diff --git a/flake.nix b/flake.nix index 77fb568..67fd838 100644 --- a/flake.nix +++ b/flake.nix @@ -295,6 +295,7 @@ python3Packages.websocket-client ssh-to-age taplo + wireguard-tools yj inputs'.disko.packages.disko diff --git a/machines/bsky/configuration.nix b/machines/bsky/configuration.nix index e7b7cf1..d7ab560 100644 --- a/machines/bsky/configuration.nix +++ b/machines/bsky/configuration.nix @@ -63,10 +63,10 @@ }; networkConfig = { - Address = "10.0.0.213/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.213/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/ci/configuration.nix b/machines/ci/configuration.nix deleted file mode 100644 index 18524fe..0000000 --- a/machines/ci/configuration.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ self, ... }: -{ modulesPath, ... }: -{ - imports = [ - (modulesPath + "/virtualisation/lxc-container.nix") - ../../users/root - ../../users/erwin - ]; - - eboskma = { - users.erwin = { - enable = true; - server = true; - }; - nix-common = { - enable = true; - remote-builders = true; - }; - tailscale.enable = true; - woodpecker.enable = true; - }; - - boot.isContainer = true; - - time.timeZone = "Europe/Amsterdam"; - - system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; - - networking = { - hostName = "ci"; - useDHCP = false; - useHostResolvConf = false; - networkmanager.enable = false; - useNetworkd = true; - nftables.enable = false; - - firewall = { - trustedInterfaces = [ "tailscale0" ]; - interfaces."podman+" = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; - }; - }; - }; - - virtualisation.podman = { - enable = true; - autoPrune = { - enable = true; - dates = "weekly"; - }; - - defaultNetwork.settings.dns_enabled = true; - }; - - systemd.network = { - enable = true; - - wait-online.anyInterface = true; - - networks = { - "40-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - networkConfig = { - Address = "10.0.0.202/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; - }; - }; - }; - }; - - security = { - sudo-rs = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; - sudo.enable = false; - }; - - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets = { - woodpecker-server = { }; - woodpecker-agent = { }; - }; - - system.stateVersion = "24.05"; -} diff --git a/machines/ci/secrets.yaml b/machines/ci/secrets.yaml deleted file mode 100644 index 9392836..0000000 --- a/machines/ci/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str] -drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str] -woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str] -woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTWNGd2FLTWcwTThodlBD - K1VRUmFmQlhoN3YwcDlpQmFzR0JZaW9jQngwCjJOYndqVDVjMWFtQnpmZGpRMGg3 - Q0JXQys3TVpSZm1BcWFkcjhQcDJzOG8KLS0tIENjUWtaWW5GeE4yK09yUEx2SWpG - SFc5S1kvT2pBbHorZks3b1MzRU9ERFEKdS9c7j0iyHHbAc8XXpahsOTDu53BKsmr - +ff060PPzBIzQ+7aI52E8CSUAJw0GVYZD5KZForwwBhR3vaZGQYysg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEV3lvZmdCU20vT05SWTVB - cUdZTW4yVndyME4waU5qdmYwbUZuUlQyN2hvClRqSkZ0andyN3RmSFhVdzVMUWdS - VUtPR2tDRzVuZ0kzRVIyZnNMZTIwSVkKLS0tIHprQVR4c2RZQ3I0SlMzSDBnS25a - Z0JrZVhPMEZBQ1FVMjA2QnBITzJjbjQKCghnCUxyR8QkZM2R0EOgjq7J8E7MLlV6 - vnEEu6iehd01vHvBKB1x3z6o/wzL8m3TA35knICZCk6jAD0w+OeW9A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneWpaNDRaYk1WS3BuQmtp - L0gxcmFTSEZ3VXBtcTZQLzl0Qm85RmJvMDFnCktJbXJVM0ZDdVJZTHF1VEF6OXAy - RGdMU3RYNytla0k0QjNydTkrbjYrV0kKLS0tIHY3UjFvZ0VxRm1JOTg3NDgySU4x - dFpad2ZiNXR0cEQ4TTMxa0luK3lGRFUKsqF3x5NvdtqXtE05TjMMhFB3cHREYRCA - 2LgUDn4FYbxprXTG0dOX+87aAQmoepMkVEXo2kBopoYrGHa1DsOznw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-12T09:28:02Z" - mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/machines/default.nix