helix: remove completion-replace

gitea: allow WAN traffic
invidious: allow WAN
2023-11-16 13:32:40 +01:00 · 2023-11-16 13:28:06 +01:00 · 2023-11-16 13:27:33 +01:00 · 2023-11-16 13:26:06 +01:00 · 2023-11-16 13:25:58 +01:00 · 2023-11-16 13:25:43 +01:00
31 changed files with 106 additions and 327 deletions
--- a/flake.lock
+++ b/flake.lock
@ -23,11 +23,11 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1696019113,
+        "lastModified": 1697723726,
-        "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
+        "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
+        "rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
        "type": "github"
      },
      "original": {
@ -39,11 +39,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1696275639,
+        "lastModified": 1697891198,
-        "narHash": "sha256-3zShVFShYM2/n4p3Y2hzTzIE0zjR6/G1sDXo4awMR/w=",
+        "narHash": "sha256-ckL4NDWuZaxu+sMUPze98xQCdMUm+Q11Yb7DFasE/7E=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "cb1f8c37d44052b9fd2b6bd208ec4dbbe068cced",
+        "rev": "8643a0aff085eb3fbb27cb30c0e1af9585168fcb",
        "type": "github"
      },
      "original": {
--- a/hosts/architect/bazarr.nix
+++ b/hosts/architect/bazarr.nix
@ -10,13 +10,12 @@ in
  };
  architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "wireguard" "tailscale" ];
+    dnsInterfaces = [ "tailscale" ];
    locations."/" = {
      allowLan = true;
      port = 6767;
      allow = [
        wireguard.net
        tailscale.net
      ];
    };
--- a/hosts/architect/calibre.nix
+++ b/hosts/architect/calibre.nix
@ -3,7 +3,7 @@
 let
  domain = "books.giugl.io";
  auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
-  
+
  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
 in
@ -32,7 +32,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -22,7 +22,6 @@ in
    ./bazarr.nix
    ./nzbget.nix
    ./nextcloud.nix
    ./wireguard.nix
    ./minio.nix
    ./matrix.nix
    ./fail2ban.nix
@ -41,9 +40,10 @@ in
    ./keycloak.nix
    #    ./runas.nix
    ./tailscale.nix
-    #    ./searx.nix
+    ./searx.nix
    ./plex.nix
    ./headscale.nix
    ./llm.nix
  ];
  architect = {
--- a/hosts/architect/deluge.nix
+++ b/hosts/architect/deluge.nix
@ -39,14 +39,13 @@ in
  };
  architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
+    dnsInterfaces = [ "lan" "tailscale" ];
    locations = {
      "/" = {
        allowLan = true;
        port = 8112;
        allow = [
          wireguard.net
          tailscale.net
        ];
      };
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@ -8,7 +8,7 @@ in
    firewall.openUDPVPN = [ 53 ];
    vhost.${domain} = {
-      dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
+      dnsInterfaces = [ "lan" "tailscale" ];
      locations."/" = with config; {
        port = services.adguardhome.settings.bind_port;
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@ -16,23 +16,6 @@ let
    (deviceAddress "tailscale" "kmerr")
    (deviceAddress "tailscale" "chuck")
  ];
  wireguardToWAN = [
    (deviceAddress "wireguard" "shield")
    (deviceAddress "wireguard" "parina")
    (deviceAddress "wireguard" "parina-ipad")
    (deviceAddress "wireguard" "germano")
  ];
  frameccaDevices = [
    (deviceAddress "wireguard" "framecca")
    (deviceAddress "wireguard" "framecca_one")
    (deviceAddress "wireguard" "framecca_two")
    (deviceAddress "wireguard" "framecca_three")
    (deviceAddress "wireguard" "framecca_four")
  ];
  clientToClientWireguard = frameccaDevices;
 in
 {
  networking = {
@ -71,9 +54,6 @@ in
          chain POSTROUTING {
            type nat hook postrouting priority srcnat; policy accept;
            oifname ${lan.interface} ip saddr {${
              lib.concatStringsSep "," wireguardToWAN
            }} masquerade
            oifname ${lan.interface} ip saddr ${docker.net} masquerade
            oifname ${lan.interface} ip saddr ${tailscale.net} masquerade
          }
@ -85,10 +65,8 @@ in
            ct state invalid,untracked drop comment "drop invalid"
            ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
            ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
            iifname ${lan.interface} ip saddr ${wireguard.net} drop comment "bind any ip to intf ${lan.interface}"
            iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}"
            iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}"
            iifname ${wireguard.interface} ip saddr ${wireguard.net} accept comment "bind ip ${wireguard.net} to intf ${wireguard.interface}"
            iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}"
            iifname ${tailscale.interface} ip saddr ${tailscale.net} accept
            iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept
@ -151,10 +129,6 @@ in
            iifname ${lan.interface} tcp dport {${openTCP}} accept
            iifname ${lan.interface} udp dport {${openUDP}} accept
            iifname ${wireguard.interface} tcp dport {${openTCPVPN}} accept
            iifname ${wireguard.interface} udp dport {${openUDPVPN}} accept
            iifname ${wireguard.interface} icmp type echo-request accept
            jump filter_drop
          }
@ -162,16 +136,6 @@ in
            type filter hook forward priority filter; policy drop;
            ct state established,related accept
            # client to client
            ip saddr {${lib.concatStringsSep "," clientToClientWireguard}} ip daddr {${
               lib.concatStringsSep "," clientToClientWireguard
            }} accept                    
            # nat to wan
            oifname ${lan.interface} ip saddr {${
              lib.concatStringsSep "," wireguardToWAN
            }} accept
            oifname ${lan.interface} ip saddr ${docker.net} accept
            oifname ${lan.interface} ip saddr ${tailscale.net} accept
--- a/hosts/architect/gitea.nix
+++ b/hosts/architect/gitea.nix
@ -7,8 +7,11 @@ in
  architect = {
    firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
    vhost.${domain} = {
-      dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
+      dnsInterfaces = [ "lan" "tailscale" ];
-      locations."/".port = config.services.gitea.settings.server.HTTP_PORT;
+      locations."/" = {
        port = config.services.gitea.settings.server.HTTP_PORT;
        allowWAN = true;
      };
    };
  };
--- a/hosts/architect/invidious.nix
+++ b/hosts/architect/invidious.nix
@ -11,9 +11,12 @@ in
      hmac_key = "a2a91eca269d26de1221285e8981879834045bff";
    };
  };
-  
+
  architect.vhost.${domain} = {
-    dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
+    dnsInterfaces = [ "lan" "tailscale" ];
-    locations."/".port = config.services.invidious.port;
+    locations."/" = {
      port = config.services.invidious.port;
      allowWAN = true;
    };
  };
 }
--- a/hosts/architect/jellyfin.nix
+++ b/hosts/architect/jellyfin.nix
@ -10,13 +10,12 @@ in
  systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce "";
  architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
+    dnsInterfaces = [ "lan" "tailscale" ];
    locations = {
      "/" = {
        inherit port allowLan;
        allow = [
          wireguard.net
          tailscale.net
        ];
      };
@ -26,7 +25,6 @@ in
        proxyWebsockets = true;
        allow = [
          wireguard.net
          tailscale.net
        ];
      };
--- a/hosts/architect/keycloak.nix
+++ b/hosts/architect/keycloak.nix
@ -76,7 +76,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
 }
--- a/hosts/architect/libreddit.nix
+++ b/hosts/architect/libreddit.nix
@ -8,9 +8,9 @@ in
    enable = true;
    port = 9090;
  };
-  
+
  architect.vhost.${domain} = {
-    dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
+    dnsInterfaces = [ "lan" "tailscale" ];
    locations."/".port = config.services.libreddit.port;
  };
 }
--- a/hosts/architect/lidarr.nix
+++ b/hosts/architect/lidarr.nix
@ -28,7 +28,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
--- a/hosts/architect/llm.nix
+++ b/hosts/architect/llm.nix
@ -0,0 +1,38 @@
 { config, ... }:
 let
  domain = "pino.giugl.io";
  backendPort = 3000;
  frontendPort = 3002;
 in
 {
  architect.vhost.${domain} = {
    dnsInterfaces = [ "tailscale" ];
    locations."/" = {
      host = "172.17.0.1";
      port = frontendPort;
      allowLan = true;
      allow = [ config.architect.networks."tailscale".net ];
    };
  };
  virtualisation.oci-containers = {
    containers = {
      big-agi = {
        image = "ghcr.io/enricoros/big-agi:main";
        autoStart = true;
        ports = [
          "172.17.0.1:${toString frontendPort}:${toString backendPort}"
        ];
        environmentFiles = [
          "/var/lib/llm/big-agi.env"
        ];
        extraOptions = [
          "--pull=always"
        ];
      };
    };
  };
 }
--- a/hosts/architect/matrix.nix
+++ b/hosts/architect/matrix.nix
@ -111,7 +111,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
 }
--- a/hosts/architect/minecraft.nix
+++ b/hosts/architect/minecraft.nix
@ -19,7 +19,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
 }
--- a/hosts/architect/minio.nix
+++ b/hosts/architect/minio.nix
@ -30,7 +30,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
