From e9286c25abf1d524d87920a412f3e74e9b0102eb Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Sun, 2 Nov 2025 19:23:27 +0100 Subject: [PATCH] update(hosts): Unify hosts --- hosts.nix | 26 +++++++++++++------------- instances/baldur/configuration.nix | 26 +++++++++++++------------- instances/freya/configuration.nix | 2 +- instances/heimdall/configuration.nix | 2 +- instances/loki/configuration.nix | 2 +- instances/odin/configuration.nix | 2 +- nixos/basics/distributed.nix | 2 +- nixos/garage.nix | 5 +++-- nixos/nextcloud.nix | 8 ++++---- 9 files changed, 38 insertions(+), 37 deletions(-) diff --git a/hosts.nix b/hosts.nix index ba39a2e..c89edb1 100644 --- a/hosts.nix +++ b/hosts.nix @@ -1,23 +1,23 @@ { public.ipv4 = { - "baldur.bertof.net" = "51.195.90.205"; + "baldur.bertof.net" = "92.222.35.171"; }; tailscale = { ipv4 = { - "baldur.tsn" = "100.102.112.86"; - "freya.tsn" = "100.127.35.70"; - "heimdall.tsn" = "100.80.122.7"; - "loki.tsn" = "100.122.147.23"; - "odin.tsn" = "100.76.178.8"; - "thor.tsn" = "100.76.98.36"; + "baldur" = "100.102.112.86"; + "freya" = "100.127.35.70"; + "heimdall" = "100.80.122.7"; + "loki" = "100.122.147.23"; + "odin" = "100.76.178.8"; + "thor" = "100.76.98.36"; }; ipv6 = { - "baldur.tsn" = "fd7a:115c:a1e0::f01:7067"; - "freya.tsn" = "fd7a:115c:a1e0::f87f:2346"; - "heimdall.tsn" = "fd7a:115c:a1e0::4e01:7a07"; - "loki.tsn" = "fd7a:115c:a1e0::383a:9317"; - "odin.tsn" = "fd7a:115c:a1e0::4b4c:b208"; - "thor.tsn" = "fd7a:115c:a1e0::7ecc:6224"; + "baldur" = "fd7a:115c:a1e0::f01:7067"; + "freya" = "fd7a:115c:a1e0::f87f:2346"; + "heimdall" = "fd7a:115c:a1e0::4e01:7a07"; + "loki" = "fd7a:115c:a1e0::383a:9317"; + "odin" = "fd7a:115c:a1e0::4b4c:b208"; + "thor" = "fd7a:115c:a1e0::7ecc:6224"; }; }; # zerotier = { diff --git a/instances/baldur/configuration.nix b/instances/baldur/configuration.nix index 541b4a3..416caa3 100644 --- a/instances/baldur/configuration.nix +++ b/instances/baldur/configuration.nix @@ -112,7 +112,7 @@ }; "home-assistant.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://odin.tsn:8123/"; + proxyPass = "http://odin:8123/"; proxyWebsockets = true; }; extraConfig = '' @@ -123,7 +123,7 @@ }; "s3.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:9000/"; + proxyPass = "http://heimdall:9000/"; proxyWebsockets = true; }; extraConfig = '' @@ -138,7 +138,7 @@ }; "hass.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:8123/"; + proxyPass = "http://heimdall:8123/"; proxyWebsockets = true; }; extraConfig = '' @@ -150,7 +150,7 @@ "immich.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:2283"; + proxyPass = "http://heimdall:2283"; proxyWebsockets = true; recommendedProxySettings = true; extraConfig = '' @@ -164,7 +164,7 @@ }; "git.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:3000"; + proxyPass = "http://heimdall:3000"; proxyWebsockets = true; recommendedProxySettings = true; extraConfig = '' @@ -179,7 +179,7 @@ # "ntfy.bertof.net" = ssl // { # locations."/" = { - # proxyPass = "http://heimdall.tsn:7080/"; + # proxyPass = "http://heimdall:7080/"; # proxyWebsockets = true; # extraConfig = '' # client_max_body_size 5g; @@ -188,7 +188,7 @@ # }; "my-nextcloud.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:80/"; + proxyPass = "http://heimdall:80/"; proxyWebsockets = true; extraConfig = '' client_max_body_size 5g; @@ -198,7 +198,7 @@ }; # "grafana.bertof.net" = ssl // { # locations."/" = { - # proxyPass = "http://heimdall.tsn:3000/"; + # proxyPass = "http://heimdall:3000/"; # proxyWebsockets = true; # extraConfig = '' # client_max_body_size 5g; @@ -207,25 +207,25 @@ # }; "radarr.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:7878/"; + proxyPass = "http://heimdall:7878/"; proxyWebsockets = true; }; }; "sonarr.