b/machines/default.nix index 917bd0b..de8fe32 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -53,15 +53,6 @@ inputs: { tags = [ "metal" ]; }; }; - k3s-test = { - config = import ./k3s-test/configuration.nix inputs; - deploy = { - # host = "10.0.0.208"; - host = "k3s-test.barn-beaver.ts.net"; - targetUser = "erwin"; - # tags = [ "container" ]; - }; - }; loki = { config = import ./loki/configuration.nix inputs; }; @@ -141,14 +132,6 @@ inputs: { # targetUser = "erwin"; # }; }; - unifi = { - config = import ./unifi/configuration.nix inputs; - deploy = { - # host = "10.0.0.207"; - host = "unifi.barn-beaver.ts.net"; - targetUser = "erwin"; - }; - }; valkyrie = { config = import ./valkyrie/configuration.nix inputs; deploy = { diff --git a/machines/frigate/configuration.nix b/machines/frigate/configuration.nix index 82e97ed..5df044c 100644 --- a/machines/frigate/configuration.nix +++ b/machines/frigate/configuration.nix @@ -29,10 +29,7 @@ tailscale.enable = true; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "frigate.datarift.nl"; @@ -69,10 +66,10 @@ }; networkConfig = { - Address = "10.0.0.205/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.205/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/frigate/frigate/config/config.yml b/machines/frigate/frigate/config/config.yml index ee61f65..47f33a3 100644 --- a/machines/frigate/frigate/config/config.yml +++ b/machines/frigate/frigate/config/config.yml @@ -49,16 +49,16 @@ ffmpeg: go2rtc: streams: reolink: - - rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.0.20.28/h264Preview_01_main - # - http://10.0.20.28/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD} + - rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.9.20.28/h264Preview_01_main + # - http://10.9.20.28/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD} - ffmpeg:reolink#audio=opus#hardware reolink_sub: - - rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.0.20.28/h264Preview_01_sub + - rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.9.20.28/h264Preview_01_sub - ffmpeg:reolink_sub#audio=opus#hardware - # - http://10.0.20.28/flv?port=1935&app=bcs&stream=channel0_sub.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD} + # - http://10.9.20.28/flv?port=1935&app=bcs&stream=channel0_sub.bcs&user=hass&password={FRIGATE_DOORBELL_PASSWORD} webrtc: candidates: - - 10.0.0.205:8555 + - 10.9.0.205:8555 - 100.84.124.27:8555 # Tailscale - stun:8555 diff --git a/machines/gitea-runner/configuration.nix b/machines/gitea-runner/configuration.nix index 78af806..fadc515 100644 --- a/machines/gitea-runner/configuration.nix +++ b/machines/gitea-runner/configuration.nix @@ -54,10 +54,10 @@ }; networkConfig = { - Address = "10.0.0.210/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.210/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/gitea/caddy.nix b/machines/gitea/caddy.nix index d02e6e1..d022c5d 100644 --- a/machines/gitea/caddy.nix +++ b/machines/gitea/caddy.nix @@ -6,10 +6,7 @@ { services.caddy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; email = "erwin@datarift.nl"; @@ -17,7 +14,7 @@ "git.datarift.nl" = { extraConfig = '' @local { - remote_ip 10.0.0.0/24 + remote_ip 10.9.0.0/24 } handle @local { diff --git a/machines/gitea/configuration.nix b/machines/gitea/configuration.nix index bb410f8..bd1e1aa 100644 --- a/machines/gitea/configuration.nix +++ b/machines/gitea/configuration.nix @@ -17,10 +17,7 @@ }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "git.datarift.nl"; @@ -70,10 +67,10 @@ }; networkConfig = { - Address = "10.0.0.203/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.203/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/gitea/forgejo/default.nix b/machines/gitea/forgejo/default.nix index