Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

many changes and more modularizing

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-12-12 22:30:24 +01:00
parent df50e70f3e
commit c96c24f864
109 changed files with 20900 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fw/modules/ark-survival-evolved.nix
View File

@@ -15,7 +15,7 @@
];
extraOptions = [
"--network=server"
"--ip=10.42.97.201"
"--ip=${config.networkPrefix}.97.201"
];
};
};

2
hosts/fw/modules/deconz.nix
View File

@@ -14,7 +14,7 @@
};
extraOptions = [
"--network=server"
"--ip=10.42.97.22"
"--ip=${config.networkPrefix}.97.22"
"--device=/dev/ttyACM0"
"--hostname=deconz"
];

91
hosts/fw/modules/dhcp4.nix
View File

@@ -1,4 +1,5 @@
{ ... }: {
{ config, ... }:
{
services.kea.dhcp4 = {
enable = true;
settings = {
@@ -23,15 +24,15 @@
{
pools = [
{
pool = "10.42.96.100 - 10.42.96.240";
pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240";
}
];
subnet = "10.42.96.0/24";
subnet = "${config.networkPrefix}.96.0/24";
interface = "lan";
option-data = [
{
name = "routers";
data = "10.42.96.1";
data = "${config.networkPrefix}.96.1";
}
{
name = "domain-name";
@@ -43,23 +44,23 @@
}
{
name = "domain-name-servers";
data = "10.42.96.1";
data = "${config.networkPrefix}.96.1";
}
];
reservations = [
{
hw-address = "04:7c:16:d5:63:5e";
ip-address = "10.42.96.5";
ip-address = "${config.networkPrefix}.96.5";
server-hostname = "omada.cloonar.com";
}
{
hw-address = "30:05:5c:56:62:37";
ip-address = "10.42.96.100";
ip-address = "${config.networkPrefix}.96.100";
server-hostname = "brn30055c566237.cloonar.com";
}
{
hw-address = "24:df:a7:b1:1b:74";
ip-address = "10.42.96.101";
ip-address = "${config.networkPrefix}.96.101";
server-hostname = "rmproplus-b1-1b-74.cloonar.com";
}
];
@@ -68,15 +69,15 @@
{
pools = [
{
pool = "10.42.97.100 - 10.42.97.240";
pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240";
}
];
subnet = "10.42.97.0/24";
subnet = "${config.networkPrefix}.97.0/24";
interface = "server";
option-data = [
{
name = "routers";
data = "10.42.97.1";
data = "${config.networkPrefix}.97.1";
}
{
name = "domain-name";
@@ -84,38 +85,38 @@
}
{
name = "domain-name-servers";
data = "10.42.97.1";
data = "${config.networkPrefix}.97.1";
}
];
reservations = [
{
hw-address = "1a:c4:04:6e:29:bd";
ip-address = "10.42.97.2";
ip-address = "${config.networkPrefix}.97.2";
server-hostname = "omada.cloonar.com";
}
{
hw-address = "02:00:00:00:00:03";
ip-address = "10.42.97.5";
ip-address = "${config.networkPrefix}.97.5";
server-hostname = "web-02.cloonar.com";
}
{
hw-address = "02:00:00:00:00:04";
ip-address = "10.42.97.6";
ip-address = "${config.networkPrefix}.97.6";
server-hostname = "matrix.cloonar.com";
}
{
hw-address = "ea:db:d4:c1:18:ba";
ip-address = "10.42.97.50";
ip-address = "${config.networkPrefix}.97.50";
server-hostname = "git.cloonar.com";
}
{
hw-address = "c2:4f:64:dd:13:0c";
ip-address = "10.42.97.20";
ip-address = "${config.networkPrefix}.97.20";
server-hostname = "home-assistant.cloonar.com";
}
{
hw-address = "1a:c4:04:6e:29:02";
ip-address = "10.42.97.25";
ip-address = "${config.networkPrefix}.97.25";
server-hostname = "deconz.cloonar.com";
}
];
@@ -123,15 +124,15 @@
{
pools = [
{
pool = "10.42.101.100 - 10.42.101.240";
pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240";
}
];
subnet = "10.42.101.0/24";
subnet = "${config.networkPrefix}.101.0/24";
