Merge branch 'main' of git.jhink.org:jacob/nix_config

2022-11-02 09:29:26 -04:00 · 2022-11-02 09:29:26 -04:00 · 1379582e62
commit 1379582e62
parent 35645f6183 34fe86060c
10 changed files with 39 additions and 17 deletions
--- a/flake.nix
+++ b/flake.nix
@ -58,10 +58,10 @@
        ./machines/buck/configuration.nix
      ];
      # ThinkCentre M700 mini-pc (server)
-      pedro = mkNixosSystem [
+      cj = mkNixosSystem [
        nixos-hardware.nixosModules.common-pc-hdd
        nixos-hardware.nixosModules.common-cpu-intel-cpu-only
-        ./machines/pedro/configuration.nix 
+        ./machines/cj/configuration.nix 
      ];
    };
  };
--- a/home/jacob.nix
+++ b/home/jacob.nix
@ -288,7 +288,7 @@
          password_cmd = "${pkgs.coreutils}/bin/cat /run/secrets/spotify/password";
          backend = "pulseaudio";
          device = "pipewire";
-          device_name = "pedro";
+          device_name = "buck";
          device_type = "computer";
        };
      };
--- a/machines/pedro/configuration.nix
+++ b/machines/pedro/configuration.nix
@ -50,16 +50,21 @@
  time.timeZone = "America/New_York";

  networking = {
-    hostName = "pedro"; # Define your hostname.
+    hostName = "cj"; # Define your hostname.
    # networking.hostId is required for ZFS
    hostId = "d9aef7b3";

+
    # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour.
    useDHCP = false;
    interfaces.eth0.useDHCP = true;
    interfaces.wlan0.useDHCP = true;
+
+    enableIPv6 = true;
+    tempAddresses = "disabled";  # do not create temporary ipv6 addresses
+
    wireless = {
-      enable = true;
+      enable = false; # turn of wifi until needed
      userControlled.enable = true;
      environmentFile = "/run/secrets/wifi/env";
      networks = {
@ -115,10 +120,19 @@
  };

  virtualisation.oci-containers.containers = let
-    serverIP = "192.168.88.21";
+    ips = {
+      serverIP = "192.168.88.21";  # v4 address
+
+      # link-local IP = fe80:${suffix}
+      # external IP = ${externalprefix}:${suffix}
+      #externalprefix = "2601:843:c200:20b";
+      #ipv6suffix = "223:24ff:fea9:a97";
+      serverIP6 = "2601:843:c200:20b:223:24ff:fea9:a97";  # external IP
+      #serverIP6 = "fe80::223:24ff:fea9:a97";  # link-local IP
+    };
  in {
-    home-assistant = import ./home-assistant.nix serverIP;
-    pihole = import ./pihole.nix serverIP;
+    home-assistant = import ./home-assistant.nix ips;
+    pihole = import ./pihole.nix ips;
  };

  # List services that you want to enable:
--- a/machines/pedro/firewall.nix
+++ b/machines/pedro/firewall.nix
@ -2,16 +2,18 @@
  allowedTCPPorts = [
    8384 22000  # syncthing
    8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
-    53 8088  # pihole
+    8585  # pihole web
+    53 # pihole
    #8123  # home-assistant
    #3000  # gitea
-    #8081  # vaultwarden
+    8081  # vaultwarden
    80 443  # reverse proxy
  ];
  allowedUDPPorts = [
    22000 21027  # syncthing
    3478 5514 10001 1900 123 # unifi
    53  # pihole
+    80 443  # reverse proxy
  ];
  allowedUDPPortRanges = [
    { from = 5656; to = 5699; }  # unifi
--- a/machines/pedro/gitea.nix
+++ b/machines/pedro/gitea.nix
@ -2,6 +2,8 @@
  enable = true;
  domain = "git.jhink.org";
  rootUrl = "https://git.jhink.org";
+  httpPort = 3000;
+  httpAddress = "127.0.0.1";
  lfs = {
    enable = true;
    contentDir = "/serverdata/gitea/lfs_content";
--- a/machines/pedro/hardware-configuration-zfs.nix
+++ b/machines/pedro/hardware-configuration-zfs.nix
--- a/machines/pedro/home-assistant.nix
+++ b/machines/pedro/home-assistant.nix
--- a/machines/pedro/nginx.nix
+++ b/machines/pedro/nginx.nix
--- a/machines/pedro/pihole.nix
+++ b/machines/pedro/pihole.nix
@ -1,18 +1,21 @@
-serverIP: {
-  image = "pihole/pihole:2022.07.1";
+{ serverIP, serverIP6 } : {
+  image = "pihole/pihole:2022.10";
  ports = [
-    "${serverIP}:53:53/tcp"
-    "${serverIP}:53:53/udp"
-    "8088:80"
-    "4438:443"
+    "53:53/tcp"
+    "53:53/udp"
+    #"8088:80"
+    #"4438:443"
  ];
  environment = {
    TZ = "America/New_York";
    ServerIP = serverIP;
    FTLCONF_LOCAL_IPV4 = serverIP;
+    FTLCONF_LOCAL_IPV6 = serverIP6;
+    WEB_PORT = "8585";
    WEBPASSWORD_FILE = "/run/secrets/pihole/webpassword";
    TEMPERATUREUNIT = "f";
    REPLY_ADDR4 = serverIP;
+    REPLY_ADDR6 = serverIP6;
  };
  volumes = [
    "/serverdata/pihole/etc/pihole:/etc/pihole"
@ -20,7 +23,8 @@ serverIP: {
    "/run/secrets/pihole:/run/secrets/pihole"
  ];
  extraOptions = [
-    "--cap-add=NET_ADMIN"
+    #"--cap-add=NET_ADMIN"
+    "--network=host"
    "--no-hosts" # do not populate internal /etc/hosts with container host's
  ];
 }
--- a/machines/pedro/syncthing.nix
+++ b/machines/pedro/syncthing.nix