Compare commits
10 Commits
08d5181da8
...
190bff3ac0
Author | SHA1 | Date | |
---|---|---|---|
|
190bff3ac0 | ||
|
e715a7bf3c | ||
|
5eb5613d71 | ||
|
cb3fe8f147 | ||
|
b2cf092f78 | ||
|
0da9f7ab9d | ||
|
03939c0061 | ||
|
269e736f47 | ||
|
a66b5edf78 | ||
|
5d93c40c8f |
12
flake.lock
generated
12
flake.lock
generated
@ -23,11 +23,11 @@
|
||||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1696019113,
|
||||
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
|
||||
"lastModified": 1697723726,
|
||||
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
|
||||
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -39,11 +39,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1696275639,
|
||||
"narHash": "sha256-3zShVFShYM2/n4p3Y2hzTzIE0zjR6/G1sDXo4awMR/w=",
|
||||
"lastModified": 1697891198,
|
||||
"narHash": "sha256-ckL4NDWuZaxu+sMUPze98xQCdMUm+Q11Yb7DFasE/7E=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "cb1f8c37d44052b9fd2b6bd208ec4dbbe068cced",
|
||||
"rev": "8643a0aff085eb3fbb27cb30c0e1af9585168fcb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -10,13 +10,12 @@ in
|
||||
};
|
||||
|
||||
architect.vhost.${domain} = with config.architect.networks; {
|
||||
dnsInterfaces = [ "wireguard" "tailscale" ];
|
||||
dnsInterfaces = [ "tailscale" ];
|
||||
locations."/" = {
|
||||
allowLan = true;
|
||||
port = 6767;
|
||||
|
||||
allow = [
|
||||
wireguard.net
|
||||
tailscale.net
|
||||
];
|
||||
};
|
||||
|
@ -3,7 +3,7 @@
|
||||
let
|
||||
domain = "books.giugl.io";
|
||||
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
|
||||
|
||||
|
||||
utilities = import ./utilities.nix { inherit lib config; };
|
||||
inherit (utilities) architectInterfaceAddress;
|
||||
in
|
||||
@ -32,7 +32,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
|
||||
|
@ -22,7 +22,6 @@ in
|
||||
./bazarr.nix
|
||||
./nzbget.nix
|
||||
./nextcloud.nix
|
||||
./wireguard.nix
|
||||
./minio.nix
|
||||
./matrix.nix
|
||||
./fail2ban.nix
|
||||
@ -41,9 +40,10 @@ in
|
||||
./keycloak.nix
|
||||
# ./runas.nix
|
||||
./tailscale.nix
|
||||
# ./searx.nix
|
||||
./searx.nix
|
||||
./plex.nix
|
||||
./headscale.nix
|
||||
./llm.nix
|
||||
];
|
||||
|
||||
architect = {
|
||||
|
@ -39,14 +39,13 @@ in
|
||||
};
|
||||
|
||||
architect.vhost.${domain} = with config.architect.networks; {
|
||||
dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations = {
|
||||
"/" = {
|
||||
allowLan = true;
|
||||
port = 8112;
|
||||
|
||||
allow = [
|
||||
wireguard.net
|
||||
tailscale.net
|
||||
];
|
||||
};
|
||||
|
@ -8,7 +8,7 @@ in
|
||||
firewall.openUDPVPN = [ 53 ];
|
||||
|
||||
vhost.${domain} = {
|
||||
dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
|
||||
locations."/" = with config; {
|
||||
port = services.adguardhome.settings.bind_port;
|
||||
|
@ -16,23 +16,6 @@ let
|
||||
(deviceAddress "tailscale" "kmerr")
|
||||
(deviceAddress "tailscale" "chuck")
|
||||
];
|
||||
|
||||
wireguardToWAN = [
|
||||
(deviceAddress "wireguard" "shield")
|
||||
(deviceAddress "wireguard" "parina")
|
||||
(deviceAddress "wireguard" "parina-ipad")
|
||||
(deviceAddress "wireguard" "germano")
|
||||
];
|
||||
|
||||
frameccaDevices = [
|
||||
(deviceAddress "wireguard" "framecca")
|
||||
(deviceAddress "wireguard" "framecca_one")
|
||||
(deviceAddress "wireguard" "framecca_two")
|
||||
(deviceAddress "wireguard" "framecca_three")
|
||||
(deviceAddress "wireguard" "framecca_four")
|
||||
];
|
||||
|
||||
clientToClientWireguard = frameccaDevices;
|
||||
in
|
||||
{
|
||||
networking = {
|
||||
@ -71,9 +54,6 @@ in
|
||||
|
||||
chain POSTROUTING {
|
||||
type nat hook postrouting priority srcnat; policy accept;
|
||||
oifname ${lan.interface} ip saddr {${
|
||||
lib.concatStringsSep "," wireguardToWAN
|
||||
}} masquerade
|
||||
oifname ${lan.interface} ip saddr ${docker.net} masquerade
|
||||
oifname ${lan.interface} ip saddr ${tailscale.net} masquerade
|
||||
}
|
||||
@ -85,10 +65,8 @@ in
|
||||
ct state invalid,untracked drop comment "drop invalid"
|
||||
ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
|
||||
ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
|
||||