interface = "infrastructure";
option-data = [
{
name = "routers";
data = "10.42.101.1";
data = "${config.networkPrefix}.101.1";
}
{
name = "domain-name";
@@ -139,12 +140,12 @@
}
{
name = "domain-name-servers";
data = "10.42.101.1";
data = "${config.networkPrefix}.101.1";
}
{
name = "capwap-ac-v4";
code = 138;
data = "10.42.97.2";
data = "${config.networkPrefix}.97.2";
}
];
reservations = [
@@ -153,15 +154,15 @@
{
pools = [
{
pool = "10.42.99.100 - 10.42.99.240";
pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240";
}
];
subnet = "10.42.99.0/24";
subnet = "${config.networkPrefix}.99.0/24";
interface = "multimedia";
option-data = [
{
name = "routers";
data = "10.42.99.1";
data = "${config.networkPrefix}.99.1";
}
{
name = "domain-name";
@@ -169,43 +170,43 @@
}
{
name = "domain-name-servers";
data = "10.42.99.1";
data = "${config.networkPrefix}.99.1";
}
];
reservations = [
{
hw-address = "c4:a7:2b:c7:ea:30";
ip-address = "10.42.99.10";
ip-address = "${config.networkPrefix}.99.10";
hostname = "metz.cloonar.multimedia";
}
{
hw-address = "f0:2f:9e:d4:3b:21";
ip-address = "10.42.99.11";
ip-address = "${config.networkPrefix}.99.11";
hostname = "firetv-living";
}
{
hw-address = "bc:33:29:ed:24:f0";
ip-address = "10.42.99.12";
ip-address = "${config.networkPrefix}.99.12";
hostname = "ps5";
}
{
hw-address = "e4:2a:ac:32:3f:79";
ip-address = "10.42.99.13";
ip-address = "${config.networkPrefix}.99.13";
hostname = "xbox";
}
{
hw-address = "98:b6:e9:b6:ef:f4";
ip-address = "10.42.99.14";
ip-address = "${config.networkPrefix}.99.14";
hostname = "switch";
}
{
hw-address = "f0:2f:9e:c1:74:72";
ip-address = "10.42.99.21";
ip-address = "${config.networkPrefix}.99.21";
hostname = "firetv-bedroom";
}
{
hw-address = "30:05:5c:56:62:37";
ip-address = "10.42.99.100";
ip-address = "${config.networkPrefix}.99.100";
server-hostname = "brn30055c566237";
}
];
@@ -213,15 +214,15 @@
{
pools = [
{
pool = "10.42.254.10 - 10.42.254.254";
pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254";
}
];
subnet = "10.42.254.0/24";
subnet = "${config.networkPrefix}.254.0/24";
interface = "guest";
option-data = [
{
name = "routers";
data = "10.42.254.1";
data = "${config.networkPrefix}.254.1";
}
{
name = "domain-name-servers";
@@ -232,15 +233,15 @@
{
pools = [
{
pool = "10.42.100.100 - 10.42.100.240";
pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240";
}
];
subnet = "10.42.100.0/24";
subnet = "${config.networkPrefix}.100.0/24";
interface = "smart";
option-data = [
{
name = "routers";
data = "10.42.100.1";
data = "${config.networkPrefix}.100.1";
}
{
name = "domain-name";
@@ -248,29 +249,29 @@
}
{
name = "domain-name-servers";
data = "10.42.100.1";
data = "${config.networkPrefix}.100.1";
}
];
reservations = [
{
hw-address = "fc:ee:28:03:63:e9";
ip-address = "10.42.100.148";
ip-address = "${config.networkPrefix}.100.148";
server-hostname = "k1c";
}
{
hw-address = "cc:50:e3:bc:27:64";
ip-address = "10.42.100.112";
ip-address = "${config.networkPrefix}.100.112";
server-hostname = "Nuki_Bridge_1A753F72";
}
{
hw-address = "34:6f:24:f3:af:ad";
ip-address = "10.42.100.137";
ip-address = "${config.networkPrefix}.100.137";
server-hostname = "daikin86604";
}
{
hw-address = "34:6f:24:c1:f8:54";
ip-address = "10.42.100.139";
ip-address = "${config.networkPrefix}.100.139";
server-hostname = "daikin53800";
}
];

