feat: begin zackbiene rework

2025-10-11 07:10:39 +02:00 · 2024-05-21 22:55:03 +02:00 · 2024-05-21 22:55:03 +02:00 · 4e46105e5e
commit 4e46105e5e
parent 6ca8df1c30
24 changed files with 100 additions and 95 deletions
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -33,7 +33,7 @@
  };

  # Connect safely via wireguard to skip authentication
-  networking.hosts.${nodes.sentinel.config.wireguard.proxy-sentinel.ipv4} = [nodes.sentinel.config.networking.providedDomains.influxdb];
+  networking.hosts.${config.wireguard.proxy-home.ipv4} = [nodes.sentinel.config.networking.providedDomains.influxdb];
  meta.telegraf = {
    enable = true;
    influxdb2 = {
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -9,7 +9,7 @@
 in {
  wireguard.proxy-sentinel = {
    client.via = "sentinel";
-    firewallRuleForNode.sentinel.allowedTCPPorts = [config.services.adguardhome.settings.port];
+    firewallRuleForNode.sentinel.allowedTCPPorts = [config.services.adguardhome.port];
  };

  nodes.sentinel = {
@ -17,7 +17,7 @@ in {

    services.nginx = {
      upstreams.adguardhome = {
-        servers."${config.wireguard.proxy-sentinel.ipv4}:${toString config.services.adguardhome.settings.port}" = {};
+        servers."${config.wireguard.proxy-sentinel.ipv4}:${toString config.services.adguardhome.port}" = {};
        extraConfig = ''
          zone adguardhome 64k;
          keepalive 2;
@ -52,9 +52,9 @@ in {
  services.adguardhome = {
    enable = true;
    mutableSettings = false;
+    host = "0.0.0.0";
+    port = 3000;
    settings = {
-      host = "0.0.0.0";
-      port = 3000;
      dns = {
        # allowed_clients = [
        # ];
--- a/hosts/ward/kea.nix
+++ b/hosts/ward/kea.nix
@ -9,6 +9,13 @@
  dnsIp = net.cidr.host 3 lanCidrv4;
  webProxyIp = net.cidr.host 4 lanCidrv4;
 in {
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/private/kea";
+      mode = "0700";
+    }
+  ];
+
  # TODO make meta.kea module?
  # TODO reserve by default using assignIps algo?
  services.kea.dhcp4 = {
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@ -156,9 +156,6 @@ in {
    };
  };

-  # Allow accessing influx
-  wireguard.proxy-sentinel.client.via = "sentinel";
-
  #wireguard.home.server = {
  #  host = todo # config.networking.fqdn;
  #  port = 51192;