fix: fix networking issues on pie
This commit is contained in:
parent
34d60a9c7b
commit
dd42eeca69
|
@ -32,6 +32,7 @@ in {
|
|||
port = 2222;
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
};
|
||||
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
|
||||
boot.initrd.availableKernelModules = [ "genet" ];
|
||||
|
|
|
@ -9,6 +9,9 @@ with lib; let
|
|||
psCfg = config.pub-solar;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
|
||||
getIP4 = with pkgs; writeShellScriptBin "getIP" ''
|
||||
${curl}/bin/curl -4 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
|
||||
'';
|
||||
getIP6 = with pkgs; writeShellScriptBin "getIP" ''
|
||||
${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r
|
||||
'';
|
||||
|
@ -26,6 +29,7 @@ in {
|
|||
];
|
||||
server = "ddns.hosting.de";
|
||||
username = "b12f";
|
||||
usev4 = "cmdv4, cmdv4=${getIP4}/bin/getIP";
|
||||
usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP";
|
||||
verbose = true;
|
||||
passwordFile = "/run/agenix/dyndns.key";
|
||||
|
|
|
@ -74,7 +74,6 @@ in {
|
|||
];
|
||||
extraOptions = [ "--network=firefly" ];
|
||||
environmentFiles = [
|
||||
./.env.firefly-importer
|
||||
config.age.secrets."firefly-db-secrets.env".path
|
||||
];
|
||||
};
|
||||
|
@ -88,6 +87,7 @@ in {
|
|||
FIREFLY_III_URL = "http://firefly.b12f.io/";
|
||||
};
|
||||
environmentFiles = [
|
||||
./.env.firefly-importer
|
||||
config.age.secrets."firefly-importer-secrets.env".path
|
||||
];
|
||||
dependsOn = [ "firefly" ];
|
||||
|
|
|
@ -12,6 +12,7 @@ in {
|
|||
age.secrets."invoiceplane-db-password.age" = {
|
||||
file = "${flake.self}/secrets/invoiceplane-db-password.age";
|
||||
mode = "600";
|
||||
owner = "invoiceplane";
|
||||
};
|
||||
|
||||
age.secrets."invoiceplane-db-secrets.env" = {
|
||||
|
@ -27,7 +28,7 @@ in {
|
|||
name = "invoiceplane";
|
||||
passwordFile = config.age.secrets."invoiceplane-db-password.age".path;
|
||||
host = "localhost";
|
||||
port = 5432;
|
||||
port = 3306;
|
||||
createLocally = false;
|
||||
};
|
||||
};
|
||||
|
@ -36,11 +37,11 @@ in {
|
|||
oci-containers = {
|
||||
backend = "docker";
|
||||
containers."invoiceplane-db" = {
|
||||
image = "postgres:16";
|
||||
image = "mariadb:11";
|
||||
autoStart = true;
|
||||
ports = [ "5432:5432" ];
|
||||
ports = [ "3306:3306" ];
|
||||
volumes = [
|
||||
"/var/lib/invoiceplane/db:/var/lib/postgresql/data"
|
||||
"/var/lib/invoiceplane/db:/var/lib/mysql"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets."invoiceplane-db-secrets.env".path
|
||||
|
@ -64,7 +65,8 @@ in {
|
|||
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
|
||||
repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db pg_dumpall -c -U invoiceplane > "${backupDir}/postgres.sql"
|
||||
PW=$(cat ${config.age.secrets."invoiceplane-db-password.age".path})
|
||||
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
|
||||
'';
|
||||
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
|
||||
};
|
||||
|
|
|
@ -12,19 +12,10 @@
|
|||
interface = "enabcm6e4ei0";
|
||||
};
|
||||
|
||||
