Compare commits
	
		
			No commits in common. "34b49b03eca49415729e4a759b4812b2253b6973" and "7a8e12ac0450a30eaa129cc92f8a0c6e2707a117" have entirely different histories.
		
	
	
		
			34b49b03ec
			...
			7a8e12ac04
		
	
		
| @ -64,7 +64,7 @@ | ||||
| 
 | ||||
|       " Fix for code not being aligned if between comment blocks | ||||
|       set cindent cinkeys-=0# | ||||
|       set expandtab shiftwidth=2 tabstop=2 softtabstop=2 | ||||
|       set expandtab shiftwidth=4 tabstop=4 softtabstop=4 | ||||
|     ''; | ||||
| 
 | ||||
|     viAlias  = true; | ||||
|  | ||||
| @ -26,8 +26,6 @@ in | ||||
|       ./matrix.nix | ||||
|       ./fail2ban.nix | ||||
|       ./plex.nix | ||||
|       ./dns.nix | ||||
|       ./minecraft.nix | ||||
|     ]; | ||||
| 
 | ||||
|     time.timeZone                                  = "Europe/Rome"; | ||||
| @ -119,8 +117,6 @@ in | ||||
|         ${papa-wg}            papa.devs.giugl.io | ||||
|         ${defy-wg}            defy.devs.giugl.io | ||||
|         ${germano-wg}         germano.devs.giugl.io | ||||
|         ${dodino-wg}          dodino.devs.giugl.io | ||||
|         ${tommy-wg}           tommy.devs.giugl.io | ||||
| 
 | ||||
|         # Blacklist | ||||
|         0.0.0.0                metrics.plex.tv | ||||
| @ -149,6 +145,7 @@ in | ||||
| 
 | ||||
|     environment.systemPackages = with pkgs; | ||||
|     [ | ||||
|       openiscsi | ||||
|       wireguard | ||||
|       cudatoolkit | ||||
|     ]; | ||||
| @ -164,6 +161,37 @@ in | ||||
|       zfs.autoScrub.enable = true; | ||||
|       xserver.videoDrivers = [ "nvidia" ]; | ||||
|       openssh.enable = true; | ||||
| 
 | ||||
|       dnsmasq = { | ||||
|         enable      = true; | ||||
|         servers     = ["127.0.0.1#5353"]; | ||||
|         extraConfig = '' | ||||
|             localise-queries | ||||
|             min-cache-ttl=120 | ||||
|             max-cache-ttl=2400 | ||||
|         ''; | ||||
|       }; | ||||
| 
 | ||||
|       dnscrypt-proxy2 = { | ||||
|         enable = true; | ||||
|         settings = { | ||||
|           listen_addresses   = ["127.0.0.1:5353"]; | ||||
|           ipv4_servers       = true; | ||||
|           ipv6_servers       = false; | ||||
|           block_ipv6         = true; | ||||
|           dnscrypt_servers   = true; | ||||
|           doh_servers        = true; | ||||
|           require_nolog      = true; | ||||
|           require_nofilter   = true; | ||||
|           timeout            = 350; | ||||
|           lb_strategy        = "p4"; | ||||
|           lb_estimator       = true; | ||||
|           ignore_system_dns  = true; | ||||
|           fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; | ||||
|           cache_min_ttl = 450; | ||||
|           cache_max_ttl = 2400; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
| 
 | ||||
|     environment.variables = { | ||||
|  | ||||
| @ -1,106 +0,0 @@ | ||||
| { config, pkgs, lib, ... }: | ||||
| 
 | ||||
| { | ||||
|   services = { | ||||
|     dnsmasq = { | ||||
|       enable      = true; | ||||
|       servers     = ["127.0.0.1#5353"]; | ||||
|       extraConfig = '' | ||||
|             localise-queries | ||||
|             min-cache-ttl=120 | ||||
|             max-cache-ttl=2400 | ||||
|             addn-hosts=/etc/adblock_hosts | ||||
|       ''; | ||||
|     }; | ||||
| 
 | ||||
|     dnscrypt-proxy2 = { | ||||
|       enable = true; | ||||
|       settings = { | ||||
|         listen_addresses   = ["127.0.0.1:5353"]; | ||||
|         ipv4_servers       = true; | ||||
|         ipv6_servers       = false; | ||||
|         block_ipv6         = true; | ||||
|         dnscrypt_servers   = true; | ||||
|         doh_servers        = true; | ||||
|         require_nolog      = true; | ||||
|         require_nofilter   = true; | ||||
|         timeout            = 350; | ||||
|         lb_strategy        = "p4"; | ||||
|         lb_estimator       = true; | ||||
|         ignore_system_dns  = true; | ||||
|         fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; | ||||
|         cache_min_ttl = 450; | ||||
