diff --git a/machines/cj/configuration.nix b/machines/cj/configuration.nix index 2033146..0a710b8 100644 --- a/machines/cj/configuration.nix +++ b/machines/cj/configuration.nix @@ -54,12 +54,17 @@ # networking.hostId is required for ZFS hostId = "d9aef7b3"; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour. useDHCP = false; interfaces.eth0.useDHCP = true; interfaces.wlan0.useDHCP = true; + + enableIPv6 = true; + tempAddresses = "disabled"; # do not create temporary ipv6 addresses + wireless = { - enable = true; + enable = false; # turn of wifi until needed userControlled.enable = true; environmentFile = "/run/secrets/wifi/env"; networks = { @@ -115,10 +120,19 @@ }; virtualisation.oci-containers.containers = let - serverIP = "192.168.88.21"; + ips = { + serverIP = "192.168.88.21"; # v4 address + + # link-local IP = fe80:${suffix} + # external IP = ${externalprefix}:${suffix} + #externalprefix = "2601:843:c200:20b"; + #ipv6suffix = "223:24ff:fea9:a97"; + serverIP6 = "2601:843:c200:20b:223:24ff:fea9:a97"; # external IP + #serverIP6 = "fe80::223:24ff:fea9:a97"; # link-local IP + }; in { - home-assistant = import ./home-assistant.nix serverIP; - pihole = import ./pihole.nix serverIP; + home-assistant = import ./home-assistant.nix ips; + pihole = import ./pihole.nix ips; }; # List services that you want to enable: diff --git a/machines/cj/firewall.nix b/machines/cj/firewall.nix index df8efcc..e01061a 100644 --- a/machines/cj/firewall.nix +++ b/machines/cj/firewall.nix @@ -2,16 +2,18 @@ allowedTCPPorts = [ 8384 22000 # syncthing 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference - 53 8088 # pihole + 8585 # pihole web + 53 # pihole #8123 # home-assistant #3000 # gitea - #8081 # vaultwarden + 8081 # vaultwarden 80 443 # reverse proxy ]; allowedUDPPorts = [ 22000 21027 # syncthing 3478 5514 10001 1900 123 # unifi 53 # pihole + 80 443 # reverse proxy ]; allowedUDPPortRanges = [ { from = 5656; to = 5699; } # unifi diff --git a/machines/cj/gitea.nix b/machines/cj/gitea.nix index 19879fb..454f241 100644 --- a/machines/cj/gitea.nix +++ b/machines/cj/gitea.nix @@ -2,6 +2,8 @@ enable = true; domain = "git.jhink.org"; rootUrl = "https://git.jhink.org"; + httpPort = 3000; + httpAddress = "127.0.0.1"; lfs = { enable = true; contentDir = "/serverdata/gitea/lfs_content"; diff --git a/machines/cj/pihole.nix b/machines/cj/pihole.nix index ec844af..6efc0b8 100644 --- a/machines/cj/pihole.nix +++ b/machines/cj/pihole.nix @@ -1,18 +1,21 @@ -serverIP: { - image = "pihole/pihole:2022.07.1"; +{ serverIP, serverIP6 } : { + image = "pihole/pihole:2022.10"; ports = [ - "${serverIP}:53:53/tcp" - "${serverIP}:53:53/udp" - "8088:80" - "4438:443" + "53:53/tcp" + "53:53/udp" + #"8088:80" + #"4438:443" ]; environment = { TZ = "America/New_York"; ServerIP = serverIP; FTLCONF_LOCAL_IPV4 = serverIP; + FTLCONF_LOCAL_IPV6 = serverIP6; + WEB_PORT = "8585"; WEBPASSWORD_FILE = "/run/secrets/pihole/webpassword"; TEMPERATUREUNIT = "f"; REPLY_ADDR4 = serverIP; + REPLY_ADDR6 = serverIP6; }; volumes = [ "/serverdata/pihole/etc/pihole:/etc/pihole" @@ -20,7 +23,8 @@ serverIP: { "/run/secrets/pihole:/run/secrets/pihole" ]; extraOptions = [ - "--cap-add=NET_ADMIN" + #"--cap-add=NET_ADMIN" + "--network=host" "--no-hosts" # do not populate internal /etc/hosts with container host's ]; }