diff --git a/hosts/sausebiene/home-assistant.nix b/hosts/sausebiene/home-assistant.nix index 23aab33..bc6fbd9 100644 --- a/hosts/sausebiene/home-assistant.nix +++ b/hosts/sausebiene/home-assistant.nix @@ -8,7 +8,7 @@ }: let homeassistantDomain = "home.${globals.domains.personal}"; - fritzboxDomain = "fritzbox.${globals.domains.me}"; + fritzboxDomain = "fritzbox.${globals.domains.personal}"; in { wireguard.proxy-home.firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ @@ -80,7 +80,8 @@ in currency = "EUR"; time_zone = "Europe/Berlin"; unit_system = "metric"; - #external_url = "https://"; + external_url = "https://${homeassistantDomain}"; + internal_url = "https://${homeassistantDomain}"; packages.manual = "!include manual.yaml"; }; @@ -164,6 +165,10 @@ in fritzboxDomain ]; + networking.hosts.${nodes.ward-adguardhome.config.wireguard.proxy-home.ipv4} = [ + "adguardhome.internal" + ]; + nodes.ward-web-proxy = { services.nginx = { upstreams."home-assistant" = { diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index 63b67c3..a46d398 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -13,6 +13,12 @@ in firewallRuleForNode.sentinel.allowedTCPPorts = [ config.services.adguardhome.port ]; }; + # Allow home-assistant to access it directly + wireguard.proxy-home = { + client.via = "ward"; + firewallRuleForNode.sausebiene.allowedTCPPorts = [ config.services.adguardhome.port ]; + }; + globals.services.adguardhome.domain = adguardhomeDomain; globals.monitoring.dns.adguardhome = { server = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4; diff --git a/secrets/rekeyed/ward-adguardhome/a59470476f4151bbae3e2b65010d1003-wireguard-proxy-home-psks-ward+ward-adguardhome.age b/secrets/rekeyed/ward-adguardhome/a59470476f4151bbae3e2b65010d1003-wireguard-proxy-home-psks-ward+ward-adguardhome.age new file mode 100644 index 0000000..fdcb4e6 --- /dev/null +++ b/secrets/rekeyed/ward-adguardhome/a59470476f4151bbae3e2b65010d1003-wireguard-proxy-home-psks-ward+ward-adguardhome.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 iMlJww LcDZuXwwr/dGoj/CzBn9brVhyZjpCTalCCqSghTgKXo +gjlkRjoWfeU1p62rZUiwZNmDVfkZYkGVzwjqCB4o3Kc +-> |?s>\8-grease : qWq 7s 6 +BcxYNl6jGOWAQne7b73ndOl4F+Sx/KWZu2YnWSGk5t6xigHGdhnayS15c7UpMwtX +2kRllLKGT+GVa1ZdkcxqOomFVCEuTqphLflsmyAVZOWiDOcKz5trJJIwzaglCl4 +--- cAhf8esIsFV6xjJB50XcoPY1Q6KRA/Zunin3KVXPIqE +?`"zlÅïÀƒêyJ…§_¿f3ñƒ…°ÏG5<@ÏKwáÅ`Û3qO(G \ No newline at end of file diff --git a/secrets/rekeyed/ward-adguardhome/ae68e15b0af4a73aca607cc0fcae24b3-wireguard-proxy-home-priv-ward-adguardhome.age b/secrets/rekeyed/ward-adguardhome/ae68e15b0af4a73aca607cc0fcae24b3-wireguard-proxy-home-priv-ward-adguardhome.age new file mode 100644 index 0000000..21c6b73 --- /dev/null +++ b/secrets/rekeyed/ward-adguardhome/ae68e15b0af4a73aca607cc0fcae24b3-wireguard-proxy-home-priv-ward-adguardhome.