feat: finish vlan setup

2025-10-10 23:00:39 +02:00 · 2024-12-20 01:05:17 +01:00 · 2024-12-20 01:05:17 +01:00 · 297d19fa0c
commit 297d19fa0c
parent d0448757bf
16 changed files with 115 additions and 100 deletions
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -16,9 +16,9 @@ in

  globals.services.adguardhome.domain = adguardhomeDomain;
  globals.monitoring.dns.adguardhome = {
-    server = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
+    server = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4;
    domain = ".";
-    network = "home-lan";
+    network = "home-lan.vlans.services";
  };

  nodes.sentinel = {
@ -99,7 +99,7 @@ in
          map
            (domain: {
              inherit domain;
-              answer = globals.net.home-lan.hosts.ward-web-proxy.ipv4;
+              answer = globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4;
            })
            [
              # FIXME: dont hardcode, filter global service domains by internal state
--- a/hosts/ward/guests/web-proxy.nix
+++ b/hosts/ward/guests/web-proxy.nix
@ -22,7 +22,7 @@ in
  meta.telegraf.availableMonitoringNetworks = [
    "internet"
    "home-wan"
-    "home-lan"
+    "home-lan.vlans.services"
  ];

  age.secrets.acme-cloudflare-dns-token = {
@ -70,8 +70,8 @@ in
      # is over TLS.
      extraConfig = ''
        proxy_ssl_verify off;
-        allow ${globals.net.home-lan.cidrv4};
-        allow ${globals.net.home-lan.cidrv6};
+        allow ${globals.net.home-lan.vlans.services.cidrv4};
+        allow ${globals.net.home-lan.vlans.services.cidrv6};
        deny all;
      '';
    };