 }
--- a/hosts/architect/navidrome.nix
+++ b/hosts/architect/navidrome.nix
@ -22,7 +22,7 @@ in
  };
  architect.vhost.${domain} = {
-    dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
+    dnsInterfaces = [ "lan" "tailscale" ];
    locations."/" = {
      port = 4533;
      allowLan = true;
--- a/hosts/architect/nextcloud.nix
+++ b/hosts/architect/nextcloud.nix
@ -78,7 +78,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
--- a/hosts/architect/nzbget.nix
+++ b/hosts/architect/nzbget.nix
@ -10,7 +10,7 @@ in
  };
  architect.vhost.${domain} = {
-    dnsInterfaces = [ "tailscale" "wireguard" "lan" ];
+    dnsInterfaces = [ "tailscale" "lan" ];
    locations."/" = {
      port = 6789;
--- a/hosts/architect/options.nix
+++ b/hosts/architect/options.nix
@ -96,23 +96,29 @@ in
                  description = "The host for the location.";
                  default = "127.0.0.1";
                };
-                
+
                port = mkOption {
                  type = types.int;
                  description = "The port number for the location.";
                };
-                
+
                allow = mkOption {
                  type = types.listOf types.str;
                  default = [ ];
                  description = "IP address or CIDR block to allow.";
                };
-                
+
                path = mkOption {
                  type = types.str;
                  default = "";
                };
                allowWAN = mkOption {
                  type = types.bool;
                  default = false;
                  description = "If set to false, deny all WAN traffic.";
                };
                deny = mkOption {
                  type = types.listOf types.str;
                  default = [ ];
@ -140,9 +146,9 @@ in
            proxyPass = "http://${location.host}:${toString location.port}${location.path}";
            proxyWebsockets = location.proxyWebsockets;
            extraConfig = ''
              ${optionalString location.allowLan "deny 10.0.0.1;"}
              ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
              ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
              ${optionalString (!location.allowWAN) "deny all;"}
              ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
              ${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''}
            '' + location.extraConfig;
          })
--- a/hosts/architect/plex.nix
+++ b/hosts/architect/plex.nix
@ -17,7 +17,7 @@ in
  };
  architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
+    dnsInterfaces = [ "lan" "tailscale" ];
    locations = {
      "/" = {
        inherit port;
@ -25,7 +25,6 @@ in
        proxyWebsockets = true;
        # allowLan = true;        
        # allow = [
        #   wireguard.net
        #   tailscale.net
        # ];
        extraConfig = ''
--- a/hosts/architect/prosody.nix
+++ b/hosts/architect/prosody.nix
@ -45,7 +45,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
--- a/hosts/architect/prowlarr.nix
+++ b/hosts/architect/prowlarr.nix
@ -7,7 +7,7 @@ in
  services.prowlarr.enable = true;
  architect.vhost.${domain} = {
-    dnsInterfaces = [ "tailscale" "wireguard" ];
+    dnsInterfaces = [ "tailscale" ];
    locations."/" = {
      port = 9696;
--- a/hosts/architect/radarr.nix
+++ b/hosts/architect/radarr.nix
@ -10,13 +10,12 @@ in
  };
  architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "wireguard" "tailscale" ];
+    dnsInterfaces = [ "tailscale" ];
    locations."/" = {
      port = 7878;
      allowLan = true;
      allow = [
        wireguard.net
        tailscale.net
      ];
    };
--- a/hosts/architect/runas.nix
+++ b/hosts/architect/runas.nix
@ -43,7 +43,6 @@ in
  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
 }
--- a/hosts/architect/searx.nix
+++ b/hosts/architect/searx.nix
@ -1,8 +1,7 @@
-{ mach-nix, lib, config, pkgs, ... }:
+{ config, pkgs, ... }:
 let
-  domain = "gugol.giugl.io";
+  domain = "search.giugl.io";
  network = import ./network.nix;
 in
 {
  services = {
@ -19,14 +18,14 @@ in
        };
        general = {
-          instance_name = "Pepe's Gugol";
+          instance_name = "PepoSearch";
-          contact_url = "mailto:gugol@depasquale.giugl.io";
+          contact_url = "mailto:search@depasquale.giugl.io";
-          enable_metrics = false;
+          enable_metrics = true;
        };
        search = {
          safe_search = 0;
-          autocomplete = "qwant";
+          autocomplete = "google";
          prefer_configured_language = false;
        };