iifname ${lan.interface} ip saddr ${wireguard.net} drop comment "bind any ip to intf ${lan.interface}"
|
||||
iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}"
|
||||
iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}"
|
||||
iifname ${wireguard.interface} ip saddr ${wireguard.net} accept comment "bind ip ${wireguard.net} to intf ${wireguard.interface}"
|
||||
iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}"
|
||||
iifname ${tailscale.interface} ip saddr ${tailscale.net} accept
|
||||
iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept
|
||||
@ -151,10 +129,6 @@ in
|
||||
|
||||
iifname ${lan.interface} tcp dport {${openTCP}} accept
|
||||
iifname ${lan.interface} udp dport {${openUDP}} accept
|
||||
iifname ${wireguard.interface} tcp dport {${openTCPVPN}} accept
|
||||
iifname ${wireguard.interface} udp dport {${openUDPVPN}} accept
|
||||
|
||||
iifname ${wireguard.interface} icmp type echo-request accept
|
||||
jump filter_drop
|
||||
}
|
||||
|
||||
@ -162,16 +136,6 @@ in
|
||||
type filter hook forward priority filter; policy drop;
|
||||
ct state established,related accept
|
||||
|
||||
# client to client
|
||||
ip saddr {${lib.concatStringsSep "," clientToClientWireguard}} ip daddr {${
|
||||
lib.concatStringsSep "," clientToClientWireguard
|
||||
}} accept
|
||||
|
||||
# nat to wan
|
||||
oifname ${lan.interface} ip saddr {${
|
||||
lib.concatStringsSep "," wireguardToWAN
|
||||
}} accept
|
||||
|
||||
oifname ${lan.interface} ip saddr ${docker.net} accept
|
||||
oifname ${lan.interface} ip saddr ${tailscale.net} accept
|
||||
|
||||
|
@ -7,8 +7,11 @@ in
|
||||
architect = {
|
||||
firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
|
||||
vhost.${domain} = {
|
||||
dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
|
||||
locations."/".port = config.services.gitea.settings.server.HTTP_PORT;
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations."/" = {
|
||||
port = config.services.gitea.settings.server.HTTP_PORT;
|
||||
allowWAN = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -11,9 +11,12 @@ in
|
||||
hmac_key = "a2a91eca269d26de1221285e8981879834045bff";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
|
||||
locations."/".port = config.services.invidious.port;
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations."/" = {
|
||||
port = config.services.invidious.port;
|
||||
allowWAN = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -10,13 +10,12 @@ in
|
||||
systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce "";
|
||||
|
||||
architect.vhost.${domain} = with config.architect.networks; {
|
||||
dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations = {
|
||||
"/" = {
|
||||
inherit port allowLan;
|
||||
|
||||
allow = [
|
||||
wireguard.net
|
||||
tailscale.net
|
||||
];
|
||||
};
|
||||
@ -26,7 +25,6 @@ in
|
||||
|
||||
proxyWebsockets = true;
|
||||
allow = [
|
||||
wireguard.net
|
||||
tailscale.net
|
||||
];
|
||||
};
|
||||
|
@ -76,7 +76,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
}
|
||||
|
@ -8,9 +8,9 @@ in
|
||||
enable = true;
|
||||
port = 9090;
|
||||
};
|
||||
|
||||
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations."/".port = config.services.libreddit.port;
|
||||
};
|
||||
}
|
||||
|
@ -28,7 +28,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
|
||||
|
38
hosts/architect/llm.nix
Normal file
38
hosts/architect/llm.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ config, ... }:
|
||||
|
||||
let
|
||||
domain = "pino.giugl.io";
|
||||
backendPort = 3000;
|
||||
frontendPort = 3002;
|
||||
in
|
||||
{
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "tailscale" ];
|
||||
|
||||
locations."/" = {
|
||||
host = "172.17.0.1";
|
||||
port = frontendPort;
|
||||
allowLan = true;
|
||||
allow = [ config.architect.networks."tailscale".net ];
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.oci-containers = {
|
||||
containers = {
|
||||
big-agi = {
|
||||
image = "ghcr.io/enricoros/big-agi:main";
|
||||
autoStart = true;
|
||||
|
||||
ports = [
|
||||
"172.17.0.1:${toString frontendPort}:${toString backendPort}"
|
||||
];
|
||||
environmentFiles = [
|
||||
"/var/lib/llm/big-agi.env"
|
||||
];
|
||||