|         cache_max_ttl = 2400; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   systemd = { | ||||
|     timers.update-adblock = { | ||||
|       wantedBy = [ "timers.target" ]; | ||||
|       partOf = [ "update-adblock.service" ]; | ||||
|       timerConfig.OnCalendar = "daily"; | ||||
|     }; | ||||
| 
 | ||||
|     services.update-adblock = { | ||||
|       serviceConfig.Type = "oneshot"; | ||||
|       requiredBy = [ "dnsmasq.service" ]; | ||||
|       postStop = "systemctl restart dnsmasq"; | ||||
|       script = '' | ||||
|       #!/bin/sh | ||||
| 
 | ||||
|         EASYLIST_HOSTSNAME="easylist_hosts.txt" | ||||
|         EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt" | ||||
|         STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt" | ||||
| 
 | ||||
|         get_easylist() { | ||||
|         EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt" | ||||
| 
 | ||||
|         tmpfile=`mktemp` | ||||
| 
 | ||||
|     # download easylist | ||||
|         ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile | ||||
| 
 | ||||
|     # remove IP addresses and prepend 0.0.0.0 to create hosts file | ||||
|         cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME | ||||
| 
 | ||||
|         rm $tmpfile | ||||
|         } | ||||
| 
 | ||||
|         get_easyprivacy() { | ||||
|         EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt" | ||||
| 
 | ||||
|         tmpfile=`mktemp` | ||||
| 
 | ||||
|     # download easylist | ||||
|         ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile | ||||
| 
 | ||||
|     # remove IP addresses and prepend 0.0.0.0 to create hosts file | ||||
| 
 | ||||
|         cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME | ||||
| 
 | ||||
|         rm $tmpfile | ||||
|         } | ||||
| 
 | ||||
|         get_stevenblack() { | ||||
|         STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts" | ||||
| 
 | ||||
|         ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME | ||||
|         } | ||||
| 
 | ||||
| 
 | ||||
|         get_easylist | ||||
|         get_easyprivacy | ||||
|         get_stevenblack | ||||
| 
 | ||||
| 
 | ||||
| # create unified file | ||||
| 
 | ||||
|         cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts | ||||
| 
 | ||||
|         rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME | ||||
| 
 | ||||
|       ''; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @ -14,10 +14,8 @@ with import ./network.nix; | ||||
|       app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" ]; | ||||
|       extraConfig = '' | ||||
|         auto_join_rooms: | ||||
|           - "#infra:matrix.giugl.io" | ||||
|           - "#infrastruttura:matrix.giugl.io" | ||||
|           - "#general:matrix.giugl.io" | ||||
|           - "#gaming:matrix.giugl.io" | ||||
|           - "#movies:matrix.giugl.io" | ||||
|       ''; | ||||
|       listeners = [ | ||||
|         { | ||||
| @ -106,10 +104,11 @@ with import ./network.nix; | ||||
|   }; | ||||
| 
 | ||||
|   networking.extraHosts = '' | ||||
|         127.0.0.1 ${matrixdomain} ${matrixwebdomain} | ||||
|         ${architect-lan} ${matrixdomain} ${matrixwebdomain} | ||||
|         ${architect-wg} ${matrixdomain} ${matrixwebdomain} | ||||
|         127.0.0.1 ${matrixdomain} | ||||
|         ${architect-lan} ${matrixdomain} | ||||
|         ${architect-wg} ${matrixdomain} | ||||
|   ''; | ||||
| 
 | ||||
|   users.groups.acme.members = [ "turnserver" ]; | ||||
| } | ||||
| 
 | ||||
|  | ||||
| @ -1,18 +0,0 @@ | ||||
| {config, pkgs, ...}: | ||||
| 
 | ||||
| with import ./network.nix; | ||||
| { | ||||
|   services.minecraft-server = { | ||||
|     enable = true; | ||||
|     eula = true; | ||||
|     declarative = true; | ||||
|     serverProperties = { | ||||
|       motd = "Welcome on the RuNas server!"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   networking.extraHosts = '' | ||||
|     ${architect-lan} minecraft.giugl.io | ||||
|     ${architect-wg} minecraft.giugl.io | ||||
|     ''; | ||||
| } | ||||
| @ -34,15 +34,13 @@ rec { | ||||
|   defy-wg          = "10.3.0.18"; | ||||
