From 4dbbe55f8438aadf658273001992d5a894ce49e8 Mon Sep 17 00:00:00 2001 From: Jacob Hinkle Date: Thu, 13 Oct 2022 13:09:53 -0400 Subject: [PATCH 1/2] Rename pedro->cj --- flake.nix | 4 ++-- home/jacob.nix | 2 +- machines/{pedro => cj}/configuration.nix | 2 +- machines/{pedro => cj}/firewall.nix | 0 machines/{pedro => cj}/gitea.nix | 0 machines/{pedro => cj}/hardware-configuration-zfs.nix | 0 machines/{pedro => cj}/home-assistant.nix | 0 machines/{pedro => cj}/nginx.nix | 0 machines/{pedro => cj}/pihole.nix | 0 machines/{pedro => cj}/syncthing.nix | 0 10 files changed, 4 insertions(+), 4 deletions(-) rename machines/{pedro => cj}/configuration.nix (99%) rename machines/{pedro => cj}/firewall.nix (100%) rename machines/{pedro => cj}/gitea.nix (100%) rename machines/{pedro => cj}/hardware-configuration-zfs.nix (100%) rename machines/{pedro => cj}/home-assistant.nix (100%) rename machines/{pedro => cj}/nginx.nix (100%) rename machines/{pedro => cj}/pihole.nix (100%) rename machines/{pedro => cj}/syncthing.nix (100%) diff --git a/flake.nix b/flake.nix index c5bd9a4..5892444 100644 --- a/flake.nix +++ b/flake.nix @@ -65,10 +65,10 @@ ./machines/buck/configuration.nix ]; # ThinkCentre M700 mini-pc (server) - pedro = mkNixosSystem [ + cj = mkNixosSystem [ nixos-hardware.nixosModules.common-pc-hdd nixos-hardware.nixosModules.common-cpu-intel-cpu-only - ./machines/pedro/configuration.nix + ./machines/cj/configuration.nix ]; }; }; diff --git a/home/jacob.nix b/home/jacob.nix index 4470ef4..dcab719 100644 --- a/home/jacob.nix +++ b/home/jacob.nix @@ -273,7 +273,7 @@ password_cmd = "${pkgs.coreutils}/bin/cat /run/secrets/spotify/password"; backend = "pulseaudio"; device = "pipewire"; - device_name = "pedro"; + device_name = "buck"; device_type = "computer"; }; }; diff --git a/machines/pedro/configuration.nix b/machines/cj/configuration.nix similarity index 99% rename from machines/pedro/configuration.nix rename to machines/cj/configuration.nix index 8eb36aa..2033146 100644 --- a/machines/pedro/configuration.nix +++ b/machines/cj/configuration.nix @@ -50,7 +50,7 @@ time.timeZone = "America/New_York"; networking = { - hostName = "pedro"; # Define your hostname. + hostName = "cj"; # Define your hostname. # networking.hostId is required for ZFS hostId = "d9aef7b3"; diff --git a/machines/pedro/firewall.nix b/machines/cj/firewall.nix similarity index 100% rename from machines/pedro/firewall.nix rename to machines/cj/firewall.nix diff --git a/machines/pedro/gitea.nix b/machines/cj/gitea.nix similarity index 100% rename from machines/pedro/gitea.nix rename to machines/cj/gitea.nix diff --git a/machines/pedro/hardware-configuration-zfs.nix b/machines/cj/hardware-configuration-zfs.nix similarity index 100% rename from machines/pedro/hardware-configuration-zfs.nix rename to machines/cj/hardware-configuration-zfs.nix diff --git a/machines/pedro/home-assistant.nix b/machines/cj/home-assistant.nix similarity index 100% rename from machines/pedro/home-assistant.nix rename to machines/cj/home-assistant.nix diff --git a/machines/pedro/nginx.nix b/machines/cj/nginx.nix similarity index 100% rename from machines/pedro/nginx.nix rename to machines/cj/nginx.nix diff --git a/machines/pedro/pihole.nix b/machines/cj/pihole.nix similarity index 100% rename from machines/pedro/pihole.nix rename to machines/cj/pihole.nix diff --git a/machines/pedro/syncthing.nix b/machines/cj/syncthing.nix similarity index 100% rename from machines/pedro/syncthing.nix rename to machines/cj/syncthing.nix From 34fe86060c49dcf266ee7e3c328d39f40880d641 Mon Sep 17 00:00:00 2001 From: Jacob Hinkle Date: Wed, 2 Nov 2022 09:18:59 -0400 Subject: [PATCH 2/2] Fixed IPV6 setup for CJ Remember to add IPV4 addresses in