feat: ddclient container

2024-01-13 19:23:51 +01:00 · 2024-01-13 19:23:51 +01:00 · f1d8069dc6
parent a996be8a7d
commit f1d8069dc6
15 changed files with 23 additions and 10 deletions
--- a/hosts/desktopnix/net.nix
+++ b/hosts/desktopnix/net.nix
@ -12,4 +12,11 @@
      };
    };
  };
+  networking.extraHosts = ''
+    192.168.178.2 lel.lol
+    192.168.178.2 pw.lel.lol
+    192.168.178.2 nc.lel.lol
+    192.168.178.2 adguardhome.lel.lol
+    192.168.178.2 git.lel.lol
+  '';
 }
--- a/hosts/elisabeth/default.nix
+++ b/hosts/elisabeth/default.nix
@ -20,7 +20,6 @@
      ../../modules/hardware/zfs.nix

      ../../modules/services/acme.nix
-      ../../modules/services/ddclient.nix

      ./net.nix
      ./fs.nix
--- a/hosts/elisabeth/fs.nix
+++ b/hosts/elisabeth/fs.nix
@ -55,11 +55,13 @@
        datasets = {
          "safe/guests" = unmountable;
        };
+        mode = "raidz";
      };
      renaultft = mkZpool {
        datasets = {
          "safe/guests" = unmountable;
        };
+        mode = "raidz";
      };
    };
  };
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@ -75,7 +75,7 @@ in {
      '';
    };
    upstreams.nextcloud = {
-      servers."${ipOf "nextcloud"}:3000" = {};
+      servers."${ipOf "nextcloud"}:80" = {};

      extraConfig = ''
        zone nextcloud 64k ;
@ -166,6 +166,7 @@ in {
    {}
    // mkContainer "adguardhome" {}
    // mkContainer "vaultwarden" {}
+    // mkContainer "ddclient" {}
    // mkContainer "nextcloud" {
      enablePanzer = true;
    }
--- a/hosts/elisabeth/secrets/adguardhome/host.pub
+++ b/hosts/elisabeth/secrets/adguardhome/host.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrtGpaL39TCloyatv2MJ6H+IUwMBxwO/PdugyYwCPvN
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1b66yEQQSmvFPk4PZTtcyKCyYt4vuruByOoHhIjfu
--- a/hosts/elisabeth/secrets/ddclient/host.pub
+++ b/hosts/elisabeth/secrets/ddclient/host.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDzH6m99bGJIy+9Ffa5djFjYryuV6CFmGtY2zUxBiuu
--- a/hosts/elisabeth/secrets/gitea/host.pub
+++ b/hosts/elisabeth/secrets/gitea/host.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHGEV0vuqSAvT07Sl56Lo3o5U6EU5uSrfTFe5BF5QnX
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx
--- a/hosts/elisabeth/secrets/host.pub
+++ b/hosts/elisabeth/secrets/host.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/1vC6GL2Xb9eIQaNKnSOQgN5bglns2Nh5dykkFqYMC
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dFbC8x6Ev1R/nFvG20fp2tapOQti0lK2iz4gsHDRr
--- a/hosts/elisabeth/secrets/nextcloud/host.pub
+++ b/hosts/elisabeth/secrets/nextcloud/host.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlZoZI1rYOR8wLywWIjtLQLpnflXF7fHhYPZbgd0Gq1
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMAQzrtwi+J6+W21dBPpASsWnhzYkvscwYGycu57lUo
--- a/hosts/elisabeth/secrets/samba/host.pub
+++ b/hosts/elisabeth/secrets/samba/host.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnHM1ElW8cdCZaC4D3q5wS0P9/6A6VvZ7V49suxNWaV
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfdZq6qJXMfwobfphbMj+63cjQXHkbJmsL28zZB08xX
--- a/hosts/elisabeth/secrets/vaultwarden/host.pub
+++ b/hosts/elisabeth/secrets/vaultwarden/host.pub
@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHyOMSi8aRtXIEWoMuUfGQl2H6SGSdpl8VuxiEKD9F8
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGlzWJBIfmwzxnUuJI3kxTFBYRzI+duJ+QSWHvNAwZRv
--- a/modules/services/adguardhome.nix
+++ b/modules/services/adguardhome.nix
@ -11,7 +11,7 @@
      bind_port = 3000;
      bind_host = "0.0.0.0";
      dns = {
-        bind_hosts = ["0.0.0.0"];
+        bind_hosts = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnet)];
        anonymize_client_ip = true;
        upstream_dns = [
          "1.0.0.1"
@ -34,7 +34,7 @@
      users = [
        {
          name = "patrick";
-          password = "$2b$05$Dapc2LWUfebNOgIeBcaf2OVhW7uKmthmp9Ptykn96Iw1UE5pt2U72";
+          password = "$2y$10$cmdb7U/qbtUvrcFeKQvr6.BPrm/UwCiP.gBW2jG0Aq24hnzd2co4m";
        }
      ];
      filters = [
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@ -7,6 +7,7 @@
 in {
  # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
  services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
+  networking.firewall.allowedTCPPorts = [3000 9922];

  environment.persistence."/panzer".directories = [
    {
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@ -46,6 +46,8 @@ in {
    environmentFile = config.age.secrets.vaultwarden-env.path;
  };

+  networking.firewall.allowedTCPPorts = [3000];
+
  # Replace uses of old name
  systemd.services.backup-vaultwarden.environment.DATA_FOLDER = lib.mkForce "/var/lib/vaultwarden";
  systemd.services.vaultwarden.serviceConfig = {
--- a/secrets/secrets.nix.age
+++ b/secrets/secrets.nix.age
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDzH6m99bGJIy+9Ffa5djFjYryuV6CFmGtY2zUxBiuu`