networking.interfaces.enabcm6e4ei0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.178.2";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
|
||||
networking.interfaces.enabcm6e4ei0.ipv6.addresses = [
|
||||
{
|
||||
address = "2a02:908:5b1:e3c0:3077:2::";
|
||||
prefixLength = 128;
|
||||
}
|
||||
];
|
||||
networking.interfaces.enabcm6e4ei0 = {
|
||||
ipv4.addresses = [ { address = "192.168.178.2"; prefixLength = 32; } ];
|
||||
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3077:2::"; prefixLength = 128; } ];
|
||||
};
|
||||
|
||||
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
|
|
|
@ -1,21 +1,20 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 8bHz7g SyDLj5IaAnxA41QMsYkxKwtXHopZCo16PDDn0dNobFA
|
||||
xJ9jKhQK/+wKpm1vW264bz9YIy/Onf+r8yzC7jqRRF4
|
||||
-> ssh-ed25519 8bHz7g k5u5XLcX7KSVfjpMkE8g0pt6uYNXCg19Qh49Q/uG32c
|
||||
WIaJx2KiVV1XSYu8q+S/2NRZNQuyW17uqKDe23+XnUI
|
||||
-> ssh-rsa kFDS0A
|
||||
f2tjGApTzNg5LHwsZidoEmjlwetKetYHg8U2REpYp3P/GN8q6SrH6bpJt11lWE1V
|
||||
nLLm2UIAALBLuQEP12QvFS2lDgAOkHw7BvERE9nbDxMAtFp0HPOrfpMxnG/j4WE/
|
||||
GFKjYRvW5rBdvTyx6kGM12NlZW68ewtI+ph4Vv0sjlHFszDGRtosBkiSfMzLrZJ7
|
||||
sCKcb0bwihUbw956is+kKhnXbboyy36MgjnlFqOguklYk4CjvXCHlarIqr1sEBns
|
||||
MDxo4aXmDE/Kb9JXUAZk56ZF1pmw9CjtS2mSFLq2tBQsnACMDpNFthDN/gwl/ZDS
|
||||
kGr405Mc7Br94CSJ9TDFkuEr/g5/diZ47zJ6n73fgcR+77JB82ocqEjx7I4HOoCa
|
||||
jNOdIsKuAeqIj3hzTOaUzEfirbcj/aMfJAsODD+LAbO+udjkAgqr4SomjF9y4gGl
|
||||
4ACP0gFXJH5p3npOHRbpeo5Nog/zuhq615KvVlUlxJXJAQ2knlGsmTANp+BTA9GP
|
||||
X9Et4fVYyha99OVaOetdmwPQhNm6oWnE1f3ED/QkhL07RSqEnPMuS5puvEqZCtCM
|
||||
QoOu6sLntglEC2anyUg3eTJRKLTSPDL5hBPrjc/Vdh0vOUlxBsyjrcirOmuZjz7u
|
||||
U37u9d8Wor525KVhA0iPkoSbUQAdeWani15FpubAqug
|
||||
-> 'elxj-grease KCo\\D8X C1H.0GuO c
|
||||
UIh2br84y8h251JEQT/5wo1I4jzfLLZ3Jk/ZI0oq+yGnklm04GpV
|
||||
--- 3UVm82Ege5uZklcawiAStvmg44HE7Pc4lxQG+eIr2lY
|
||||
¾R•@[cw:lZŠï?Ïaß6‘eÞÐõ¸>4=
|
||||
[
|
||||
€Âö–NŽ=ç[t žÁÅ_÷wuh8yÙ(ãÜš’ü?5ød‰/‘WicÿlÅ<6C>˜<EFBFBD>ùt›«Õ'˼C5ïÑ"‘ÙŠ¯A$>Gn/÷Ú,&„U”°‰ÌŒ+2°o5×0×pßïè¿3
|
||||
giATfPMp/95y2ItODNShZ0kfqVFHWI4Wb7x0ImgrtYJhHR/5preaIVHj1w/Eov66
|
||||
LIkGFbxfQViqiVowTwuzI/r9aBkVuWgnm/4wYmnE4p12qZ3iA/cSzcM5DXK2i0Dv
|
||||
bdeiiQkdYbWRzgG9hYgNVDLrQTxvtzCaV3cl6o/ghUYHU3KYg0d1Cx766daUV05+
|
||||
iUWD86mnJtmR+qMlyprO+51I+3VCV7H7v1aiaDgGl5Gzp6uRpiy7qk2enlJCj5ff
|
||||
W/ZNgq2SE+tIknjAR0n1RSGpuJEFHeo8N/Q3GFd7uuu/+U0KSjf54ObUuJG9v/1L
|
||||
ma1vpt6ykskoRsKAEwUMjEyCN9dnoR2zY+Vt42RXR1XO+jzsdmzrXgd8oQsI0x/G
|
||||
+uAOjiHQD9xlS6InVsCuCoPFAzkm4ZAWbx1ozKe051txyDz3FkqJ9kmuXB7wDAm+
|
||||
4Z4PFpyoCrxHtiTW+dG7gO/AKIt7Wd3paabb8nY6/9vuCYf/Rt9ec/MH69sok+CY
|
||||
UcJE7U/TLxwZS3JMNvwwsJfu3TGHCQMi0VJXku/bcy+93ohdtV+Vxec0fWWVGVVh
|
||||
0Cod0FkiziORUko6CsTHvWRmI6D0wSui3pH+Vlpbl8m5R4VEMlkkbCx76x/MOHJH
|
||||
BF2gTPmiHGrMjB0/F8yJCox6YL5B9E2Mtg+ihZBLWN4
|
||||
-> :MAXu.jB-grease 4}9cAL 9w(1_Q%
|
||||
BvuZHewVhcZPk7nX8Q
|
||||
--- dkGEmljTt3/Vvzv90ZOjYtqDoe+vXZY+6/u1JwAvpGI
|
||||
Ň@—ęAů’·Ś«Rĺř*ç•˝rëh•›Ł6˝Ď0´‚ós/ĹĺF›vŮLëV1ř0ŰsÓňŃ}â’KŰ5.§«4‚6_ÁţgĹřĎ·“>łBd
ác€ŻPÉç`Źl“,ÝéŤŇľ
†&dŰŁ.(Ô1®/HµX4¶%5uŮaŽ
|
||||
ÓM<EFBFBD>'—‹îxýłm
1M˝ćF¤l;ĺ<EFBFBD>B`\ŚÜΰxÜRĆŻâIůł
*B˙É<A)©Ć‡K~ß®BąQç
|
Loading…
Reference in a new issue