extraOptions = [
|
||||
"--pull=always"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -111,7 +111,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
}
|
||||
|
@ -19,7 +19,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
}
|
||||
|
@ -30,7 +30,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
}
|
||||
|
@ -22,7 +22,7 @@ in
|
||||
};
|
||||
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations."/" = {
|
||||
port = 4533;
|
||||
allowLan = true;
|
||||
|
@ -78,7 +78,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
|
||||
|
@ -10,7 +10,7 @@ in
|
||||
};
|
||||
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "tailscale" "wireguard" "lan" ];
|
||||
dnsInterfaces = [ "tailscale" "lan" ];
|
||||
|
||||
locations."/" = {
|
||||
port = 6789;
|
||||
|
@ -96,23 +96,29 @@ in
|
||||
description = "The host for the location.";
|
||||
default = "127.0.0.1";
|
||||
};
|
||||
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
description = "The port number for the location.";
|
||||
};
|
||||
|
||||
|
||||
allow = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = "IP address or CIDR block to allow.";
|
||||
};
|
||||
|
||||
|
||||
path = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
allowWAN = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "If set to false, deny all WAN traffic.";
|
||||
};
|
||||
|
||||
deny = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
@ -140,9 +146,9 @@ in
|
||||
proxyPass = "http://${location.host}:${toString location.port}${location.path}";
|
||||
proxyWebsockets = location.proxyWebsockets;
|
||||
extraConfig = ''
|
||||
${optionalString location.allowLan "deny 10.0.0.1;"}
|
||||
${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
|
||||
${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
|
||||
${optionalString (!location.allowWAN) "deny all;"}
|
||||
${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
|
||||
${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''}
|
||||
'' + location.extraConfig;
|
||||
})
|
||||
|
@ -17,7 +17,7 @@ in
|
||||
};
|
||||
|
||||
architect.vhost.${domain} = with config.architect.networks; {
|
||||
dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
|
||||
dnsInterfaces = [ "lan" "tailscale" ];
|
||||
locations = {
|
||||
"/" = {
|
||||
inherit port;
|
||||
@ -25,7 +25,6 @@ in
|
||||
proxyWebsockets = true;
|
||||
# allowLan = true;
|
||||
# allow = [
|
||||
# wireguard.net
|
||||
# tailscale.net
|
||||
# ];
|
||||
extraConfig = ''
|
||||
|
@ -45,7 +45,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
|
||||
|
@ -7,7 +7,7 @@ in
|
||||
services.prowlarr.enable = true;
|
||||
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "tailscale" "wireguard" ];
|
||||
dnsInterfaces = [ "tailscale" ];
|
||||
|
||||
locations."/" = {
|
||||
port = 9696;
|
||||
|
@ -10,13 +10,12 @@ in
|
||||
};
|
||||
|
||||
architect.vhost.${domain} = with config.architect.networks; {
|
||||
dnsInterfaces = [ "wireguard" "tailscale" ];
|
||||
dnsInterfaces = [ "tailscale" ];
|
||||
locations."/" = {
|
||||
port = 7878;
|
||||
allowLan = true;
|
||||
|
||||
allow = [
|
||||
wireguard.net
|
||||
tailscale.net
|
||||
];
|
||||
};
|
||||
|
@ -43,7 +43,6 @@ in
|
||||
|
||||
networking.extraHosts = ''
|
||||
${architectInterfaceAddress "lan"} ${domain}
|
||||
${architectInterfaceAddress "wireguard"} ${domain}
|
||||
${architectInterfaceAddress "tailscale"} ${domain}
|
||||
'';
|
||||
}
|
||||
|
@ -1,8 +1,7 @@
|
||||
{ mach-nix, lib, config, pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "gugol.giugl.io";
|
||||
network = import ./network.nix;
|
||||
domain = "search.giugl.io";
|
||||
in
|
||||
{
|
||||
services = {
|
||||
@ -19,14 +18,14 @@ in
|
||||
};
|
||||
|
||||
general = {
|
||||
instance_name = "Pepe's Gugol";
|
||||
contact_url = "mailto:gugol@depasquale.giugl.io";
|
||||
enable_metrics = false;
|
||||
instance_name = "PepoSearch";
|
||||
contact_url = "mailto:search@depasquale.giugl.io";
|
||||
enable_metrics = true;
|
||||
};
|
||||
|
||||
search = {
|
||||
safe_search = 0;
|
||||
autocomplete = "qwant";
|
||||
autocomplete = "google";
|
||||
prefer_configured_language = false;
|
||||
};
|
||||
|
||||
@ -43,24 +42,23 @@ in
|
||||
{ name = "google"; disabled = false; }
|
||||
{ name = "bing"; disabled = false; }
|
||||
{ name = "qwant"; disabled = false; }
|
||||
{ name = "duckduckgo"; disabled = false; }
|
||||
{ name = "brave"; disabled = false; }
|
||||
# keep getting access denied (!?)
|
||||
{ name = "duckduckgo"; disabled = true; }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.searx.settings.server.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
${network.architect-ts} ${domain}
|
||||
'';
|
||||
architect.vhost.${domain} = with config.architect.networks; {
|
||||
dnsInterfaces = [ "tailscale" ];
|
||||
locations."/" = {
|
||||
port = config.services.searx.settings.server.port;
|
||||
allowLan = true;
|
||||
|
||||
allow = [
|
||||
tailscale.net
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -8,15 +8,15 @@ in
|
||||
enable = true;
|
||||
group = "media";
|
||||
};
|
||||
|
||||
|
||||
architect.vhost.${domain} = {
|
||||
dnsInterfaces = [ "tailscale" "wireguard" ];
|
||||
dnsInterfaces = [ "tailscale" ];
|
||||
|
||||
locations."/" = {
|
||||
port = 6969;
|
||||
port = 8989;
|
||||
allowLan = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
users.groups.media.members = [ "sonarr" ];
|
||||
}
|
||||
|
@ -19,7 +19,8 @@ in
|
||||
dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
|
||||
manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
|
||||
tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
|
||||
ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; };
|
||||
# ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; };
|
||||
ucsb-workstation = { address = "100.64.0.10"; hostname = "ucsb-workstation.${domain}"; };
|
||||
alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
|
||||
parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; };
|
||||
};
|
||||
|
@ -1,218 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
listenPort = 1194;
|
||||
domain = "devs.giugl.io";
|
||||
interface = "wireguard";
|
||||
|
||||
utilities = import ./utilities.nix { inherit lib config; };
|
||||
inherit (utilities) generateDeviceStrings getDeviceAddress;
|
||||
|
||||
getWireguardDeviceAddress = getDeviceAddress "wireguard";
|
||||
in
|
||||
{
|
||||
architect = {
|
||||
firewall = {
|
||||
openUDP = lib.singleton listenPort;
|
||||
openUDPVPN = lib.singleton listenPort;
|
||||
};
|
||||
|
||||
networks.${interface} = {
|
||||
interface = "wg0";
|
||||
net = "10.3.0.0/24";
|
||||
devices = {
|
||||
architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; };
|
||||
antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; };
|
||||
gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; };
|
||||
shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; };
|
||||
salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; };
|
||||
papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; };
|
||||
defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; };
|
||||
germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; };
|
||||
flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; };
|
||||
alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; };
|
||||
dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; };
|
||||
mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; };
|
||||
andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; };
|
||||
mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; };
|
||||
andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; };
|
||||
jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; };
|
||||
frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; };
|
||||
ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; };
|
||||
parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; };
|
||||
nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; };
|
||||
parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; };
|
||||
kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; };
|
||||
framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; };
|
||||
framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; };
|
||||
framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; };
|
||||
framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; };
|
||||
framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices;
|
||||
|
||||
wireguard = {
|
||||
interfaces.${config.architect.networks.wireguard.interface} = {
|
||||
inherit listenPort;
|
||||
|
||||
ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ];
|
||||
privateKeyFile = "/secrets/wireguard/server.key";
|
||||
|
||||
peers = [
|
||||
{
|
||||
# Antonio
|
||||
