fix: fix networking issues on pie

This commit is contained in:
Benjamin Bädorf 2023-10-24 15:54:18 +02:00
parent 34d60a9c7b
commit dd42eeca69
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
6 changed files with 36 additions and 39 deletions

View file

@ -32,6 +32,7 @@ in {
port = 2222;
authorizedKeys = psCfg.user.publicKeys;
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
shell = "/bin/cryptsetup-askpass";
};
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = [ "genet" ];

View file

@ -9,6 +9,9 @@ with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
getIP4 = with pkgs; writeShellScriptBin "getIP" ''
${curl}/bin/curl -4 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
'';
getIP6 = with pkgs; writeShellScriptBin "getIP" ''
${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
'';
@ -26,6 +29,7 @@ in {
];
server = "ddns.hosting.de";
username = "b12f";
usev4 = "cmdv4, cmdv4=${getIP4}/bin/getIP";
usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP";
verbose = true;
passwordFile = "/run/agenix/dyndns.key";

View file

@ -74,7 +74,6 @@ in {
];
extraOptions = [ "--network=firefly" ];
environmentFiles = [
./.env.firefly-importer
config.age.secrets."firefly-db-secrets.env".path
];
};
@ -85,9 +84,10 @@ in {
extraOptions = [ "--network=firefly" ];
ports = [ "8081:8080" ];
environment = {
FIREFLY_III_URL = "http://firefly.b12f.io/";
FIREFLY_III_URL = "http://firefly.b12f.io/";
};
environmentFiles = [
./.env.firefly-importer
config.age.secrets."firefly-importer-secrets.env".path
];
dependsOn = [ "firefly" ];

View file

@ -12,6 +12,7 @@ in {
age.secrets."invoiceplane-db-password.age" = {
file = "${flake.self}/secrets/invoiceplane-db-password.age";
mode = "600";
owner = "invoiceplane";
};
age.secrets."invoiceplane-db-secrets.env" = {
@ -27,7 +28,7 @@ in {
name = "invoiceplane";
passwordFile = config.age.secrets."invoiceplane-db-password.age".path;
host = "localhost";
port = 5432;
port = 3306;
createLocally = false;
};
};
@ -36,11 +37,11 @@ in {
oci-containers = {
backend = "docker";
containers."invoiceplane-db" = {
image = "postgres:16";
image = "mariadb:11";
autoStart = true;
ports = [ "5432:5432" ];
ports = [ "3306:3306" ];
volumes = [
"/var/lib/invoiceplane/db:/var/lib/postgresql/data"
"/var/lib/invoiceplane/db:/var/lib/mysql"
];
environmentFiles = [
config.age.secrets."invoiceplane-db-secrets.env".path
@ -64,7 +65,8 @@ in {
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
backupPrepareCommand = ''
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db pg_dumpall -c -U invoiceplane > "${backupDir}/postgres.sql"
PW=$(cat ${config.age.secrets."invoiceplane-db-password.age".path})
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
'';
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
};

View file

@ -12,19 +12,10 @@
interface = "enabcm6e4ei0";
};
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 32;
}
];
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3077:2::";
prefixLength = 128;
}
];
networking.interfaces.enabcm6e4ei0 = {
ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ];
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ];
};
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
networking.firewall.allowedTCPPorts = [ 80 ];

