From 89f84345c17fd2ca5e8cc8711f62f5c4472eb8b1 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Wed, 7 Feb 2024 12:18:20 +0100 Subject: [PATCH] Switch to tailscale for inner infra network --- hosts.nix | 42 +++++++++++++++--------------- instances/baldur/configuration.nix | 14 +++++----- instances/freya/configuration.nix | 2 +- instances/loki/configuration.nix | 2 +- modules/nixos/basics/default.nix | 15 +++++------ modules/nixos/nextcloud.nix | 8 +++--- 6 files changed, 41 insertions(+), 42 deletions(-) diff --git a/hosts.nix b/hosts.nix index 653055b..7903e1e 100644 --- a/hosts.nix +++ b/hosts.nix @@ -16,25 +16,25 @@ "odin.tsn" = "fd7a:115c:a1e0::4b4c:b208"; }; }; - zerotier = { - ipv4 = { - "thor.zto" = "172.23.24.223"; - "baldur.zto" = "172.23.171.70"; - "x3pro.zto" = "172.23.255.161"; - "odin.zto" = "172.23.219.133"; - "loki.zto" = "172.23.254.55"; - "tiziano.zto" = "172.23.110.109"; - "freya.zto" = "172.23.18.147"; - }; - ipv6 = { - "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499"; - "baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9"; - "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97"; - "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3"; - "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1"; - "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38"; - "freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355"; - }; - }; + # zerotier = { + # ipv4 = { + # "thor.zto" = "172.23.24.223"; + # "baldur.zto" = "172.23.171.70"; + # "x3pro.zto" = "172.23.255.161"; + # "odin.zto" = "172.23.219.133"; + # "loki.zto" = "172.23.254.55"; + # "tiziano.zto" = "172.23.110.109"; + # "freya.zto" = "172.23.18.147"; + # }; + # ipv6 = { + # "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499"; + # "baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9"; + # "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97"; + # "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3"; + # "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1"; + # "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38"; + # "freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355"; + # }; + # }; } - + diff --git a/instances/baldur/configuration.nix b/instances/baldur/configuration.nix index a52b7a3..e704ebf 100644 --- a/instances/baldur/configuration.nix +++ b/instances/baldur/configuration.nix @@ -88,25 +88,25 @@ }; "my-nextcloud.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://freya.zto:80/"; + proxyPass = "http://freya.tsn:80/"; proxyWebsockets = true; extraConfig = '' client_max_body_size 5g; ''; }; }; - "radarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:7878/"; proxyWebsockets = true; }; }; - "sonarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8989/"; proxyWebsockets = true; }; }; - "lidarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8686/"; proxyWebsockets = true; }; }; - "ombi.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:5000/"; proxyWebsockets = true; }; }; - "jellyfin.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8096/"; proxyWebsockets = true; }; }; + "radarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:7878/"; proxyWebsockets = true; }; }; + "sonarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:8989/"; proxyWebsockets = true; }; }; + "lidarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:8686/"; proxyWebsockets = true; }; }; + "ombi.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:5000/"; proxyWebsockets = true; }; }; + "jellyfin.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:8096/"; proxyWebsockets = true; }; }; }; }; openssh = { enable = true; openFirewall = true; }; # wgautomesh = { # enable = true; # settings = { - # interface = "wg0"; + # interface = "wg0"; # }; # }; }; diff --git a/instances/freya/configuration.nix b/instances/freya/configuration.nix index 670ffd1..e940c2d 100644 --- a/instances/freya/configuration.nix +++ b/instances/freya/configuration.nix @@ -111,7 +111,7 @@ in http = { use_x_forwarded_for = true; trusted_proxies = [ - hosts.zerotier.ipv4."baldur.zto" + # hosts.zerotier.ipv4."baldur.zto" hosts.tailscale.ipv4."baldur.tsn" "::1" "127.0.0.1" diff --git a/instances/loki/configuration.nix b/instances/loki/configuration.nix index 502fb9e..3ea1f62 100644 --- a/instances/loki/configuration.nix +++ b/instances/loki/configuration.nix @@ -281,7 +281,7 @@ in http = { use_x_forwarded_for = true; trusted_proxies = [ - hosts.zerotier.ipv4."baldur.zto" + # hosts.zerotier.ipv4."baldur.zto" hosts.tailscale.ipv4."baldur.tsn" "::1" "127.0.0.1" diff --git a/modules/nixos/basics/default.nix b/modules/nixos/basics/default.nix index a4d3a59..1adef81 100644 --- a/modules/nixos/basics/default.nix +++ b/modules/nixos/basics/default.nix @@ -1,10 +1,9 @@ -{ lib, ... }: -let - src = ./.; - files = builtins.readDir src; - nixFiles = builtins.attrNames (lib.attrsets.filterAttrs (name: type: type != "directory" && lib.hasSuffix ".nix" name && !(lib.hasSuffix "default.nix" name)) files); - imports = builtins.map (path: src + ("/" + path)) nixFiles; -in { - inherit imports; + imports = [ + # ./zerotier.nix + ./tailscale.nix + ./distributed.nix + ./remote-deploy.nix + ./extended-registry.nix + ]; } diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix index 53a2ddf..b04831f 100644 --- a/modules/nixos/nextcloud.nix +++ b/modules/nixos/nextcloud.nix @@ -40,14 +40,14 @@ in config = { trustedProxies = [ - hosts.zerotier.ipv4."baldur.zto" - hosts.zerotier.ipv6."baldur.zto" + # hosts.zerotier.ipv4."baldur.zto" + # hosts.zerotier.ipv6."baldur.zto" hosts.tailscale.ipv4."baldur.tsn" hosts.tailscale.ipv6."baldur.tsn" - "baldur.zto" + # "baldur.zto" "baldur.tsn" ]; - extraTrustedDomains = [ config.services.nextcloud.hostName "freya.zto" ]; + # extraTrustedDomains = [ config.services.nextcloud.hostName "freya.tsn" ]; adminpassFile = config.age.secrets.nextcloud_admin_secret.path; overwriteProtocol = "https"; # objectstore.s3 = {