diff --git a/hosts/desktopnix/net.nix b/hosts/desktopnix/net.nix index 7309a48..f9f94e5 100644 --- a/hosts/desktopnix/net.nix +++ b/hosts/desktopnix/net.nix @@ -12,4 +12,11 @@ }; }; }; + networking.extraHosts = '' + 192.168.178.2 lel.lol + 192.168.178.2 pw.lel.lol + 192.168.178.2 nc.lel.lol + 192.168.178.2 adguardhome.lel.lol + 192.168.178.2 git.lel.lol + ''; } diff --git a/hosts/elisabeth/default.nix b/hosts/elisabeth/default.nix index 47f19a4..8989a61 100644 --- a/hosts/elisabeth/default.nix +++ b/hosts/elisabeth/default.nix @@ -20,7 +20,6 @@ ../../modules/hardware/zfs.nix ../../modules/services/acme.nix - ../../modules/services/ddclient.nix ./net.nix ./fs.nix diff --git a/hosts/elisabeth/fs.nix b/hosts/elisabeth/fs.nix index 5cf1d03..04a381f 100644 --- a/hosts/elisabeth/fs.nix +++ b/hosts/elisabeth/fs.nix @@ -55,11 +55,13 @@ datasets = { "safe/guests" = unmountable; }; + mode = "raidz"; }; renaultft = mkZpool { datasets = { "safe/guests" = unmountable; }; + mode = "raidz"; }; }; }; diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix index 4f67f1e..c03f2f9 100644 --- a/hosts/elisabeth/guests.nix +++ b/hosts/elisabeth/guests.nix @@ -75,7 +75,7 @@ in { ''; }; upstreams.nextcloud = { - servers."${ipOf "nextcloud"}:3000" = {}; + servers."${ipOf "nextcloud"}:80" = {}; extraConfig = '' zone nextcloud 64k ; @@ -166,6 +166,7 @@ in { {} // mkContainer "adguardhome" {} // mkContainer "vaultwarden" {} + // mkContainer "ddclient" {} // mkContainer "nextcloud" { enablePanzer = true; } diff --git a/hosts/elisabeth/secrets/adguardhome/host.pub b/hosts/elisabeth/secrets/adguardhome/host.pub index 46da641..ac25d6c 100644 --- a/hosts/elisabeth/secrets/adguardhome/host.pub +++ b/hosts/elisabeth/secrets/adguardhome/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrtGpaL39TCloyatv2MJ6H+IUwMBxwO/PdugyYwCPvN +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1b66yEQQSmvFPk4PZTtcyKCyYt4vuruByOoHhIjfu diff --git a/hosts/elisabeth/secrets/ddclient/host.pub b/hosts/elisabeth/secrets/ddclient/host.pub new file mode 100644 index 0000000..3280aff --- /dev/null +++ b/hosts/elisabeth/secrets/ddclient/host.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDzH6m99bGJIy+9Ffa5djFjYryuV6CFmGtY2zUxBiuu diff --git a/hosts/elisabeth/secrets/gitea/host.pub b/hosts/elisabeth/secrets/gitea/host.pub index 315c751..4db5ee9 100644 --- a/hosts/elisabeth/secrets/gitea/host.pub +++ b/hosts/elisabeth/secrets/gitea/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHGEV0vuqSAvT07Sl56Lo3o5U6EU5uSrfTFe5BF5QnX +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx diff --git a/hosts/elisabeth/secrets/host.pub b/hosts/elisabeth/secrets/host.pub index 93d4688..76c29ac 100644 --- a/hosts/elisabeth/secrets/host.pub +++ b/hosts/elisabeth/secrets/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/1vC6GL2Xb9eIQaNKnSOQgN5bglns2Nh5dykkFqYMC +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dFbC8x6Ev1R/nFvG20fp2tapOQti0lK2iz4gsHDRr diff --git a/hosts/elisabeth/secrets/nextcloud/host.pub b/hosts/elisabeth/secrets/nextcloud/host.pub index 3479616..bc54fae 100644 --- a/hosts/elisabeth/secrets/nextcloud/host.pub +++ b/hosts/elisabeth/secrets/nextcloud/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlZoZI1rYOR8wLywWIjtLQLpnflXF7fHhYPZbgd0Gq1 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMAQzrtwi+J6+W21dBPpASsWnhzYkvscwYGycu57lUo diff --git a/hosts/elisabeth/secrets/samba/host.pub b/hosts/elisabeth/secrets/samba/host.pub index cb1c0d1..a393067 100644 --- a/hosts/elisabeth/secrets/samba/host.pub +++ b/hosts/elisabeth/secrets/samba/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnHM1ElW8cdCZaC4D3q5wS0P9/6A6VvZ7V49suxNWaV +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfdZq6qJXMfwobfphbMj+63cjQXHkbJmsL28zZB08xX diff --git a/hosts/elisabeth/secrets/vaultwarden/host.pub b/hosts/elisabeth/secrets/vaultwarden/host.pub index 5e240e9..19b29f2 100644 --- a/hosts/elisabeth/secrets/vaultwarden/host.pub +++ b/hosts/elisabeth/secrets/vaultwarden/host.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHyOMSi8aRtXIEWoMuUfGQl2H6SGSdpl8VuxiEKD9F8 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGlzWJBIfmwzxnUuJI3kxTFBYRzI+duJ+QSWHvNAwZRv diff --git a/modules/services/adguardhome.nix b/modules/services/adguardhome.nix index 5b2587e..b30e502 100644 --- a/modules/services/adguardhome.nix +++ b/modules/services/adguardhome.nix @@ -11,7 +11,7 @@ bind_port = 3000; bind_host = "0.0.0.0"; dns = { - bind_hosts = ["0.0.0.0"]; + bind_hosts = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnet)]; anonymize_client_ip = true; upstream_dns = [ "1.0.0.1" @@ -34,7 +34,7 @@ users = [ { name = "patrick"; - password = "$2b$05$Dapc2LWUfebNOgIeBcaf2OVhW7uKmthmp9Ptykn96Iw1UE5pt2U72"; + password = "$2y$10$cmdb7U/qbtUvrcFeKQvr6.BPrm/UwCiP.gBW2jG0Aq24hnzd2co4m"; } ]; filters = [ diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix index e7dfa12..0a40a6e 100644 --- a/modules/services/gitea.nix +++ b/modules/services/gitea.nix @@ -7,6 +7,7 @@ in { # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh services.openssh.settings.AcceptEnv = "GIT_PROTOCOL"; + networking.firewall.allowedTCPPorts = [3000 9922]; environment.persistence."/panzer".directories = [ { diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix index aa99fc7..e092413 100644 --- a/modules/services/vaultwarden.nix +++ b/modules/services/vaultwarden.nix @@ -46,6 +46,8 @@ in { environmentFile = config.age.secrets.vaultwarden-env.path; }; + networking.firewall.allowedTCPPorts = [3000]; + # Replace uses of old name systemd.services.backup-vaultwarden.environment.DATA_FOLDER = lib.mkForce "/var/lib/vaultwarden"; systemd.services.vaultwarden.serviceConfig = { diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index f80f0ac..c9151bb 100644 Binary files a/secrets/secrets.nix.age and b/secrets/secrets.nix.age differ