erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

The Big Network Update

Browse source 
Due to subnet overlap with the new company network, made the following changes:

- Set home network to 10.9.0.0/24
- Update work VPN configuration with new subnets and keys
This commit is contained in:
Erwin Boskma 2025-01-26 19:36:58 +01:00
parent 9c66434d6f
commit 47b905bf47
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
30 changed files with 127 additions and 455 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -295,6 +295,7 @@
python3Packages.websocket-client
ssh-to-age
taplo
wireguard-tools
yj
inputs'.disko.packages.disko

8
machines/bsky/configuration.nix
View file

@ -63,10 +63,10 @@
};
networkConfig = {
Address = "10.0.0.213/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.213/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

93
machines/ci/configuration.nix
View file

@ -1,93 +0,0 @@
{ self, ... }:
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
woodpecker.enable = true;
};
boot.isContainer = true;
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "ci";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = false;
firewall = {
trustedInterfaces = [ "tailscale0" ];
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
};
virtualisation.podman = {
enable = true;
autoPrune = {
enable = true;
dates = "weekly";
};
defaultNetwork.settings.dns_enabled = true;
};
systemd.network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.202/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
woodpecker-server = { };
woodpecker-agent = { };
};
system.stateVersion = "24.05";
}

42
machines/ci/secrets.yaml
View file

@ -1,42 +0,0 @@
drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str]
woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTWNGd2FLTWcwTThodlBD
K1VRUmFmQlhoN3YwcDlpQmFzR0JZaW9jQngwCjJOYndqVDVjMWFtQnpmZGpRMGg3
Q0JXQys3TVpSZm1BcWFkcjhQcDJzOG8KLS0tIENjUWtaWW5GeE4yK09yUEx2SWpG
SFc5S1kvT2pBbHorZks3b1MzRU9ERFEKdS9c7j0iyHHbAc8XXpahsOTDu53BKsmr
+ff060PPzBIzQ+7aI52E8CSUAJw0GVYZD5KZForwwBhR3vaZGQYysg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEV3lvZmdCU20vT05SWTVB
cUdZTW4yVndyME4waU5qdmYwbUZuUlQyN2hvClRqSkZ0andyN3RmSFhVdzVMUWdS
VUtPR2tDRzVuZ0kzRVIyZnNMZTIwSVkKLS0tIHprQVR4c2RZQ3I0SlMzSDBnS25a
Z0JrZVhPMEZBQ1FVMjA2QnBITzJjbjQKCghnCUxyR8QkZM2R0EOgjq7J8E7MLlV6
vnEEu6iehd01vHvBKB1x3z6o/wzL8m3TA35knICZCk6jAD0w+OeW9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneWpaNDRaYk1WS3BuQmtp
L0gxcmFTSEZ3VXBtcTZQLzl0Qm85RmJvMDFnCktJbXJVM0ZDdVJZTHF1VEF6OXAy
RGdMU3RYNytla0k0QjNydTkrbjYrV0kKLS0tIHY3UjFvZ0VxRm1JOTg3NDgySU4x
dFpad2ZiNXR0cEQ4TTMxa0luK3lGRFUKsqF3x5NvdtqXtE05TjMMhFB3cHREYRCA
2LgUDn4FYbxprXTG0dOX+87aAQmoepMkVEXo2kBopoYrGHa1DsOznw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-12T09:28:02Z"
mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

17
machines/default.nix
View file

@ -53,15 +53,6 @@ inputs: {
tags = [ "metal" ];
};
};
k3s-test = {
config = import ./k3s-test/configuration.nix inputs;
deploy = {
# host = "10.0.0.208";
host = "k3s-test.barn-beaver.ts.net";
targetUser = "erwin";
# tags = [ "container" ];
};
};
loki = {
config = import ./loki/configuration.nix inputs;
};
@ -141,14 +132,6 @@ inputs: {
# targetUser = "erwin";
# };
};
unifi = {
config = import ./unifi/configuration.nix inputs;
deploy = {
# host = "10.0.0.207";
host = "unifi.barn-beaver.ts.net";
targetUser = "erwin";
};
};
valkyrie = {
config = import ./valkyrie/configuration.nix inputs;
deploy = {

