bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Switch to tailscale for inner infra network

Browse source
This commit is contained in:
Filippo Berto 2024-02-07 12:18:20 +01:00
parent 1427c784c0
commit 89f84345c1
Signed by: bertof
GPG key ID: 9DBF7E6A1D2CE9ED
6 changed files with 41 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

42
hosts.nix
View file

@ -16,25 +16,25 @@
"odin.tsn" = "fd7a:115c:a1e0::4b4c:b208"; "odin.tsn" = "fd7a:115c:a1e0::4b4c:b208";
}; };
}; };
zerotier = { # zerotier = {
ipv4 = { # ipv4 = {
"thor.zto" = "172.23.24.223"; # "thor.zto" = "172.23.24.223";
"baldur.zto" = "172.23.171.70"; # "baldur.zto" = "172.23.171.70";
"x3pro.zto" = "172.23.255.161"; # "x3pro.zto" = "172.23.255.161";
"odin.zto" = "172.23.219.133"; # "odin.zto" = "172.23.219.133";
"loki.zto" = "172.23.254.55"; # "loki.zto" = "172.23.254.55";
"tiziano.zto" = "172.23.110.109"; # "tiziano.zto" = "172.23.110.109";
"freya.zto" = "172.23.18.147"; # "freya.zto" = "172.23.18.147";
}; # };
ipv6 = { # ipv6 = {
"thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499"; # "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499";
"baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9"; # "baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9";
"x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97"; # "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97";
"odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3"; # "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3";
"loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1"; # "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1";
"tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38"; # "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38";
"freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355"; # "freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355";
}; # };
}; # };
} }

14
instances/baldur/configuration.nix
View file

@ -88,25 +88,25 @@
}; };
"my-nextcloud.bertof.net" = ssl // { "my-nextcloud.bertof.net" = ssl // {
locations."/" = { locations."/" = {
proxyPass = "http://freya.zto:80/"; proxyPass = "http://freya.tsn:80/";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
client_max_body_size 5g; client_max_body_size 5g;
''; '';
}; };
}; };
"radarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:7878/"; proxyWebsockets = true; }; }; "radarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:7878/"; proxyWebsockets = true; }; };
"sonarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8989/"; proxyWebsockets = true; }; }; "sonarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:8989/"; proxyWebsockets = true; }; };
"lidarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8686/"; proxyWebsockets = true; }; }; "lidarr.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:8686/"; proxyWebsockets = true; }; };
"ombi.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:5000/"; proxyWebsockets = true; }; }; "ombi.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:5000/"; proxyWebsockets = true; }; };
"jellyfin.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.zto:8096/"; proxyWebsockets = true; }; }; "jellyfin.bertof.net" = ssl // { locations."/" = { proxyPass = "http://freya.tsn:8096/"; proxyWebsockets = true; }; };
}; };
}; };
openssh = { enable = true; openFirewall = true; }; openssh = { enable = true; openFirewall = true; };
# wgautomesh = { # wgautomesh = {
# enable = true; # enable = true;
# settings = { # settings = {
# interface = "wg0"; # interface = "wg0";
# }; # };
# }; # };
}; };

2
instances/freya/configuration.nix
View file

@ -111,7 +111,7 @@ in
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
trusted_proxies = [ trusted_proxies = [
hosts.zerotier.ipv4."baldur.zto" # hosts.zerotier.ipv4."baldur.zto"
hosts.tailscale.ipv4."baldur.tsn" hosts.tailscale.ipv4."baldur.tsn"
"::1" "::1"
"127.0.0.1" "127.0.0.1"

2
instances/loki/configuration.nix
View file

@ -281,7 +281,7 @@ in
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
trusted_proxies = [ trusted_proxies = [
hosts.zerotier.ipv4."baldur.zto" # hosts.zerotier.ipv4."baldur.zto"
hosts.tailscale.ipv4."baldur.tsn" hosts.tailscale.ipv4."baldur.tsn"
"::1" "::1"
"127.0.0.1" "127.0.0.1"

15
modules/nixos/basics/default.nix
View file

@ -1,10 +1,9 @@
{ lib, ... }:
let
src = ./.;
files = builtins.readDir src;
nixFiles = builtins.attrNames (lib.attrsets.filterAttrs (name: type: type != "directory" && lib.hasSuffix ".nix" name && !(lib.hasSuffix "default.nix" name)) files);
imports = builtins.map (path: src + ("/" + path)) nixFiles;
in
{ {
inherit imports; imports = [
# ./zerotier.nix
./tailscale.nix
./distributed.nix
./remote-deploy.nix
./extended-registry.nix
];
} }

8
modules/nixos/nextcloud.nix
View file

@ -40,14 +40,14 @@ in
config = { config = {
trustedProxies = [ trustedProxies = [
hosts.zerotier.ipv4."baldur.zto" # hosts.zerotier.ipv4."baldur.zto"
hosts.zerotier.ipv6."baldur.zto" # hosts.zerotier.ipv6."baldur.zto"
hosts.tailscale.ipv4."baldur.tsn" hosts.tailscale.ipv4."baldur.tsn"
hosts.tailscale.ipv6."baldur.tsn" hosts.tailscale.ipv6."baldur.tsn"
"baldur.zto" # "baldur.zto"
"baldur.tsn" "baldur.tsn"
]; ];
extraTrustedDomains = [ config.services.nextcloud.hostName "freya.zto" ]; # extraTrustedDomains = [ config.services.nextcloud.hostName "freya.tsn" ];
adminpassFile = config.age.secrets.nextcloud_admin_secret.path; adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
overwriteProtocol = "https"; overwriteProtocol = "https";
# objectstore.s3 = { # objectstore.s3 = {