allowedIPs = [ (getWireguardDeviceAddress "antonio") ];
|
||||
publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc=";
|
||||
}
|
||||
|
||||
{
|
||||
# GBEAST
|
||||
allowedIPs = [ (getWireguardDeviceAddress "gbeast") ];
|
||||
publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI=";
|
||||
}
|
||||
|
||||
{
|
||||
# shield
|
||||
allowedIPs = [ (getWireguardDeviceAddress "shield") ];
|
||||
publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
|
||||
}
|
||||
|
||||
{
|
||||
# salvatore
|
||||
allowedIPs = [ (getWireguardDeviceAddress "salvatore") ];
|
||||
publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs=";
|
||||
}
|
||||
|
||||
{
|
||||
# papa
|
||||
allowedIPs = [ (getWireguardDeviceAddress "papa") ];
|
||||
publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA=";
|
||||
}
|
||||
|
||||
{
|
||||
# defy
|
||||
allowedIPs = [ (getWireguardDeviceAddress "defy") ];
|
||||
publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
|
||||
}
|
||||
|
||||
{
|
||||
# germano
|
||||
allowedIPs = [ (getWireguardDeviceAddress "germano") ];
|
||||
publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
|
||||
}
|
||||
|
||||
{
|
||||
# flavio
|
||||
allowedIPs = [ (getWireguardDeviceAddress "flavio") ];
|
||||
publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg=";
|
||||
}
|
||||
|
||||
{
|
||||
# alain
|
||||
allowedIPs = [ (getWireguardDeviceAddress "alain") ];
|
||||
publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
|
||||
}
|
||||
|
||||
{
|
||||
# dima
|
||||
allowedIPs = [ (getWireguardDeviceAddress "dima") ];
|
||||
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
|
||||
}
|
||||
|
||||
{
|
||||
# mikey
|
||||
allowedIPs = [ (getWireguardDeviceAddress "mikey") ];
|
||||
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
|
||||
}
|
||||
|
||||
{
|
||||
# andrew
|
||||
allowedIPs = [ (getWireguardDeviceAddress "andrew") ];
|
||||
publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
|
||||
}
|
||||
|
||||
{
|
||||
# mikey laptop
|
||||
allowedIPs = [ (getWireguardDeviceAddress "mikeylaptop") ];
|
||||
publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
|
||||
}
|
||||
|
||||
{
|
||||
# andrew desktop
|
||||
allowedIPs = [ (getWireguardDeviceAddress "andrewdesktop") ];
|
||||
publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
|
||||
}
|
||||
|
||||
{
|
||||
# laptop desktop
|
||||
allowedIPs = [ (getWireguardDeviceAddress "jacopo") ];
|
||||
publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
|
||||
}
|
||||
|
||||
{
|
||||
# frznn
|
||||
allowedIPs = [ (getWireguardDeviceAddress "frznn") ];
|
||||
publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
|
||||
}
|
||||
|
||||
{
|
||||
# ludo
|
||||
allowedIPs = [ (getWireguardDeviceAddress "ludo") ];
|
||||
publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
|
||||
}
|
||||
|
||||
{
|
||||
# parina
|
||||
allowedIPs = [ (getWireguardDeviceAddress "parina") ];
|
||||
publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
|
||||
}
|
||||
|
||||
{
|
||||
# nilo
|
||||
allowedIPs = [ (getWireguardDeviceAddress "nilo") ];
|
||||
publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0=";
|
||||
}
|
||||
|
||||
{
|
||||
# parina ipad
|
||||
allowedIPs = [ (getWireguardDeviceAddress "parina-ipad") ];
|
||||
publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU=";
|
||||
}
|
||||
|
||||
{
|
||||
# kcl vm
|
||||
allowedIPs = [ (getWireguardDeviceAddress "kclvm") ];
|
||||
publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE=";
|
||||
}
|
||||
|
||||
{
|
||||
allowedIPs = [ (getWireguardDeviceAddress "framecca") ];
|
||||
publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
|
||||
}
|
||||
|
||||
{
|
||||
allowedIPs = [ (getWireguardDeviceAddress "framecca_one") ];
|
||||
publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs=";
|
||||
}
|
||||
|
||||
{
|
||||
allowedIPs = [ (getWireguardDeviceAddress "framecca_two") ];
|
||||
publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM=";
|
||||
}
|
||||
{
|
||||
allowedIPs = [ (getWireguardDeviceAddress "framecca_three") ];
|
||||
publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs=";
|
||||
}
|
||||
{
|
||||
allowedIPs = [ (getWireguardDeviceAddress "framecca_four") ];
|
||||
publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc=";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -23,7 +23,6 @@ in
|
||||
cursorline = true
|
||||
true-color = true
|
||||
gutters = ["diff", "diagnostics", "line-numbers", "spacer"]
|
||||
completion-replace = true
|
||||
|
||||
[editor.cursor-shape]
|
||||
insert = "bar"
|
||||
|
Loading…
Reference in New Issue
Block a user