fix: fix networking issues on pie
This commit is contained in:
parent
34d60a9c7b
commit
dd42eeca69
|
@ -32,6 +32,7 @@ in {
|
||||||
port = 2222;
|
port = 2222;
|
||||||
authorizedKeys = psCfg.user.publicKeys;
|
authorizedKeys = psCfg.user.publicKeys;
|
||||||
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||||
|
shell = "/bin/cryptsetup-askpass";
|
||||||
};
|
};
|
||||||
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
|
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
|
||||||
boot.initrd.availableKernelModules = [ "genet" ];
|
boot.initrd.availableKernelModules = [ "genet" ];
|
||||||
|
|
|
@ -9,6 +9,9 @@ with lib; let
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
|
||||||
|
getIP4 = with pkgs; writeShellScriptBin "getIP" ''
|
||||||
|
${curl}/bin/curl -4 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
|
||||||
|
'';
|
||||||
getIP6 = with pkgs; writeShellScriptBin "getIP" ''
|
getIP6 = with pkgs; writeShellScriptBin "getIP" ''
|
||||||
${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
|
${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
|
||||||
'';
|
'';
|
||||||
|
@ -26,6 +29,7 @@ in {
|
||||||
];
|
];
|
||||||
server = "ddns.hosting.de";
|
server = "ddns.hosting.de";
|
||||||
username = "b12f";
|
username = "b12f";
|
||||||
|
usev4 = "cmdv4, cmdv4=${getIP4}/bin/getIP";
|
||||||
usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP";
|
usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP";
|
||||||
verbose = true;
|
verbose = true;
|
||||||
passwordFile = "/run/agenix/dyndns.key";
|
passwordFile = "/run/agenix/dyndns.key";
|
||||||
|
|
|
@ -74,7 +74,6 @@ in {
|
||||||
];
|
];
|
||||||
extraOptions = [ "--network=firefly" ];
|
extraOptions = [ "--network=firefly" ];
|
||||||
environmentFiles = [
|
environmentFiles = [
|
||||||
./.env.firefly-importer
|
|
||||||
config.age.secrets."firefly-db-secrets.env".path
|
config.age.secrets."firefly-db-secrets.env".path
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -85,9 +84,10 @@ in {
|
||||||
extraOptions = [ "--network=firefly" ];
|
extraOptions = [ "--network=firefly" ];
|
||||||
ports = [ "8081:8080" ];
|
ports = [ "8081:8080" ];
|
||||||
environment = {
|
environment = {
|
||||||
FIREFLY_III_URL = "http://firefly.b12f.io/";
|
FIREFLY_III_URL = "http://firefly.b12f.io/";
|
||||||
};
|
};
|
||||||
environmentFiles = [
|
environmentFiles = [
|
||||||
|
./.env.firefly-importer
|
||||||
config.age.secrets."firefly-importer-secrets.env".path
|
config.age.secrets."firefly-importer-secrets.env".path
|
||||||
];
|
];
|
||||||
dependsOn = [ "firefly" ];
|
dependsOn = [ "firefly" ];
|
||||||
|
|
|
@ -12,6 +12,7 @@ in {
|
||||||
age.secrets."invoiceplane-db-password.age" = {
