diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index a1c89df..cbe9390 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -46,8 +46,9 @@ ./modules/snapserver.nix # gaming - ./modules/palworld.nix + # ./modules/palworld.nix # ./modules/ark-survival-evolved.nix + ./modules/foundry-vtt.nix # setup network ./modules/setupnetwork.nix diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix index 50ddbb6..7f0e90c 100644 --- a/hosts/fw.cloonar.com/modules/dhcp4.nix +++ b/hosts/fw.cloonar.com/modules/dhcp4.nix @@ -57,7 +57,13 @@ ip-address = "10.42.96.100"; server-hostname = "brn30055c566237.cloonar.com"; } + { + hw-address = "24:df:a7:b1:1b:74"; + ip-address = "10.42.96.101"; + server-hostname = "rmproplus-b1-1b-74.cloonar.com"; + } ]; + } { pools = [ @@ -246,113 +252,16 @@ } ]; reservations = [ - # need fixed ips for all shelly devices - # living room 1 - 14 - # 10.42.100.8 # piano - # 10.42.100.9 # switch - # 10.42.100.10 # steamdeck - # kitchen: - # 10.42.100.17 # coffee - # 10.42.100.18 # bar - # bedroom: - # 10.42.100.33 # switch - # 10.42.100.34 # button1 - # 10.42.100.35 # button2 - # 10.42.100.36 # readingled1 - # 10.42.100.37 # readingled2 - # 10.42.100.38 # bedled - # bath: - # 10.42.100.52 # smallswitch - # 10.42.100.53 # ht - # hallway: - # 10.42.100.65 # switch - # toilet: - # 10.42.100.81 # switch - # 10.42.100.82 # bulb - # storage: - # 10.42.100.97 # switch - { hw-address = "fc:ee:28:03:63:e9"; ip-address = "10.42.100.148"; server-hostname = "k1c"; } - { - hw-address = "60:a4:23:97:4a:ec"; - ip-address = "10.42.100.21"; - server-hostname = "shellymotionsensor-60A423974AEC"; - } - { - hw-address = "8c:aa:b5:61:6f:e2"; - ip-address = "10.42.100.103"; - server-hostname = "ShellyBulbDuo-8CAAB5616FE2"; - } - { - hw-address = "8c:aa:b5:61:6e:9e"; - ip-address = "10.42.100.104"; - server-hostname = "ShellyBulbDuo-8CAAB5616E9E"; - } { hw-address = "cc:50:e3:bc:27:64"; ip-address = "10.42.100.112"; server-hostname = "Nuki_Bridge_1A753F72"; } - { - hw-address = "e8:db:84:a9:ea:be"; - ip-address = "10.42.100.117"; - server-hostname = "ShellyBulbDuo-E8DB84A9EABE"; - } - { - hw-address = "e8:db:84:a9:d1:8b"; - ip-address = "10.42.100.119"; - server-hostname = "shellycolorbulb-E8DB84A9D18B"; - } - { - hw-address = "3c:61:05:e5:96:e0"; - ip-address = "10.42.100.120"; - server-hostname = "shellycolorbulb-3C6105E596E0"; - } - { - hw-address = "e8:db:84:a9:d7:ef"; - ip-address = "10.42.100.121"; - server-hostname = "shellycolorbulb-E8DB84A9D7EF"; - } - { - hw-address = "e8:db:84:aa:51:aa"; - ip-address = "10.42.100.122"; - server-hostname = "shellycolorbulb-E8DB84AA51AA"; - } - - { - hw-address = "34:94:54:79:bc:57"; - ip-address = "10.42.100.130"; - server-hostname = "shellycolorbulb-34945479bc57"; - } - { - hw-address = "48:55:19:d9:a1:b2"; - ip-address = "10.42.100.131"; - server-hostname = "shellycolorbulb-485519d9a1b2"; - } - { - hw-address = "48:55:19:d9:ae:95"; - ip-address = "10.42.100.132"; - server-hostname = "shellycolorbulb-485519d9ae95"; - } - { - hw-address = "48:55:19:d9:4a:28"; - ip-address = "10.42.100.133"; - server-hostname = "shellycolorbulb-485519d94a28"; - } - { - hw-address = "48:55:19:da:6b:6a"; - ip-address = "10.42.100.134"; - server-hostname = "shellycolorbulb-485519da6b6a"; - } - { - hw-address = "48:55:19:d9:e0:18"; - ip-address = "10.42.100.135"; - server-hostname = "shellycolorbulb-485519d9e018"; - } { hw-address = "34:6f:24:f3:af:ad"; diff --git a/hosts/fw.cloonar.com/modules/foundry-vtt.nix b/hosts/fw.cloonar.com/modules/foundry-vtt.nix new file mode 100644 index 0000000..05d514c --- /dev/null +++ b/hosts/fw.cloonar.com/modules/foundry-vtt.nix @@ -0,0 +1,77 @@ +{ config, pkgs, ... }: +let + foundry-vtt = pkgs.callPackage ../pkgs/foundry-vtt {}; + cids = import ../modules/staticids.nix; +in { + users.users.foundry-vtt = { + isSystemUser = true; + uid = cids.uids.foundry-vtt; + home = "/var/lib/foundry-vtt"; + group = "foundry-vtt"; + createHome = true; + }; + + users.groups.foundry-vtt = { + gid = cids.gids.foundry-vtt; + }; + + + containers.foundry-vtt = { + autoStart = true; + ephemeral = true; + privateNetwork = true; + hostBridge = "server"; + hostAddress = "10.42.97.1"; + localAddress = "10.42.97.21/24"; + bindMounts = { + "/var/lib/foundry-vtt" = { + hostPath = "/var/lib/foundry-vtt"; + isReadOnly = false; + }; + }; + config = { lib, config, pkgs, ... }: { + networking = { + hostName = "foundry-vtt"; + useHostResolvConf = false; + defaultGateway = { + address = "10.42.97.1"; + interface = "eth0"; + }; + nameservers = [ "10.42.97.1" ]; + }; + systemd.services.foundry-vtt = { + description = "Foundry VTT Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + NODE_ENV = "production"; + }; + serviceConfig = { + ExecStart = "${pkgs.nodejs}/bin/node ${foundry-vtt}/share/foundry-vtt/resources/app/main.js --dataPath=${config.users.users.foundry-vtt.home}"; + Restart = "always"; + User = "foundry-vtt"; + WorkingDirectory = "${config.users.users.foundry-vtt.home}"; + }; + }; + + users.users.foundry-vtt = { + isSystemUser = true; + uid = cids.uids.foundry-vtt; + home = "/var/lib/foundry-vtt"; + group = "foundry-vtt"; + }; + + users.groups.foundry-vtt = { + gid = cids.gids.foundry-vtt; + }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 30000 ]; + }; + + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/hosts/fw.cloonar.com/modules/gitea-vm.nix b/hosts/fw.cloonar.com/modules/gitea-vm.nix index 6da9b20..b9c65b5 100644 --- a/hosts/fw.cloonar.com/modules/gitea-vm.nix +++ b/hosts/fw.cloonar.com/modules/gitea-vm.nix @@ -1,162 +1,226 @@ -{ nixpkgs, pkgs, ... }: let - hostname = "git-02"; - json = pkgs.formats.json { }; +{ lib, nixpkgs, pkgs, ... }: let + # hostname = "git-02"; + # json = pkgs.formats.json { }; + runners = ["git-runner-1" "git-runner-2"]; + indexedRunners = lib.lists.imap1 (i: v: { name=v; value=i; }) runners; in { - microvm.vms = { - # gitea = { - # config = { - # microvm = { - # hypervisor = "cloud-hypervisor"; - # shares = [ - # { - # source = "/nix/store"; - # mountPoint = "/nix/.ro-store"; - # tag = "ro-store"; - # proto = "virtiofs"; - # } - # { - # source = "/var/lib/acme/git.cloonar.com"; - # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; - # tag = "ro-cert"; - # proto = "virtiofs"; - # } - # ]; - # interfaces = [ - # { - # type = "tap"; - # id = "vm-${hostname}"; - # mac = "02:00:00:00:00:01"; - # } - # ]; - # }; - # - # imports = [ - # ../fleet.nix - # ]; - # - # environment.systemPackages = with pkgs; [ - # vim # my preferred editor - # ]; - # - # networking = { - # hostName = hostname; - # firewall = { - # enable = true; - # allowedTCPPorts = [ 22 80 443 ]; - # }; - # }; - # - # services.nginx.enable = true; - # services.nginx.virtualHosts."