Merge branch 'main' of git.jhink.org:jacob/nix_config

flake.nix

@@ -58,10 +58,10 @@
         ./machines/buck/configuration.nix
       ];
       # ThinkCentre M700 mini-pc (server)
-      pedro = mkNixosSystem [
+      cj = mkNixosSystem [
         nixos-hardware.nixosModules.common-pc-hdd
         nixos-hardware.nixosModules.common-cpu-intel-cpu-only
-        ./machines/pedro/configuration.nix 
+        ./machines/cj/configuration.nix 
       ];
     };
   };

home/jacob.nix

@@ -288,7 +288,7 @@
           password_cmd = "${pkgs.coreutils}/bin/cat /run/secrets/spotify/password";
           backend = "pulseaudio";
           device = "pipewire";
-          device_name = "pedro";
+          device_name = "buck";
           device_type = "computer";
         };
       };

machines/cj/configuration.nix

@@ -50,16 +50,21 @@
   time.timeZone = "America/New_York";
 
   networking = {
-    hostName = "pedro"; # Define your hostname.
+    hostName = "cj"; # Define your hostname.
     # networking.hostId is required for ZFS
     hostId = "d9aef7b3";
 
+
     # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour.
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
     interfaces.wlan0.useDHCP = true;
+
+    enableIPv6 = true;
+    tempAddresses = "disabled";  # do not create temporary ipv6 addresses
+
     wireless = {
-      enable = true;
+      enable = false; # turn of wifi until needed
       userControlled.enable = true;
       environmentFile = "/run/secrets/wifi/env";
       networks = {
@@ -115,10 +120,19 @@
   };
 
   virtualisation.oci-containers.containers = let
-    serverIP = "192.168.88.21";
+    ips = {
+      serverIP = "192.168.88.21";  # v4 address
+
+      # link-local IP = fe80:${suffix}
+      # external IP = ${externalprefix}:${suffix}
+      #externalprefix = "2601:843:c200:20b";
+      #ipv6suffix = "223:24ff:fea9:a97";
+      serverIP6 = "2601:843:c200:20b:223:24ff:fea9:a97";  # external IP
+      #serverIP6 = "fe80::223:24ff:fea9:a97";  # link-local IP
+    };
   in {
-    home-assistant = import ./home-assistant.nix serverIP;
+    home-assistant = import ./home-assistant.nix ips;
-    pihole = import ./pihole.nix serverIP;
+    pihole = import ./pihole.nix ips;
   };
 
   # List services that you want to enable:

machines/cj/firewall.nix

@@ -2,16 +2,18 @@
   allowedTCPPorts = [
     8384 22000  # syncthing
     8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
-    53 8088  # pihole
+    8585  # pihole web
+    53 # pihole
     #8123  # home-assistant
     #3000  # gitea
-    #8081  # vaultwarden
+    8081  # vaultwarden
     80 443  # reverse proxy
   ];
   allowedUDPPorts = [
     22000 21027  # syncthing
     3478 5514 10001 1900 123 # unifi
     53  # pihole
+    80 443  # reverse proxy
   ];
   allowedUDPPortRanges = [
     { from = 5656; to = 5699; }  # unifi

machines/cj/gitea.nix

@@ -2,6 +2,8 @@
   enable = true;
   domain = "git.jhink.org";
   rootUrl = "https://git.jhink.org";
+  httpPort = 3000;
+  httpAddress = "127.0.0.1";
   lfs = {
     enable = true;
     contentDir = "/serverdata/gitea/lfs_content";

machines/cj/pihole.nix

@@ -1,18 +1,21 @@
-serverIP: {
+{ serverIP, serverIP6 } : {
-  image = "pihole/pihole:2022.07.1";
+  image = "pihole/pihole:2022.10";
   ports = [
-    "${serverIP}:53:53/tcp"
+    "53:53/tcp"
-    "${serverIP}:53:53/udp"
+    "53:53/udp"
-    "8088:80"
+    #"8088:80"
-    "4438:443"
+    #"4438:443"
   ];
   environment = {
     TZ = "America/New_York";
     ServerIP = serverIP;
     FTLCONF_LOCAL_IPV4 = serverIP;
+    FTLCONF_LOCAL_IPV6 = serverIP6;
+    WEB_PORT = "8585";
     WEBPASSWORD_FILE = "/run/secrets/pihole/webpassword";
     TEMPERATUREUNIT = "f";
     REPLY_ADDR4 = serverIP;
+    REPLY_ADDR6 = serverIP6;
   };
   volumes = [
     "/serverdata/pihole/etc/pihole:/etc/pihole"
@@ -20,7 +23,8 @@ serverIP: {
     "/run/secrets/pihole:/run/secrets/pihole"
   ];
   extraOptions = [
-    "--cap-add=NET_ADMIN"
+    #"--cap-add=NET_ADMIN"
+    "--network=host"
     "--no-hosts" # do not populate internal /etc/hosts with container host's
   ];
 }