8
hosts/fw/modules/firefox-sync.nix
View File

@@ -13,8 +13,8 @@ in {
ephemeral = false; # because of ssh key
privateNetwork = true;
hostBridge = "server";
hostAddress = "10.42.97.1";
localAddress = "10.42.97.51/24";
hostAddress = "${config.networkPrefix}.97.1";
localAddress = "${config.networkPrefix}.97.51/24";
bindMounts = {
"/run/secrets/firefox-sync" = {
hostPath = "/run/secrets/firefox-sync";
@@ -30,11 +30,11 @@ in {
hostName = "firefox-sync";
useHostResolvConf = false;
defaultGateway = {
address = "10.42.97.1";
address = "${config.networkPrefix}.97.1";
interface = "eth0";
};
firewall.enable = false;
nameservers = [ "10.42.97.1" ];
nameservers = [ "${config.networkPrefix}.97.1" ];
};
services.nginx.enable = true;

41
hosts/fw/modules/firewall.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: {
{ config, pkgs, ... }: {
networking = {
firewall.checkReversePath = false;
nat.enable = false;
@@ -37,8 +37,8 @@
iifname { "wan", "multimedia" } icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
# Accept mDNS for avahi reflection
iifname "server" ip saddr 10.42.97.20/32 tcp dport { llmnr } counter accept
iifname "server" ip saddr 10.42.97.20/32 udp dport { mdns, llmnr } counter accept
iifname "server" ip saddr ${config.networkPrefix}.97.20/32 tcp dport { llmnr } counter accept
iifname "server" ip saddr ${config.networkPrefix}.97.20/32 udp dport { mdns, llmnr } counter accept
# Allow all returning traffic
ct state { established, related } counter accept
@@ -81,15 +81,15 @@
iifname "multimedia" oifname "server" tcp dport { 1704, 1705 } counter accept
iifname "lan" oifname "server" udp dport { 5000, 5353, 6001 - 6011 } counter accept
# avahi
iifname "server" ip saddr 10.42.97.20/32 oifname { "lan" } counter accept
iifname "server" ip saddr ${config.networkPrefix}.97.20/32 oifname { "lan" } counter accept
# smart home coap
iifname "smart" oifname "server" ip daddr 10.42.97.20/32 udp dport { 5683 } counter accept
iifname "smart" oifname "server" ip daddr 10.42.97.20/32 tcp dport { 1883 } counter accept
iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 udp dport { 5683 } counter accept
iifname "smart" oifname "server" ip daddr ${config.networkPrefix}.97.20/32 tcp dport { 1883 } counter accept
# Forward to git server
oifname "server" ip daddr 10.42.97.50 tcp dport { 22 } counter accept
oifname "server" ip daddr 10.42.97.5 tcp dport { 80, 443 } counter accept
oifname "server" ip daddr ${config.networkPrefix}.97.50 tcp dport { 22 } counter accept
oifname "server" ip daddr ${config.networkPrefix}.97.5 tcp dport { 80, 443 } counter accept
# lan and vpn to any
iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "vm-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar", "guest", "setup" } counter accept
@@ -100,11 +100,11 @@
# accept palword server
iifname { "wan", "lan" } oifname "podman0" udp dport { 8211, 27015 } counter accept comment "palworld"
# forward to ark server
oifname "server" ip daddr 10.42.97.201 tcp dport { 27020 } counter accept comment "ark survival evolved"
oifname "server" ip daddr 10.42.97.201 udp dport { 7777, 7778, 27015 } counter accept comment "ark survival evolved"
oifname "server" ip daddr ${config.networkPrefix}.97.201 tcp dport { 27020 } counter accept comment "ark survival evolved"
oifname "server" ip daddr ${config.networkPrefix}.97.201 udp dport { 7777, 7778, 27015 } counter accept comment "ark survival evolved"
# firefox-sync
oifname "server" ip daddr 10.42.97.51 tcp dport { 5000 } counter accept comment "firefox-sync"
oifname "server" ip daddr ${config.networkPrefix}.97.51 tcp dport { 5000 } counter accept comment "firefox-sync"
# allow all established, related
ct state { established, related } accept comment "Allow established traffic"
@@ -136,21 +136,22 @@
content = ''
chain prerouting {
type nat hook prerouting priority filter; policy accept;
iifname "server" ip daddr 10.42.96.255 udp dport { 9 } dnat to 10.42.96.255
iifname "wan" tcp dport { 22 } dnat to 10.42.97.50
iifname "wan" tcp dport { 80, 443 } dnat to 10.42.97.5
iifname "wan" tcp dport { 5000 } dnat to 10.42.97.51
iifname { "wan", "lan" } udp dport { 7777, 7778, 27015 } dnat to 10.42.97.201
iifname { "wan", "lan" } tcp dport { 27020 } dnat to 10.42.97.201
iifname "server" ip daddr ${config.networkPrefix}.96.255 udp dport { 9 } dnat to ${config.networkPrefix}.96.255
iifname "wan" tcp dport { 22 } dnat to ${config.networkPrefix}.97.50
iifname "wan" tcp dport { 80, 443 } dnat to ${config.networkPrefix}.97.5
iifname "wan" tcp dport { 5000 } dnat to ${config.networkPrefix}.97.51
iifname { "wan", "lan" } udp dport { 7777, 7778, 27015 } dnat to ${config.networkPrefix}.97.201
iifname { "wan", "lan" } tcp dport { 27020 } dnat to ${config.networkPrefix}.97.201
}
# Setup NAT masquerading on external interfaces
chain postrouting {
type nat hook postrouting priority filter; policy accept;
oifname { "wan", "wg_cloonar", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
iifname { "wan", "wg_cloonar" } ip daddr 10.42.97.50 masquerade
iifname { "wan", "wg_cloonar" } ip daddr 10.42.97.51 masquerade
iifname { "wan", "wg_cloonar" } ip daddr 10.42.97.201 masquerade
iifname { "lan", "wg_cloonar" } ip daddr ${config.networkPrefix}.110.101 masquerade
iifname { "wan", "wg_cloonar" } ip daddr ${config.networkPrefix}.97.50 masquerade
iifname { "wan", "wg_cloonar" } ip daddr ${config.networkPrefix}.97.51 masquerade
iifname { "wan", "wg_cloonar" } ip daddr ${config.networkPrefix}.97.201 masquerade
}
'';
};

