Compare commits

...

6 Commits

Author SHA1 Message Date
Giulio De Pasquale
565aab853c Update lock 2022-12-22 15:13:48 +01:00
Giulio De Pasquale
2c8c26112b architect: Disable navidrome module 2022-12-22 15:13:14 +01:00
Giulio De Pasquale
0177ed496b wireguard: Add framecca 2022-12-22 15:12:57 +01:00
Giulio De Pasquale
e36ebc4322 network: Add germano and framecca to WAN 2022-12-22 15:12:24 +01:00
Giulio De Pasquale
4662a61e71 jellyfin: Whitelist gdevices 2022-12-22 15:11:49 +01:00
Giulio De Pasquale
be4584aa08 gitea: Open gitea to public 2022-12-22 15:11:23 +01:00
6 changed files with 18 additions and 16 deletions

12
flake.lock generated
View File

@ -24,11 +24,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1670595967,
"narHash": "sha256-aVy09HbuOBmwjU62lMaRzSKem82Q7/dqVkyaXAqWSJE=",
"lastModified": 1671717682,
"narHash": "sha256-LZ699rotWAmhhFh3Wd6Vi7e8U6mFrmGpr4EV3P/DNVQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bf76dcab50dcc2f3e663637839ff1e551f537173",
"rev": "b467047119513b2e1c4e2253d9699a8bdc3ff9f3",
"type": "github"
},
"original": {
@ -40,11 +40,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1670543317,
"narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=",
"lastModified": 1671525405,
"narHash": "sha256-MEgNxm/oRt5w4ycMENewfZQKOak0ixmjVPfXM96N1FA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19",
"rev": "cbe419ed4c8f98bd82d169c321d339ea30904f1f",
"type": "github"
},
"original": {

View File

@ -29,7 +29,7 @@ in {
./invidious.nix
./nitter.nix
./lidarr.nix
./navidrome.nix
# ./navidrome.nix
./jellyfin.nix
./prosody.nix
./deluge.nix

View File

@ -3,6 +3,7 @@
let
domain = "git.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in
{
services.gitea = {
@ -25,13 +26,8 @@ in
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
allow 127.0.0.1;
allow 10.0.0.0/24;
${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
allow 10.4.0.0/24;
deny all;
'';
# it does not work, it breaks gitea's web portal
# extraConfig = auth_block { access_role = "git"; };
};
};

View File

@ -19,7 +19,7 @@ in
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = [ network.giuliopc-wg ]; } +
extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = network.gdevices-wg; } +
''
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";

View File

@ -50,6 +50,7 @@ rec {
nilo-wg = "10.3.0.32";
parina-ipad-wg = "10.3.0.33";
kclvm-wg = "10.3.0.34";
framecca-wg = "10.3.0.35";
eleonora-wg = "10.3.0.100";
angellane-wg = "10.3.0.203";
hotpottino-wg = "10.3.0.201";
@ -60,7 +61,7 @@ rec {
[ giuliopc-wg giuliophone-wg gbeast-wg peppiniell-wg kclvm-wg ] ++ routers-wg;
routers-wg = [ hotpottino-wg angellane-wg dodino-wg ];
c2c-wg = [ ] ++ gdevices-wg;
towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg parina-ipad-wg ]
towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg parina-ipad-wg germano-wg framecca-wg ]
++ gdevices-wg ++ routers-wg;
gamenet-wg = [
andrew-wg

View File

@ -34,6 +34,7 @@ with import ./network.nix; {
${nilo-wg} nilo.devs.giugl.io
${kclvm-wg} kclvm.devs.giugl.io
${giuliodeck-wg} giuliodeck.devs.giugl.io
${framecca-wg} framecca.devs.giugl.io
'';
wireguard = {
@ -262,6 +263,10 @@ with import ./network.nix; {
allowedIPs = [ giuliodeck-wg ];
publicKey = "7TGYsYvElTLY3V7qJfggkF+kFG7Y5sUsHA88h0cYJx0=";
}
{
allowedIPs = [ framecca-wg ];
publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
}
];
};
};