fix: fix networking issues on pie

This commit is contained in:
Benjamin Bädorf 2023-10-24 15:54:18 +02:00
parent 34d60a9c7b
commit dd42eeca69
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
6 changed files with 36 additions and 39 deletions

View file

@ -32,6 +32,7 @@ in {
port = 2222; port = 2222;
authorizedKeys = psCfg.user.publicKeys; authorizedKeys = psCfg.user.publicKeys;
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"]; hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
shell = "/bin/cryptsetup-askpass";
}; };
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3 # See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = [ "genet" ]; boot.initrd.availableKernelModules = [ "genet" ];

View file

@ -9,6 +9,9 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
getIP4 = with pkgs; writeShellScriptBin "getIP" ''
${curl}/bin/curl -4 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
'';
getIP6 = with pkgs; writeShellScriptBin "getIP" '' getIP6 = with pkgs; writeShellScriptBin "getIP" ''
${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r ${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
''; '';
@ -26,6 +29,7 @@ in {
]; ];
server = "ddns.hosting.de"; server = "ddns.hosting.de";
username = "b12f"; username = "b12f";
usev4 = "cmdv4, cmdv4=${getIP4}/bin/getIP";
usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP"; usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP";
verbose = true; verbose = true;
passwordFile = "/run/agenix/dyndns.key"; passwordFile = "/run/agenix/dyndns.key";

View file

@ -74,7 +74,6 @@ in {
]; ];
extraOptions = [ "--network=firefly" ]; extraOptions = [ "--network=firefly" ];
environmentFiles = [ environmentFiles = [
./.env.firefly-importer
config.age.secrets."firefly-db-secrets.env".path config.age.secrets."firefly-db-secrets.env".path
]; ];
}; };
@ -85,9 +84,10 @@ in {
extraOptions = [ "--network=firefly" ]; extraOptions = [ "--network=firefly" ];
ports = [ "8081:8080" ]; ports = [ "8081:8080" ];
environment = { environment = {
FIREFLY_III_URL = "http://firefly.b12f.io/"; FIREFLY_III_URL = "http://firefly.b12f.io/";
}; };
environmentFiles = [ environmentFiles = [
./.env.firefly-importer
config.age.secrets."firefly-importer-secrets.env".path config.age.secrets."firefly-importer-secrets.env".path
]; ];
dependsOn = [ "firefly" ]; dependsOn = [ "firefly" ];

View file

@ -12,6 +12,7 @@ in {
age.secrets."invoiceplane-db-password.age" = { age.secrets."invoiceplane-db-password.age" = {
file = "${flake.self}/secrets/invoiceplane-db-password.age"; file = "${flake.self}/secrets/invoiceplane-db-password.age";
mode = "600"; mode = "600";
owner = "invoiceplane";
}; };
age.secrets."invoiceplane-db-secrets.env" = { age.secrets."invoiceplane-db-secrets.env" = {
@ -27,7 +28,7 @@ in {
name = "invoiceplane"; name = "invoiceplane";
passwordFile = config.age.secrets."invoiceplane-db-password.age".path; passwordFile = config.age.secrets."invoiceplane-db-password.age".path;
host = "localhost"; host = "localhost";
port = 5432; port = 3306;
createLocally = false; createLocally = false;
}; };
}; };
@ -36,11 +37,11 @@ in {
oci-containers = { oci-containers = {
backend = "docker"; backend = "docker";
containers."invoiceplane-db" = { containers."invoiceplane-db" = {
image = "postgres:16"; image = "mariadb:11";
autoStart = true; autoStart = true;
ports = [ "5432:5432" ]; ports = [ "3306:3306" ];
volumes = [ volumes = [
"/var/lib/invoiceplane/db:/var/lib/postgresql/data" "/var/lib/invoiceplane/db:/var/lib/mysql"
]; ];
environmentFiles = [ environmentFiles = [
config.age.secrets."invoiceplane-db-secrets.env".path config.age.secrets."invoiceplane-db-secrets.env".path
@ -64,7 +65,8 @@ in {
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/InvoicePlane"; repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
backupPrepareCommand = '' backupPrepareCommand = ''
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db pg_dumpall -c -U invoiceplane > "${backupDir}/postgres.sql" PW=$(cat ${config.age.secrets."invoiceplane-db-password.age".path})
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
''; '';
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path; rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
}; };

View file

@ -12,19 +12,10 @@
interface = "enabcm6e4ei0"; interface = "enabcm6e4ei0";
}; };
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [ networking.interfaces.enabcm6e4ei0 = {
{ ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ];
address = "192.168.178.2"; ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ];
prefixLength = 32; };
}
];
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3077:2::";
prefixLength = 128;
}
];
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"]; networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];

