From f58b776a3ddc5fb597627c12a54fb3ad59dee649 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Thu, 21 Oct 2021 15:51:44 +0200 Subject: [PATCH] added prowlarr from unstable, moved hosts to wireguard file --- flake.lock | 18 ++++++------ flake.nix | 2 +- hosts/architect/default.nix | 40 ++----------------------- hosts/architect/prowlarr.nix | 2 ++ hosts/architect/wireguard.nix | 55 ++++++++++++++++++++++++++--------- lib/host.nix | 8 +++-- 6 files changed, 63 insertions(+), 62 deletions(-) diff --git a/flake.lock b/flake.lock index 7dbb2a9..e766bb8 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1633596850, - "narHash": "sha256-5+qVLYvfOropjLAvpQs/APtD8eYnEIbAd9a36lGHZM0=", + "lastModified": 1634544068, + "narHash": "sha256-RlRQBaAHfdWqfRyHdWuDPMkplBTYwuyDQqDcNbP/Sog=", "owner": "rycee", "repo": "home-manager", - "rev": "49695f33aac22358b59e49c94fe6472218e5d766", + "rev": "ff2bed9dac84fb202bbb3c49fdcfe30c29d0b12f", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1633971123, - "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", + "lastModified": 1634515797, + "narHash": "sha256-elgCUC2khtBkOSpE4gDymNvthTZAI4hGI2iNu3YEUkA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", + "rev": "5f0194220f2402b06f7f79bba6351895facb5acb", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1634115022, - "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", + "lastModified": 1634661806, + "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", + "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5eda88f..aa02909 100644 --- a/flake.nix +++ b/flake.nix @@ -28,7 +28,7 @@ inherit (utils) user; in { nixosConfigurations = { - architect = host.mkHost { name = "architect"; users = [ { user = "giulio"; roles = []; } ]; }; + architect = host.mkHost { name = "architect"; users = [ { user = "giulio"; roles = [ "git" ]; } ]; }; gAluminum = host.mkHost { name = "gAluminum"; users = [ { user = "giulio"; roles = [ "desktop" "ssh" "git" ]; } ]; roles = [ "gnome" ]; }; proxy = host.mkHost { name = "proxy"; }; }; diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 4000ff3..62b1b77 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -17,7 +17,6 @@ in ./radarr.nix ./bazarr.nix ./nzbget.nix -# ./jellyfin.nix ./nextcloud.nix ./wireguard.nix ./minio.nix @@ -25,14 +24,14 @@ in ./fail2ban.nix ./dns.nix ./minecraft.nix -# ./prowlarr.nix + ./prowlarr.nix ./plex.nix ]; time.timeZone = "Europe/Rome"; system.stateVersion = "21.05"; # Did you read the comment? users.users.giulio.openssh.authorizedKeys.keys = pubkeys; - + fileSystems."/tmp" = { device = "tmpfs"; fsType = "tmpfs"; @@ -94,35 +93,6 @@ in ${nas-lan} nas.devs.giugl.io ${giupi-lan} giupi.devs.giugl.io - # Wireguard hosts - ${architect-wg} ${hostname}.devs.giugl.io - ${galuminum-wg} galuminum.devs.giugl.io - ${oneplus-wg} oneplus.devs.giugl.io - ${ipad-wg} ipad.devs.giugl.io - ${manduria-wg} manduria.devs.giugl.io - ${antonio-wg} antonio.devs.giugl.io - ${gbeast-wg} gbeast.devs.giugl.io - ${parisaphone-wg} parisa-phone.devs.giugl.io - ${parisapc-wg} parisa-pc.devs.giugl.io - ${peppiniell-wg} peppiniell.devs.giugl.io - ${padulino-wg} padulino.devs.giugl.io - ${shield-wg} shield.devs.giugl.io - ${angelino-wg} angelino.devs.giugl.io - ${pepos_two-wg} pepostwo.devs.giugl.io - ${eleonora-wg} eleonora.devs.giugl.io - ${angellane-wg} angellane.devs.giugl.io - ${hotpottino-wg} hotpottino.devs.giugl.io - ${salvatore-wg} salvatore.devs.giugl.io - ${papa-wg} papa.devs.giugl.io - ${defy-wg} defy.devs.giugl.io - ${germano-wg} germano.devs.giugl.io - ${dodino-wg} dodino.devs.giugl.io - ${tommy-wg} tommy.devs.giugl.io - ${alain-wg} alain.devs.giugl.io - ${dima-wg} dima.devs.giugl.io - ${boogino-wg} boogino.devs.giugl.io - ${mikey-wg} mikey.devs.giugl.io - # Blacklist 0.0.0.0 metrics.plex.tv 0.0.0.0 analytics.plex.tv @@ -143,11 +113,7 @@ in ''; }; - environment.systemPackages = with pkgs; - [ - wireguard - cudatoolkit - ]; + environment.systemPackages = with pkgs; [ cudatoolkit ]; hardware = { cpu.amd.updateMicrocode = true; diff --git a/hosts/architect/prowlarr.nix b/hosts/architect/prowlarr.nix index c722a6f..7c64705 100644 --- a/hosts/architect/prowlarr.nix +++ b/hosts/architect/prowlarr.nix @@ -1,3 +1,5 @@ +{ pkgs, ...}: + with import ./network.nix; { services = { diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix index b8e2375..77fe8d7 100644 --- a/hosts/architect/wireguard.nix +++ b/hosts/architect/wireguard.nix @@ -1,7 +1,38 @@ with import ./network.nix; { - networking.wireguard = { - interfaces.${proxy-if} = { + networking = { + extraHosts = '' + ${architect-wg} architect.devs.giugl.io + ${galuminum-wg} galuminum.devs.giugl.io + ${oneplus-wg} oneplus.devs.giugl.io + ${ipad-wg} ipad.devs.giugl.io + ${manduria-wg} manduria.devs.giugl.io + ${antonio-wg} antonio.devs.giugl.io + ${gbeast-wg} gbeast.devs.giugl.io + ${parisaphone-wg} parisa-phone.devs.giugl.io + ${parisapc-wg} parisa-pc.devs.giugl.io + ${peppiniell-wg} peppiniell.devs.giugl.io + ${padulino-wg} padulino.devs.giugl.io + ${shield-wg} shield.devs.giugl.io + ${angelino-wg} angelino.devs.giugl.io + ${pepos_two-wg} pepostwo.devs.giugl.io + ${eleonora-wg} eleonora.devs.giugl.io + ${angellane-wg} angellane.devs.giugl.io + ${hotpottino-wg} hotpottino.devs.giugl.io + ${salvatore-wg} salvatore.devs.giugl.io + ${papa-wg} papa.devs.giugl.io + ${defy-wg} defy.devs.giugl.io + ${germano-wg} germano.devs.giugl.io + ${dodino-wg} dodino.devs.giugl.io + ${tommy-wg} tommy.devs.giugl.io + ${alain-wg} alain.devs.giugl.io + ${dima-wg} dima.devs.giugl.io + ${boogino-wg} boogino.devs.giugl.io + ${mikey-wg} mikey.devs.giugl.io + ''; + + wireguard = { + interfaces.${proxy-if} = { ips = ["10.4.0.2/32"]; privateKeyFile = "/secrets/wireguard/proxy.key"; peers = [ @@ -12,29 +43,26 @@ with import ./network.nix; persistentKeepalive = 21; } ]; - }; + }; - interfaces.${vpn-if} = { - listenPort = 1194; - ips = ["10.3.0.1/24"]; - privateKeyFile = "/secrets/wireguard/server.key"; + interfaces.${vpn-if} = { + listenPort = 1194; + ips = ["10.3.0.1/24"]; + privateKeyFile = "/secrets/wireguard/server.key"; - peers = [ - { + peers = [ + { # gAluminum allowedIPs = [galuminum-wg]; publicKey = "pEEgSs7xmO0cfyvoQlU8lfwqdYM1ISgmPAunPtF+0xw="; } - { # OnePlus allowedIPs = [oneplus-wg]; -# publicKey = "uOQUJo+AfhTAFq50Pt80rdX4PmO28WUARngE2AtwdXU="; publicKey = "zynSERy6VhxN5zBf1ih3BOAHxvigDixHB9YKnSBgYFs="; } - { # iPad allowedIPs = [ipad-wg]; @@ -132,12 +160,12 @@ with import ./network.nix; publicKey = "HcIqulGahsHJeuq6zAt5EJieWhDSKX4tFlUOEr2U1gA="; } - { # pepos_two allowedIPs = [pepos_two-wg]; publicKey = "mb1VaMLML5J24oCMBuhqvBrT6S4tAqWERn30z+h/LwM="; } + { # salvatore allowedIPs = [salvatore-wg]; @@ -206,4 +234,5 @@ with import ./network.nix; ]; }; }; +}; } diff --git a/lib/host.nix b/lib/host.nix index e7579d5..699d566 100644 --- a/lib/host.nix +++ b/lib/host.nix @@ -14,9 +14,13 @@ modules = [ { - imports = users_mod ++ roles_mod; + imports = users_mod ++ roles_mod ++ [(nixos-unstable + "/nixos/modules/services/misc/prowlarr.nix")]; + + nixpkgs = { + pkgs = pkgs; + overlays = [ (self: super: {prowlarr = pkgs.unstable.prowlarr;}) ]; + }; - nixpkgs.pkgs = pkgs; nix.nixPath = [ "nixpkgs=${nixpkgs}" "unstable=${nixos-unstable}"