From 12fd79a9c8249c94773d1268e5ede7026f087224 Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Tue, 24 Dec 2024 14:54:17 +0100
Subject: [PATCH] fix: desktopnix deploy fix: immich firewall rules

---
 config/services/immich.nix             | 2 +-
 hosts/desktopnix/net.nix               | 5 +++--
 hosts/elisabeth/guests.nix             | 4 ++--
 hosts/nucnix/guests.nix                | 4 ++--
 users/patrick/default.nix              | 2 +-
 users/patrick/dev.nix                  | 3 ++-
 users/patrick/programs/thunderbird.nix | 4 ++--
 users/patrick/ssh.nix                  | 6 +++---
 8 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/config/services/immich.nix b/config/services/immich.nix
index 0353abe..e900195 100644
--- a/config/services/immich.nix
+++ b/config/services/immich.nix
@@ -251,7 +251,7 @@ in
   networking.nftables.chains.forward.into-immich-container = {
     after = [ "conntrack" ];
     rules = [
-      "iifname elisabeth ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
+      "iifname services ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
       "iifname podman1 oifname lan accept"
     ];
   };
diff --git a/hosts/desktopnix/net.nix b/hosts/desktopnix/net.nix
index c26c8e3..debfcf4 100644
--- a/hosts/desktopnix/net.nix
+++ b/hosts/desktopnix/net.nix
@@ -1,5 +1,6 @@
 {
   config,
+  globals,
   pkgs,
   ...
 }:
@@ -41,8 +42,8 @@
     clients.main = {
       port = 51820;
       environment = {
-        NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
-        NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
+        NB_MANAGEMENT_URL = "https://netbird.${globals.domains.web}";
+        NB_ADMIN_URL = "https://netbird.${globals.domains.web}";
         NB_HOSTNAME = "desktopnix";
       };
     };
diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix
index 5a09e50..2157252 100644
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@@ -60,9 +60,9 @@
                 lib.listToAttrs (
                   lib.flip map vlans (
                     name:
-                    lib.nameValuePair "09-mv-${name}" {
+                    lib.nameValuePair "10-mv-${name}" {
                       matchConfig.Name = "mv-${name}";
-                      DHCP = "no";
+                      DHCP = lib.mkForce "no";
                       address = [
                         (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
                         (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
diff --git a/hosts/nucnix/guests.nix b/hosts/nucnix/guests.nix
index 5768999..c5ff29a 100644
--- a/hosts/nucnix/guests.nix
+++ b/hosts/nucnix/guests.nix
@@ -45,9 +45,9 @@ in
                 lib.listToAttrs (
                   lib.flip map vlans (
                     name:
-                    lib.nameValuePair "09-mv-${name}" {
+                    lib.nameValuePair "10-mv-${name}" {
                       matchConfig.Name = "mv-${name}";
-                      DHCP = "no";
+                      DHCP = lib.mkForce "no";
                       address = [
                         (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
                         (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
diff --git a/users/patrick/default.nix b/users/patrick/default.nix
index f056841..2a5d3cb 100644
--- a/users/patrick/default.nix
+++ b/users/patrick/default.nix
@@ -20,7 +20,7 @@ lib.optionalAttrs (!minimal) {
       "tss"
     ];
     group = "patrick";
-    hashedPassword = globals.users.patrick.passwordHash;
+    inherit (globals.users.patrick) hashedPassword;
     autoSubUidGidRange = false;
     subUidRanges = [
       {
diff --git a/users/patrick/dev.nix b/users/patrick/dev.nix
index e3eea97..1791b3b 100644
--- a/users/patrick/dev.nix
+++ b/users/patrick/dev.nix
@@ -2,6 +2,7 @@
   lib,
   config,
   nodes,
+  globals,
   minimal,
   pkgs,
   ...
@@ -61,7 +62,7 @@ lib.optionalAttrs (!minimal) {
     distributedBuilds = true;
     buildMachines = [
       {
-        hostName = config.secrets.secrets.global.user.mailnix_ip;
+        hostName = globals.hosts.mailnix.ip;
         protocol = "ssh-ng";
         sshUser = "build";
         system = "aarch64-linux";
diff --git a/users/patrick/programs/thunderbird.nix b/users/patrick/programs/thunderbird.nix
index 2e5677c..e07bd27 100644
--- a/users/patrick/programs/thunderbird.nix
+++ b/users/patrick/programs/thunderbird.nix
@@ -1,7 +1,7 @@
-{ config, lib, ... }:
+{ globals, lib, ... }:
 {
   hm = {
-    accounts.email.accounts = lib.flip lib.mapAttrs' config.secrets.secrets.global.user.accounts.email (
+    accounts.email.accounts = lib.flip lib.mapAttrs' globals.accounts.email (
       _: v:
       lib.nameValuePair v.address (
         lib.recursiveUpdate v {
diff --git a/users/patrick/ssh.nix b/users/patrick/ssh.nix
index b217bda..6f88fa7 100644
--- a/users/patrick/ssh.nix
+++ b/users/patrick/ssh.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ globals, ... }:
 {
   # yubikey public key parts
   hm.home.file = {
@@ -27,11 +27,11 @@
         };
 
         "maddy" = {
-          hostname = config.secrets.secrets.global.user.hetzner_ip;
+          hostname = globals.hosts.maddy.ip;
           user = "root";
         };
         "mailnix" = {
-          hostname = config.secrets.secrets.global.user.mailnix_ip;
+          hostname = globals.hosts.mailnix.ip;
           user = "root";
         };