fix: desktopnix deploy

fix: immich firewall rules
This commit is contained in:
Patrick 2024-12-24 14:54:17 +01:00
parent 4a8d074627
commit 12fd79a9c8
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
8 changed files with 16 additions and 14 deletions

View file

@ -251,7 +251,7 @@ in
networking.nftables.chains.forward.into-immich-container = { networking.nftables.chains.forward.into-immich-container = {
after = [ "conntrack" ]; after = [ "conntrack" ];
rules = [ rules = [
"iifname elisabeth ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept" "iifname services ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
"iifname podman1 oifname lan accept" "iifname podman1 oifname lan accept"
]; ];
}; };

View file

@ -1,5 +1,6 @@
{ {
config, config,
globals,
pkgs, pkgs,
... ...
}: }:
@ -41,8 +42,8 @@
clients.main = { clients.main = {
port = 51820; port = 51820;
environment = { environment = {
NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}"; NB_MANAGEMENT_URL = "https://netbird.${globals.domains.web}";
NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}"; NB_ADMIN_URL = "https://netbird.${globals.domains.web}";
NB_HOSTNAME = "desktopnix"; NB_HOSTNAME = "desktopnix";
}; };
}; };

View file

@ -60,9 +60,9 @@
lib.listToAttrs ( lib.listToAttrs (
lib.flip map vlans ( lib.flip map vlans (
name: name:
lib.nameValuePair "09-mv-${name}" { lib.nameValuePair "10-mv-${name}" {
matchConfig.Name = "mv-${name}"; matchConfig.Name = "mv-${name}";
DHCP = "no"; DHCP = lib.mkForce "no";
address = [ address = [
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4) (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6) (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)

View file

@ -45,9 +45,9 @@ in
lib.listToAttrs ( lib.listToAttrs (
lib.flip map vlans ( lib.flip map vlans (
name: name:
lib.nameValuePair "09-mv-${name}" { lib.nameValuePair "10-mv-${name}" {
matchConfig.Name = "mv-${name}"; matchConfig.Name = "mv-${name}";
DHCP = "no"; DHCP = lib.mkForce "no";
address = [ address = [
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4) (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6) (lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)

View file

@ -20,7 +20,7 @@ lib.optionalAttrs (!minimal) {
"tss" "tss"
]; ];
group = "patrick"; group = "patrick";
hashedPassword = globals.users.patrick.passwordHash; inherit (globals.users.patrick) hashedPassword;
autoSubUidGidRange = false; autoSubUidGidRange = false;
subUidRanges = [ subUidRanges = [
{ {

View file

@ -2,6 +2,7 @@
lib, lib,
config, config,
nodes, nodes,
globals,
minimal, minimal,
pkgs, pkgs,
... ...
@ -61,7 +62,7 @@ lib.optionalAttrs (!minimal) {
distributedBuilds = true; distributedBuilds = true;
buildMachines = [ buildMachines = [
{ {
hostName = config.secrets.secrets.global.user.mailnix_ip; hostName = globals.hosts.mailnix.ip;
protocol = "ssh-ng"; protocol = "ssh-ng";
sshUser = "build"; sshUser = "build";
system = "aarch64-linux"; system = "aarch64-linux";

View file

@ -1,7 +1,7 @@
{ config, lib, ... }: { globals, lib, ... }:
{ {
hm = { hm = {
accounts.email.accounts = lib.flip lib.mapAttrs' config.secrets.secrets.global.user.accounts.email ( accounts.email.accounts = lib.flip lib.mapAttrs' globals.accounts.email (
_: v: _: v:
lib.nameValuePair v.address ( lib.nameValuePair v.address (
lib.recursiveUpdate v { lib.recursiveUpdate v {

View file

@ -1,4 +1,4 @@
{ config, ... }: { globals, ... }:
{ {
# yubikey public key parts # yubikey public key parts
hm.home.file = { hm.home.file = {
@ -27,11 +27,11 @@
}; };
"maddy" = { "maddy" = {
hostname = config.secrets.secrets.global.user.hetzner_ip; hostname = globals.hosts.maddy.ip;
user = "root"; user = "root";
}; };
"mailnix" = { "mailnix" = {
hostname = config.secrets.secrets.global.user.mailnix_ip; hostname = globals.hosts.mailnix.ip;
user = "root"; user = "root";
}; };