From 3b6cf23db192762ffb2f8c60cf2ce9db67f05b52 Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Sun, 7 Jan 2024 10:31:18 +0100
Subject: [PATCH] Add hosts file

---
 hosts.nix                         | 26 ++++++++++++++++++++++++++
 instances/loki/configuration.nix  |  5 ++++-
 modules/nixos/basics/zerotier.nix | 14 ++++++--------
 modules/nixos/nextcloud.nix       |  8 ++++++--
 4 files changed, 42 insertions(+), 11 deletions(-)
 create mode 100644 hosts.nix

diff --git a/hosts.nix b/hosts.nix
new file mode 100644
index 0000000..d9bc4cb
--- /dev/null
+++ b/hosts.nix
@@ -0,0 +1,26 @@
+{
+  public.ipv4 = {
+    "baldur.bertof.net" = "51.195.90.205";
+  };
+  zerotier = {
+    ipv4 = {
+      "thor.zto" = "172.23.24.223";
+      "baldur.zto" = "172.23.171.70";
+      "x3pro.zto" = "172.23.255.161";
+      "odin.zto" = "172.23.219.133";
+      "loki.zto" = "172.23.254.55";
+      "tiziano.zto" = "172.23.110.109";
+      "freya.zto" = "172.23.18.147";
+    };
+    ipv6 = {
+      "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499";
+      "baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9";
+      "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97";
+      "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3";
+      "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1";
+      "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38";
+      "freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355";
+    };
+  };
+}
+  
diff --git a/instances/loki/configuration.nix b/instances/loki/configuration.nix
index a34cae5..00042a6 100644
--- a/instances/loki/configuration.nix
+++ b/instances/loki/configuration.nix
@@ -1,4 +1,7 @@
 { pkgs, ... }:
+let
+  hosts = import ../../hosts.nix;
+in
 {
 
   boot = {
@@ -277,7 +280,7 @@
 
       http = {
         use_x_forwarded_for = true;
-        trusted_proxies = [ "172.23.171.70" "::1" "127.0.0.1" ];
+        trusted_proxies = [ hosts.zerotier.ipv4."baldur.zto" "::1" "127.0.0.1" ];
       };
 
       automation = "!include automations.yaml";
diff --git a/modules/nixos/basics/zerotier.nix b/modules/nixos/basics/zerotier.nix
index fed5958..4935849 100644
--- a/modules/nixos/basics/zerotier.nix
+++ b/modules/nixos/basics/zerotier.nix
@@ -1,15 +1,13 @@
+{ lib, ... }:
+let
+  hosts = import ../../../hosts.nix;
+  zerotier_hosts = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair v [ k ]) hosts.zerotier.ipv4;
+in
 {
   services.zerotierone = {
     enable = true;
     joinNetworks = [ "8056c2e21cf9c753" ];
   };
 
-  networking.hosts = {
-    "172.23.24.223" = [ "thor.zto" ];
-    "172.23.255.161" = [ "x3pro.zto" ];
-    "172.23.219.133" = [ "odin.zto" ];
-    "172.23.254.55" = [ "loki.zto" ];
-    "172.23.18.147" = [ "freya.zto" ];
-    "172.23.171.70" = [ "baldur.zto" ];
-  };
+  networking.hosts = zerotier_hosts;
 }
diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix
index 45a9261..e202e88 100644
--- a/modules/nixos/nextcloud.nix
+++ b/modules/nixos/nextcloud.nix
@@ -1,4 +1,8 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, ... }:
+let
+  hosts = import ../../hosts.nix;
+in
+{
 
   age.secrets = {
     nextcloud_admin_secret = { file = ../../secrets/nextcloud_admin_secret.age; owner = "nextcloud"; };
@@ -35,7 +39,7 @@
     ];
 
     config = {
-      trustedProxies = [ "172.23.171.70" "baldur.zto" ];
+      trustedProxies = [ hosts.zerotier.ipv4."baldur.zto" hosts.zerotier.ipv6."baldur.zto" "baldur.zto" ];
       extraTrustedDomains = [ config.services.nextcloud.hostName "freya.zto" ];
       adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
       overwriteProtocol = "https";