9
hosts/fw/modules/foundry-vtt.nix
View File

@@ -2,6 +2,7 @@
let
foundry-vtt = pkgs.callPackage ../pkgs/foundry-vtt {};
cids = import ../modules/staticids.nix;
hostConfig = config;
in {
users.users.foundry-vtt = {
isSystemUser = true;
@@ -21,8 +22,8 @@ in {
ephemeral = true;
privateNetwork = true;
hostBridge = "server";
hostAddress = "10.42.97.1";
localAddress = "10.42.97.21/24";
hostAddress = "${hostConfig.networkPrefix}.97.1";
localAddress = "${hostConfig.networkPrefix}.97.21/24";
bindMounts = {
"/var/lib/foundry-vtt" = {
hostPath = "/var/lib/foundry-vtt";
@@ -34,10 +35,10 @@ in {
hostName = "foundry-vtt";
useHostResolvConf = false;
defaultGateway = {
address = "10.42.97.1";
address = "${hostConfig.networkPrefix}.97.1";
interface = "eth0";
};
nameservers = [ "10.42.97.1" ];
nameservers = [ "${hostConfig.networkPrefix}.97.1" ];
};
systemd.services.foundry-vtt = {
description = "Foundry VTT Server";

9
hosts/fw/modules/gitea.nix
View File

@@ -2,6 +2,7 @@
let
cids = import ../modules/staticids.nix;
domain = "git.cloonar.com";
networkPrefix = config.networkPrefix;
user = {
isSystemUser = true;
@@ -27,8 +28,8 @@ in
ephemeral = false; # because of ssh key
privateNetwork = true;
hostBridge = "server";
hostAddress = "10.42.97.1";
localAddress = "10.42.97.50/24";
hostAddress = "${networkPrefix}.97.1";
localAddress = "${networkPrefix}.97.50/24";
bindMounts = {
"/var/lib/gitea" = {
hostPath = "/var/lib/gitea/";
@@ -55,11 +56,11 @@ in
hostName = "git";
useHostResolvConf = false;
defaultGateway = {
address = "10.42.96.1";
address = "${networkPrefix}.96.1";
interface = "eth0";
};
firewall.enable = false;
nameservers = [ "10.42.97.1" ];
nameservers = [ "${networkPrefix}.97.1" ];
};
services.nginx.enable = true;

11
hosts/fw/modules/home-assistant/default.nix
View File

@@ -6,6 +6,7 @@ let
url = "https://github.com/nixos/nixpkgs/";
rev = "41dea55321e5a999b17033296ac05fe8a8b5a257";
}) {};
networkPrefix = config.networkPrefix;
in
{
users.users.hass = {
@@ -35,8 +36,8 @@ in
ephemeral = false;
privateNetwork = true;
hostBridge = "server";
hostAddress = "10.42.97.1";
localAddress = "10.42.97.20/24";
hostAddress = "${networkPrefix}.97.1";
localAddress = "${networkPrefix}.97.20/24";
extraFlags = [
"--capability=CAP_NET_ADMIN"
"--capability=CAP_MKNOD"
@@ -74,7 +75,9 @@ in
};
};
config = { lib, config, pkgs, ... }: {
networkPrefix = networkPrefix;
imports = [
../network-prefix.nix
./3dprinter.nix
./ac.nix
# ./aeg.nix
@@ -103,11 +106,11 @@ in
hostName = "home-assistant";
useHostResolvConf = false;
defaultGateway = {
address = "10.42.96.1";
address = "${networkPrefix}.96.1";
interface = "eth0";
};
firewall.enable = false;
nameservers = [ "10.42.97.1" ];
nameservers = [ "${networkPrefix}.97.1" ];
};
environment.systemPackages = [

