peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: peperunas:811aa664a015cde5015f888dfbf0194b99309d3f
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit
..
compare: peperunas:4bafb2fda846ca2a2e5cb7fc1def87f652b0159a
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit

No commits in common. "811aa664a015cde5015f888dfbf0194b99309d3f" and "4bafb2fda846ca2a2e5cb7fc1def87f652b0159a" have entirely different histories.
811aa664a0 ... 4bafb2fda8

4 changed files with 49 additions and 8 deletions
Show Stats Expand all files Collapse all files

1
hosts/architect/default.nix
View File

@ -37,6 +37,7 @@ in
#./calibre.nix #./calibre.nix
./docker.nix ./docker.nix
./keycloak.nix ./keycloak.nix
./lezzo.nix
./runas.nix ./runas.nix
./tailscale.nix ./tailscale.nix
./searx.nix ./searx.nix

7
hosts/architect/firewall.nix
View File

@ -132,17 +132,12 @@ in
chain FORWARD { chain FORWARD {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;
ct state established,related accept ct state established,related accept
# client to client
ip saddr {${lib.concatStringsSep "," c2c-wg}} ip daddr {${
lib.concatStringsSep "," c2c-wg
}} accept
# nat to wan # nat to wan
oifname ${wan-if} ip saddr {${ oifname ${wan-if} ip saddr {${
lib.concatStringsSep "," towan-wg lib.concatStringsSep "," towan-wg
}} accept }} accept
oifname ${wan-if} ip saddr ${docker-net} accept oifname ${wan-if} ip saddr ${docker-net} accept
oifname ${wan-if} ip saddr ${tailscale-net} accept oifname ${wan-if} ip saddr ${tailscale-net} accept

46
hosts/architect/lezzo.nix Normal file
View File

@ -0,0 +1,46 @@
{ services, pkgs, lib, makeBinPath, ... }:
let
domain = "lezzo.org";
lezzo_root = "/var/lib/lezzo.org";
service_name = "lezzo-pull";
network = import ./network.nix;
mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
set -euo pipefail
cd ${lezzo_root}
git pull origin master --rebase
'';
in
{
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
root = lezzo_root;
locations."/.git" = { return = "404"; };
};
systemd = {
services.${service_name} = {
path = [ pkgs.git ];
enable = true;
serviceConfig = {
Type = "oneshot";
ExecStart = mkStartScript "${service_name}";
};
};
timers.${service_name} = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "hourly";
Unit = "${service_name}.service";
};
};
};
networking.extraHosts = ''
${network.architect-lan} ${domain}
${network.architect-wg} ${domain}
${network.architect-ts} ${domain}
'';
}

3
hosts/architect/network.nix
View File

@ -56,8 +56,7 @@ rec {
dodino-ts = "100.106.244.35"; dodino-ts = "100.106.244.35";
framecca-devices = [ framecca-wg framecca_one-wg framecca_three-wg framecca_four-wg ]; framecca-devices = [ framecca-wg framecca_one-wg framecca_three-wg framecca_four-wg ];
c2c-wg = framecca-devices;
# groups # groups
gdevices = [ giuliophone-ts architect-ts giuliopc-ts dodino-ts ]; gdevices = [ giuliophone-ts architect-ts giuliopc-ts dodino-ts ];
towan-wg = [ shield-wg parina-wg parina-ipad-wg germano-wg ] ++ framecca-devices; towan-wg = [ shield-wg parina-wg parina-ipad-wg germano-wg ] ++ framecca-devices;