13
machines/frigate/configuration.nix
View file

@ -29,10 +29,7 @@
tailscale.enable = true;
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "frigate.datarift.nl";
@ -69,10 +66,10 @@
};
networkConfig = {
Address = "10.0.0.205/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.205/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

10
machines/frigate/frigate/config/config.yml
View file

@ -49,16 +49,16 @@ ffmpeg:
go2rtc:
streams:
reolink:
- rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.0.20.28/h264Preview_01_main
# - http://10.0.20.28/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD}
- rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.9.20.28/h264Preview_01_main
# - http://10.9.20.28/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD}
- ffmpeg:reolink#audio=opus#hardware
reolink_sub:
- rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.0.20.28/h264Preview_01_sub
- rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.9.20.28/h264Preview_01_sub
- ffmpeg:reolink_sub#audio=opus#hardware
# - http://10.0.20.28/flv?port=1935&app=bcs&stream=channel0_sub.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD}
# - http://10.9.20.28/flv?port=1935&app=bcs&stream=channel0_sub.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD}
webrtc:
candidates:
- 10.0.0.205:8555
- 10.9.0.205:8555
- 100.84.124.27:8555 # Tailscale
- stun:8555

8
machines/gitea-runner/configuration.nix
View file

@ -54,10 +54,10 @@
};
networkConfig = {
Address = "10.0.0.210/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.210/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

7
machines/gitea/caddy.nix
View file

@ -6,10 +6,7 @@
{
services.caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
email = "erwin@datarift.nl";
@ -17,7 +14,7 @@
"git.datarift.nl" = {
extraConfig = ''
@local {
remote_ip 10.0.0.0/24
remote_ip 10.9.0.0/24
}
handle @local {

13
machines/gitea/configuration.nix
View file

@ -17,10 +17,7 @@
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "git.datarift.nl";
@ -70,10 +67,10 @@
};
networkConfig = {
Address = "10.0.0.203/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.203/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

2
machines/gitea/forgejo/default.nix
View file

@ -75,7 +75,7 @@ in
};
webhook = {
ALLOWED_HOST_LIST = "external,10.0.0.202/32,ci.datarift.nl,10.0.0.210/32";
ALLOWED_HOST_LIST = "external,10.9.0.202/32,ci.datarift.nl,10.9.0.210/32";
};
cron = {

5
machines/heimdall/configuration.nix
View file

@ -129,10 +129,7 @@
};
caddy = {
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
virtualHosts = {
"garfield.datarift.nl" =

83
machines/k3s-test/configuration.nix
View file

@ -1,83 +0,0 @@
{ self, ... }:
{ modulesPath, lib, ... }:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
services.k3s = {
enable = true;
extraFlags = "--tls-san=10.0.0.208";
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "k3s-test";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
firewall = {
trustedInterfaces = [ "tailscale0" ];
allowPing = true;
allowedTCPPorts = [ 6443 ];
};
};
systemd = {
network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.208/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
tmpfiles.rules = [ "L /dev/kmsg - - - - /dev/console" ];
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { };
system.stateVersion = "24.05";
}