15
hosts/fw/modules/home-assistant/light.nix
View File

@@ -71,6 +71,21 @@
action = [
{
choose = [
{
conditions = [ "{{ is_state('automation.light_sunset', 'off') }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 100;
color_temp = 250;
};
}
];
}
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.toilet_lights' }}" ];
sequence = [

4
hosts/fw/modules/home-assistant/pc.nix
View File

@@ -1,4 +1,4 @@
{
{ config, lib, ... }: {
services.home-assistant.extraComponents = [
"wake_on_lan"
];
@@ -41,7 +41,7 @@
service = "wake_on_lan.send_magic_packet";
data = {
mac = "04:7c:16:d5:63:5e";
broadcast_address = "10.42.96.5";
broadcast_address = "${config.networkPrefix}.96.5";
broadcast_port = 9;
};
}

9
hosts/fw/modules/network-prefix.nix Normal file
View File

@@ -0,0 +1,9 @@
{ lib, ... }: {
options = {
networkPrefix = lib.mkOption {
type = lib.types.str;
example = "10.42";
description = "First two octets of the network";
};
};
}

17
hosts/fw/modules/networking.nix
View File

@@ -1,4 +1,5 @@
{ ... }: {
{ config, lib, ... }:
{
boot.kernel.sysctl = {
# if you use ipv4, this is all you need
"net.ipv4.conf.all.forwarding" = true;
@@ -37,7 +38,7 @@
networking = {
useDHCP = false;
# Define VLANS
nameservers = [ "10.42.97.1" ];
nameservers = [ "${config.networkPrefix}.97.1" ];
# resolvconf.enable = false;
vlans = {
infrastructure = {
@@ -81,37 +82,37 @@
wan.useDHCP = true;
lan = {
ipv4.addresses = [{
address = "10.42.96.1";
address = "${config.networkPrefix}.96.1";
prefixLength = 24;
}];
};
server = {
ipv4.addresses = [{
address = "10.42.97.1";
address = "${config.networkPrefix}.97.1";
prefixLength = 24;
}];
};
infrastructure = {
ipv4.addresses = [{
address = "10.42.101.1";
address = "${config.networkPrefix}.101.1";
prefixLength = 24;
}];
};
multimedia = {
ipv4.addresses = [{
address = "10.42.99.1";
address = "${config.networkPrefix}.99.1";
prefixLength = 24;
}];
};
smart = {
ipv4.addresses = [{
address = "10.42.100.1";
address = "${config.networkPrefix}.100.1";
prefixLength = 24;
}];
};
guest = {
ipv4.addresses = [{
address = "10.42.254.1";
address = "${config.networkPrefix}.254.1";
prefixLength = 24;
}];
};

2
hosts/fw/modules/omada.nix
View File

@@ -21,7 +21,7 @@
extraOptions = [
"--network=server"
"--mac-address=1a:c4:04:6e:29:bd"
"--ip=10.42.97.2"
"--ip=${config.networkPrefix}.97.2"
];
};
};

8
hosts/fw/modules/podman.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
let
cids = import ../modules/staticids.nix;
json = pkgs.formats.json { };
@@ -20,7 +20,7 @@ in {
users.groups.podman.gid = cids.gids.podman;
virtualisation = {
# containers.containersConf.settings = {
# containers.dns_servers = [ "10.42.97.1" ];
# containers.dns_servers = [ "${config.networkPrefix}.97.1" ];
# };
podman = {
enable = true;
@@ -42,8 +42,8 @@ in {
dns_enabled = false;
subnets = [
{
subnet = "10.42.97.0/24";
gateway = "10.42.97.1";
subnet = "${config.networkPrefix}.97.0/24";
gateway = "${config.networkPrefix}.97.1";
}
];
ipam_options = {

12
hosts/fw/modules/setupnetwork.nix
View File

@@ -1,4 +1,4 @@
{ ... }: {
{ config, ... }: {
networking = {
vlans = {
setup = {
@@ -10,7 +10,7 @@
interfaces = {
setup = {
ipv4.addresses = [{
address = "10.42.110.1";
address = "${config.networkPrefix}.110.1";
prefixLength = 24;
}];
};
@@ -28,15 +28,15 @@
{
pools = [
{
pool = "10.42.110.100 - 10.42.110.240";
pool = "${config.networkPrefix}.110.100 - ${config.networkPrefix}.110.240";
}
];
subnet = "10.42.110.0/24";
subnet = "${config.networkPrefix}.110.0/24";
interface = "setup";
option-data = [
{
name = "routers";
data = "10.42.110.1";
data = "${config.networkPrefix}.110.1";
}
{
name = "domain-name";
@@ -48,7 +48,7 @@
}
{
name = "domain-name-servers";
data = "10.42.97.1";
data = "${config.networkPrefix}.97.1";
}
];
}

