mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-10 14:50:40 +02:00
207 lines
5.5 KiB
Nix
207 lines
5.5 KiB
Nix
{
|
|
inputs,
|
|
config,
|
|
lib,
|
|
nodes,
|
|
...
|
|
}:
|
|
let
|
|
inherit (config) globals;
|
|
|
|
# Try to access the extra builtin we loaded via nix-plugins.
|
|
# Throw an error if that doesn't exist.
|
|
rageImportEncrypted =
|
|
assert lib.assertMsg (builtins ? extraBuiltins.rageImportEncrypted)
|
|
"The extra builtin 'rageImportEncrypted' is not available, so repo.secrets cannot be decrypted. Did you forget to add nix-plugins and point it to `./nix/extra-builtins.nix` ?";
|
|
builtins.extraBuiltins.rageImportEncrypted;
|
|
in
|
|
{
|
|
imports = [
|
|
(rageImportEncrypted inputs.self.secretsConfig.masterIdentities ./secrets/global.nix.age)
|
|
];
|
|
|
|
globals = {
|
|
wireguard = {
|
|
proxy-home = {
|
|
host = globals.net.home-lan.vlans.services.hosts.ward.ipv4;
|
|
port = 51444;
|
|
cidrv4 = "10.44.0.0/24";
|
|
cidrv6 = "fd00:44::/120";
|
|
hosts = {
|
|
sausebiene.id = 10;
|
|
sire-grafana.id = 221;
|
|
sire-immich.id = 225;
|
|
sire-influxdb.id = 141;
|
|
sire-loki.id = 109;
|
|
sire-paperless.id = 147;
|
|
sire-samba.id = 38;
|
|
ward.id = 94;
|
|
ward-adguardhome.id = 148;
|
|
ward-mealie.id = 128;
|
|
ward-web-proxy.id = 11;
|
|
};
|
|
};
|
|
|
|
proxy-sentinel = {
|
|
port = 51443;
|
|
cidrv4 = "10.43.0.0/24";
|
|
cidrv6 = "fd00:43::/120";
|
|
hosts = {
|
|
envoy.id = 135;
|
|
sentinel.id = 29;
|
|
sire-ai.id = 171;
|
|
sire-grafana.id = 221;
|
|
sire-immich.id = 225;
|
|
sire-influxdb.id = 141;
|
|
sire-loki.id = 109;
|
|
sire-minecraft.id = 163;
|
|
sire-paperless.id = 147;
|
|
sire.id = 14;
|
|
ward-adguardhome.id = 148;
|
|
ward-forgejo.id = 128;
|
|
ward-kanidm.id = 197;
|
|
ward-radicale.id = 252;
|
|
ward-vaultwarden.id = 142;
|
|
};
|
|
};
|
|
};
|
|
|
|
net = {
|
|
home-wan = {
|
|
cidrv4 = "192.168.178.0/24";
|
|
hosts.fritzbox.id = 1;
|
|
hosts.ward.id = 2;
|
|
};
|
|
|
|
home-lan = {
|
|
vlans = {
|
|
services = {
|
|
id = 5;
|
|
cidrv4 = "192.168.5.0/24";
|
|
cidrv6 = "fd05::/64";
|
|
hosts.ward.id = 1;
|
|
hosts.sire.id = 2;
|
|
hosts.ward-adguardhome = {
|
|
id = 3;
|
|
inherit (nodes.ward-adguardhome.config.lib.microvm.interfaces.vlan-services) mac;
|
|
};
|
|
hosts.ward-web-proxy = {
|
|
id = 4;
|
|
inherit (nodes.ward-web-proxy.config.lib.microvm.interfaces.vlan-services) mac;
|
|
};
|
|
hosts.sausebiene.id = 5;
|
|
hosts.sire-samba = {
|
|
id = 10;
|
|
inherit (nodes.sire-samba.config.lib.microvm.interfaces.vlan-services) mac;
|
|
};
|
|
};
|
|
home = {
|
|
id = 10;
|
|
cidrv4 = "192.168.10.0/24";
|
|
cidrv6 = "fd10::/64";
|
|
hosts.ward.id = 1;
|
|
hosts.sire.id = 2;
|
|
hosts.sausebiene.id = 5;
|
|
};
|
|
devices = {
|
|
id = 20;
|
|
cidrv4 = "192.168.20.0/24";
|
|
cidrv6 = "fd20::/64";
|
|
hosts.ward.id = 1;
|
|
hosts.sire.id = 2;
|
|
hosts.sausebiene.id = 5;
|
|
hosts.scanner-ads-4300n = {
|
|
id = 23;
|
|
mac = globals.macs.scanner-ads-4300n;
|
|
};
|
|
hosts.epsondc44f7 = {
|
|
id = 30;
|
|
mac = globals.macs.epsondc44f7;
|
|
};
|
|
hosts.wallbox = {
|
|
id = 40;
|
|
mac = globals.macs.wallbox;
|
|
};
|
|
};
|
|
iot = {
|
|
id = 30;
|
|
cidrv4 = "192.168.30.0/24";
|
|
cidrv6 = "fd30::/64";
|
|
hosts.ward.id = 1;
|
|
hosts.sausebiene.id = 5;
|
|
hosts.bambulab-p1s = {
|
|
id = 22;
|
|
mac = globals.macs.bambulab-p1s;
|
|
};
|
|
hosts.shelly-mains = {
|
|
id = 23;
|
|
mac = globals.macs.shelly-mains;
|
|
};
|
|
hosts.shelly-solar = {
|
|
id = 24;
|
|
mac = globals.macs.shelly-solar;
|
|
};
|
|
# FIXME: forbid these devices on other interfaces... maybe put them into separate switches vlan.
|
|
# hosts.tl-sg105e-flur = {
|
|
# id = ;
|
|
# mac = globals.macs.tl-sg105e-flur;
|
|
# };
|
|
# hosts.tl-sg105e-garage = {
|
|
# id = ;
|
|
# mac = globals.macs.tl-sg105e-garage;
|
|
# };
|
|
# hosts.tl-sg105e-keller = {
|
|
# id = ;
|
|
# mac = globals.macs.tl-sg105e-keller;
|
|
# };
|
|
# hosts.tl-sg108e-dach = {
|
|
# id = ;
|
|
# mac = globals.macs.tl-sg108e-dach;
|
|
# };
|
|
};
|
|
guests = {
|
|
id = 50;
|
|
cidrv4 = "192.168.50.0/24";
|
|
cidrv6 = "fd50::/64";
|
|
hosts.ward.id = 1;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
monitoring = {
|
|
dns = {
|
|
cloudflare = {
|
|
server = "1.1.1.1";
|
|
domain = ".";
|
|
network = "internet";
|
|
};
|
|
|
|
google = {
|
|
server = "8.8.8.8";
|
|
domain = ".";
|
|
network = "internet";
|
|
};
|
|
};
|
|
|
|
ping = {
|
|
cloudflare = {
|
|
hostv4 = "1.1.1.1";
|
|
hostv6 = "2606:4700:4700::1111";
|
|
network = "internet";
|
|
};
|
|
|
|
google = {
|
|
hostv4 = "8.8.8.8";
|
|
hostv6 = "2001:4860:4860::8888";
|
|
network = "internet";
|
|
};
|
|
|
|
fritz-box = {
|
|
hostv4 = globals.net.home-wan.hosts.fritzbox.ipv4;
|
|
network = "home-wan";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|