@ -43,24 +42,23 @@ in
          { name = "google"; disabled = false; }
          { name = "bing"; disabled = false; }
          { name = "qwant"; disabled = false; }
-          { name = "duckduckgo"; disabled = false; }
+          { name = "brave"; disabled = false; }
          # keep getting access denied (!?)
          { name = "duckduckgo"; disabled = true; }
        ];
      };
    };
    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString config.services.searx.settings.server.port}";
      };
    };
  };
-  networking.extraHosts = ''
+  architect.vhost.${domain} = with config.architect.networks; {
-    ${network.architect-lan} ${domain}
+    dnsInterfaces = [ "tailscale" ];
-    ${network.architect-wg} ${domain}
+    locations."/" = {
-    ${network.architect-ts} ${domain}
+      port = config.services.searx.settings.server.port;
-  '';
+      allowLan = true;
      allow = [
        tailscale.net
      ];
    };
  };
 }
--- a/hosts/architect/sonarr.nix
+++ b/hosts/architect/sonarr.nix
@ -8,15 +8,15 @@ in
    enable = true;
    group = "media";
  };
-  
+
  architect.vhost.${domain} = {
-    dnsInterfaces = [ "tailscale" "wireguard" ];
+    dnsInterfaces = [ "tailscale" ];
    locations."/" = {
-      port = 6969;
+      port = 8989;
      allowLan = true;
    };
  };
-  
+
  users.groups.media.members = [ "sonarr" ];
 }
--- a/hosts/architect/tailscale.nix
+++ b/hosts/architect/tailscale.nix
@ -19,7 +19,8 @@ in
        dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
        manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
        tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
-        ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; };
+        # ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; };
        ucsb-workstation = { address = "100.64.0.10"; hostname = "ucsb-workstation.${domain}"; };
        alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
        parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; };
      };
--- a/hosts/architect/wireguard.nix
+++ b/hosts/architect/wireguard.nix
@ -1,218 +0,0 @@
 { config, lib, ... }:
 let
  listenPort = 1194;
  domain = "devs.giugl.io";
  interface = "wireguard";
  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) generateDeviceStrings getDeviceAddress;
  getWireguardDeviceAddress = getDeviceAddress "wireguard";
 in
 {
  architect = {
    firewall = {
      openUDP = lib.singleton listenPort;
      openUDPVPN = lib.singleton listenPort;
    };
    networks.${interface} = {
      interface = "wg0";
      net = "10.3.0.0/24";
      devices = {
        architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; };
        antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; };
        gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; };
        shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; };
        salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; };
        papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; };
        defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; };
        germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; };
        flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; };
        alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; };
        dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; };
        mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; };
        andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; };
        mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; };
        andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; };
        jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; };
        frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; };
        ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; };
        parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; };
        nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; };
        parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; };
        kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; };
        framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; };
        framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; };
        framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; };
        framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; };
        framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; };
      };
    };
  };
  networking = {
    extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices;
    wireguard = {
      interfaces.${config.architect.networks.wireguard.interface} = {
        inherit listenPort;
        ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ];
        privateKeyFile = "/secrets/wireguard/server.key";
        peers = [
          {
            # Antonio
            allowedIPs = [ (getWireguardDeviceAddress "antonio") ];
            publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc=";
          }
          {
            # GBEAST
            allowedIPs = [ (getWireguardDeviceAddress "gbeast") ];
            publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI=";
          }
          {
            # shield
            allowedIPs = [ (getWireguardDeviceAddress "shield") ];
            publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
          }
