From 77931ab71a0522a58deec81de94c7d7fb4b0bc8c Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 5 Nov 2021 20:16:08 +0100 Subject: [PATCH] jacopo, mikey, andrew wg clients. transmission added --- flake.lock | 12 +++++----- hosts/architect/default.nix | 1 + hosts/architect/firewall.nix | 3 +++ hosts/architect/network.nix | 5 ++++ hosts/architect/plex.nix | 4 ++++ hosts/architect/transmission.nix | 41 ++++++++++++++++++++++++++++++++ hosts/architect/wireguard.nix | 26 ++++++++++++++++++++ roles/home/common.nix | 3 +-- 8 files changed, 87 insertions(+), 8 deletions(-) create mode 100644 hosts/architect/transmission.nix diff --git a/flake.lock b/flake.lock index e766bb8..d0d9a71 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1634515797, - "narHash": "sha256-elgCUC2khtBkOSpE4gDymNvthTZAI4hGI2iNu3YEUkA=", + "lastModified": 1635702959, + "narHash": "sha256-ZKxX9DjJJGJqq20pE4dIj1G4ssCLVXXRFerM6lNuF0k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f0194220f2402b06f7f79bba6351895facb5acb", + "rev": "e544ee88fa4590df75e221e645a03fe157a99e5b", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1634661806, - "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=", + "lastModified": 1635719588, + "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc", + "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", "type": "github" }, "original": { diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 62b1b77..300cd86 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -26,6 +26,7 @@ in ./minecraft.nix ./prowlarr.nix ./plex.nix + ./transmission.nix ]; time.timeZone = "Europe/Rome"; diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix index 5062a37..bfc0e9d 100644 --- a/hosts/architect/firewall.nix +++ b/hosts/architect/firewall.nix @@ -9,10 +9,12 @@ let 443 # https 8448 # matrix 10022 # gitea + 51413 # transmission ]; open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ 1194 # wireguard 3478 # turn + 51413 # transmission ]; in { networking = { @@ -134,6 +136,7 @@ in { # gdevices talking to everyone in VPN ip saddr {${lib.concatStringsSep "," gdevices-wg}} ip daddr ${vpn-net} accept + ip saddr {${lib.concatStringsSep "," gamenet-wg}} ip daddr {${lib.concatStringsSep "," gamenet-wg}} accept # nat to wan oifname ${wan-if} ip saddr {${lib.concatStringsSep "," towan-wg}} accept diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix index 69459d0..bac9952 100644 --- a/hosts/architect/network.nix +++ b/hosts/architect/network.nix @@ -41,6 +41,10 @@ rec { alain-wg = "10.3.0.22"; dima-wg = "10.3.0.23"; mikey-wg = "10.3.0.24"; + andrew-wg = "10.3.0.25"; + mikeylaptop-wg = "10.3.0.26"; + andrewdesktop-wg = "10.3.0.27"; + jacopo-wg = "10.3.0.28"; eleonora-wg = "10.3.0.100"; angellane-wg = "10.3.0.200"; hotpottino-wg = "10.3.0.201"; @@ -52,6 +56,7 @@ rec { routers-wg = [ hotpottino-wg angellane-wg dodino-wg ]; c2c-wg = [ ] ++ gdevices-wg; towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg; + gamenet-wg = [ andrew-wg galuminum-wg gbeast-wg mikey-wg andrewdesktop-wg mikeylaptop-wg ]; # domains sonarrdomain = "htson.giugl.io"; diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix index aae9147..b570b35 100644 --- a/hosts/architect/plex.nix +++ b/hosts/architect/plex.nix @@ -16,6 +16,10 @@ with import ./network.nix; enableACME = true; http2 = true; extraConfig = '' + allow 10.3.0.0/24; + allow 10.0.0.0/24; + deny all; + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause send_timeout 100m; diff --git a/hosts/architect/transmission.nix b/hosts/architect/transmission.nix new file mode 100644 index 0000000..024378f --- /dev/null +++ b/hosts/architect/transmission.nix @@ -0,0 +1,41 @@ +with import ./network.nix; + +let + domain = "httra.giugl.io"; +in { + services = { + transmission = { + enable = true; + settings = { + download-dir = "/media/transmission"; + incomplete-dir = "/media/transmission/.incomplete"; + rpc-host-whitelist = "${domain}"; + encryption = 2; + speed-limit-up = 10; + speed-limit-up-enabled = true; + peer-port = 51413; + }; + performanceNetParameters = true; + }; + + nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:9091"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + }; + }; + + networking.extraHosts = '' + ${architect-lan} ${domain} + ${architect-wg} ${domain} + ''; + + users.groups.media.members = ["transmission"]; +} diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix index 77fe8d7..89a31f2 100644 --- a/hosts/architect/wireguard.nix +++ b/hosts/architect/wireguard.nix @@ -29,6 +29,8 @@ with import ./network.nix; ${dima-wg} dima.devs.giugl.io ${boogino-wg} boogino.devs.giugl.io ${mikey-wg} mikey.devs.giugl.io + ${andrew-wg} andrew.devs.giugl.io + ${mikeylaptop-wg} mikeylaptop.devs.giugl.io ''; wireguard = { @@ -231,6 +233,30 @@ with import ./network.nix; allowedIPs = [mikey-wg]; publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI="; } + + { + # andrew + allowedIPs = [andrew-wg]; + publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM="; + } + + { + # mikey laptop + allowedIPs = [mikeylaptop-wg]; + publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk="; + } + + { + # andrew desktop + allowedIPs = [andrewdesktop-wg]; + publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI="; + } + + { + # laptop desktop + allowedIPs = [jacopo-wg]; + publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0="; + } ]; }; }; diff --git a/roles/home/common.nix b/roles/home/common.nix index fe1b6a2..b76bac7 100644 --- a/roles/home/common.nix +++ b/roles/home/common.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - imports = [ ./zsh.nix ]; + imports = [ ./zsh.nix ./git.nix ]; home = { stateVersion = "21.05"; @@ -19,7 +19,6 @@ programs.neovim = { enable = true; - #package = pkgs.unstable.neovim-unwrapped; extraConfig = '' " syntax