|
age.secrets."invoiceplane-db-password.age" = {
|
||||||
file = "${flake.self}/secrets/invoiceplane-db-password.age";
|
file = "${flake.self}/secrets/invoiceplane-db-password.age";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
|
owner = "invoiceplane";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets."invoiceplane-db-secrets.env" = {
|
age.secrets."invoiceplane-db-secrets.env" = {
|
||||||
|
@ -27,7 +28,7 @@ in {
|
||||||
name = "invoiceplane";
|
name = "invoiceplane";
|
||||||
passwordFile = config.age.secrets."invoiceplane-db-password.age".path;
|
passwordFile = config.age.secrets."invoiceplane-db-password.age".path;
|
||||||
host = "localhost";
|
host = "localhost";
|
||||||
port = 5432;
|
port = 3306;
|
||||||
createLocally = false;
|
createLocally = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -36,11 +37,11 @@ in {
|
||||||
oci-containers = {
|
oci-containers = {
|
||||||
backend = "docker";
|
backend = "docker";
|
||||||
containers."invoiceplane-db" = {
|
containers."invoiceplane-db" = {
|
||||||
image = "postgres:16";
|
image = "mariadb:11";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
ports = [ "5432:5432" ];
|
ports = [ "3306:3306" ];
|
||||||
volumes = [
|
volumes = [
|
||||||
"/var/lib/invoiceplane/db:/var/lib/postgresql/data"
|
"/var/lib/invoiceplane/db:/var/lib/mysql"
|
||||||
];
|
];
|
||||||
environmentFiles = [
|
environmentFiles = [
|
||||||
config.age.secrets."invoiceplane-db-secrets.env".path
|
config.age.secrets."invoiceplane-db-secrets.env".path
|
||||||
|
@ -64,7 +65,8 @@ in {
|
||||||
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
|
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
|
||||||
repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
|
repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
|
||||||
backupPrepareCommand = ''
|
backupPrepareCommand = ''
|
||||||
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db pg_dumpall -c -U invoiceplane > "${backupDir}/postgres.sql"
|
PW=$(cat ${config.age.secrets."invoiceplane-db-password.age".path})
|
||||||
|
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
|
||||||
'';
|
'';
|
||||||
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
|
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
|
||||||
};
|
};
|
||||||
|
|
|
@ -12,19 +12,10 @@
|
||||||
interface = "enabcm6e4ei0";
|
interface = "enabcm6e4ei0";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
networking.interfaces.enabcm6e4ei0 = {
|
||||||
{
|
ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ];
|
||||||
address = "192.168.178.2";
|
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ];
|
||||||
prefixLength = 32;
|
};