View file

@ -1,21 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 8bHz7g SyDLj5IaAnxA41QMsYkxKwtXHopZCo16PDDn0dNobFA
xJ9jKhQK/+wKpm1vW264bz9YIy/Onf+r8yzC7jqRRF4
-> ssh-ed25519 8bHz7g k5u5XLcX7KSVfjpMkE8g0pt6uYNXCg19Qh49Q/uG32c
WIaJx2KiVV1XSYu8q+S/2NRZNQuyW17uqKDe23+XnUI
-> ssh-rsa kFDS0A
f2tjGApTzNg5LHwsZidoEmjlwetKetYHg8U2REpYp3P/GN8q6SrH6bpJt11lWE1V
nLLm2UIAALBLuQEP12QvFS2lDgAOkHw7BvERE9nbDxMAtFp0HPOrfpMxnG/j4WE/
GFKjYRvW5rBdvTyx6kGM12NlZW68ewtI+ph4Vv0sjlHFszDGRtosBkiSfMzLrZJ7
sCKcb0bwihUbw956is+kKhnXbboyy36MgjnlFqOguklYk4CjvXCHlarIqr1sEBns
MDxo4aXmDE/Kb9JXUAZk56ZF1pmw9CjtS2mSFLq2tBQsnACMDpNFthDN/gwl/ZDS
kGr405Mc7Br94CSJ9TDFkuEr/g5/diZ47zJ6n73fgcR+77JB82ocqEjx7I4HOoCa
jNOdIsKuAeqIj3hzTOaUzEfirbcj/aMfJAsODD+LAbO+udjkAgqr4SomjF9y4gGl
4ACP0gFXJH5p3npOHRbpeo5Nog/zuhq615KvVlUlxJXJAQ2knlGsmTANp+BTA9GP
X9Et4fVYyha99OVaOetdmwPQhNm6oWnE1f3ED/QkhL07RSqEnPMuS5puvEqZCtCM
QoOu6sLntglEC2anyUg3eTJRKLTSPDL5hBPrjc/Vdh0vOUlxBsyjrcirOmuZjz7u
U37u9d8Wor525KVhA0iPkoSbUQAdeWani15FpubAqug
-> 'elxj-grease KCo\\D8X C1H.0GuO c
UIh2br84y8h251JEQT/5wo1I4jzfLLZ3Jk/ZI0oq+yGnklm04GpV
--- 3UVm82Ege5uZklcawiAStvmg44HE7Pc4lxQG+eIr2lY
¾R•@[cw:lZŠï?Ïa ­ß6eÞÐõ¸>4=
[
€ÂöNŽ=ç[t žÁÅ_÷wuh8yÙ(ãÜš’ü?5ød‰/WicÿlÅ<6C>˜<EFBFBD>ùt«Õ'˼C5ïÑ"ÙŠ¯A $>Gn/÷Ú,&„U”°‰ÌŒ+2°o5×0×ïè¿3
giATfPMp/95y2ItODNShZ0kfqVFHWI4Wb7x0ImgrtYJhHR/5preaIVHj1w/Eov66
LIkGFbxfQViqiVowTwuzI/r9aBkVuWgnm/4wYmnE4p12qZ3iA/cSzcM5DXK2i0Dv
bdeiiQkdYbWRzgG9hYgNVDLrQTxvtzCaV3cl6o/ghUYHU3KYg0d1Cx766daUV05+
iUWD86mnJtmR+qMlyprO+51I+3VCV7H7v1aiaDgGl5Gzp6uRpiy7qk2enlJCj5ff
W/ZNgq2SE+tIknjAR0n1RSGpuJEFHeo8N/Q3GFd7uuu/+U0KSjf54ObUuJG9v/1L
ma1vpt6ykskoRsKAEwUMjEyCN9dnoR2zY+Vt42RXR1XO+jzsdmzrXgd8oQsI0x/G
+uAOjiHQD9xlS6InVsCuCoPFAzkm4ZAWbx1ozKe051txyDz3FkqJ9kmuXB7wDAm+
4Z4PFpyoCrxHtiTW+dG7gO/AKIt7Wd3paabb8nY6/9vuCYf/Rt9ec/MH69sok+CY
UcJE7U/TLxwZS3JMNvwwsJfu3TGHCQMi0VJXku/bcy+93ohdtV+Vxec0fWWVGVVh
0Cod0FkiziORUko6CsTHvWRmI6D0wSui3pH+Vlpbl8m5R4VEMlkkbCx76x/MOHJH
BF2gTPmiHGrMjB0/F8yJCox6YL5B9E2Mtg+ihZBLWN4
-> :MAXu.jB-grease 4}9cAL 9w(1_Q%
BvuZHewVhcZPk7nX8Q
--- dkGEmljTt3/Vvzv90ZOjYtqDoe+vXZY+6/u1JwAvpGI
Ň@—ęAů·Ś« Rĺř*ç•˝rëh•Ł6˝Ď0´ós/ĹĺFÂvŮLëV1ř0Űs ÓňŃ}âKŰ5.§«46_ÁţgĹřĎ·“>łBd ác€ŻPÉç`Źl“,ÝéŤŇľ †&dŰŁ.(Ô1®/HµX4¶%5uŮ
ÓM<EFBFBD>'îxýłm 1M˝ćF¤l;ĺ<EFBFBD>B`ÜΰxÜRĆŻâIůł *B˙É<A)©Ć‡K~ß®BąQç