45
machines/loki/configuration.nix
View file

@ -136,7 +136,7 @@
];
initrd.kernelModules = [ ];
kernelPackages = pkgs.linuxPackages_latest;
# kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [
"kvm-amd"
"apple-mfi-fastcharge"
@ -294,20 +294,25 @@
wireguardPeers = [
{
PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c=";
PublicKey = "6nEdzAQZ4YrUvYkZto3xLcbhEMBUu8y2P9LGSHSHdF4=";
AllowedIPs = [
"192.168.4.0/23"
"192.168.6.0/24"
"192.168.7.0/24"
"192.168.8.0/24"
"10.10.0.1/32"
"10.0.0.0/24"
"10.0.10.0/24"
"10.0.20.0/24"
"10.0.30.0/24"
"10.0.40.0/24"
"10.0.50.0/24"
# "0.0.0.0/0"
];
Endpoint = "212.45.34.195:51820";
Endpoint = "vpn.horus.nu:51820";
PersistentKeepalive = 25;
}
];
};
"11-horus1" = {
enable = false;
netdevConfig = {
Kind = "wireguard";
MTUBytes = "1420";
@ -357,35 +362,47 @@
networkConfig = {
DHCP = "no";
DNS = "192.168.4.1";
DNS = "10.10.0.1";
Domains = [
"bedum.horus.nu"
"internal.horus.nu"
];
};
address = [ "10.10.4.2/24" ];
address = [ "10.10.0.2/32" ];
routes = [
{
Destination = "192.168.4.0/23";
Destination = "10.0.0.0/24";
Scope = "link";
}
{
Destination = "192.168.6.0/24";
Destination = "10.0.10.0/24";
Scope = "link";
}
{
Destination = "192.168.7.0/24";
Destination = "10.0.20.0/24";
Scope = "link";
}
{
Destination = "192.168.8.0/24";
Destination = "10.0.30.0/24";
Scope = "link";
}
{
Destination = "10.0.40.0/24";
Scope = "link";
}
{
Destination = "10.0.50.0/24";
Scope = "link";
}
{
Destination = "10.10.0.0/24";
Scope = "link";
}
];
};
"41-horus1" = {
enable = false;
matchConfig = {
Name = "horus1";
};

8
machines/loki/secrets.yaml
View file

@ -3,7 +3,7 @@ gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01t
livebook-env: ENC[AES256_GCM,data:n0IReqMxu0pLJZtHdoTW+AvE8eKAyLsr41GbLR4OPSTrZrRKIOscZ5KIoLGtDrCQFw==,iv:MFC78r/1mfRf8puKWxXtaQeaqhFFVdYpu1vLMCe3JiI=,tag:Wd8EG95rx75EJpt5GaQw9g==,type:str]
livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str]
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
wireguard-horus0-privkey: ENC[AES256_GCM,data:Ro3g/O6qv8zuBOWFKmtTC7/5xxMd3O57Cj+h9n0yTn3zgE1qsWjynKEsinU=,iv:BhIgKUOmiWS8wKWBuZtoKRO+nclGBBGjCLsgeTiTLuk=,tag:DtZFgNAzx1Z2dB4cg3dXaw==,type:str]
wireguard-horus0-privkey: ENC[AES256_GCM,data:sD7kpOuuir76VsV4kk/INmwD4B8WWULPdzz7dYedI9x2Rbs4EtpH3WK/Y1U=,iv:Le6EyJjaOnP+lJ56M9d++mRHuOpE92N8TOUYEyZ2vQY=,tag:ONKw1Z0Gy+GCPhenXwrdlA==,type:str]
wireguard-horus1-privkey: ENC[AES256_GCM,data:e5WtFORl8fXtqMXC5bcs3D1rnBg1dkoc/4I5VlYM5WPeAXKIL48NBOm1yVw=,iv:vFk4FWZQyPtvqWfR9m9t8A/wt1LlwRRZVduecd+reUs=,tag:Gs3yzxy4LCoFJgMqKidSxg==,type:str]
k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str]
barman-passwords: ENC[AES256_GCM,data:M7HCuXsq8kSqoEfbn94/Hdl1tvb93i5oDYOr+QeuDVD33aF/xxuOwDVZM7wz7OcuozV7f6URtMGDy26KaHqekWhn2hFoRi5WHOxjE7M6oYLP6V4F+IGQBeMOHjjzqjQ9ti/BfhGpi3oHf0RK4RxLCmoNzAfWuP6zZnCyKgwyxBVu6lCHG2I08CJ8w2novts8,iv:EMLqvGIb1WK71Aw+LWr7JrQydA89CTTOavsFUZ6M3G8=,tag:PXu0JVzHjbH9wQfijf9V7A==,type:str]
@ -41,8 +41,8 @@ sops:
c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7
hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-09T09:52:58Z"
mac: ENC[AES256_GCM,data:566st1YkfscxnkFtaSfnvfWqfdXLYILxJJLf+LeH5j5gOU5cc1bgrhtBLAzshzthhcvIP5Y+L78Nxz9Ppv9ZJrIZpnhebQ+8xG6XyF9yzv8DdbgKQxTyCcvpMrm8qqCxFv5NnfMpa2a6dUq6vS7KCM8fUmFl83eEa5ZwtT+9QAw=,iv:Xxld0/ziE4N13BjuOkFmUB7nmTtr+xo2AZPDvJRrNRU=,tag:qzvmAszZamGlywrZ2CRSLQ==,type:str]
lastmodified: "2025-01-26T18:48:22Z"
mac: ENC[AES256_GCM,data:+bHMwwRAQ6/WNtX/gDX73y4KxGiCD6p2JAH8K/3lUZBaX2ERKN5tNbG7q4z+0NDvaPGoeZ+0sBE4/6eFSIbshCpMJyY4RgPMCUY4fekgLxogk50cG+kwYcZF+5MwI+s8SBofZkY/gBI0MAOseZo1mUzMvdwOWHx8q2QosYPBaao=,iv:Mcv+NvgWDgvGEI2+5hCOCwCajt0LNxzkIQ/CWFv6RvU=,tag:6Bq31ZF0uDeoghF5BAxUnQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.3