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 iMlJww jtnCnEFZ1T/u9JYmyHF1qDdAss49L9pdwCLGiWx2fRk +fFlcfA91amGpSLfj+/eC3Vlq+xMT5sUbGJ1ETb6KjRE +-> Ib-grease M;HenC[2 4D~s$ eHi[gc/# +ug8sUzolBxptKxNReOiU0sw/V6K/7Z4z7d9hkZpgVDLIk7js7EElkTmLlyr5JX0/ +bA5KBj6prReCaSTxlKpe5mQzW5vVjjBn +--- ajcDhhtD3Lr25V6lKBK6MhiKutoPurRyiS1daILhQ+c +äÉkßA¬Æ\‡t¹¬ÞB/»hÜo(SÇßÌþÀ€èž®ŠÒ}¼QÛ…ŒgEÓ&ÏS ¦4îÍJLl“3á/P^º- \ No newline at end of file diff --git a/secrets/rekeyed/ward/0807225dcebc6e46b72050aae1d9f8ce-wireguard-proxy-home-psks-ward+ward-adguardhome.age b/secrets/rekeyed/ward/0807225dcebc6e46b72050aae1d9f8ce-wireguard-proxy-home-psks-ward+ward-adguardhome.age new file mode 100644 index 0000000..25a51a7 --- /dev/null +++ b/secrets/rekeyed/ward/0807225dcebc6e46b72050aae1d9f8ce-wireguard-proxy-home-psks-ward+ward-adguardhome.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 iNceIg aLBsJxvdC9NQbN5Sdv1JkljaXiwo3lVQLYYN3gu6jgw +B4PbbBvHf/xs97U7vaob55DJxVNwWaqMzRf26mayeP4 +-> pg_02\K-grease dl34LY +qnYGF6f0nfvHrPkYDymNgG6iS7RwpThN3I2X3HIG0SOWktqmTgHpFmwqcCPrBxZS +EKML2Qzgz1hpO2ml +--- mCTF7YTPFttEgFQM1EVnTpCxTRqSijEcwgDpLqVzZ7o +öHsDu½ã¯â‡~—âŠeP Œk#£jtÁECxê)Î4¬ÜkCÍõ‰9Ì@ýùt ‘p7±8Ó«ofU „Ùs +ydÌ°>{“x‘sC \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/ward-adguardhome.age b/secrets/wireguard/proxy-home/keys/ward-adguardhome.age new file mode 100644 index 0000000..f82d00a --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/ward-adguardhome.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 vW5hwIXwVkbRjMGS8cHM5lvB9SNQD0dSV5xR2PFRhkk +A4YoPsXllbPp3x7RwbMNRJjQ217PS8El/9V5TfADG7U +-> piv-p256 xqSe8Q A6xD8V3EOqGFHOytfnKWLL6K5Dz7KWO5XoAPs/Un7WT8 +g59blWifMKGL6qdRj3+PYsQnmfDezySzd4FItEcl5OA +-> h6^upJ-grease +0aZsMxGYVCyLC29k+vuIjlLmUQs3nEW0tKBsJm51dQ38RhXzwfZ0/18j/iJMQbPF +f/b+LxRkNSWz7Hgb7a0Gkg +--- wyTiI3dbqYlLOg3aY/dwMNLEowuWXX5T3mR8xnDjj4k +1›—Ù36 –dqÄGën[£)|оˆpn¥»å­=ÎØ›^¦c¥dý6B¸„!oS,m–€U¦ãb¼"ŠÁ4JÕ¡N½­H3X̾öÅ3 \ No newline at end of file diff --git a/secrets/wireguard/proxy-home/keys/ward-adguardhome.pub b/secrets/wireguard/proxy-home/keys/ward-adguardhome.pub new file mode 100644 index 0000000..27aa2de --- /dev/null +++ b/secrets/wireguard/proxy-home/keys/ward-adguardhome.pub @@ -0,0 +1 @@ +/cNYC+G+JTSbVfjCRO+gm1odlmsbA6aIMqj76lDo210= diff --git a/secrets/wireguard/proxy-home/psks/ward+ward-adguardhome.age b/secrets/wireguard/proxy-home/psks/ward+ward-adguardhome.age new file mode 100644 index 0000000..2840676 Binary files /dev/null and b/secrets/wireguard/proxy-home/psks/ward+ward-adguardhome.age differ