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
|
|
||||||
{
|
|
||||||
address = "2a02:908:5b1:e3c0:3077:2::";
|
|
||||||
prefixLength = 128;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
|
|
@ -1,21 +1,20 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 8bHz7g SyDLj5IaAnxA41QMsYkxKwtXHopZCo16PDDn0dNobFA
|
-> ssh-ed25519 8bHz7g k5u5XLcX7KSVfjpMkE8g0pt6uYNXCg19Qh49Q/uG32c
|
||||||
xJ9jKhQK/+wKpm1vW264bz9YIy/Onf+r8yzC7jqRRF4
|
WIaJx2KiVV1XSYu8q+S/2NRZNQuyW17uqKDe23+XnUI
|
||||||
-> ssh-rsa kFDS0A
|
-> ssh-rsa kFDS0A
|
||||||
f2tjGApTzNg5LHwsZidoEmjlwetKetYHg8U2REpYp3P/GN8q6SrH6bpJt11lWE1V
|
giATfPMp/95y2ItODNShZ0kfqVFHWI4Wb7x0ImgrtYJhHR/5preaIVHj1w/Eov66
|
||||||
nLLm2UIAALBLuQEP12QvFS2lDgAOkHw7BvERE9nbDxMAtFp0HPOrfpMxnG/j4WE/
|
LIkGFbxfQViqiVowTwuzI/r9aBkVuWgnm/4wYmnE4p12qZ3iA/cSzcM5DXK2i0Dv
|
||||||
GFKjYRvW5rBdvTyx6kGM12NlZW68ewtI+ph4Vv0sjlHFszDGRtosBkiSfMzLrZJ7
|
bdeiiQkdYbWRzgG9hYgNVDLrQTxvtzCaV3cl6o/ghUYHU3KYg0d1Cx766daUV05+
|
||||||
sCKcb0bwihUbw956is+kKhnXbboyy36MgjnlFqOguklYk4CjvXCHlarIqr1sEBns
|
iUWD86mnJtmR+qMlyprO+51I+3VCV7H7v1aiaDgGl5Gzp6uRpiy7qk2enlJCj5ff
|
||||||
MDxo4aXmDE/Kb9JXUAZk56ZF1pmw9CjtS2mSFLq2tBQsnACMDpNFthDN/gwl/ZDS
|
W/ZNgq2SE+tIknjAR0n1RSGpuJEFHeo8N/Q3GFd7uuu/+U0KSjf54ObUuJG9v/1L
|
||||||
kGr405Mc7Br94CSJ9TDFkuEr/g5/diZ47zJ6n73fgcR+77JB82ocqEjx7I4HOoCa
|
ma1vpt6ykskoRsKAEwUMjEyCN9dnoR2zY+Vt42RXR1XO+jzsdmzrXgd8oQsI0x/G
|
||||||
jNOdIsKuAeqIj3hzTOaUzEfirbcj/aMfJAsODD+LAbO+udjkAgqr4SomjF9y4gGl
|
+uAOjiHQD9xlS6InVsCuCoPFAzkm4ZAWbx1ozKe051txyDz3FkqJ9kmuXB7wDAm+
|
||||||
4ACP0gFXJH5p3npOHRbpeo5Nog/zuhq615KvVlUlxJXJAQ2knlGsmTANp+BTA9GP
|
4Z4PFpyoCrxHtiTW+dG7gO/AKIt7Wd3paabb8nY6/9vuCYf/Rt9ec/MH69sok+CY
|
||||||
X9Et4fVYyha99OVaOetdmwPQhNm6oWnE1f3ED/QkhL07RSqEnPMuS5puvEqZCtCM
|
UcJE7U/TLxwZS3JMNvwwsJfu3TGHCQMi0VJXku/bcy+93ohdtV+Vxec0fWWVGVVh
|
||||||
QoOu6sLntglEC2anyUg3eTJRKLTSPDL5hBPrjc/Vdh0vOUlxBsyjrcirOmuZjz7u
|
0Cod0FkiziORUko6CsTHvWRmI6D0wSui3pH+Vlpbl8m5R4VEMlkkbCx76x/MOHJH
|
||||||
U37u9d8Wor525KVhA0iPkoSbUQAdeWani15FpubAqug
|
BF2gTPmiHGrMjB0/F8yJCox6YL5B9E2Mtg+ihZBLWN4
|
||||||
-> 'elxj-grease KCo\\D8X C1H.0GuO c
|
-> :MAXu.jB-grease 4}9cAL 9w(1_Q%
|
||||||
UIh2br84y8h251JEQT/5wo1I4jzfLLZ3Jk/ZI0oq+yGnklm04GpV
|
BvuZHewVhcZPk7nX8Q
|
||||||
--- 3UVm82Ege5uZklcawiAStvmg44HE7Pc4lxQG+eIr2lY
|
--- dkGEmljTt3/Vvzv90ZOjYtqDoe+vXZY+6/u1JwAvpGI
|
||||||
¾R•@[cw:lZŠï?Ïaß6‘eÞÐõ¸>4=
|
Ň@—ęAů’·Ś«Rĺř*ç•˝rëh•›Ł6˝Ď0´‚ós/ĹĺF›vŮLëV1ř0ŰsÓňŃ}â’KŰ5.§«4‚6_ÁţgĹřĎ·“>łBd
ác€ŻPÉç`Źl“,ÝéŤŇľ
†&dŰŁ.(Ô1®/HµX4¶%5uŮaŽ
|
||||||
[
|
ÓM<EFBFBD>'—‹îxýłm
1M˝ćF¤l;ĺ<EFBFBD>B`\ŚÜΰxÜRĆŻâIůł
*B˙É<A)©Ć‡K~ß®BąQç
|
||||||
€Âö–NŽ=ç[t žÁÅ_÷wuh8yÙ(ãÜš’ü?5ød‰/‘WicÿlÅ<6C>˜<EFBFBD>ùt›«Õ'˼C5ïÑ"‘ÙŠ¯A$>Gn/÷Ú,&„U”°‰ÌŒ+2°o5×0×pßïè¿3
|
|
Loading…
Reference in a new issue