View file

@ -1,21 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 8bHz7g SyDLj5IaAnxA41QMsYkxKwtXHopZCo16PDDn0dNobFA -> ssh-ed25519 8bHz7g k5u5XLcX7KSVfjpMkE8g0pt6uYNXCg19Qh49Q/uG32c
xJ9jKhQK/+wKpm1vW264bz9YIy/Onf+r8yzC7jqRRF4 WIaJx2KiVV1XSYu8q+S/2NRZNQuyW17uqKDe23+XnUI
-> ssh-rsa kFDS0A -> ssh-rsa kFDS0A
f2tjGApTzNg5LHwsZidoEmjlwetKetYHg8U2REpYp3P/GN8q6SrH6bpJt11lWE1V giATfPMp/95y2ItODNShZ0kfqVFHWI4Wb7x0ImgrtYJhHR/5preaIVHj1w/Eov66
nLLm2UIAALBLuQEP12QvFS2lDgAOkHw7BvERE9nbDxMAtFp0HPOrfpMxnG/j4WE/ LIkGFbxfQViqiVowTwuzI/r9aBkVuWgnm/4wYmnE4p12qZ3iA/cSzcM5DXK2i0Dv
GFKjYRvW5rBdvTyx6kGM12NlZW68ewtI+ph4Vv0sjlHFszDGRtosBkiSfMzLrZJ7 bdeiiQkdYbWRzgG9hYgNVDLrQTxvtzCaV3cl6o/ghUYHU3KYg0d1Cx766daUV05+
sCKcb0bwihUbw956is+kKhnXbboyy36MgjnlFqOguklYk4CjvXCHlarIqr1sEBns iUWD86mnJtmR+qMlyprO+51I+3VCV7H7v1aiaDgGl5Gzp6uRpiy7qk2enlJCj5ff
MDxo4aXmDE/Kb9JXUAZk56ZF1pmw9CjtS2mSFLq2tBQsnACMDpNFthDN/gwl/ZDS W/ZNgq2SE+tIknjAR0n1RSGpuJEFHeo8N/Q3GFd7uuu/+U0KSjf54ObUuJG9v/1L
kGr405Mc7Br94CSJ9TDFkuEr/g5/diZ47zJ6n73fgcR+77JB82ocqEjx7I4HOoCa ma1vpt6ykskoRsKAEwUMjEyCN9dnoR2zY+Vt42RXR1XO+jzsdmzrXgd8oQsI0x/G
jNOdIsKuAeqIj3hzTOaUzEfirbcj/aMfJAsODD+LAbO+udjkAgqr4SomjF9y4gGl +uAOjiHQD9xlS6InVsCuCoPFAzkm4ZAWbx1ozKe051txyDz3FkqJ9kmuXB7wDAm+
4ACP0gFXJH5p3npOHRbpeo5Nog/zuhq615KvVlUlxJXJAQ2knlGsmTANp+BTA9GP 4Z4PFpyoCrxHtiTW+dG7gO/AKIt7Wd3paabb8nY6/9vuCYf/Rt9ec/MH69sok+CY
X9Et4fVYyha99OVaOetdmwPQhNm6oWnE1f3ED/QkhL07RSqEnPMuS5puvEqZCtCM UcJE7U/TLxwZS3JMNvwwsJfu3TGHCQMi0VJXku/bcy+93ohdtV+Vxec0fWWVGVVh
QoOu6sLntglEC2anyUg3eTJRKLTSPDL5hBPrjc/Vdh0vOUlxBsyjrcirOmuZjz7u 0Cod0FkiziORUko6CsTHvWRmI6D0wSui3pH+Vlpbl8m5R4VEMlkkbCx76x/MOHJH
U37u9d8Wor525KVhA0iPkoSbUQAdeWani15FpubAqug BF2gTPmiHGrMjB0/F8yJCox6YL5B9E2Mtg+ihZBLWN4
-> 'elxj-grease KCo\\D8X C1H.0GuO c -> :MAXu.jB-grease 4}9cAL 9w(1_Q%
UIh2br84y8h251JEQT/5wo1I4jzfLLZ3Jk/ZI0oq+yGnklm04GpV BvuZHewVhcZPk7nX8Q
--- 3UVm82Ege5uZklcawiAStvmg44HE7Pc4lxQG+eIr2lY --- dkGEmljTt3/Vvzv90ZOjYtqDoe+vXZY+6/u1JwAvpGI
¾R•@[cw:lZŠï?Ïa ­ß6eÞÐõ¸>4= Ň@—ęAů·Ś« Rĺř*ç•˝rëh•Ł6˝Ď0´ós/ĹĺFÂvŮLëV1ř0Űs ÓňŃ}âKŰ5.§«46_ÁţgĹřĎ·“>łBd ác€ŻPÉç`Źl“,ÝéŤŇľ †&dŰŁ.(Ô1®/HµX4¶%5uŮ
[ ÓM<EFBFBD>'îxýłm 1M˝ćF¤l;ĺ<EFBFBD>B`ÜΰxÜRĆŻâIůł *B˙É<A)©Ć‡K~ß®BąQç
€ÂöNŽ=ç[t žÁÅ_÷wuh8yÙ(ãÜš’ü?5ød‰/WicÿlÅ<6C>˜<EFBFBD>ùt«Õ'˼C5ïÑ"ÙŠ¯A $>Gn/÷Ú,&„U”°‰ÌŒ+2°o5×0×ïè¿3