fix: desktopnix deploy
fix: immich firewall rules
This commit is contained in:
parent
4a8d074627
commit
12fd79a9c8
|
@ -251,7 +251,7 @@ in
|
||||||
networking.nftables.chains.forward.into-immich-container = {
|
networking.nftables.chains.forward.into-immich-container = {
|
||||||
after = [ "conntrack" ];
|
after = [ "conntrack" ];
|
||||||
rules = [
|
rules = [
|
||||||
"iifname elisabeth ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
|
"iifname services ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
|
||||||
"iifname podman1 oifname lan accept"
|
"iifname podman1 oifname lan accept"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
|
globals,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
@ -41,8 +42,8 @@
|
||||||
clients.main = {
|
clients.main = {
|
||||||
port = 51820;
|
port = 51820;
|
||||||
environment = {
|
environment = {
|
||||||
NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
|
NB_MANAGEMENT_URL = "https://netbird.${globals.domains.web}";
|
||||||
NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
|
NB_ADMIN_URL = "https://netbird.${globals.domains.web}";
|
||||||
NB_HOSTNAME = "desktopnix";
|
NB_HOSTNAME = "desktopnix";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -60,9 +60,9 @@
|
||||||
lib.listToAttrs (
|
lib.listToAttrs (
|
||||||
lib.flip map vlans (
|
lib.flip map vlans (
|
||||||
name:
|
name:
|
||||||
lib.nameValuePair "09-mv-${name}" {
|
lib.nameValuePair "10-mv-${name}" {
|
||||||
matchConfig.Name = "mv-${name}";
|
matchConfig.Name = "mv-${name}";
|
||||||
DHCP = "no";
|
DHCP = lib.mkForce "no";
|
||||||
address = [
|
address = [
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
||||||
|
|
|
@ -45,9 +45,9 @@ in
|
||||||
lib.listToAttrs (
|
lib.listToAttrs (
|
||||||
lib.flip map vlans (
|
lib.flip map vlans (
|
||||||
name:
|
name:
|
||||||
lib.nameValuePair "09-mv-${name}" {
|
lib.nameValuePair "10-mv-${name}" {
|
||||||
matchConfig.Name = "mv-${name}";
|
matchConfig.Name = "mv-${name}";
|
||||||
DHCP = "no";
|
DHCP = lib.mkForce "no";
|
||||||
address = [
|
address = [
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
||||||
|
|
|
@ -20,7 +20,7 @@ lib.optionalAttrs (!minimal) {
|
||||||
"tss"
|
"tss"
|
||||||
];
|
];
|
||||||
group = "patrick";
|
group = "patrick";
|
||||||
hashedPassword = globals.users.patrick.passwordHash;
|
inherit (globals.users.patrick) hashedPassword;
|
||||||
autoSubUidGidRange = false;
|
autoSubUidGidRange = false;
|
||||||
subUidRanges = [
|
subUidRanges = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
nodes,
|
nodes,
|
||||||
|
globals,
|
||||||
minimal,
|
minimal,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
|
@ -61,7 +62,7 @@ lib.optionalAttrs (!minimal) {
|
||||||
distributedBuilds = true;
|
distributedBuilds = true;
|
||||||
buildMachines = [
|
buildMachines = [
|
||||||
{
|
{
|
||||||
hostName = config.secrets.secrets.global.user.mailnix_ip;
|
hostName = globals.hosts.mailnix.ip;
|
||||||
protocol = "ssh-ng";
|
protocol = "ssh-ng";
|
||||||
sshUser = "build";
|
sshUser = "build";
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, ... }:
|
{ globals, lib, ... }:
|
||||||
{
|
{
|
||||||
hm = {
|
hm = {
|
||||||
accounts.email.accounts = lib.flip lib.mapAttrs' config.secrets.secrets.global.user.accounts.email (
|
accounts.email.accounts = lib.flip lib.mapAttrs' globals.accounts.email (
|
||||||
_: v:
|
_: v:
|
||||||
lib.nameValuePair v.address (
|
lib.nameValuePair v.address (
|
||||||
lib.recursiveUpdate v {
|
lib.recursiveUpdate v {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, ... }:
|
{ globals, ... }:
|
||||||
{
|
{
|
||||||
# yubikey public key parts
|
# yubikey public key parts
|
||||||
hm.home.file = {
|
hm.home.file = {
|
||||||
|
@ -27,11 +27,11 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
"maddy" = {
|
"maddy" = {
|
||||||
hostname = config.secrets.secrets.global.user.hetzner_ip;
|
hostname = globals.hosts.maddy.ip;
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
"mailnix" = {
|
"mailnix" = {
|
||||||
hostname = config.secrets.secrets.global.user.mailnix_ip;
|
hostname = globals.hosts.mailnix.ip;
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue