff:fe5c:3164";
prefixLength = 64;
}
];
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
users = ["${psCfg.user.name}"]; users = ["${psCfg.user.name}"];

View file

@ -1,12 +1,13 @@
{...}: { {...}: {
imports = [ imports = [
./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./configuration.nix
./networking.nix
./unbound.nix ./unbound.nix
./dhcpd.nix ./dhcpd.nix
./wake-droppie.nix ./wake-droppie.nix
./ddclient.nix ./ddclient.nix
# ./firefly.nix ./firefly.nix
]; ];
} }

View file

@ -80,10 +80,10 @@
subnet6 = [ subnet6 = [
{ {
subnet = "2a02:908:500:b::/64"; subnet = "2a02:908:5b1:e3c0::/64";
pools = [ pools = [
{ pool = "2a02:908:500:b::/64"; } { pool = "2a02:908:5b1:e3c0::/64"; }
]; ];
option-data = [ option-data = [
@ -92,7 +92,7 @@
code = 23; code = 23;
space = "dhcp6"; space = "dhcp6";
csv-format = true; csv-format = true;
data = "2a02:908:500:b:3077:4e39:7763:b5b7"; data = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
} }
]; ];
@ -101,14 +101,14 @@
hostname = "droppie.local"; hostname = "droppie.local";
hw-address = "08:f1:ea:97:0f:0c"; hw-address = "08:f1:ea:97:0f:0c";
ip-addresses = [ ip-addresses = [
"2a02:908:500:b:3077:4e39:7763:b5b8" "2a02:908:5b1:e3c0:3077:4e39:7763:b5b8"
]; ];
} }
{ {
hostname = "pie.local"; hostname = "pie.local";
hw-address = "dc:a6:32:5c:31:64"; hw-address = "dc:a6:32:5c:31:64";
ip-addresses = [ ip-addresses = [
"2a02:908:500:b:3077:4e39:7763:b5b7" "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7"
]; ];
} }
]; ];

View file

@ -23,10 +23,10 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
firefly.b12f.io { firefly.b12f.io:80 {
reverse_proxy localhost:8080 reverse_proxy localhost:8080
} }
firefly-importer.b12f.io { firefly-importer.b12f.io:80 {
reverse_proxy localhost:8081 reverse_proxy localhost:8081
} }
''; '';
@ -77,9 +77,6 @@
containers."firefly-importer" = { containers."firefly-importer" = {
image = "fireflyiii/data-importer:latest"; image = "fireflyiii/data-importer:latest";
autoStart = true; autoStart = true;
volumes = [
"/var/lib/firefly/db:/var/lib/postgresql/data"
];
extraOptions = [ "--network=firefly" ]; extraOptions = [ "--network=firefly" ];
ports = [ "8081:8080" ]; ports = [ "8081:8080" ];
environmentFiles = [ environmentFiles = [

39
hosts/pie/networking.nix Normal file
View file

@ -0,0 +1,39 @@
{
flake,
config,
pkgs,
lib,
...
}: {
networking.hostId = "34234773";
networking.hostName = "pie";
networking.defaultGateway = {
address = "192.168.178.1";
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 32;
}
];
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3077:4e39:7763:b5b7";
prefixLength = 128;
}
];
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
networking.firewall.allowedTCPPorts = [ 80 ];
# Caddy reverse proxy for local services like cups
services.caddy = {
globalConfig = ''
default_bind 192.168.178.2 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7
auto_https off
'';
};
}