9
hosts/fw/modules/snapserver.nix
View File

@@ -1,6 +1,7 @@
{ pkgs, config, python3Packages, ... }:
let
domain = "snapcast.cloonar.com";
networkPrefix = config.networkPrefix;
snapweb = pkgs.stdenv.mkDerivation {
pname = "snapweb";
@@ -28,8 +29,8 @@ in
ephemeral = false; # because of ssh key
privateNetwork = true;
hostBridge = "server";
hostAddress = "10.42.97.1";
localAddress = "10.42.97.21/24";
hostAddress = "${networkPrefix}.97.1";
localAddress = "${networkPrefix}.97.21/24";
bindMounts = {
"/var/lib/acme/snapcast/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}";
@@ -53,10 +54,10 @@ in
hostName = "snapcast";
useHostResolvConf = false;
defaultGateway = {
address = "10.42.96.1";
address = "${networkPrefix}.96.1";
interface = "eth0";
};
nameservers = [ "10.42.97.1" ];
nameservers = [ "${networkPrefix}.97.1" ];
firewall.enable = false;
};
environment.etc = {

112
hosts/fw/modules/unbound.nix
View File

@@ -30,11 +30,11 @@ let
interface-automatic = "yes";
access-control = [
"127.0.0.0/8 allow"
"10.42.96.0/24 allow"
"10.42.97.0/24 allow"
"10.42.98.0/24 allow"
"10.42.99.0/24 allow"
"10.42.101.0/24 allow"
"${config.networkPrefix}.96.0/24 allow"
"${config.networkPrefix}.97.0/24 allow"
"${config.networkPrefix}.98.0/24 allow"
"${config.networkPrefix}.99.0/24 allow"
"${config.networkPrefix}.101.0/24 allow"
"0.0.0.0/0 allow"
];
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
@@ -44,23 +44,23 @@ let
"\"localhost.cloonar.com A 127.0.0.1\""
"\"localhost AAAA ::1\""
"\"localhost.cloonar.com AAAA ::1\""
"\"fw.cloonar.com A 10.42.97.1\""
"\"fw A 10.42.97.1\""
"\"fw.cloonar.com A ${config.networkPrefix}.97.1\""
"\"fw A ${config.networkPrefix}.97.1\""
"\"pc.cloonar.com IN A 10.42.96.5\""
"\"omada.cloonar.com IN A 10.42.97.2\""
"\"switch.cloonar.com IN A 10.42.97.10\""
"\"mopidy.cloonar.com IN A 10.42.97.21\""
"\"deconz.cloonar.com IN A 10.42.97.22\""
"\"brn30055c566237.cloonar.com IN A 10.42.96.100\""
"\"snapcast.cloonar.com IN A 10.42.97.21\""
"\"home-assistant.cloonar.com IN A 10.42.97.20\""
"\"web-02.cloonar.com IN A 10.42.97.5\""
"\"matrix.cloonar.com IN A 10.42.97.5\""
"\"element.cloonar.com IN A 10.42.97.5\""
"\"support.cloonar.com IN A 10.42.97.5\""
"\"git.cloonar.com IN A 10.42.97.50\""
"\"sync.cloonar.com IN A 10.42.97.51\""
"\"pc.cloonar.com IN A ${config.networkPrefix}.96.5\""
"\"omada.cloonar.com IN A ${config.networkPrefix}.97.2\""
"\"switch.cloonar.com IN A ${config.networkPrefix}.97.10\""
"\"mopidy.cloonar.com IN A ${config.networkPrefix}.97.21\""
"\"deconz.cloonar.com IN A ${config.networkPrefix}.97.22\""
"\"brn30055c566237.cloonar.com IN A ${config.networkPrefix}.96.100\""
"\"snapcast.cloonar.com IN A ${config.networkPrefix}.97.21\""
"\"home-assistant.cloonar.com IN A ${config.networkPrefix}.97.20\""
"\"web-02.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"matrix.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"element.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"support.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"git.cloonar.com IN A ${config.networkPrefix}.97.50\""
"\"sync.cloonar.com IN A ${config.networkPrefix}.97.51\""
"\"feeds.cloonar.com IN A 188.34.191.144\""
# "\"paraclub.cloonar.dev IN A 49.12.244.139\""
@@ -112,44 +112,44 @@ let
"\"web.hilgenberg-gmbh.de IN A 91.107.197.169\""
# gaming
"\"foundry-vtt.cloonar.com IN A 10.42.97.5\""
"\"foundry-vtt.cloonar.com IN A ${config.networkPrefix}.97.5\""
"\"deconz.cloonar.multimedia IN A 10.42.97.22\""
"\"metz.cloonar.multimedia IN A 10.42.99.10\""
# "\"ps5.cloonar.multimedia IN A 10.42.99.12\""
"\"xbox.cloonar.multimedia IN A 10.42.99.13\""
# "\"switch.cloonar.multimedia IN A 10.42.99.14\""
"\"deconz.cloonar.multimedia IN A ${config.networkPrefix}.97.22\""
"\"metz.cloonar.multimedia IN A ${config.networkPrefix}.99.10\""
# "\"ps5.cloonar.multimedia IN A ${config.networkPrefix}.99.12\""
"\"xbox.cloonar.multimedia IN A ${config.networkPrefix}.99.13\""
# "\"switch.cloonar.multimedia IN A ${config.networkPrefix}.99.14\""
#living room
