Update lock

architect: Disable navidrome module
wireguard: Add framecca
2022-12-22 15:13:48 +01:00 · 2022-12-22 15:13:14 +01:00 · 2022-12-22 15:12:57 +01:00 · 2022-12-22 15:12:24 +01:00 · 2022-12-22 15:11:49 +01:00 · 2022-12-22 15:11:23 +01:00
6 changed files with 18 additions and 16 deletions
--- a/flake.lock
+++ b/flake.lock
@ -24,11 +24,11 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1670595967,
-        "narHash": "sha256-aVy09HbuOBmwjU62lMaRzSKem82Q7/dqVkyaXAqWSJE=",
+        "lastModified": 1671717682,
+        "narHash": "sha256-LZ699rotWAmhhFh3Wd6Vi7e8U6mFrmGpr4EV3P/DNVQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "bf76dcab50dcc2f3e663637839ff1e551f537173",
+        "rev": "b467047119513b2e1c4e2253d9699a8bdc3ff9f3",
        "type": "github"
      },
      "original": {
@ -40,11 +40,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1670543317,
-        "narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=",
+        "lastModified": 1671525405,
+        "narHash": "sha256-MEgNxm/oRt5w4ycMENewfZQKOak0ixmjVPfXM96N1FA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19",
+        "rev": "cbe419ed4c8f98bd82d169c321d339ea30904f1f",
        "type": "github"
      },
      "original": {
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -29,7 +29,7 @@ in {
    ./invidious.nix
    ./nitter.nix
    ./lidarr.nix
-    ./navidrome.nix
+#    ./navidrome.nix
    ./jellyfin.nix
    ./prosody.nix
    ./deluge.nix
--- a/hosts/architect/gitea.nix
+++ b/hosts/architect/gitea.nix
@ -3,6 +3,7 @@
 let
  domain = "git.giugl.io";
  network = import ./network.nix;
+  auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
 in
 {
  services.gitea = {
@ -25,13 +26,8 @@ in
    enableACME = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:3000";
-      extraConfig = ''
-        allow 127.0.0.1;
-        allow 10.0.0.0/24;
-        ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
-        allow 10.4.0.0/24;
-        deny all;
-      '';
+    # it does not work, it breaks gitea's web portal
+    #  extraConfig = auth_block { access_role = "git"; };
    };
  };

--- a/hosts/architect/jellyfin.nix
+++ b/hosts/architect/jellyfin.nix
@ -19,7 +19,7 @@ in
    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
-      extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = [ network.giuliopc-wg ]; } +
+      extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = network.gdevices-wg; } +
        ''
          # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
          #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@ -50,6 +50,7 @@ rec {
  nilo-wg = "10.3.0.32";
  parina-ipad-wg = "10.3.0.33";
  kclvm-wg = "10.3.0.34";
+  framecca-wg = "10.3.0.35";
  eleonora-wg = "10.3.0.100";
  angellane-wg = "10.3.0.203";
  hotpottino-wg = "10.3.0.201";
@ -60,7 +61,7 @@ rec {
    [ giuliopc-wg giuliophone-wg gbeast-wg peppiniell-wg kclvm-wg ] ++ routers-wg;
  routers-wg = [ hotpottino-wg angellane-wg dodino-wg ];
  c2c-wg = [ ] ++ gdevices-wg;
-  towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg parina-ipad-wg ]
+  towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg parina-ipad-wg germano-wg framecca-wg ]
    ++ gdevices-wg ++ routers-wg;
  gamenet-wg = [
    andrew-wg
--- a/hosts/architect/wireguard.nix
+++ b/hosts/architect/wireguard.nix
@ -34,6 +34,7 @@ with import ./network.nix; {
      ${nilo-wg}            nilo.devs.giugl.io
      ${kclvm-wg}           kclvm.devs.giugl.io
      ${giuliodeck-wg}      giuliodeck.devs.giugl.io
+      ${framecca-wg}        framecca.devs.giugl.io
    '';

    wireguard = {
@ -262,6 +263,10 @@ with import ./network.nix; {
            allowedIPs = [ giuliodeck-wg ];
            publicKey = "7TGYsYvElTLY3V7qJfggkF+kFG7Y5sUsHA88h0cYJx0=";
          }
+          {
+            allowedIPs = [ framecca-wg ];
+            publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
+          }
        ];
      };
    };
Author	SHA1	Message	Date
Giulio De Pasquale	565aab853c	Update lock	2022-12-22 15:13:48 +01:00
Giulio De Pasquale	2c8c26112b	architect: Disable navidrome module	2022-12-22 15:13:14 +01:00
Giulio De Pasquale	0177ed496b	wireguard: Add framecca	2022-12-22 15:12:57 +01:00
Giulio De Pasquale	e36ebc4322	network: Add germano and framecca to WAN	2022-12-22 15:12:24 +01:00
Giulio De Pasquale	4662a61e71	jellyfin: Whitelist gdevices	2022-12-22 15:11:49 +01:00
Giulio De Pasquale	be4584aa08	gitea: Open gitea to public	2022-12-22 15:11:23 +01:00