|   germano-wg       = "10.3.0.19"; | ||||
|   flavio-wg        = "10.3.0.20"; | ||||
|   tommy-wg         = "10.3.0.21"; | ||||
|   eleonora-wg      = "10.3.0.100"; | ||||
|   broccolino-wg    = "10.3.0.200"; | ||||
|   hotpottino-wg    = "10.3.0.201"; | ||||
|   dodino-wg        = "10.3.0.202"; | ||||
| 
 | ||||
|   # groups | ||||
|   gdevices-wg      = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ]; | ||||
|   routers-wg       = [ hotpottino-wg broccolino-wg dodino-wg ]; | ||||
|   routers-wg       = [ hotpottino-wg broccolino-wg ]; | ||||
|   c2c-wg           = [ ] ++ gdevices-wg; | ||||
|   towan-wg         = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg; | ||||
| 
 | ||||
|  | ||||
| @ -10,29 +10,6 @@ | ||||
|     recommendedOptimisation  = true; | ||||
|     recommendedProxySettings = true; | ||||
|     recommendedTlsSettings   = true; | ||||
|      | ||||
|     virtualHosts."giugl.io" = { | ||||
|       default = true; | ||||
|       enableACME = true; | ||||
|       addSSL = true; | ||||
|       root = "/var/lib/nginx/error_pages"; | ||||
|       extraConfig = "error_page 404 /index.htm;"; | ||||
| 
 | ||||
|       locations = { | ||||
|         "/" = { | ||||
|           return = "404"; | ||||
|         }; | ||||
| 
 | ||||
|         "/index.htm" = { | ||||
|         }; | ||||
| 
 | ||||
|         "/style.css" = { | ||||
|         }; | ||||
| 
 | ||||
|         "/wat.jpg" = { | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   users.groups.acme.members = [ "nginx" ]; | ||||
|  | ||||
| @ -11,9 +11,6 @@ with import ./network.nix; | ||||
|       http2 = true; | ||||
| 
 | ||||
|       extraConfig = '' | ||||
|         allow 10.0.0.0/24; | ||||
|         allow 10.3.0.0/24; | ||||
|         deny all; | ||||
| 
 | ||||
|       #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause | ||||
|         send_timeout 100m; | ||||
|  | ||||
| @ -1,49 +0,0 @@ | ||||
| #!/bin/sh | ||||
| 
 | ||||
| EASYLIST_HOSTSNAME="easylist_hosts.txt" | ||||
| EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt" | ||||
| STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt" | ||||
| 
 | ||||
| get_easylist() { | ||||
|     EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt" | ||||
| 
 | ||||
|     tmpfile=`mktemp` | ||||
| 
 | ||||
|     # download easylist | ||||
|     ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile | ||||
| 
 | ||||
|     # remove IP addresses and prepend 0.0.0.0 to create hosts file | ||||
| 
 | ||||
|     cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME | ||||
| } | ||||
| 
 | ||||
| get_easyprivacy() { | ||||
|     EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt" | ||||
| 
 | ||||
|     tmpfile=`mktemp` | ||||
| 
 | ||||
|     # download easylist | ||||
|     ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile | ||||
| 
 | ||||
|     # remove IP addresses and prepend 0.0.0.0 to create hosts file | ||||
| 
 | ||||
|     cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME | ||||
| } | ||||
| 
 | ||||
| get_stevenblack() { | ||||
|     STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts" | ||||
| 
 | ||||
|     ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| get_easylist | ||||
| get_easyprivacy | ||||
| get_stevenblack | ||||
| 
 | ||||
| 
 | ||||
| # create unified file | ||||
| 
 | ||||
| cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts | ||||
| 
 | ||||
| rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME | ||||
| @ -153,18 +153,6 @@ with import ./network.nix; | ||||
|           allowedIPs = [flavio-wg]; | ||||
|           publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg="; | ||||
|         } | ||||
| 
 | ||||
|         { | ||||
|           # dodino | ||||
|           allowedIPs = [dodino-wg]; | ||||
|           publicKey = "JHkqlADQpY1CUcivraG9i6rIzCzLVFcl8HP5uIk35lk="; | ||||
|         } | ||||
| 
 | ||||
|         { | ||||
|           # tommy | ||||
|           allowedIPs = [tommy-wg]; | ||||
|           publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; | ||||
|         } | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user