          {
            # salvatore
            allowedIPs = [ (getWireguardDeviceAddress "salvatore") ];
            publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs=";
          }
          {
            # papa
            allowedIPs = [ (getWireguardDeviceAddress "papa") ];
            publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA=";
          }
          {
            # defy
            allowedIPs = [ (getWireguardDeviceAddress "defy") ];
            publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
          }
          {
            # germano
            allowedIPs = [ (getWireguardDeviceAddress "germano") ];
            publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
          }
          {
            # flavio
            allowedIPs = [ (getWireguardDeviceAddress "flavio") ];
            publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg=";
          }
          {
            # alain
            allowedIPs = [ (getWireguardDeviceAddress "alain") ];
            publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
          }
          {
            # dima
            allowedIPs = [ (getWireguardDeviceAddress "dima") ];
            publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
          }
          {
            # mikey
            allowedIPs = [ (getWireguardDeviceAddress "mikey") ];
            publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
          }
          {
            # andrew
            allowedIPs = [ (getWireguardDeviceAddress "andrew") ];
            publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
          }
          {
            # mikey laptop
            allowedIPs = [ (getWireguardDeviceAddress "mikeylaptop") ];
            publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
          }
          {
            # andrew desktop
            allowedIPs = [ (getWireguardDeviceAddress "andrewdesktop") ];
            publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
          }
          {
            # laptop desktop
            allowedIPs = [ (getWireguardDeviceAddress "jacopo") ];
            publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
          }
          {
            # frznn
            allowedIPs = [ (getWireguardDeviceAddress "frznn") ];
            publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
          }
          {
            # ludo
            allowedIPs = [ (getWireguardDeviceAddress "ludo") ];
            publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
          }
          {
            # parina
            allowedIPs = [ (getWireguardDeviceAddress "parina") ];
            publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
          }
          {
            # nilo
            allowedIPs = [ (getWireguardDeviceAddress "nilo") ];
            publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0=";
          }
          {
            # parina ipad
            allowedIPs = [ (getWireguardDeviceAddress "parina-ipad") ];
            publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU=";
          }
          {
            # kcl vm
            allowedIPs = [ (getWireguardDeviceAddress "kclvm") ];
            publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE=";
          }
          {
            allowedIPs = [ (getWireguardDeviceAddress "framecca") ];
            publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
          }
          {
            allowedIPs = [ (getWireguardDeviceAddress "framecca_one") ];
            publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs=";
          }
          {
            allowedIPs = [ (getWireguardDeviceAddress "framecca_two") ];
            publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM=";
          }
          {
            allowedIPs = [ (getWireguardDeviceAddress "framecca_three") ];
            publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs=";
          }
          {
            allowedIPs = [ (getWireguardDeviceAddress "framecca_four") ];
            publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc=";
          }
        ];
      };
    };
  };
 }
--- a/roles/home/helix.nix
+++ b/roles/home/helix.nix
@ -23,7 +23,6 @@ in
      cursorline = true
      true-color = true
      gutters = ["diff", "diagnostics", "line-numbers", "spacer"]
      completion-replace = true
      [editor.cursor-shape]
      insert = "bar"
Author	SHA1	Message	Date
Giulio De Pasquale	190bff3ac0	helix: remove completion-replace	2023-11-16 13:32:40 +01:00
Giulio De Pasquale	e715a7bf3c	gitea: allow WAN traffic	2023-11-16 13:28:06 +01:00
Giulio De Pasquale	5eb5613d71	invidious: allow WAN	2023-11-16 13:27:33 +01:00
Giulio De Pasquale	cb3fe8f147	architect: enabled LLM	2023-11-16 13:26:06 +01:00
Giulio De Pasquale	b2cf092f78	architect: added LLM module	2023-11-16 13:25:58 +01:00
Giulio De Pasquale	0da9f7ab9d	architect: add allowWAN option, correctly blocking WAN traffic	2023-11-16 13:25:43 +01:00
Giulio De Pasquale	03939c0061	architect: re-enable searxng	2023-10-29 16:16:08 +01:00
Giulio De Pasquale	269e736f47	sonarr: changed port to 8989	2023-10-21 15:12:01 +02:00
Giulio De Pasquale	a66b5edf78	flake: update lock	2023-10-21 15:01:06 +02:00
Giulio De Pasquale	5d93c40c8f	architect: removed wireguard	2023-10-21 15:00:58 +02:00