"\"shellyuni-livingroom-1.cloonar.smart IN A 10.42.100.8\""
"\"shellyswitch25-livingroom-1.cloonar.smart IN A 10.42.100.9\""
"\"shellyplug-s-living-1.cloonar.smart IN A 10.42.100.10\""
"\"shellyplug-s-living-2.cloonar.smart IN A 10.42.100.11\""
"\"shellyuni-livingroom-1.cloonar.smart IN A ${config.networkPrefix}.100.8\""
"\"shellyswitch25-livingroom-1.cloonar.smart IN A ${config.networkPrefix}.100.9\""
"\"shellyplug-s-living-1.cloonar.smart IN A ${config.networkPrefix}.100.10\""
"\"shellyplug-s-living-2.cloonar.smart IN A ${config.networkPrefix}.100.11\""
# kitchen
"\"shellyplug-s-kitchen-1.cloonar.smart IN A 10.42.100.17\""
"\"shellyrgbw2-kitchen-1.cloonar.smart IN A 10.42.100.18\""
"\"shellyplug-s-kitchen-1.cloonar.smart IN A ${config.networkPrefix}.100.17\""
"\"shellyrgbw2-kitchen-1.cloonar.smart IN A ${config.networkPrefix}.100.18\""
#bedroom
"\"shelly1-bedroom-1.cloonar.smart IN A 10.42.100.33\""
"\"shellybutton1-bedroom-1.cloonar.smart IN A 10.42.100.34\""
"\"shellybutton1-bedroom-2.cloonar.smart IN A 10.42.100.35\"" # todo
"\"shellyrgbw2-bedroom-1.cloonar.smart IN A 10.42.100.36\""
"\"shellyrgbw2-bedroom-2.cloonar.smart IN A 10.42.100.37\""
"\"shellyrgbw2-bedroom-3.cloonar.smart IN A 10.42.100.38\""
"\"shelly1-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.33\""
"\"shellybutton1-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.34\""
"\"shellybutton1-bedroom-2.cloonar.smart IN A ${config.networkPrefix}.100.35\"" # todo
"\"shellyrgbw2-bedroom-1.cloonar.smart IN A ${config.networkPrefix}.100.36\""
"\"shellyrgbw2-bedroom-2.cloonar.smart IN A ${config.networkPrefix}.100.37\""
"\"shellyrgbw2-bedroom-3.cloonar.smart IN A ${config.networkPrefix}.100.38\""
# bath
"\"shellyswitch25-bath-1.cloonar.smart IN A 10.42.100.49\""
"\"shelly1pm-bath-1.cloonar.smart IN A 10.42.100.52\""
"\"shellyht-bath-1.cloonar.smart IN A 10.42.100.53\"" # todo
"\"shellyswitch25-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.49\""
"\"shelly1pm-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.52\""
"\"shellyht-bath-1.cloonar.smart IN A ${config.networkPrefix}.100.53\"" # todo
# hallway
"\"shelly1-hallway-1.cloonar.smart IN A 10.42.100.65\""
"\"shellyem3.cloonar.smart IN A 10.42.100.70\""
"\"shellypro-1.cloonar.smart IN A 10.42.100.71\""
"\"shellypro-2.cloonar.smart IN A 10.42.100.72\""
"\"shelly1-hallway-1.cloonar.smart IN A ${config.networkPrefix}.100.65\""
"\"shellyem3.cloonar.smart IN A ${config.networkPrefix}.100.70\""
"\"shellypro-1.cloonar.smart IN A ${config.networkPrefix}.100.71\""
"\"shellypro-2.cloonar.smart IN A ${config.networkPrefix}.100.72\""
# toilet
"\"shelly1-toilet-1.cloonar.smart IN A 10.42.100.81\""
"\"shellybulbduo-toilet-1.cloonar.smart IN A 10.42.100.82\""
"\"shelly1-toilet-1.cloonar.smart IN A ${config.networkPrefix}.100.81\""
"\"shellybulbduo-toilet-1.cloonar.smart IN A ${config.networkPrefix}.100.82\""
# storage
"\"shelly1-storage-1.cloonar.smart IN A 10.42.100.97\""
"\"shellyplug-storage-1.cloonar.smart IN A 10.42.100.98\""
"\"brn30055c566237.cloonar.multimedia IN A 10.42.99.100\""
"\"shelly1-storage-1.cloonar.smart IN A ${config.networkPrefix}.100.97\""
"\"shellyplug-storage-1.cloonar.smart IN A ${config.networkPrefix}.100.98\""
"\"brn30055c566237.cloonar.multimedia IN A ${config.networkPrefix}.99.100\""
"\"ddl-warez.to IN A 172.67.184.30\""
"\"cdnjs.cloudflare.com IN A 104.17.24.14\""
@@ -157,11 +157,11 @@ let
local-data-ptr = [
"\"127.0.0.1 localhost\""
"\"::1 localhost\""
"\"10.42.97.1 fw.cloonar.com\""
"\"10.42.97.20 home-assistant.cloonar.com\""
"\"10.42.97.21 snapcast.cloonar.com\""
"\"10.42.97.22 deconz.cloonar.com\""
"\"10.42.97.50 git.cloonar.com\""
"\"${config.networkPrefix}.97.1 fw.cloonar.com\""
"\"${config.networkPrefix}.97.20 home-assistant.cloonar.com\""
"\"${config.networkPrefix}.97.21 snapcast.cloonar.com\""
"\"${config.networkPrefix}.97.22 deconz.cloonar.com\""
"\"${config.networkPrefix}.97.50 git.cloonar.com\""
"\"10.254.235.22 stage.wsw.at\""
"\"10.254.217.23 prod.wsw.at\""