${hostname}.cloonar.com" = { - # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; - # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; - # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://localhost:3001/"; - # }; - # }; - # - # services.gitea = { - # enable = true; - # appName = "Cloonar Gitea server"; # Give the site a name - # settings = { - # server = { - # ROOT_URL = "https://${hostname}.cloonar.com/"; - # HTTP_PORT = 3001; - # DOMAIN = "${hostname}.cloonar.com"; - # }; - # openid = { - # ENABLE_OPENID_SIGNIN = true; - # ENABLE_OPENID_SIGNUP = true; - # WHITELISTED_URIS = "auth.cloonar.com"; - # }; - # service = { - # DISABLE_REGISTRATION = true; - # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - # SHOW_REGISTRATION_BUTTON = false; - # }; - # actions.ENABLED=true; - # }; - # }; - # - # services.openssh.enable = true; - # users.users.root.openssh.authorizedKeys.keys = [ - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - # ]; - # - # system.stateVersion = "22.05"; - # }; - # }; - - gitea-runner = { - config = { - microvm = { - mem = 12288; - shares = [ - { - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - { - source = "/run/secrets"; - mountPoint = "/run/secrets"; - tag = "ro-token"; - proto = "virtiofs"; - } - ]; - volumes = [ - { - image = "rootfs.img"; - mountPoint = "/"; - size = 102400; - } - ]; - interfaces = [ - { - type = "tap"; - id = "vm-gitea-runner"; - mac = "02:00:00:00:00:02"; - } - ]; - }; - - environment.systemPackages = with pkgs; [ - vim # my preferred editor + microvm.vms = lib.mapAttrs (runner: idx: { + config = { + microvm = { + mem = 4048; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/run/secrets"; + mountPoint = "/run/secrets"; + tag = "ro-token"; + proto = "virtiofs"; + } ]; + volumes = [ + { + image = "rootfs.img"; + mountPoint = "/"; + size = 51200; + } + ]; + interfaces = [ + { + type = "tap"; + id = "vm-${runner}"; + mac = "02:00:00:00:00:0${toString idx}"; + } + ]; + }; - networking.hostName = "gitea-runner"; + networking.hostName = runner; - virtualisation.podman.enable = true; + virtualisation.podman.enable = true; - services.gitea-actions-runner.instances.vm = { - enable = true; - url = "https://git.cloonar.com"; - name = "vm"; - tokenFile = "/run/secrets/gitea-runner-token"; - labels = [ - "ubuntu-latest:docker://shivammathur/node:latest" - ]; - settings = { - container = { - network = "podman"; - }; + services.gitea-actions-runner.instances.${runner} = { + enable = true; + url = "https://git.cloonar.com"; + name = runner; + tokenFile = "/run/secrets/gitea-runner-token"; + labels = [ + "ubuntu-latest:docker://shivammathur/node:latest" + ]; + settings = { + container = { + network = "podman"; }; }; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - ]; - - system.stateVersion = "22.05"; }; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + ]; + + system.stateVersion = "22.05"; }; - }; + }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); + + # microvm.vms = { + # gitea = { + # config = { + # microvm = { + # hypervisor = "cloud-hypervisor"; + # shares = [ + # { + # source = "/nix/store"; + # mountPoint = "/nix/.ro-store"; + # tag = "ro-store"; + # proto = "virtiofs"; + # } + # { + # source = "/var/lib/acme/git.cloonar.com"; + # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; + # tag = "ro-cert"; + # proto = "virtiofs"; + # } + # ]; + # interfaces = [ + # { + # type = "tap"; + # id = "vm-${hostname}"; + # mac = "02:00:00:00:00:01"; + # } + # ]; + # }; + # + # imports = [ + # ../fleet.nix + # ]; + # + # environment.systemPackages = with pkgs; [ + # vim # my preferred editor + # ]; + # + # networking = { + # hostName = hostname; + # firewall = { + # enable = true; + # allowedTCPPorts = [ 22 80 443 ]; + # }; + # }; + # + # services.nginx.enable = true; + # services.nginx.virtualHosts."