peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

MASSIVE

Browse Source
This commit is contained in:
Giulio De Pasquale 2025-04-26 17:43:50 +01:00
parent 1a54c00cc2
commit a022b2d0ce
10 changed files with 48 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
hosts/architect/default.nix
View File

@ -15,9 +15,9 @@ in
./hardware.nix
./firewall.nix
./nginx.nix
./sonarr.nix
./bazarr.nix
./nzbget.nix
# ./sonarr.nix
# ./bazarr.nix
# ./nzbget.nix
./nextcloud.nix
./matrix.nix
./fail2ban.nix
@ -38,21 +38,6 @@ in
age.identityPaths = [ "/root/.ssh/id_ed25519" ];
pepe.core.network.interfaces = {
lan = {
interface = "enp6s0";
type = "lan";
net = "10.0.0.0/24";
devices = {
architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; };
brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; };
dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; };
reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; };
lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; };
};
};
};
architect = {
firewall = {
@ -154,6 +139,21 @@ in
enable = true;
path = "/media";
};
network.interfaces = {
lan = {
interface = "enp6s0";
type = "lan";
net = "10.0.0.0/24";
devices = {
architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; };
brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; };
dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; };
reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; };
lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; };
};
};
};
};
services = {
@ -168,11 +168,10 @@ in
package = pkgs.unstablePkgs.immich;
};
minio = {
enable = true;
domain = "s3.giugl.io";
package = pkgs.minio_legacy_fs;
};
# minio = {
# enable = true;
# domain = "s3.giugl.io";
# };
radarr = {
enable = true;

35
hosts/architect/minio.nix
View File

@ -1,35 +0,0 @@
{ config, lib, pkgs, ... }:
let
domain = "s3.giugl.io";
utilities = import ./utilities.nix { inherit lib config; };
inherit (utilities) architectInterfaceAddress;
in
{
services = {
minio = {
enable = true;
package = pkgs.minio_legacy_fs;
};
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9000";
extraConfig = ''
client_max_body_size 500M;
allow ${config.architect.networks.lan.net};
allow ${config.architect.networks.tailscale.net};
deny all;
'';
};
};
};
networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain}
'';
}

1
hosts/architect/options.nix
View File

@ -1,7 +1,6 @@
{ config, lib, ... }:
{
# Legacy compatibility layer
options.architect = {
firewall = lib.mkOption {
internal = true;

38
hosts/architect/tailscale.nix
View File

@ -7,32 +7,30 @@ let
inherit (utilities) generateDeviceStrings;
in
{
architect = {
networks.tailscale = {
interface = "ts0";
net = "100.64.0.0/10";
devices = {
architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; };
kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; };
chuck = { address = "100.64.0.4"; hostname = "chuck.${domain}"; };
dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; };
watkinshouse = { address = "100.64.0.14"; hostname = "watkinshouse.${domain}"; };
afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; };
jacopo-desktop= { address = "100.64.0.21"; hostname = "afsun.${domain}"; };
jacopo-tv= { address = "100.64.0.22"; hostname = "afsun.${domain}"; };
};
pepe.core.network.interfaces.tailscale = {
interface = "ts0";
net = "100.64.0.0/10";
type = "vpn";
devices = {
architect = { address = "100.64.0.1"; hostname = "architect.${domain}"; };
kmerr = { address = "100.64.0.2"; hostname = "kmerr.${domain}"; };
chuck = { address = "100.64.0.4"; hostname = "chuck.${domain}"; };
dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
appletv = { address = "100.64.0.13"; hostname = "appletv.${domain}"; };
watkinshouse = { address = "100.64.0.14"; hostname = "watkinshouse.${domain}"; };
afsun = { address = "100.64.0.15"; hostname = "afsun.${domain}"; };
jacopo-desktop = { address = "100.64.0.21"; hostname = "afsun.${domain}"; };
jacopo-tv = { address = "100.64.0.22"; hostname = "afsun.${domain}"; };
};
};
services = {
tailscale = {
enable = true;
interfaceName = config.architect.networks.tailscale.interface;
interfaceName = config.pepe.core.network.interfaces.tailscale.interface;
package = pkgs.unstablePkgs.tailscale;
};
};

4
modules/core/dns.nix
View File

@ -57,7 +57,7 @@ in
expr client_ip() == '${deviceIP}'
}
forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::${cfg.nextDNSId} tls://2a07:a8c1::${cfg.nextDNSId} {
forward . tls://45.90.28.77 tls://45.90.30.77 {
tls_servername ${name}-${cfg.nextDNSId}.dns.nextdns.io
health_check 5s
}
@ -99,7 +99,7 @@ in
${generateCoreDNSConfig allDomains}
. {
forward . tls://45.90.28.77 tls://45.90.30.77 tls://2a07:a8c0::${cfg.nextDNSId} tls://2a07:a8c1::${cfg.nextDNSId} {
forward . tls://45.90.28.77 tls://45.90.30.77 {
tls_servername lan-${cfg.nextDNSId}.dns.nextdns.io
health_check 5s
}

15
modules/core/network.nix
View File

@ -52,18 +52,7 @@ in
default = {};
description = "Interfaces grouped by type (lan, wan, vpn) for easy access.";
internal = true;
};
interfaceTypes = mkOption {
type = types.attrsOf types.str;
default = {
lan = "lan";
wan = "wan";
vpn = "vpn";
};
description = "Interface type identifiers for easy reference.";
};
};
};
config = {
@ -73,7 +62,5 @@ in
wan = lib.attrNames (lib.filterAttrs (_: iface: iface.type == "wan") cfg.interfaces);
vpn = lib.attrNames (lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces);
};
# We don't need the groups anymore as we're using interfacesByType directly
};
}

3
modules/services/gitea/default.nix
View File

@ -18,8 +18,7 @@ in
config = mkIf cfg.enable {
pepe.core = {
firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
dnsInterfaces = [ interfaceTypes.lan interfaceTypes.vpn ];
vhost.hosts.${cfg.domain} = {
locations."/" = {
port = config.services.gitea.settings.server.HTTP_PORT;
allowLAN = true;

3
modules/services/immich/default.nix
View File

@ -22,8 +22,7 @@ in
};
};
pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
pepe.core.vhost.hosts.${cfg.domain} = {
locations."/" = {
host = "[::1]";
port = config.services.immich.port;

5
modules/services/minio/default.nix
View File

@ -8,7 +8,7 @@ in
{
options.pepe.services.minio = with lib; {
enable = mkEnableOption "Enable MinIO S3-compatible object storage";
package = mkPackageOption pkgs "minio" { default = pkgs.minio_legacy_fs; };
package = mkPackageOption pkgs "minio" {};
domain = mkOption {
type = types.str;
default = null;
@ -21,8 +21,7 @@ in
package = cfg.package;
};
pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
pepe.core.vhost.hosts.${cfg.domain} = {
locations."/" = {
port = 9000;
allowLAN = true;

3
modules/services/radarr/default.nix
View File

@ -21,8 +21,7 @@ in
package = cfg.package;
};
pepe.core.vhost.hosts.${cfg.domain} = with config.pepe.core.network; {
dnsInterfaces = [ interfaceTypes.vpn interfaceTypes.lan ];
pepe.core.vhost.hosts.${cfg.domain} = {
locations."/" = {
port = 7878;
allowLAN = true;