diff --git a/nixos/hosts/hades/_template/configuration.nix b/nixos/hosts/hades/_template/configuration.nix index e660f64..7b6c670 100644 --- a/nixos/hosts/hades/_template/configuration.nix +++ b/nixos/hosts/hades/_template/configuration.nix @@ -13,7 +13,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? + system.stateVersion = "23.05"; # Did you read the comment? # Additional packages environment.systemPackages = with pkgs; [ ]; diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix index 12eba5f..e9a93e6 100644 --- a/nixos/hosts/hades/default.nix +++ b/nixos/hosts/hades/default.nix @@ -143,21 +143,6 @@ mac = "ea:ac:be:53:18:27"; profile = "sonarr"; }; - "postgres" = { - ip = "192.168.0.133"; - mac = "6e:92:a9:5e:4c:e2"; - nix = false; - }; - "vault" = { - ip = "192.168.0.134"; - mac = "56:20:62:16:8a:11"; - nix = false; - }; - "vmetrics" = { - ip = "192.168.0.135"; - mac = "96:10:41:fd:2a:0a"; - nix = false; - }; "mastodon" = { ip = "192.168.0.138"; mac = "52:60:8a:06:86:9c"; diff --git a/nixos/hosts/hades/nginx/configuration.nix b/nixos/hosts/hades/nginx/configuration.nix new file mode 100644 index 0000000..6b8427f --- /dev/null +++ b/nixos/hosts/hades/nginx/configuration.nix @@ -0,0 +1,99 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ pkgs, ... }: +let + proxy = url: { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = url; + proxyWebsockets = true; + }; + }; +in { + imports = [ ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + + # Additional packages + environment.systemPackages = with pkgs; [ ]; + + networking.firewall.allowedTCPPorts = [ ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedBrotliSettings = true; + clientMaxBodySize = "500m"; + + package = pkgs.nginxMainline; + + virtualHosts."cshub.nl" = proxy "http://192.168.0.113"; + virtualHosts."ha.xirion.net" = proxy "http://192.168.0.129:8123"; + virtualHosts."xirion.net" = (proxy "http://10.10.10.12") // { + locations."= /.well-known/host-meta".extraConfig = '' + return 301 https://fedi.xirion.net$request_uri; + ''; + }; + virtualHosts."blog.xirion.net" = proxy "http://10.10.10.12"; + virtualHosts."git.xirion.net" = proxy "http://10.10.10.12"; + virtualHosts."mail.xirion.net" = proxy "https://192.168.0.118"; + virtualHosts."o.xirion.net" = proxy "http://192.168.0.112"; + virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055"; + virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs"; + virtualHosts."repo.xirion.net" = proxy "http://archlinux"; + virtualHosts."thelounge.xirion.net" = proxy "http://thelounge:9000"; + + virtualHosts."registry.xirion.net" = proxy "http://docker-registry:5000" + // { + locations."/".extraConfig = '' + allow 127.0.0.1; + allow 10.42.42.0/23; + allow 192.168.0.0/23; + allow 80.60.83.220; + allow 195.85.167.32/29; + deny all; + ''; + }; + + virtualHosts."fedi.xirion.net" = { + enableACME = true; + forceSSL = true; + + root = "${pkgs.v.glitch-soc}/public/"; + location."/".tryFiles = "$uri @proxy"; + + # location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { + # add_header Cache-Control "public, max-age=31536000, immutable"; + # add_header Strict-Transport-Security "max-age=31536000"; + # try_files $uri @proxy; + # } + + # location /sw.js { + # add_header Cache-Control "public, max-age=0"; + # add_header Strict-Transport-Security "max-age=31536000"; + # try_files $uri @proxy; + # } + + location."@proxy" = { + proxyPass = "http://192.168.0.138:55001"; + proxyWebsockets = true; + }; + + location."api/v1/streaming" = { + proxyPass = "http://192.168.0.138:55000"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/nixos/hosts/olympus/dhcp/configuration.nix b/nixos/hosts/olympus/dhcp/configuration.nix index f6b1163..dcafb0a 100644 --- a/nixos/hosts/olympus/dhcp/configuration.nix +++ b/nixos/hosts/olympus/dhcp/configuration.nix @@ -1,7 +1,7 @@ { config, pkgs, flat_hosts, ... }: let inherit (builtins) filter hasAttr; - hostToKea = {hostname, mac, ip, ...}: { + hostToKea = { hostname, mac, ip, ... }: { inherit hostname; hw-address = mac; ip-address = ip; @@ -31,64 +31,59 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.11"; # Did you read the comment? - # Additional packages - environment.systemPackages = with pkgs; [ ]; - networking.firewall.allowedUDPPorts = [ 67 ]; - services.kea = { - dhcp4 = { - enable = true; - settings = { - authoritative = true; - valid-lifetime = 4000; - rebind-timer = 2000; - renew-timer = 1000; + services.kea.dhcp4 = { + enable = true; + settings = { + authoritative = true; + valid-lifetime = 4000; + rebind-timer = 2000; + renew-timer = 1000; - interfaces-config.interfaces = [ "eth0" ]; + interfaces-config.interfaces = [ "eth0" ]; - lease-database = { - name = "/var/lib/kea/dhcp4.leases"; - persist = true; - type = "memfile"; - }; - - option-data = [ - { - name = "subnet-mask"; - data = "255.255.254.0"; - } - { - name = "broadcast-address"; - data = "10.42.43.255"; - } - { - name = "routers"; - data = "10.42.42.1"; - } - { - name = "domain-name-servers"; - data = "10.42.42.15, 10.42.42.16"; - } - { - name = "domain-name"; - data = "${localDomain}"; - } - { - name = "domain-search"; - data = "${localDomain}"; - } - ]; - - host-reservation-identifiers = [ "hw-address" ]; - - subnet4 = [{ - id = 1; - pools = [{ pool = "10.42.43.1 - 10.42.43.254"; }]; - subnet = "10.42.42.0/23"; - reservations = map hostToKea hosts; - }]; + lease-database = { + name = "/var/lib/kea/dhcp4.leases"; + persist = true; + type = "memfile"; }; + + option-data = [ + { + name = "subnet-mask"; + data = "255.255.254.0"; + } + { + name = "broadcast-address"; + data = "10.42.43.255"; + } + { + name = "routers"; + data = "10.42.42.1"; + } + { + name = "domain-name-servers"; + data = "10.42.42.15, 10.42.42.16"; + } + { + name = "domain-name"; + data = localDomain; + } + { + name = "domain-search"; + data = localDomain; + } + ]; + + host-reservation-identifiers = [ "hw-address" ]; + + subnet4 = [{ + id = 1; + pools = [{ pool = "10.42.43.1 - 10.42.43.254"; }]; + subnet = "10.42.42.0/23"; + reservations = map hostToKea hosts; + }]; }; }; } diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix index 564061b..3901ff2 100644 --- a/nixos/hosts/olympus/nginx/configuration.nix +++ b/nixos/hosts/olympus/nginx/configuration.nix @@ -104,7 +104,7 @@ in { allow 10.42.42.0/23; allow 192.168.0.0/23; allow 80.60.83.220; - allow 195.85.167.32/23; + allow 195.85.167.32/29; deny all; ''; proxyPass = "http://synapse.olympus:8008";