From a022b2d0ceb7d5cb5a317efb83b6a95ba465597a Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Sat, 26 Apr 2025 17:43:50 +0100 Subject: [PATCH] MASSIVE --- hosts/architect/default.nix | 45 ++++++++++++++--------------- hosts/architect/minio.nix | 35 ---------------------- hosts/architect/options.nix | 1 - hosts/architect/tailscale.nix | 38 ++++++++++++------------ modules/core/dns.nix | 4 +-- modules/core/network.nix | 15 +--------- modules/services/gitea/default.nix | 3 +- modules/services/immich/default.nix | 3 +- modules/services/minio/default.nix | 5 ++-- modules/services/radarr/default.nix | 3 +- 10 files changed, 48 insertions(+), 104 deletions(-) delete mode 100644 hosts/architect/minio.nix diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 151b46d..4525c3f 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -15,9 +15,9 @@ in ./hardware.nix ./firewall.nix ./nginx.nix - ./sonarr.nix - ./bazarr.nix - ./nzbget.nix + # ./sonarr.nix + # ./bazarr.nix + # ./nzbget.nix ./nextcloud.nix ./matrix.nix ./fail2ban.nix @@ -38,21 +38,6 @@ in age.identityPaths = [ "/root/.ssh/id_ed25519" ]; - pepe.core.network.interfaces = { - lan = { - interface = "enp6s0"; - type = "lan"; - net = "10.0.0.0/24"; - devices = { - architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; }; - brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; }; - dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; }; - reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; }; - lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; }; - }; - }; - }; - architect = { firewall = { @@ -154,6 +139,21 @@ in enable = true; path = "/media"; }; + + network.interfaces = { + lan = { + interface = "enp6s0"; + type = "lan"; + net = "10.0.0.0/24"; + devices = { + architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; }; + brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; }; + dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; }; + reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; }; + lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; }; + }; + }; + }; }; services = { @@ -168,11 +168,10 @@ in package = pkgs.unstablePkgs.immich; }; - minio = { - enable = true; - domain = "s3.giugl.io"; - package = pkgs.minio_legacy_fs; - }; + # minio = { + # enable = true; + # domain = "s3.giugl.io"; + # }; radarr = { enable = true; diff --git a/hosts/architect/minio.nix b/hosts/architect/minio.nix deleted file mode 100644 index 5573a9b..0000000 --- a/hosts/architect/minio.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - domain = "s3.giugl.io"; - - utilities = import ./utilities.nix { inherit lib config; }; - inherit (utilities) architectInterfaceAddress; -in -{ - services = { - minio = { - enable = true; - package = pkgs.minio_legacy_fs; - }; - - nginx.virtualHosts.${domain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:9000"; - extraConfig = '' - client_max_body_size 500M; - allow ${config.architect.networks.lan.net}; - allow ${config.architect.networks.tailscale.net}; - deny all; - ''; - }; - }; - }; - - networking.extraHosts = '' - ${architectInterfaceAddress "lan"} ${domain} - ${architectInterfaceAddress "tailscale"} ${domain} - ''; -} diff --git a/hosts/architect/options.nix b/hosts/architect/options.nix index f55d0dc..ac7f21a 100644 --- a/hosts/architect/options.nix +++ b/hosts/architect/options.nix @@ -1,7 +1,6 @@ { config, lib, ... }: { - # Legacy compatibility layer options.architect = { firewall = lib.mkOption { internal = true; diff --git a/hosts/architect/tailscale.nix b/hosts/architect/tailscale.nix index 8217afc..af3d037 100644 --- a/hosts/architect/tailscale.nix +++ b/hosts/architect/tailscale.nix @@ -7,32 +7,30 @@ let inherit (utilities) generateDeviceStrings; in { - architect = { - networks.tailscale = { - interface = "ts0"; - net = "100.64.0.0/10"; - - devices = { - architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; }; - kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; }; - chuck = { address = "100.64.0.4"; hostname = "chuck.${domain}"; }; - dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; }; - manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; }; - tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; }; - alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; }; - appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; }; - watkinshouse = { address = "100.64.0.14"; hostname = "watkinshouse.${domain}"; }; - afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; }; - jacopo-desktop= { address = "100.64.0.21"; hostname = "afsun.${domain}"; }; - jacopo-tv= { address = "100.64.0.22"; hostname = "afsun.