From 80a4af7d3d4dc8e537d0715ff965d49139de8d34 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Wed, 7 Jul 2021 11:45:37 +0200 Subject: [PATCH] architect from giupi --- hosts/{giupi => architect}/backup.nix | 0 hosts/{giupi => architect}/default.nix | 82 +++++-------------------- hosts/{giupi => architect}/firewall.nix | 0 hosts/{giupi => architect}/hardware.nix | 8 +-- hosts/{giupi => architect}/network.nix | 7 ++- hosts/architect/nginx.nix | 79 ++++++++++++++++++++++++ 6 files changed, 105 insertions(+), 71 deletions(-) rename hosts/{giupi => architect}/backup.nix (100%) rename hosts/{giupi => architect}/default.nix (76%) rename hosts/{giupi => architect}/firewall.nix (100%) rename hosts/{giupi => architect}/hardware.nix (91%) rename hosts/{giupi => architect}/network.nix (89%) create mode 100644 hosts/architect/nginx.nix diff --git a/hosts/giupi/backup.nix b/hosts/architect/backup.nix similarity index 100% rename from hosts/giupi/backup.nix rename to hosts/architect/backup.nix diff --git a/hosts/giupi/default.nix b/hosts/architect/default.nix similarity index 76% rename from hosts/giupi/default.nix rename to hosts/architect/default.nix index 40ae258..2e8b442 100644 --- a/hosts/giupi/default.nix +++ b/hosts/architect/default.nix @@ -8,7 +8,7 @@ with import ./network.nix; let unstable = import {}; pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"]; - hostname = "giupi"; + hostname = "architect"; in { imports = @@ -18,6 +18,7 @@ in ../../common.nix ../../users.nix ./firewall.nix + ./nginx.nix ]; variables.hostname = hostname; @@ -71,20 +72,20 @@ in extraHosts = '' 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost -# LAN -${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io + # LAN + ${giupi_lan_ip} ${hostname}.devs.giugl.io media.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io 10.0.0.1 router.devs.giugl.io ${dvr_ip} dvr.devs.giugl.io ${nas_ip} nas.devs.giugl.io - -# Wireguard hosts - ${giupi_wg_ip} ${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io + + # Wireguard hosts + ${giupi_wg_ip} ${hostname}.devs.giugl.io media.giugl.io jf.giugl.io giugl.io yt.giugl.io s0.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io ${galuminum-wg} galuminum.devs.giugl.io ${oneplus-wg} oneplus.devs.giugl.io ${ipad-wg} ipad.devs.giugl.io ${manduria-wg} manduria.devs.giugl.io - ${antonio-wg} antonio.devs.giugl.io + ${antonio-wg} antonio.devs.giugl.io ${gbeast-wg} gbeast.devs.giugl.io ${parisaphone-wg} parisa-phone.devs.giugl.io ${parisapc-wg} parisa-pc.devs.giugl.io @@ -98,7 +99,7 @@ ${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.i ${broccolino-wg} broccolino.devs.giugl.io ${hotpottino-wg} hotpottino.devs.giugl.io -# Blacklist + # Blacklist 0.0.0.0 metrics.plex.tv 0.0.0.0 analytics.plex.tv 0.0.0.0 cdn.luckyorange.com @@ -125,7 +126,6 @@ ${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.i environment.systemPackages = with pkgs; [ - docker openiscsi wireguard cudatoolkit @@ -147,6 +147,8 @@ ${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.i sonarr.enable = true; nzbget.enable = true; thelounge.enable = true; + mysql.enable = false; + mysql.package = with pkgs; mysql80; dnsmasq = { enable = true; @@ -179,66 +181,14 @@ ${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.i passwordAuthentication = true; permitRootLogin = "yes"; }; - - postgresql = { - enable = true; - - # Ensure the database, user, and permissions always exist - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ - { name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - } - ]; - }; - - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts."media.giugl.io" = { - locations."/" = { - proxyPass = "http://localhost:8096"; - }; }; - virtualHosts."htbaz.giugl.io" = { - locations."/" = { - proxyPass = "http://localhost:6767"; - }; + environment.variables = { + LIBVA_DRIVER_NAME="vdpau"; }; - virtualHosts."htrad.giugl.io" = { - locations."/" = { - proxyPass = "http://localhost:7878"; - }; - }; - - virtualHosts."htson.giugl.io" = { - locations."/" = { - proxyPass = "http://localhost:8989"; - }; - }; - - virtualHosts."htnzb.giugl.io" = { - locations."/" = { - proxyPass = "http://localhost:6789"; - }; - }; - - }; - -}; - -environment.variables = { - LIBVA_DRIVER_NAME="vdpau"; -}; -users.groups.media.members = ["radarr" "sonarr" "nzbget" "bazarr" "transmission" "jellyfin" "jellyfin"]; -users.groups.video.members = ["jellyfin"]; -users.groups.render.members = ["jellyfin"]; + users.groups.media.members = ["radarr" "sonarr" "nzbget" "bazarr" "transmission" "jellyfin" "jellyfin"]; + users.groups.video.members = ["jellyfin"]; + users.groups.render.members = ["jellyfin"]; } - diff --git a/hosts/giupi/firewall.nix b/hosts/architect/firewall.nix similarity index 100% rename from hosts/giupi/firewall.nix rename to hosts/architect/firewall.nix diff --git a/hosts/giupi/hardware.nix b/hosts/architect/hardware.nix similarity index 91% rename from hosts/giupi/hardware.nix rename to hosts/architect/hardware.nix index b46ad2c..ec52cdc 100644 --- a/hosts/giupi/hardware.nix +++ b/hosts/architect/hardware.nix @@ -28,10 +28,10 @@ fsType = "zfs"; }; - fileSystems."/docker" = - { device = "backedpool/docker"; - fsType = "zfs"; - }; +# fileSystems."/docker" = +# { device = "backedpool/docker"; +# fsType = "zfs"; +# }; fileSystems."/var/lib" = { device = "backedpool/services"; diff --git a/hosts/giupi/network.nix b/hosts/architect/network.nix similarity index 89% rename from hosts/giupi/network.nix rename to hosts/architect/network.nix index 76174e9..afd8fb8 100644 --- a/hosts/giupi/network.nix +++ b/hosts/architect/network.nix @@ -9,7 +9,7 @@ rec { external_lan_net = "192.168.1.0/24"; # ips - giupi_lan_ip = "10.0.0.8"; + giupi_lan_ip = "10.0.0.250"; dvr_ip = "10.0.0.2"; nas_ip = "10.0.0.3"; @@ -37,4 +37,9 @@ rec { routers-wg = [ hotpottino-wg broccolino-wg ]; c2c-wg = [ ] ++ gdevices-wg; towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg; + + # domains + domain = "giugl.io"; + dom_media = "media.${domain}"; + dom_cloud = "cloud.${domain}"; } diff --git a/hosts/architect/nginx.nix b/hosts/architect/nginx.nix new file mode 100644 index 0000000..feec82c --- /dev/null +++ b/hosts/architect/nginx.nix @@ -0,0 +1,79 @@ +{services, ...}: + +{ + security.acme.acceptTerms = true; + security.acme.email = "giupi@giugl.io"; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."media.giugl.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8096"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + }; + + virtualHosts."htbaz.giugl.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:6767"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + }; + + virtualHosts."htrad.giugl.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:7878"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + }; + + virtualHosts."htson.giugl.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8989"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + }; + + virtualHosts."htnzb.giugl.io" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:6789"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + }; + }; +}