9
hosts/fw/modules/web/default.nix
View File

@@ -49,6 +49,7 @@ in {
imports = [
"${impermanence}/nixos.nix"
../network-prefix.nix
../../utils/modules/sops.nix
../../utils/modules/lego/lego.nix
# ../../utils/modules/borgbackup.nix
@@ -58,13 +59,15 @@ in {
./matrix.nix
];
networkPrefix = config.networkPrefix;
time.timeZone = "Europe/Vienna";
systemd.network.networks."10-lan" = {
matchConfig.PermanentMACAddress = "02:00:00:00:01:01";
address = [ "10.42.97.5/24" ];
gateway = [ "10.42.97.1" ];
dns = [ "10.42.97.1" ];
address = [ "${config.networkPrefix}.97.5/24" ];
gateway = [ "${config.networkPrefix}.97.1" ];
dns = [ "${config.networkPrefix}.97.1" ];
};
fileSystems."/persist".neededForBoot = lib.mkForce true;

4
hosts/fw/modules/web/proxies.nix
View File

@@ -1,4 +1,4 @@
{ ... }: {
{ config, lib, ... }: {
services.nginx.virtualHosts."git.cloonar.com" = {
forceSSL = true;
enableACME = true;
@@ -12,7 +12,7 @@
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://10.42.97.21:30000";
proxyPass = "http://${config.networkPrefix}.97.21:30000";
proxyWebsockets = true;
};
};

6
hosts/fw/modules/wireguard.nix
View File

@@ -8,18 +8,18 @@
networking.wireguard.interfaces = {
wg_cloonar = {
ips = [ "10.42.98.1/24" ];
ips = [ "${config.networkPrefix}.98.1/24" ];
listenPort = 51820;
# publicKey: TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=
privateKeyFile = config.sops.secrets.wg_cloonar_key.path;
peers = [
{ # Notebook
publicKey = "YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=";
allowedIPs = [ "10.42.98.201/32" ];
allowedIPs = [ "${config.networkPrefix}.98.201/32" ];
}
{ # iPhone
publicKey = "nkm10abmwt2G8gJXnpqel6QW5T8aSaxiqqGjE8va/A0=";
allowedIPs = [ "10.42.98.202/32" ];
allowedIPs = [ "${config.networkPrefix}.98.202/32" ];
}
];
};

2
hosts/fw/modules/wol.nix
View File

@@ -3,7 +3,7 @@ let
wolScript = pkgs.writeScriptBin "wol-script" ''
case $1 in
"gaming")
${pkgs.wol}/bin/wol -i 10.42.96.255 78:8c:b5:fe:41:62
${pkgs.wol}/bin/wol -i ${config.networkPrefix}.96.255 78:8c:b5:fe:41:62
};
"") echo "Usage: $0 <hostname>"; exit 1;;
esac