${domain}"; }; - }; + pepe.core.network.interfaces.tailscale = { + interface = "ts0"; + net = "100.64.0.0/10"; + type = "vpn"; + devices = { + architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; }; + kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; }; + chuck = { address = "100.64.0.4"; hostname = "chuck.${domain}"; }; + dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; }; + manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; }; + tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; }; + alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; }; + appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; }; + watkinshouse = { address = "100.64.0.14"; hostname = "watkinshouse.${domain}"; }; + afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; }; + jacopo-desktop = { address = "100.64.0.21"; hostname = "afsun.${domain}"; }; + jacopo-tv = { address = "100.64.0.22"; hostname = "afsun.${domain}"; }; }; }; services = { tailscale = { enable = true; - interfaceName = config.architect.networks.tailscale.interface; + interfaceName = config.pepe.core.network.interfaces.tailscale.interface; package = pkgs.unstablePkgs.tailscale; }; }; diff --git a/modules/core/dns.nix b/modules/core/dns.nix index dc5f2ba..15fd774 100644 --- a/modules/core/dns.nix +++ b/modules/core/dns.nix @@ -57,7 +57,7 @@ in expr client_ip() == '${deviceIP}' } - forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::${cfg.nextDNSId} tls://2a07:a8c1::${cfg.nextDNSId} { + forward . tls://45.90.28.77 tls://45.90.30.77 { tls_servername ${name}-${cfg.nextDNSId}.dns.nextdns.io health_check 5s } @@ -99,7 +99,7 @@ in ${generateCoreDNSConfig allDomains} . { - forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::${cfg.nextDNSId} tls://2a07:a8c1::${cfg.nextDNSId} { + forward . tls://45.90.28.77 tls://45.90.30.77 { tls_servername lan-${cfg.nextDNSId}.dns.nextdns.io health_check 5s } diff --git a/modules/core/network.nix b/modules/core/network.nix index 7b052db..28dc934 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -52,18 +52,7 @@ in default = {}; description = "Interfaces grouped by type (lan, wan, vpn) for easy access."; internal = true; - }; - - interfaceTypes = mkOption { - type = types.attrsOf types.str; - default = { - lan = "lan"; - wan = "wan"; - vpn = "vpn"; - }; - description = "Interface type identifiers for easy reference."; - }; - + }; }; config = { @@ -73,7 +62,5 @@ in wan = lib.attrNames (lib.filterAttrs (_: iface: iface.type == "wan") cfg.interfaces); vpn = lib.attrNames (lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces); }; - - # We don't need the groups anymore as we're using interfacesByType directly }; } diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 33076fe..040c497 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -18,8 +18,7 @@ in config = mkIf cfg.enable { pepe.core = { firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ]; - vhost.hosts.${cfg.domain} = with config.pepe.core.network; { - dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ]; + vhost.hosts.${cfg.domain} = { locations."/" = { port = config.services.gitea.settings.server.HTTP_PORT; allowLAN = true; diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix index 4df4ba5..ad415ac 100644 --- a/modules/services/immich/default.nix +++ b/modules/services/immich/default.nix @@ -22,8 +22,7 @@ in }; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { - dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; + pepe.core.vhost.hosts.${cfg.domain} = { locations."/" = { host = "[::1]"; port = config.services.immich.port; diff --git a/modules/services/minio/default.nix b/modules/services/minio/default.nix index fc7a266..827214a 100644 --- a/modules/services/minio/default.nix +++ b/modules/services/minio/default.nix @@ -8,7 +8,7 @@ in { options.pepe.services.minio = with lib; { enable = mkEnableOption "Enable MinIO S3-compatible object storage"; - package = mkPackageOption pkgs "minio" { default = pkgs.minio_legacy_fs; }; + package = mkPackageOption pkgs "minio" {}; domain = mkOption { type = types.str; default = null; @@ -21,8 +21,7 @@ in package = cfg.package; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { - dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; + pepe.core.vhost.hosts.${cfg.domain} = { locations."/" = { port = 9000; allowLAN = true; diff --git a/modules/services/radarr/default.nix b/modules/services/radarr/default.nix index 065d11e..b8e20f9 100644 --- a/modules/services/radarr/default.nix +++ b/modules/services/radarr/default.nix @@ -21,8 +21,7 @@ in package = cfg.package; }; - pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; { - dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ]; + pepe.core.vhost.hosts.${cfg.domain} = { locations."/" = { port = 7878; allowLAN = true;