sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: move lan ip information to globals

Browse source
This commit is contained in:
oddlama 2024-06-10 15:49:34 +02:00
parent 859e3d1771
commit def57cfc61
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
18 changed files with 163 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/sire/default.nix
View file

@ -112,7 +112,9 @@
backend = "container";
container.macvlan = "lan";
extraSpecialArgs = {
inherit lib nodes inputs minimal;
inherit (inputs.self) nodes globals;
inherit (inputs.self.pkgs.x86_64-linux) lib;
inherit inputs minimal;
};
};
};

5
hosts/sire/guests/grafana.nix
View file

@ -118,10 +118,9 @@ in {
proxyPass = "http://grafana";
proxyWebsockets = true;
};
# FIXME: refer to lan 192.168... and fd10:: via globals
extraConfig = ''
allow 192.168.1.0/24;
allow fd10::/64;
allow ${globals.net.home-lan.cidrv4};
allow ${globals.net.home-lan.cidrv6};
deny all;
'';
};

5
hosts/sire/guests/immich.nix
View file

@ -224,11 +224,10 @@ in {
proxyPass = "http://immich";
proxyWebsockets = true;
};
# FIXME: refer to lan 192.168... and fd10:: via globals
extraConfig = ''
client_max_body_size 10G;
allow 192.168.1.0/24;
allow fd10::/64;
allow ${globals.net.home-lan.cidrv4};
allow ${globals.net.home-lan.cidrv6};
deny all;
'';
};

5
hosts/sire/guests/influxdb.nix
View file

@ -1,5 +1,6 @@
{
config,
globals,
lib,
nodes,
pkgs,
@ -33,8 +34,8 @@ in {
{
method = "native";
urls = [
"192.168.178.1"
"192.168.1.1"
globals.net.home-wan.hosts.fritzbox.ipv4
globals.net.home-lan.hosts.ward.ipv4
];
tags.type = "internal";
fieldpass = [

5
hosts/sire/guests/paperless.nix
View file

@ -61,11 +61,10 @@ in {
virtualHosts.${paperlessDomain} = {
forceSSL = true;
useACMEWildcardHost = true;
# FIXME: refer to lan 192.168... and fd10:: via globals
extraConfig = ''
client_max_body_size 512M;
allow 192.168.1.0/24;
allow fd10::/64;
allow ${globals.net.home-lan.cidrv4};
allow ${globals.net.home-lan.cidrv6};
deny all;
'';
locations."/" = {

3
hosts/sire/guests/samba.nix
View file

@ -1,5 +1,6 @@
{
config,
globals,
lib,
...
}: let
@ -155,7 +156,7 @@ in {
# Deny access to all hosts by default.
"hosts deny = 0.0.0.0/0"
# Allow access to local network and TODO: wireguard
"hosts allow = 192.168.1.0/24 fd10::/64"
"hosts allow = ${globals.net.home-lan.cidrv4} ${globals.net.home-lan.cidrv6}"
# Don't advertise inaccessible shares to users
"access based share enum = yes"

14
hosts/sire/net.nix
View file

@ -1,11 +1,15 @@
{config, ...}: {
{
config,
globals,
...
}: {
networking.hostId = config.repo.secrets.local.networking.hostId;
boot.initrd.systemd.network = {
enable = true;
networks."10-lan" = {
address = ["192.168.1.2/24"];
gateway = ["192.168.1.1"];
address = [globals.net.home-lan.hosts.sire.cidrv4];
gateway = [globals.net.home-lan.hosts.ward.ipv4];
matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac;
networkConfig = {
IPv6PrivacyExtensions = "yes";
@ -42,8 +46,8 @@
'';
};
"20-lan-self" = {
address = ["192.168.1.2/24"];
gateway = ["192.168.1.1"];
address = [globals.net.home-lan.hosts.sire.cidrv4];
gateway = [globals.net.home-lan.hosts.ward.ipv4];
matchConfig.Name = "lan-self";
networkConfig = {
IPv6PrivacyExtensions = "yes";