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:8989/"; + proxyPass = "http://heimdall:8989/"; proxyWebsockets = true; }; }; "lidarr.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:8686/"; + proxyPass = "http://heimdall:8686/"; proxyWebsockets = true; }; }; "ombi.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:5000/"; + proxyPass = "http://heimdall:5000/"; proxyWebsockets = true; }; }; @@ -237,7 +237,7 @@ # }; "jellyfin.bertof.net" = ssl // { locations."/" = { - proxyPass = "http://heimdall.tsn:8096/"; + proxyPass = "http://heimdall:8096/"; proxyWebsockets = true; }; }; diff --git a/instances/freya/configuration.nix b/instances/freya/configuration.nix index ae9875a..8c27723 100644 --- a/instances/freya/configuration.nix +++ b/instances/freya/configuration.nix @@ -126,7 +126,7 @@ in http = { use_x_forwarded_for = true; trusted_proxies = [ - hosts.tailscale.ipv4."baldur.tsn" + hosts.tailscale.ipv4."baldur" "::1" "127.0.0.1" ]; diff --git a/instances/heimdall/configuration.nix b/instances/heimdall/configuration.nix index 2ead22f..9dbc50d 100644 --- a/instances/heimdall/configuration.nix +++ b/instances/heimdall/configuration.nix @@ -211,7 +211,7 @@ in http = { use_x_forwarded_for = true; trusted_proxies = [ - hosts.tailscale.ipv4."baldur.tsn" + hosts.tailscale.ipv4."baldur" "::1" "127.0.0.1" ]; diff --git a/instances/loki/configuration.nix b/instances/loki/configuration.nix index 98748ee..07cdd3f 100644 --- a/instances/loki/configuration.nix +++ b/instances/loki/configuration.nix @@ -273,7 +273,7 @@ in http = { use_x_forwarded_for = true; trusted_proxies = [ - hosts.tailscale.ipv4."baldur.tsn" + hosts.tailscale.ipv4."baldur" "::1" "127.0.0.1" ]; diff --git a/instances/odin/configuration.nix b/instances/odin/configuration.nix index 0d1de3b..9495a11 100644 --- a/instances/odin/configuration.nix +++ b/instances/odin/configuration.nix @@ -216,7 +216,7 @@ in http = { use_x_forwarded_for = true; trusted_proxies = [ - hosts.tailscale.ipv4."baldur.tsn" + hosts.tailscale.ipv4."baldur" "::1" "127.0.0.1" ]; diff --git a/nixos/basics/distributed.nix b/nixos/basics/distributed.nix index e5ed61f..89526bc 100644 --- a/nixos/basics/distributed.nix +++ b/nixos/basics/distributed.nix @@ -3,7 +3,7 @@ nix.settings = { # extra-substituters = [ # "https://hyprland.cachix.org" - # "s3://nix-cache?endpoint=heimdall.tsn:9000&scheme=http¶llel-compression=true&want-mass-query=true&priority=35" + # "s3://nix-cache?endpoint=heimdall:9000&scheme=http¶llel-compression=true&want-mass-query=true&priority=35" # # "s3://nix-cache?endpoint=s3.bertof.net" # ]; diff --git a/nixos/garage.nix b/nixos/garage.nix index bd001de..8c86d68 100644 --- a/nixos/garage.nix +++ b/nixos/garage.nix @@ -1,4 +1,5 @@ -{ pkgs, config, ... }: { +{ pkgs, config, ... }: +let hosts = import ../hosts.nix; in { users.groups.garage = { }; users.users.garage = { isSystemUser = true; group = "garage"; }; age.secrets.garage_rpc_secret = { @@ -27,7 +28,7 @@ rpc_bind_addr = "0.0.0.0:3901"; bootstrap_peers = [ ]; - rpc_public_addr = "heimdall.tsn:3901"; + rpc_public_addr = "${hosts.tailscale.ipv4.${config.networking.hostName}}:3901"; s3_api = { api_bind_addr = "0.0.0.0:3900"; diff --git a/nixos/nextcloud.nix b/nixos/nextcloud.nix index 21c6626..ddef101 100644 --- a/nixos/nextcloud.nix +++ b/nixos/nextcloud.nix @@ -62,15 +62,15 @@ in "OC\\Preview\\EMF" ]; trusted_proxies = [ - hosts.tailscale.ipv4."baldur.tsn" - hosts.tailscale.ipv6."baldur.tsn" + hosts.tailscale.ipv4."baldur" + hosts.tailscale.ipv6."baldur" ]; - trusted_domains = [ "heimdall.tsn" "heimdall" ]; + trusted_domains = [ "heimdall" "heimdall" ]; # overwriteprotocol = "http"; }; config = { dbtype = "pgsql"; - # extraTrustedDomains = [ "freya.tsn" ]; + # extraTrustedDomains = [ "freya" ]; adminpassFile = config.age.secrets.nextcloud_admin_secret.path; objectstore.s3 = { enable = true;