Add hosts file

2024-01-07 10:31:18 +01:00 · 2024-01-07 10:31:18 +01:00 · 3b6cf23db1
commit 3b6cf23db1
parent 032875eec9
4 changed files with 42 additions and 11 deletions
--- a/hosts.nix
+++ b/hosts.nix
@ -0,0 +1,26 @@
+{
+  public.ipv4 = {
+    "baldur.bertof.net" = "51.195.90.205";
+  };
+  zerotier = {
+    ipv4 = {
+      "thor.zto" = "172.23.24.223";
+      "baldur.zto" = "172.23.171.70";
+      "x3pro.zto" = "172.23.255.161";
+      "odin.zto" = "172.23.219.133";
+      "loki.zto" = "172.23.254.55";
+      "tiziano.zto" = "172.23.110.109";
+      "freya.zto" = "172.23.18.147";
+    };
+    ipv6 = {
+      "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499";
+      "baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9";
+      "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97";
+      "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3";
+      "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1";
+      "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38";
+      "freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355";
+    };
+  };
+}
+  
--- a/instances/loki/configuration.nix
+++ b/instances/loki/configuration.nix
@ -1,4 +1,7 @@
 { pkgs, ... }:
+let
+  hosts = import ../../hosts.nix;
+in
 {

  boot = {
@ -277,7 +280,7 @@

      http = {
        use_x_forwarded_for = true;
-        trusted_proxies = [ "172.23.171.70" "::1" "127.0.0.1" ];
+        trusted_proxies = [ hosts.zerotier.ipv4."baldur.zto" "::1" "127.0.0.1" ];
      };

      automation = "!include automations.yaml";
--- a/modules/nixos/basics/zerotier.nix
+++ b/modules/nixos/basics/zerotier.nix
@ -1,15 +1,13 @@
+{ lib, ... }:
+let
+  hosts = import ../../../hosts.nix;
+  zerotier_hosts = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair v [ k ]) hosts.zerotier.ipv4;
+in
 {
  services.zerotierone = {
    enable = true;
    joinNetworks = [ "8056c2e21cf9c753" ];
  };

-  networking.hosts = {
-    "172.23.24.223" = [ "thor.zto" ];
-    "172.23.255.161" = [ "x3pro.zto" ];
-    "172.23.219.133" = [ "odin.zto" ];
-    "172.23.254.55" = [ "loki.zto" ];
-    "172.23.18.147" = [ "freya.zto" ];
-    "172.23.171.70" = [ "baldur.zto" ];
-  };
+  networking.hosts = zerotier_hosts;
 }
--- a/modules/nixos/nextcloud.nix
+++ b/modules/nixos/nextcloud.nix
@ -1,4 +1,8 @@
-{ pkgs, config, ... }: {
+{ pkgs, config, ... }:
+let
+  hosts = import ../../hosts.nix;
+in
+{

  age.secrets = {
    nextcloud_admin_secret = { file = ../../secrets/nextcloud_admin_secret.age; owner = "nextcloud"; };
@ -35,7 +39,7 @@
    ];

    config = {
-      trustedProxies = [ "172.23.171.70" "baldur.zto" ];
+      trustedProxies = [ hosts.zerotier.ipv4."baldur.zto" hosts.zerotier.ipv6."baldur.zto" "baldur.zto" ];
      extraTrustedDomains = [ config.services.nextcloud.hostName "freya.zto" ];
      adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
      overwriteProtocol = "https";