View file

@ -9,8 +9,14 @@
include = [ include = [
"\"${pkgs.adlist.unbound-adblockStevenBlack}\"" "\"${pkgs.adlist.unbound-adblockStevenBlack}\""
]; ];
interface = [ "0.0.0.0" ]; interface = [
access-control = [ "192.168.178.0/24 allow" ]; "0.0.0.0"
"::0"
];
access-control = [
"192.168.178.0/24 allow"
"2a02:908:5b1:e3c0::/64 allow"
];
local-zone = [ local-zone = [
"\"b12f.io\" static" "\"b12f.io\" static"
"\"local\" static" "\"local\" static"
@ -18,20 +24,24 @@
]; ];
local-data = [ local-data = [
"\"droppie.local. 10800 IN A 192.168.178.3\"" "\"droppie.local. 10800 IN A 192.168.178.3\""
"\"droppie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\"" "\"droppie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
"\"droppie.b12f.io. 10800 IN A 192.168.178.3\"" "\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
"\"droppie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\"" "\"droppie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
"\"backup.b12f.io. 10800 IN A 192.168.178.3\"" "\"backup.b12f.io. 10800 IN A 192.168.178.3\""
"\"backup.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\"" "\"backup.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b8\""
"\"pie.local. 10800 IN A 192.168.178.2\"" "\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
"\"pie.b12f.io. 10800 IN A 192.168.178.2\"" "\"pie.b12f.io. 10800 IN A 192.168.178.2\""
"\"pie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" "\"pie.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
"\"firefly.b12f.io. 10800 IN A 192.168.178.2\"" "\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" "\"firefly.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
"\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly-importer.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
"\"paperless.b12f.io. 10800 IN A 192.168.178.2\"" "\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
"\"paperless.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" "\"paperless.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
"\"cups.b12f.io. 10800 IN A 192.168.178.2\""
"\"cups.b12f.io. 10800 IN AAAA 2a02:908:5b1:e3c0:3077:4e39:7763:b5b7\""
"\"fritz.box. 10800 IN A 192.168.178.1\"" "\"fritz.box. 10800 IN A 192.168.178.1\""
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\"" "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""

View file

@ -17,17 +17,6 @@
networking.firewall.enable = true; networking.firewall.enable = true;
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
# Caddy reverse proxy for local services like cups
services.caddy = {
# don't enable by default
globalConfig = ''
default_bind 127.0.0.1
auto_https off
'';
};
# For rage encryption, all hosts need a ssh key pair # For rage encryption, all hosts need a ssh key pair
services.openssh = { services.openssh = {
enable = true; enable = true;

View file

@ -21,5 +21,7 @@ in {
exfat exfat
gitMinimal gitMinimal
btop
]; ];
} }

View file

@ -23,7 +23,7 @@ in {
PAPERLESS_OCR_LANGUAGE = "nld+deu"; PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_ADMIN_USER = psCfg.user.name; PAPERLESS_ADMIN_USER = psCfg.user.name;
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name; PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
PAPERLESS_URL = "http://paperless.local"; PAPERLESS_URL = "http://paperless.b12f.io";
}; };
}; };
@ -44,11 +44,10 @@ in {
}; };
}; };
networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
services.caddy = { services.caddy = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
paperless.local:80 { paperless.b12f.io:80 {
request_header Host localhost:${builtins.toString config.services.paperless.port} request_header Host localhost:${builtins.toString config.services.paperless.port}
reverse_proxy localhost:${builtins.toString config.services.paperless.port} reverse_proxy localhost:${builtins.toString config.services.paperless.port}
} }

View file

@ -5,6 +5,8 @@
lib, lib,
... ...
}: { }: {
services.avahi.enable = true;
services.avahi.ipv6 = true;
services.avahi.nssmdns = true; services.avahi.nssmdns = true;
services.avahi.publish.enable = true; services.avahi.publish.enable = true;
services.avahi.publish.userServices = true; services.avahi.publish.userServices = true;
@ -29,7 +31,7 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
cups.local:80 { cups.b12f.io:80 {
request_header Host localhost:631 request_header Host localhost:631
reverse_proxy unix//run/cups/cups.sock reverse_proxy unix//run/cups/cups.sock
} }

View file

@ -14,7 +14,7 @@ in {
user = { user = {
name = "yule"; name = "yule";
description = "b12f"; description = "b12f";
password = "$6$pHMaL9DfxhvnLGy5$ka9bRU5p1lPTF0YHPZDM9Miq79iXuaXb6GLeALM1eX5djdsHYnpvVWjrmImWmcghGXsrDwpmXZPSJUU.gFpuA1"; password = "$y$j9T$x1nyqcXw/1iYKo3054cdB1$0TOuyE5t5ZV6z9Gzl9zIrmZGADBxupnwcUMTcMtMa73";
fullName = "Benjamin Bädorf"; fullName = "Benjamin Bädorf";
email = "hello@benjaminbaedorf.eu"; email = "hello@benjaminbaedorf.eu";
gpgKeyId = "4406E80E13CD656C"; gpgKeyId = "4406E80E13CD656C";