13
machines/minio/configuration.nix
View file

@ -16,10 +16,7 @@
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "minio.datarift.nl";
@ -69,10 +66,10 @@
};
networkConfig = {
Address = "10.0.0.204/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.204/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

13
machines/nix-cache/configuration.nix
View file

@ -23,10 +23,7 @@
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "nix-cache.datarift.nl";
@ -76,10 +73,10 @@
};
networkConfig = {
Address = "10.0.0.209/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.209/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

2
machines/odin/configuration.nix
View file

@ -73,7 +73,7 @@
kernelModules = [ "kvm-intel" ];
};
kernelPackages = pkgs.linuxPackages_latest;
# kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [
"kvm-intel"
"dm-thin-pool"

8
machines/odin/network.nix
View file

@ -47,10 +47,12 @@
};
networkConfig = {
Address = "10.0.0.252/24";
Gateway = "10.0.0.1";
# Address = "10.0.0.252/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.1";
# DHCP = "no";
DHCP = "yes";
DNS = "10.0.0.1";
DHCP = "no";
};
};
};

13
machines/proxy/configuration.nix
View file

@ -18,10 +18,7 @@
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "home.datarift.nl";
@ -92,10 +89,10 @@
};
networkConfig = {
Address = "10.0.0.251/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.251/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

13
machines/read/configuration.nix
View file

@ -30,10 +30,7 @@
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "read.datarift.nl";
@ -83,10 +80,10 @@
};
networkConfig = {
Address = "10.0.0.207/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.207/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

13
machines/saga/configuration.nix
View file

@ -25,10 +25,7 @@
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "saga.datarift.nl";
@ -75,10 +72,10 @@
};
networkConfig = {
Address = "10.0.0.212/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.212/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};

13
machines/search/configuration.nix
View file

@ -65,10 +65,10 @@
};
networkConfig = {
Address = "10.0.0.214/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
# Address = "10.0.0.214/24";
# Gateway = "10.0.0.1";
# DNS = "10.0.0.206";
DHCP = "yes";
};
};
};
@ -77,10 +77,7 @@
services.caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
virtualHosts = {
"search.datarift.nl" = {

