Fixed IPV6 setup for CJ

Remember to add IPV4 addresses in pihole for subhosts. This is because their namecheap DNS entries point to the router, so will resolve to our external IP. For IPV6, the addresses point straight to the server, so no additional steps are needed.

machines/cj/configuration.nix

@@ -54,12 +54,17 @@
     # networking.hostId is required for ZFS
     hostId = "d9aef7b3";
 
+
     # The global useDHCP flag is deprecated, therefore explicitly set to false here. Per-interface useDHCP will be mandatory in the future, so this generated config replicates the default behaviour.
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
     interfaces.wlan0.useDHCP = true;
+
+    enableIPv6 = true;
+    tempAddresses = "disabled";  # do not create temporary ipv6 addresses
+
     wireless = {
-      enable = true;
+      enable = false; # turn of wifi until needed
       userControlled.enable = true;
       environmentFile = "/run/secrets/wifi/env";
       networks = {
@@ -115,10 +120,19 @@
   };
 
   virtualisation.oci-containers.containers = let
-    serverIP = "192.168.88.21";
+    ips = {
+      serverIP = "192.168.88.21";  # v4 address
+
+      # link-local IP = fe80:${suffix}
+      # external IP = ${externalprefix}:${suffix}
+      #externalprefix = "2601:843:c200:20b";
+      #ipv6suffix = "223:24ff:fea9:a97";
+      serverIP6 = "2601:843:c200:20b:223:24ff:fea9:a97";  # external IP
+      #serverIP6 = "fe80::223:24ff:fea9:a97";  # link-local IP
+    };
   in {
-    home-assistant = import ./home-assistant.nix serverIP;
+    home-assistant = import ./home-assistant.nix ips;
-    pihole = import ./pihole.nix serverIP;
+    pihole = import ./pihole.nix ips;
   };
 
   # List services that you want to enable:

machines/cj/firewall.nix

@@ -2,16 +2,18 @@
   allowedTCPPorts = [
     8384 22000  # syncthing
     8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
-    53 8088  # pihole
+    8585  # pihole web
+    53 # pihole
     #8123  # home-assistant
     #3000  # gitea
-    #8081  # vaultwarden
+    8081  # vaultwarden
     80 443  # reverse proxy
   ];
   allowedUDPPorts = [
     22000 21027  # syncthing
     3478 5514 10001 1900 123 # unifi
     53  # pihole
+    80 443  # reverse proxy
   ];
   allowedUDPPortRanges = [
     { from = 5656; to = 5699; }  # unifi

machines/cj/gitea.nix

@@ -2,6 +2,8 @@
   enable = true;
   domain = "git.jhink.org";
   rootUrl = "https://git.jhink.org";
+  httpPort = 3000;
+  httpAddress = "127.0.0.1";
   lfs = {
     enable = true;
     contentDir = "/serverdata/gitea/lfs_content";

machines/cj/pihole.nix

@@ -1,18 +1,21 @@
-serverIP: {
+{ serverIP, serverIP6 } : {
-  image = "pihole/pihole:2022.07.1";
+  image = "pihole/pihole:2022.10";
   ports = [
-    "${serverIP}:53:53/tcp"
+    "53:53/tcp"
-    "${serverIP}:53:53/udp"
+    "53:53/udp"
-    "8088:80"
+    #"8088:80"
-    "4438:443"
+    #"4438:443"
   ];
   environment = {
     TZ = "America/New_York";
     ServerIP = serverIP;
     FTLCONF_LOCAL_IPV4 = serverIP;
+    FTLCONF_LOCAL_IPV6 = serverIP6;
+    WEB_PORT = "8585";
     WEBPASSWORD_FILE = "/run/secrets/pihole/webpassword";
     TEMPERATUREUNIT = "f";
     REPLY_ADDR4 = serverIP;
+    REPLY_ADDR6 = serverIP6;
   };
   volumes = [
     "/serverdata/pihole/etc/pihole:/etc/pihole"
@@ -20,7 +23,8 @@ serverIP: {
     "/run/secrets/pihole:/run/secrets/pihole"
   ];
   extraOptions = [
-    "--cap-add=NET_ADMIN"
+    #"--cap-add=NET_ADMIN"
+    "--network=host"
     "--no-hosts" # do not populate internal /etc/hosts with container host's
   ];
 }