Compare commits

...

6 Commits

Author SHA1 Message Date
Giulio De Pasquale
565aab853c Update lock 2022-12-22 15:13:48 +01:00
Giulio De Pasquale
2c8c26112b architect: Disable navidrome module 2022-12-22 15:13:14 +01:00
Giulio De Pasquale
0177ed496b wireguard: Add framecca 2022-12-22 15:12:57 +01:00
Giulio De Pasquale
e36ebc4322 network: Add germano and framecca to WAN 2022-12-22 15:12:24 +01:00
Giulio De Pasquale
4662a61e71 jellyfin: Whitelist gdevices 2022-12-22 15:11:49 +01:00
Giulio De Pasquale
be4584aa08 gitea: Open gitea to public 2022-12-22 15:11:23 +01:00
6 changed files with 18 additions and 16 deletions

12
flake.lock generated
View File

@ -24,11 +24,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1670595967, "lastModified": 1671717682,
"narHash": "sha256-aVy09HbuOBmwjU62lMaRzSKem82Q7/dqVkyaXAqWSJE=", "narHash": "sha256-LZ699rotWAmhhFh3Wd6Vi7e8U6mFrmGpr4EV3P/DNVQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bf76dcab50dcc2f3e663637839ff1e551f537173", "rev": "b467047119513b2e1c4e2253d9699a8bdc3ff9f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -40,11 +40,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1670543317, "lastModified": 1671525405,
"narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=", "narHash": "sha256-MEgNxm/oRt5w4ycMENewfZQKOak0ixmjVPfXM96N1FA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19", "rev": "cbe419ed4c8f98bd82d169c321d339ea30904f1f",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -29,7 +29,7 @@ in {
./invidious.nix ./invidious.nix
./nitter.nix ./nitter.nix
./lidarr.nix ./lidarr.nix
./navidrome.nix # ./navidrome.nix
./jellyfin.nix ./jellyfin.nix
./prosody.nix ./prosody.nix
./deluge.nix ./deluge.nix

View File

@ -3,6 +3,7 @@
let let
domain = "git.giugl.io"; domain = "git.giugl.io";
network = import ./network.nix; network = import ./network.nix;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in in
{ {
services.gitea = { services.gitea = {
@ -25,13 +26,8 @@ in
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3000"; proxyPass = "http://127.0.0.1:3000";
extraConfig = '' # it does not work, it breaks gitea's web portal
allow 127.0.0.1; # extraConfig = auth_block { access_role = "git"; };
allow 10.0.0.0/24;
${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
allow 10.4.0.0/24;
deny all;
'';
}; };
}; };

View File

@ -19,7 +19,7 @@ in
nginx.virtualHosts.${domain} = { nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = [ network.giuliopc-wg ]; } + extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = network.gdevices-wg; } +
'' ''
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted. # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

View File

@ -50,6 +50,7 @@ rec {
nilo-wg = "10.3.0.32"; nilo-wg = "10.3.0.32";
parina-ipad-wg = "10.3.0.33"; parina-ipad-wg = "10.3.0.33";
kclvm-wg = "10.3.0.34"; kclvm-wg = "10.3.0.34";
framecca-wg = "10.3.0.35";
eleonora-wg = "10.3.0.100"; eleonora-wg = "10.3.0.100";
angellane-wg = "10.3.0.203"; angellane-wg = "10.3.0.203";
hotpottino-wg = "10.3.0.201"; hotpottino-wg = "10.3.0.201";
@ -60,7 +61,7 @@ rec {
[ giuliopc-wg giuliophone-wg gbeast-wg peppiniell-wg kclvm-wg ] ++ routers-wg; [ giuliopc-wg giuliophone-wg gbeast-wg peppiniell-wg kclvm-wg ] ++ routers-wg;
routers-wg = [ hotpottino-wg angellane-wg dodino-wg ]; routers-wg = [ hotpottino-wg angellane-wg dodino-wg ];
c2c-wg = [ ] ++ gdevices-wg; c2c-wg = [ ] ++ gdevices-wg;
towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg parina-ipad-wg ] towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg parina-ipad-wg germano-wg framecca-wg ]
++ gdevices-wg ++ routers-wg; ++ gdevices-wg ++ routers-wg;
gamenet-wg = [ gamenet-wg = [
andrew-wg andrew-wg

View File

@ -34,6 +34,7 @@ with import ./network.nix; {
${nilo-wg} nilo.devs.giugl.io ${nilo-wg} nilo.devs.giugl.io
${kclvm-wg} kclvm.devs.giugl.io ${kclvm-wg} kclvm.devs.giugl.io
${giuliodeck-wg} giuliodeck.devs.giugl.io ${giuliodeck-wg} giuliodeck.devs.giugl.io
${framecca-wg} framecca.devs.giugl.io
''; '';
wireguard = { wireguard = {
@ -262,6 +263,10 @@ with import ./network.nix; {
allowedIPs = [ giuliodeck-wg ]; allowedIPs = [ giuliodeck-wg ];
publicKey = "7TGYsYvElTLY3V7qJfggkF+kFG7Y5sUsHA88h0cYJx0="; publicKey = "7TGYsYvElTLY3V7qJfggkF+kFG7Y5sUsHA88h0cYJx0=";
} }
{
allowedIPs = [ framecca-wg ];
publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
}
]; ];
}; };
}; };