diff --git a/flake.nix b/flake.nix index cc5f9cf..a339bfe 100644 --- a/flake.nix +++ b/flake.nix @@ -58,10 +58,10 @@ ./machines/buck/configuration.nix ]; # ThinkCentre M700 mini-pc (server) - pedro = mkNixosSystem [ + cj = mkNixosSystem [ nixos-hardware.nixosModules.common-pc-hdd nixos-hardware.nixosModules.common-cpu-intel-cpu-only - ./machines/pedro/configuration.nix + ./machines/cj/configuration.nix ]; }; }; diff --git a/home/jacob.nix b/home/jacob.nix index b6a1ea9..b0b8322 100644 --- a/home/jacob.nix +++ b/home/jacob.nix @@ -288,7 +288,7 @@ password_cmd = "${pkgs.coreutils}/bin/cat /run/secrets/spotify/password"; backend = "pulseaudio"; device = "pipewire"; - device_name = "pedro"; + device_name = "buck"; device_type = "computer"; }; }; diff --git a/machines/pedro/configuration.nix b/machines/cj/configuration.nix similarity index 91% rename from machines/pedro/configuration.nix rename to machines/cj/configuration.nix index 8eb36aa..0a710b8 100644 --- a/machines/pedro/configuration.nix +++ b/machines/cj/configuration.nix @@ -50,16 +50,21 @@ time.timeZone = "America/New_York"; networking = { - hostName = "pedro"; # Define your hostname. + hostName = "cj"; # Define your hostname. # networking.hostId is required for ZFS hostId = "d9aef7b3"; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour. useDHCP = false; interfaces.eth0.useDHCP = true; interfaces.wlan0.useDHCP = true; + + enableIPv6 = true; + tempAddresses = "disabled"; # do not create temporary ipv6 addresses + wireless = { - enable = true; + enable = false; # turn of wifi until needed userControlled.enable = true; environmentFile = "/run/secrets/wifi/env"; networks = { @@ -115,10 +120,19 @@ }; virtualisation.oci-containers.containers = let - serverIP = "192.168.88.21"; + ips = { + serverIP = "192.168.88.21"; # v4 address + + # link-local IP = fe80:${suffix} + # external IP = ${externalprefix}:${suffix} + #externalprefix = "2601:843:c200:20b"; + #ipv6suffix = "223:24ff:fea9:a97"; + serverIP6 = "2601:843:c200:20b:223:24ff:fea9:a97"; # external IP + #serverIP6 = "fe80::223:24ff:fea9:a97"; # link-local IP + }; in { - home-assistant = import ./home-assistant.nix serverIP; - pihole = import ./pihole.nix serverIP; + home-assistant = import ./home-assistant.nix ips; + pihole = import ./pihole.nix ips; }; # List services that you want to enable: diff --git a/machines/pedro/firewall.nix b/machines/cj/firewall.nix similarity index 83% rename from machines/pedro/firewall.nix rename to machines/cj/firewall.nix index df8efcc..e01061a 100644 --- a/machines/pedro/firewall.nix +++ b/machines/cj/firewall.nix @@ -2,16 +2,18 @@ allowedTCPPorts = [ 8384 22000 # syncthing 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference - 53 8088 # pihole + 8585 # pihole web + 53 # pihole #8123 # home-assistant #3000 # gitea - #8081 # vaultwarden + 8081 # vaultwarden 80 443 # reverse proxy ]; allowedUDPPorts = [ 22000 21027 # syncthing 3478 5514 10001 1900 123 # unifi 53 # pihole + 80 443 # reverse proxy ]; allowedUDPPortRanges = [ { from = 5656; to = 5699; } # unifi diff --git a/machines/pedro/gitea.nix b/machines/cj/gitea.nix similarity index 85% rename from machines/pedro/gitea.nix rename to machines/cj/gitea.nix index 19879fb..454f241 100644 --- a/machines/pedro/gitea.nix +++ b/machines/cj/gitea.nix @@ -2,6 +2,8 @@ enable = true; domain = "git.jhink.org"; rootUrl = "https://git.jhink.org"; + httpPort = 3000; + httpAddress = "127.0.0.1"; lfs = { enable = true; contentDir = "/serverdata/gitea/lfs_content"; diff --git a/machines/pedro/hardware-configuration-zfs.nix b/machines/cj/hardware-configuration-zfs.nix similarity index 100% rename from machines/pedro/hardware-configuration-zfs.nix rename to machines/cj/hardware-configuration-zfs.nix diff --git a/machines/pedro/home-assistant.nix b/machines/cj/home-assistant.nix similarity index 100% rename from machines/pedro/home-assistant.nix rename to machines/cj/home-assistant.nix diff --git a/machines/pedro/nginx.nix b/machines/cj/nginx.nix similarity index 100% rename from machines/pedro/nginx.nix rename to machines/cj/nginx.nix diff --git a/machines/pedro/pihole.nix b/machines/cj/pihole.nix similarity index 66% rename from machines/pedro/pihole.nix rename to machines/cj/pihole.nix index ec844af..6efc0b8 100644 --- a/machines/pedro/pihole.nix +++ b/machines/cj/pihole.nix @@ -1,18 +1,21 @@ -serverIP: { - image = "pihole/pihole:2022.07.1"; +{ serverIP, serverIP6 } : { + image = "pihole/pihole:2022.10"; ports = [ - "${serverIP}:53:53/tcp" - "${serverIP}:53:53/udp" - "8088:80" - "4438:443" + "53:53/tcp" + "53:53/udp" + #"8088:80" + #"4438:443" ]; environment = { TZ = "America/New_York"; ServerIP = serverIP; FTLCONF_LOCAL_IPV4 = serverIP; + FTLCONF_LOCAL_IPV6 = serverIP6; + WEB_PORT = "8585"; WEBPASSWORD_FILE = "/run/secrets/pihole/webpassword"; TEMPERATUREUNIT = "f"; REPLY_ADDR4 = serverIP; + REPLY_ADDR6 = serverIP6; }; volumes = [ "/serverdata/pihole/etc/pihole:/etc/pihole" @@ -20,7 +23,8 @@ serverIP: { "/run/secrets/pihole:/run/secrets/pihole" ]; extraOptions = [ - "--cap-add=NET_ADMIN" + #"--cap-add=NET_ADMIN" + "--network=host" "--no-hosts" # do not populate internal /etc/hosts with container host's ]; } diff --git a/machines/pedro/syncthing.nix b/machines/cj/syncthing.nix similarity index 100% rename from machines/pedro/syncthing.nix rename to machines/cj/syncthing.nix