pihole for subhosts. This is because their namecheap DNS entries point to the router, so will resolve to our external IP. For IPV6, the addresses point straight to the server, so no additional steps are needed. --- machines/cj/configuration.nix | 22 ++++++++++++++++++---- machines/cj/firewall.nix | 6 ++++-- machines/cj/gitea.nix | 2 ++ machines/cj/pihole.nix | 18 +++++++++++------- 4 files changed, 35 insertions(+), 13 deletions(-) diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix index 2033146..0a710b8 100644 --- a/machines/cj/configuration.nix +++ b/machines/cj/configuration.nix @@ -54,12 +54,17 @@ # networking.hostId is required for ZFS hostId = "d9aef7b3"; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour. useDHCP = false; interfaces.eth0.useDHCP = true; interfaces.wlan0.useDHCP = true; + + enableIPv6 = true; + tempAddresses = "disabled"; # do not create temporary ipv6 addresses + wireless = { - enable = true; + enable = false; # turn of wifi until needed userControlled.enable = true; environmentFile = "/run/secrets/wifi/env"; networks = { @@ -115,10 +120,19 @@ }; virtualisation.oci-containers.containers = let - serverIP = "192.168.88.21"; + ips = { + serverIP = "192.168.88.21"; # v4 address + + # link-local IP = fe80:${suffix} + # external IP = ${externalprefix}:${suffix} + #externalprefix = "2601:843:c200:20b"; + #ipv6suffix = "223:24ff:fea9:a97"; + serverIP6 = "2601:843:c200:20b:223:24ff:fea9:a97"; # external IP + #serverIP6 = "fe80::223:24ff:fea9:a97"; # link-local IP + }; in { - home-assistant = import ./home-assistant.nix serverIP; - pihole = import ./pihole.nix serverIP; + home-assistant = import ./home-assistant.nix ips; + pihole = import ./pihole.nix ips; }; # List services that you want to enable: diff --git a/machines/cj/firewall.nix b/machines/cj/firewall.nix index df8efcc..e01061a 100644 --- a/machines/cj/firewall.nix +++ b/machines/cj/firewall.nix @@ -2,16 +2,18 @@ allowedTCPPorts = [ 8384 22000 # syncthing 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference - 53 8088 # pihole + 8585 # pihole web + 53 # pihole #8123 # home-assistant #3000 # gitea - #8081 # vaultwarden + 8081 # vaultwarden 80 443 # reverse proxy ]; allowedUDPPorts = [ 22000 21027 # syncthing 3478 5514 10001 1900 123 # unifi 53 # pihole + 80 443 # reverse proxy ]; allowedUDPPortRanges = [ { from = 5656; to = 5699; } # unifi diff --git a/machines/cj/gitea.nix b/machines/cj/gitea.nix index 19879fb..454f241 100644 --- a/machines/cj/gitea.nix +++ b/machines/cj/gitea.nix @@ -2,6 +2,8 @@ enable = true; domain = "git.jhink.org"; rootUrl = "https://git.jhink.org"; + httpPort = 3000; + httpAddress = "127.0.0.1"; lfs = { enable = true; contentDir = "/serverdata/gitea/lfs_content"; diff --git a/machines/cj/pihole.nix b/machines/cj/pihole.nix index ec844af..6efc0b8 100644 --- a/machines/cj/pihole.nix +++ b/machines/cj/pihole.nix @@ -1,18 +1,21 @@ -serverIP: { - image = "pihole/pihole:2022.07.1"; +{ serverIP, serverIP6 } : { + image = "pihole/pihole:2022.10"; ports = [ - "${serverIP}:53:53/tcp" - "${serverIP}:53:53/udp" - "8088:80" - "4438:443" + "53:53/tcp" + "53:53/udp" + #"8088:80" + #"4438:443" ]; environment = { TZ = "America/New_York"; ServerIP = serverIP; FTLCONF_LOCAL_IPV4 = serverIP; + FTLCONF_LOCAL_IPV6 = serverIP6; + WEB_PORT = "8585"; WEBPASSWORD_FILE = "/run/secrets/pihole/webpassword"; TEMPERATUREUNIT = "f"; REPLY_ADDR4 = serverIP; + REPLY_ADDR6 = serverIP6; }; volumes = [ "/serverdata/pihole/etc/pihole:/etc/pihole" @@ -20,7 +23,8 @@ serverIP: { "/run/secrets/pihole:/run/secrets/pihole" ]; extraOptions = [ - "--cap-add=NET_ADMIN" + #"--cap-add=NET_ADMIN" + "--network=host" "--no-hosts" # do not populate internal /etc/hosts with container host's ]; }