1
machines/search/searxng.nix
View file

@ -25,6 +25,7 @@
ui = {
static_use_hash = true;
results_on_new_tab = true;
default_locale = "en";
};
enabled_plugins = [

86
machines/unifi/configuration.nix
View file

@ -1,86 +0,0 @@
{ self, ... }:
{
modulesPath,
pkgs,
lib,
...
}:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
services.unifi = {
enable = true;
unifiPackage = pkgs.unifi8;
openFirewall = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "unifi";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall = {
trustedInterfaces = [ "tailscale0" ];
allowPing = true;
allowedTCPPorts = [ 8443 ];
};
};
systemd.network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.207/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { };
system.stateVersion = "23.11";
}

4
machines/valkyrie/blocky/default.nix
View file

@ -39,8 +39,8 @@
customDNS = {
mapping = {
# Horus
# "vaultserver.horus.nu" = "192.168.4.32";
# "downloads.horus.nu" = "192.168.4.129";
"vaultserver.horus.nu" = "10.0.0.77";
# "downloads.horus.nu" = "10.0.0.129";
};
};

11
machines/valkyrie/configuration.nix
View file

@ -23,10 +23,7 @@
# };
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
package = pkgs.caddy-cloudflare;
proxyHosts = [
{
externalHostname = "blocky.datarift.nl";
@ -78,10 +75,10 @@
};
networkConfig = {
Address = "10.0.0.206/24";
Gateway = "10.0.0.1";
# Address = "10.0.0.206/24";
# Gateway = "10.0.0.1";
DHCP = "yes";
DNS = "127.0.0.1";
DHCP = "no";
};
};
};

28
machines/valkyrie/coredns/datarift.zone
View file

@ -1,20 +1,20 @@
$ORIGIN datarift.nl.
$TTL 3600
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 9 3600 900 86400 1800
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 10 3600 900 86400 1800
home IN A 10.0.0.251
home IN A 10.9.0.251
factorio IN A 159.69.211.175
frigate IN A 10.0.0.251
frigate IN A 10.9.0.251
garfield IN A 159.69.211.175
git IN A 10.0.0.203
git IN A 10.9.0.203
id IN A 159.69.211.175
loki IN A 10.0.0.4
minio IN A 10.0.0.251
minio-admin IN A 10.0.0.251
mqtt IN A 10.0.0.254
nix-cache IN A 10.0.0.209
read IN A 10.0.0.207
saga IN A 10.0.0.251
search IN A 10.0.0.214
vidz IN A 10.0.0.211
unifi IN A 10.0.0.1
loki IN A 10.9.0.4
minio IN A 10.9.0.251
minio-admin IN A 10.9.0.251
mqtt IN A 10.9.0.254
nix-cache IN A 10.9.0.209
read IN A 10.9.0.207
saga IN A 10.9.0.251
search IN A 10.9.0.214
vidz IN A 10.9.0.211
unifi IN A 10.9.0.1

4
machines/valkyrie/coredns/tailscale.zone
View file

@ -1,5 +1,5 @@
$TTL 3600
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 19 3600 900 86400 1800
@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 20 3600 900 86400 1800
home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net.
frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net.
@ -20,5 +20,5 @@ id.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
garfield.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
factorio.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net.
unifi.datarift.nl. IN A 10.0.0.1
unifi.datarift.nl. IN A 10.9.0.1
unifi.datarift.nl. IN AAAA fdcd:eae3:8553::1

5
overlays/default.nix
View file

@ -31,4 +31,9 @@ inputs: _final: prev: {
pdsadmin = prev.pkgs.callPackage ../pkgs/pdsadmin { };
ghostty = inputs.ghostty.packages.${prev.system}.ghostty;
caddy-cloudflare = prev.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" ];
hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
};
}