patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

fix: desktopnix deploy

Browse source 
fix: immich firewall rules
This commit is contained in:
Patrick 2024-12-24 14:54:17 +01:00
parent 4a8d074627
commit 12fd79a9c8
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
8 changed files with 16 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/services/immich.nix
View file

@ -251,7 +251,7 @@ in
networking.nftables.chains.forward.into-immich-container = {
after = [ "conntrack" ];
rules = [
"iifname elisabeth ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
"iifname services ip saddr ${nodes.nucnix-nginx.config.wireguard.services.ipv4} tcp dport 2283 accept"
"iifname podman1 oifname lan accept"
];
};

5
hosts/desktopnix/net.nix
View file

@ -1,5 +1,6 @@
{
config,
globals,
pkgs,
...
}:
@ -41,8 +42,8 @@
clients.main = {
port = 51820;
environment = {
NB_MANAGEMENT_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
NB_ADMIN_URL = "https://netbird.${config.secrets.secrets.global.domains.web}";
NB_MANAGEMENT_URL = "https://netbird.${globals.domains.web}";
NB_ADMIN_URL = "https://netbird.${globals.domains.web}";
NB_HOSTNAME = "desktopnix";
};
};

4
hosts/elisabeth/guests.nix
View file

@ -60,9 +60,9 @@
lib.listToAttrs (
lib.flip map vlans (
name:
lib.nameValuePair "09-mv-${name}" {
lib.nameValuePair "10-mv-${name}" {
matchConfig.Name = "mv-${name}";
DHCP = "no";
DHCP = lib.mkForce "no";
address = [
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)

4
hosts/nucnix/guests.nix
View file

@ -45,9 +45,9 @@ in
lib.listToAttrs (
lib.flip map vlans (
name:
lib.nameValuePair "09-mv-${name}" {
lib.nameValuePair "10-mv-${name}" {
matchConfig.Name = "mv-${name}";
DHCP = "no";
DHCP = lib.mkForce "no";
address = [
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)

2
users/patrick/default.nix
View file

@ -20,7 +20,7 @@ lib.optionalAttrs (!minimal) {
"tss"
];
group = "patrick";
hashedPassword = globals.users.patrick.passwordHash;
inherit (globals.users.patrick) hashedPassword;
autoSubUidGidRange = false;
subUidRanges = [
{

3
users/patrick/dev.nix
View file

@ -2,6 +2,7 @@
lib,
config,
nodes,
globals,
minimal,
pkgs,
...
@ -61,7 +62,7 @@ lib.optionalAttrs (!minimal) {
distributedBuilds = true;
buildMachines = [
{
hostName = config.secrets.secrets.global.user.mailnix_ip;
hostName = globals.hosts.mailnix.ip;
protocol = "ssh-ng";
sshUser = "build";
system = "aarch64-linux";

4
users/patrick/programs/thunderbird.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }:
{ globals, lib, ... }:
{
hm = {
accounts.email.accounts = lib.flip lib.mapAttrs' config.secrets.secrets.global.user.accounts.email (
accounts.email.accounts = lib.flip lib.mapAttrs' globals.accounts.email (
_: v:
lib.nameValuePair v.address (
lib.recursiveUpdate v {

6
users/patrick/ssh.nix
View file

@ -1,4 +1,4 @@
{ config, ... }:
{ globals, ... }:
{
# yubikey public key parts
hm.home.file = {
@ -27,11 +27,11 @@
};
"maddy" = {
hostname = config.secrets.secrets.global.user.hetzner_ip;
hostname = globals.hosts.maddy.ip;
user = "root";
};
"mailnix" = {
hostname = config.secrets.secrets.global.user.mailnix_ip;
hostname = globals.hosts.mailnix.ip;
user = "root";
};