c686e84..9e7b1e8 100644 --- a/machines/gitea/forgejo/default.nix +++ b/machines/gitea/forgejo/default.nix @@ -75,7 +75,7 @@ in }; webhook = { - ALLOWED_HOST_LIST = "external,10.0.0.202/32,ci.datarift.nl,10.0.0.210/32"; + ALLOWED_HOST_LIST = "external,10.9.0.202/32,ci.datarift.nl,10.9.0.210/32"; }; cron = { diff --git a/machines/heimdall/configuration.nix b/machines/heimdall/configuration.nix index 56b035d..a697cf9 100644 --- a/machines/heimdall/configuration.nix +++ b/machines/heimdall/configuration.nix @@ -129,10 +129,7 @@ }; caddy = { - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; virtualHosts = { "garfield.datarift.nl" = diff --git a/machines/k3s-test/configuration.nix b/machines/k3s-test/configuration.nix deleted file mode 100644 index 995b9df..0000000 --- a/machines/k3s-test/configuration.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ self, ... }: -{ modulesPath, lib, ... }: -{ - imports = [ - (modulesPath + "/virtualisation/lxc-container.nix") - ../../users/root - ../../users/erwin - ]; - - eboskma = { - users.erwin = { - enable = true; - server = true; - }; - nix-common = { - enable = true; - remote-builders = true; - }; - tailscale.enable = true; - }; - - services.k3s = { - enable = true; - extraFlags = "--tls-san=10.0.0.208"; - }; - - time.timeZone = "Europe/Amsterdam"; - - system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; - - networking = { - hostName = "k3s-test"; - useDHCP = false; - useHostResolvConf = false; - networkmanager.enable = false; - useNetworkd = true; - - firewall = { - trustedInterfaces = [ "tailscale0" ]; - allowPing = true; - allowedTCPPorts = [ 6443 ]; - }; - }; - - systemd = { - network = { - enable = true; - - wait-online.anyInterface = true; - - networks = { - "40-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - networkConfig = { - Address = "10.0.0.208/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; - }; - }; - }; - }; - - tmpfiles.rules = [ "L /dev/kmsg - - - - /dev/console" ]; - }; - - security = { - sudo-rs = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; - sudo.enable = false; - }; - - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets = { }; - - system.stateVersion = "24.05"; -} diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 0be3948..a4f3197 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -136,7 +136,7 @@ ]; initrd.kernelModules = [ ]; - kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" @@ -294,20 +294,25 @@ wireguardPeers = [ { - PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; + PublicKey = "6nEdzAQZ4YrUvYkZto3xLcbhEMBUu8y2P9LGSHSHdF4="; AllowedIPs = [ - "192.168.4.0/23" - "192.168.6.0/24" - "192.168.7.0/24" - "192.168.8.0/24" + "10.10.0.1/32" + "10.0.0.0/24" + "10.0.10.0/24" + "10.0.20.0/24" + "10.0.30.0/24" + "10.0.40.0/24" + "10.0.50.0/24" + # "0.0.0.0/0" ]; - Endpoint = "212.45.34.195:51820"; + Endpoint = "vpn.horus.nu:51820"; PersistentKeepalive = 25; } ]; }; "11-horus1" = { + enable = false; netdevConfig = { Kind = "wireguard"; MTUBytes = "1420"; @@ -357,35 +362,47 @@ networkConfig = { DHCP = "no"; - DNS = "192.168.4.1"; + DNS = "10.10.0.1"; Domains = [ - "bedum.horus.nu" "internal.horus.nu" ]; }; - address = [ "10.10.4.2/24" ]; + address = [ "10.10.0.2/32" ]; routes = [ { - Destination = "192.168.4.0/23"; + Destination = "10.0.0.0/24"; Scope = "link"; } { - Destination = "192.168.6.0/24"; + Destination = "10.0.10.0/24"; Scope = "link"; } { - Destination = "192.168.7.0/24"; + Destination = "10.0.20.0/24"; Scope = "link"; } { - Destination = "192.168.8.0/24"; + Destination = "10.0.30.0/24"; + Scope = "link"; + } + { + Destination = "10.0.40.0/24"; + Scope = "link"; + } + { + Destination = "10.0.50.0/24"; + Scope = "link"; + } + { + Destination = "10.10.0.0/24"; Scope = "link"; } ]; }; "41-horus1" = { + enable = false; matchConfig = { Name = "horus1"; }; diff --git a/machines/loki/secrets.yaml b/machines/loki/secrets.yaml index 3ecedb5..625500b 100644 --- a/machines/loki/secrets.yaml +++ b/machines/loki/secrets.yaml @@ -3,7 +3,7 @@ gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01t livebook-env: ENC[AES256_GCM,data:n0IReqMxu0pLJZtHdoTW+AvE8eKAyLsr41GbLR4OPSTrZrRKIOscZ5KIoLGtDrCQFw==,iv:MFC78r/1mfRf8puKWxXtaQeaqhFFVdYpu1vLMCe3JiI=,tag:Wd8EG95rx75EJpt5GaQw9g==,type:str] livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str] renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str] -wireguard-horus0-privkey: ENC[AES256_GCM,data:Ro3g/O6qv8zuBOWFKmtTC7/5xxMd3O57Cj+h9n0yTn3zgE1qsWjynKEsinU=,iv:BhIgKUOmiWS8wKWBuZtoKRO+nclGBBGjCLsgeTiTLuk=,tag:DtZFgNAzx1Z2dB4cg3dXaw==,type:str] +wireguard-horus0-privkey: ENC[AES256_GCM,data:sD7kpOuuir76VsV4kk/INmwD4B8WWULPdzz7dYedI9x2Rbs4EtpH3WK/Y1U=,iv:Le6EyJjaOnP+lJ56M9d++mRHuOpE92N8TOUYEyZ2vQY=,tag:ONKw1Z0Gy+GCPhenXwrdlA==,type:str] wireguard-horus1-privkey: ENC[AES256_GCM,data:e5WtFORl8fXtqMXC5bcs3D1rnBg1dkoc/4I5VlYM5WPeAXKIL48NBOm1yVw=,iv:vFk4FWZQyPtvqWfR9m9t8A/wt1LlwRRZVduecd+reUs=,tag:Gs3yzxy4LCoFJgMqKidSxg==,type:str] k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str] barman-passwords: ENC[AES256_GCM,data:M7HCuXsq8kSqoEfbn94/Hdl1tvb93i5oDYOr+QeuDVD33aF/xxuOwDVZM7wz7OcuozV7f6URtMGDy26KaHqekWhn2hFoRi5WHOxjE7M6oYLP6V4F+IGQBeMOHjjzqjQ9ti/BfhGpi3oHf0RK4RxLCmoNzAfWuP6zZnCyKgwyxBVu6lCHG2I08CJ8w2novts8,iv:EMLqvGIb1WK71Aw+LWr7JrQydA89CTTOavsFUZ6M3G8=,tag:PXu0JVzHjbH9wQfijf9V7A==,type:str] @@ -41,8 +41,8 @@ sops: c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7 hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-09T09:52:58Z" - mac: ENC[AES256_GCM,data:566st1YkfscxnkFtaSfnvfWqfdXLYILxJJLf+LeH5j5gOU5cc1bgrhtBLAzshzthhcvIP5Y+L78Nxz9Ppv9ZJrIZpnhebQ+8xG6XyF9yzv8DdbgKQxTyCcvpMrm8qqCxFv5NnfMpa2a6dUq6vS7KCM8fUmFl83eEa5ZwtT+9QAw=,iv:Xxld0/ziE4N13BjuOkFmUB7nmTtr+xo2AZPDvJRrNRU=,tag:qzvmAszZamGlywrZ2CRSLQ==,type:str] + lastmodified: "2025-01-26T18:48:22Z" + mac: ENC[AES256_GCM,data:+bHMwwRAQ6/WNtX/gDX73y4KxGiCD6p2JAH8K/3lUZBaX2ERKN5tNbG7q4z+0NDvaPGoeZ+0sBE4/6eFSIbshCpMJyY4RgPMCUY4fekgLxogk50cG+kwYcZF+5MwI+s8SBofZkY/gBI0MAOseZo1mUzMvdwOWHx8q2QosYPBaao=,iv:Mcv+NvgWDgvGEI2+5hCOCwCajt0LNxzkIQ/CWFv6RvU=,tag:6Bq31ZF0uDeoghF5BAxUnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.3 diff --git a/machines/minio/configuration.nix b/machines/minio/configuration.nix index 9275a79..5db1265 100644 --- a/machines/minio/configuration.nix +++ b/machines/minio/configuration.nix @@ -16,10 +16,7 @@ }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "minio.datarift.nl"; @@ -69,10 +66,10 @@ }; networkConfig = { - Address = "10.0.0.204/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.204/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/nix-cache/configuration.nix b/machines/nix-cache/configuration.nix index 073051c..4d209ac 100644 --- a/machines/nix-cache/configuration.nix +++ b/machines/nix-cache/configuration.nix @@ -23,10 +23,7 @@ }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "nix-cache.datarift.nl"; @@ -76,10 +73,10 @@ }; networkConfig = { - Address = "10.0.0.209/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.209/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/odin/configuration.nix b/machines/odin/configuration.nix index 23830b0..d4991cd 100644 --- a/machines/odin/configuration.nix +++ b/machines/odin/configuration.nix @@ -73,7 +73,7 @@ kernelModules = [ "kvm-intel" ]; }; - kernelPackages = pkgs.linuxPackages_latest; + # kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ "kvm-intel" "dm-thin-pool" diff --git a/machines/odin/network.nix b/machines/odin/network.nix index b3c7012..e0254ff 100644 --- a/machines/odin/network.nix +++ b/machines/odin/network.nix @@ -47,10 +47,12 @@ }; networkConfig = { - Address = "10.0.0.252/24"; - Gateway = "10.0.0.1"; + # Address = "10.0.0.252/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.1"; + # DHCP = "no"; + DHCP = "yes"; DNS = "10.0.0.1"; - DHCP = "no"; }; }; }; diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix index 1b50b36..092c957 100644 --- a/machines/proxy/configuration.nix +++ b/machines/proxy/configuration.nix @@ -18,10 +18,7 @@ }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "home.datarift.nl"; @@ -92,10 +89,10 @@ }; networkConfig = { - Address = "10.0.0.251/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.251/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/read/configuration.nix b/machines/read/configuration.nix index 60ae2f7..3a369f2 100644 --- a/machines/read/configuration.nix +++ b/machines/read/configuration.nix @@ -30,10 +30,7 @@ }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "read.datarift.nl"; @@ -83,10 +80,10 @@ }; networkConfig = { - Address = "10.0.0.207/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.207/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/saga/configuration.nix b/machines/saga/configuration.nix index e6c4f62..3326b50 100644 --- a/machines/saga/configuration.nix +++ b/machines/saga/configuration.nix @@ -25,10 +25,7 @@ }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "saga.datarift.nl"; @@ -75,10 +72,10 @@ }; networkConfig = { - Address = "10.0.0.212/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.212/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; diff --git a/machines/search/configuration.nix b/machines/search/configuration.nix index 2053622..bad74fa 100644 --- a/machines/search/configuration.nix +++ b/machines/search/configuration.nix @@ -65,10 +65,10 @@ }; networkConfig = { - Address = "10.0.0.214/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; + # Address = "10.0.0.214/24"; + # Gateway = "10.0.0.1"; + # DNS = "10.0.0.206"; + DHCP = "yes"; }; }; }; @@ -77,10 +77,7 @@ services.caddy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; virtualHosts = { "search.datarift.nl" = { diff --git a/machines/search/searxng.nix b/machines/search/searxng.nix index ce37eda..f53729f 100644 --- a/machines/search/searxng.nix +++ b/machines/search/searxng.nix @@ -25,6 +25,7 @@ ui = { static_use_hash = true; results_on_new_tab = true; + default_locale = "en"; }; enabled_plugins = [ diff --git a/machines/unifi/configuration.nix b/machines/unifi/configuration.nix deleted file mode 100644 index a25e871..0000000 --- a/machines/unifi/configuration.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ self, ... }: -{ - modulesPath, - pkgs, - lib, - ... -}: -{ - imports = [ - (modulesPath + "/virtualisation/lxc-container.nix") - ../../users/root - ../../users/erwin - ]; - - eboskma = { - users.erwin = { - enable = true; - server = true; - }; - nix-common = { - enable = true; - remote-builders = true; - }; - tailscale.enable = true; - }; - - services.unifi = { - enable = true; - unifiPackage = pkgs.unifi8; - openFirewall = true; - }; - - time.timeZone = "Europe/Amsterdam"; - - system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; - - networking = { - hostName = "unifi"; - useDHCP = false; - useHostResolvConf = false; - networkmanager.enable = false; - useNetworkd = true; - nftables.enable = true; - - firewall = { - trustedInterfaces = [ "tailscale0" ]; - allowPing = true; - allowedTCPPorts = [ 8443 ]; - }; - }; - - systemd.network = { - enable = true; - - wait-online.anyInterface = true; - - networks = { - "40-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - networkConfig = { - Address = "10.0.0.207/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; - }; - }; - }; - }; - - security = { - sudo-rs = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; - sudo.enable = false; - }; - - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets = { }; - - system.stateVersion = "23.11"; -} diff --git a/machines/valkyrie/blocky/default.nix b/machines/valkyrie/blocky/default.nix index a8b3519..76c5bb2 100644 --- a/machines/valkyrie/blocky/default.nix +++ b/machines/valkyrie/blocky/default.nix @@ -39,8 +39,8 @@ customDNS = { mapping = { # Horus - # "vaultserver.horus.nu" = "192.168.4.32"; - # "downloads.horus.nu" = "192.168.4.129"; + "vaultserver.horus.nu" = "10.0.0.77"; + # "downloads.horus.nu" = "10.0.0.129"; }; }; diff --git a/machines/valkyrie/configuration.nix b/machines/valkyrie/configuration.nix index a523ea4..ec0611c 100644 --- a/machines/valkyrie/configuration.nix +++ b/machines/valkyrie/configuration.nix @@ -23,10 +23,7 @@ # }; caddy-proxy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; - }; + package = pkgs.caddy-cloudflare; proxyHosts = [ { externalHostname = "blocky.datarift.nl"; @@ -78,10 +75,10 @@ }; networkConfig = { - Address = "10.0.0.206/24"; - Gateway = "10.0.0.1"; + # Address = "10.0.0.206/24"; + # Gateway = "10.0.0.1"; + DHCP = "yes"; DNS = "127.0.0.1"; - DHCP = "no"; }; }; }; diff --git a/machines/valkyrie/coredns/datarift.zone b/machines/valkyrie/coredns/datarift.zone index bd142f6..0e6e03f 100644 --- a/machines/valkyrie/coredns/datarift.zone +++ b/machines/valkyrie/coredns/datarift.zone @@ -1,20 +1,20 @@ $ORIGIN datarift.nl. $TTL 3600 -@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 9 3600 900 86400 1800 +@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 10 3600 900 86400 1800 -home IN A 10.0.0.251 +home IN A 10.9.0.251 factorio IN A 159.69.211.175 -frigate IN A 10.0.0.251 +frigate IN A 10.9.0.251 garfield IN A 159.69.211.175 -git IN A 10.0.0.203 +git IN A 10.9.0.203 id IN A 159.69.211.175 -loki IN A 10.0.0.4 -minio IN A 10.0.0.251 -minio-admin IN A 10.0.0.251 -mqtt IN A 10.0.0.254 -nix-cache IN A 10.0.0.209 -read IN A 10.0.0.207 -saga IN A 10.0.0.251 -search IN A 10.0.0.214 -vidz IN A 10.0.0.211 -unifi IN A 10.0.0.1 +loki IN A 10.9.0.4 +minio IN A 10.9.0.251 +minio-admin IN A 10.9.0.251 +mqtt IN A 10.9.0.254 +nix-cache IN A 10.9.0.209 +read IN A 10.9.0.207 +saga IN A 10.9.0.251 +search IN A 10.9.0.214 +vidz IN A 10.9.0.211 +unifi IN A 10.9.0.1 diff --git a/machines/valkyrie/coredns/tailscale.zone b/machines/valkyrie/coredns/tailscale.zone index c454760..36fe7c9 100644 --- a/machines/valkyrie/coredns/tailscale.zone +++ b/machines/valkyrie/coredns/tailscale.zone @@ -1,5 +1,5 @@ $TTL 3600 -@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 19 3600 900 86400 1800 +@ IN SOA gabe.ns.cloudflare.com. dns.cloudflare.com. 20 3600 900 86400 1800 home.datarift.nl. IN CNAME proxy.barn-beaver.ts.net. frigate.datarift.nl. IN CNAME frigate.barn-beaver.ts.net. @@ -20,5 +20,5 @@ id.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net. garfield.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net. factorio.datarift.nl. IN CNAME heimdall.barn-beaver.ts.net. -unifi.datarift.nl. IN A 10.0.0.1 +unifi.datarift.nl. IN A 10.9.0.1 unifi.datarift.nl. IN AAAA fdcd:eae3:8553::1 diff --git a/overlays/default.nix b/overlays/default.nix index 1a73b2d..9ce7cbf 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -31,4 +31,9 @@ inputs: _final: prev: { pdsadmin = prev.pkgs.callPackage ../pkgs/pdsadmin { }; ghostty = inputs.ghostty.packages.${prev.system}.ghostty; + + caddy-cloudflare = prev.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" ]; + hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + }; }