${hostname}.cloonar.com" = { + # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; + # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; + # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://localhost:3001/"; + # }; + # }; + # + # services.gitea = { + # enable = true; + # appName = "Cloonar Gitea server"; # Give the site a name + # settings = { + # server = { + # ROOT_URL = "https://${hostname}.cloonar.com/"; + # HTTP_PORT = 3001; + # DOMAIN = "${hostname}.cloonar.com"; + # }; + # openid = { + # ENABLE_OPENID_SIGNIN = true; + # ENABLE_OPENID_SIGNUP = true; + # WHITELISTED_URIS = "auth.cloonar.com"; + # }; + # service = { + # DISABLE_REGISTRATION = true; + # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + # SHOW_REGISTRATION_BUTTON = false; + # }; + # actions.ENABLED=true; + # }; + # }; + # + # services.openssh.enable = true; + # users.users.root.openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + # ]; + # + # system.stateVersion = "22.05"; + # }; + # }; + # + # gitea-runner-1 = { + # config = { + # microvm = { + # mem = 4048; + # shares = [ + # { + # source = "/nix/store"; + # mountPoint = "/nix/.ro-store"; + # tag = "ro-store"; + # proto = "virtiofs"; + # } + # { + # source = "/run/secrets"; + # mountPoint = "/run/secrets"; + # tag = "ro-token"; + # proto = "virtiofs"; + # } + # ]; + # volumes = [ + # { + # image = "rootfs.img"; + # mountPoint = "/"; + # size = 102400; + # } + # ]; + # interfaces = [ + # { + # type = "tap"; + # id = "vm-gitea-runner-1"; + # mac = "02:00:00:00:00:02"; + # } + # ]; + # }; + # + # environment.systemPackages = with pkgs; [ + # vim # my preferred editor + # ]; + # + # networking.hostName = "gitea-runner"; + # + # virtualisation.podman.enable = true; + # + # services.gitea-actions-runner.instances.vm = { + # enable = true; + # url = "https://git.cloonar.com"; + # name = "vm"; + # tokenFile = "/run/secrets/gitea-runner-token"; + # labels = [ + # "ubuntu-latest:docker://shivammathur/node:latest" + # ]; + # settings = { + # container = { + # network = "podman"; + # }; + # }; + # }; + # + # services.openssh.enable = true; + # users.users.root.openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + # ]; + # + # system.stateVersion = "22.05"; + # }; + # }; + # }; sops.secrets.gitea-runner-token = {}; diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index 5d80797..0b48ffc 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -92,6 +92,7 @@ in DISABLE_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; + ENABLE_NOTIFY_MAIL = true; }; mailer = { ENABLED = true; diff --git a/hosts/fw.cloonar.com/modules/staticids.nix b/hosts/fw.cloonar.com/modules/staticids.nix index 12fee94..498d9db 100644 --- a/hosts/fw.cloonar.com/modules/staticids.nix +++ b/hosts/fw.cloonar.com/modules/staticids.nix @@ -4,11 +4,13 @@ gitea = 10002; gitea-runner = 10003; podman = 10004; + foundry-vtt = 10005; }; gids = { unbound = 10001; gitea = 10002; gitea-runner = 10003; podman = 10004; + foundry-vtt = 10005; }; } diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 26dc0f7..c566859 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -111,6 +111,9 @@ let "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" + # gaming + "\"foundry-vtt.cloonar.com IN A 10.42.97.5\"" + "\"deconz.cloonar.multimedia IN A 10.42.97.22\"" "\"metz.cloonar.multimedia IN A 10.42.99.10\"" # "\"ps5.cloonar.multimedia IN A 10.42.99.12\"" @@ -270,12 +273,12 @@ in { do if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then echo ''\${hostname} ''\$2 ''\${address} - unbound-control local_data ''\${hostname} ''\$2 ''\${address} + unbound-control local_data ''\${hostname} ''\$2 ''\${address} > /dev/null 2>&1 if [[ "''\$2" == "A" ]] ; then echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 do - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 done fi else @@ -291,14 +294,14 @@ in { domain=cloonar.smart fi if [[ "''\${hostname}" != *. ]]; then - unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} + unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 else - unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} + unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 fi fi - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 done fi fi diff --git a/hosts/fw.cloonar.com/modules/web/default.nix b/hosts/fw.cloonar.com/modules/web/default.nix index f9afea1..bf2fce6 100644 --- a/hosts/fw.cloonar.com/modules/web/default.nix +++ b/hosts/fw.cloonar.com/modules/web/default.nix @@ -42,7 +42,7 @@ in { { type = "tap"; id = "vm-${hostname}"; - mac = "02:00:00:00:00:03"; + mac = "02:00:00:00:01:01"; } ]; }; @@ -53,7 +53,7 @@ in { ../../utils/modules/lego/lego.nix # ../../utils/modules/borgbackup.nix - # ./zammad.nix + ./zammad.nix ./proxies.nix ./matrix.nix ]; @@ -61,7 +61,7 @@ in { time.timeZone = "Europe/Vienna"; systemd.network.networks."10-lan" = { - matchConfig.PermanentMACAddress = "02:00:00:00:00:03"; + matchConfig.PermanentMACAddress = "02:00:00:00:01:01"; address = [ "10.42.97.5/24" ]; gateway = [ "10.42.97.1" ]; dns = [ "10.42.97.1" ]; diff --git a/hosts/fw.cloonar.com/modules/web/matrix.nix b/hosts/fw.cloonar.com/modules/web/matrix.nix index 93a1727..4c9cb7f 100644 --- a/hosts/fw.cloonar.com/modules/web/matrix.nix +++ b/hosts/fw.cloonar.com/modules/web/matrix.nix @@ -418,7 +418,7 @@ in { permissions."*" = "relay"; permissions."cloonar.com" = "user"; relay.enabled = true; - restricted_rooms = true; + restricted_rooms = false; encryption = { allow = true; default = true; diff --git a/hosts/fw.cloonar.com/modules/web/proxies.nix b/hosts/fw.cloonar.com/modules/web/proxies.nix index ae3dd6c..cf0f234 100644 --- a/hosts/fw.cloonar.com/modules/web/proxies.nix +++ b/hosts/fw.cloonar.com/modules/web/proxies.nix @@ -7,4 +7,13 @@ proxyPass = "https://git.cloonar.com/"; }; }; + services.nginx.virtualHosts."foundry-vtt.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://10.42.97.21:30000"; + proxyWebsockets = true; + }; + }; } diff --git a/hosts/fw.cloonar.com/pkgs/foundry-vtt/FoundryVTT-12.331.zip b/hosts/fw.cloonar.com/pkgs/foundry-vtt/FoundryVTT-12.331.zip new file mode 100644 index 0000000..dca1421 Binary files /dev/null and b/hosts/fw.cloonar.com/pkgs/foundry-vtt/FoundryVTT-12.331.zip differ diff --git a/hosts/fw.cloonar.com/pkgs/foundry-vtt/default.nix b/hosts/fw.cloonar.com/pkgs/foundry-vtt/default.nix new file mode 100644 index 0000000..69a34c5 --- /dev/null +++ b/hosts/fw.cloonar.com/pkgs/foundry-vtt/default.nix @@ -0,0 +1,25 @@ +{ stdenv, lib, unzip }: + +stdenv.mkDerivation rec { + pname = "foundry-vtt"; + version = "12.331"; + + src = ./FoundryVTT-12.331.zip; + + nativeBuildInputs = [ unzip ]; + + unpackPhase = '' + unzip $src + ''; + + installPhase = '' + mkdir -p $out/share/foundry-vtt + cp -r . $out/share/foundry-vtt + ''; + + meta = with lib; { + description = "Tabletop simulator"; + license = licenses.mit; # Adjust as needed + platforms = platforms.all; + }; +} diff --git a/hosts/fw.cloonar.com/secrets.yaml b/hosts/fw.cloonar.com/secrets.yaml index 63336d9..9c0f73d 100644 --- a/hosts/fw.cloonar.com/secrets.yaml +++ b/hosts/fw.cloonar.com/secrets.yaml @@ -7,8 +7,8 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str] wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str] gitea-mailer-password: ENC[AES256_GCM,data:M4qCWNt1oQVJzxThIjocm2frwuVMyx+69TBpke25RwxJxEQnvHL1CM579OVroTm7+gGE/oOJqAwDIepfiDtyM1xm,iv:jayFZMbu3uDimS/rIKZSeoU0MsYwWp880iEMs1oQE4k=,tag:qGDncRkyuCWaELhcxUrqtQ==,type:str] -gitea-runner: ENC[AES256_GCM,data:IRx9QzbLJrkF/DYvpVf2012BiSBnHZJe10opkRO2kJuegdb0denW3mvmnU4isoj7jO/0QyN6HZHlHb5ihC7fFl4LavPDVjAAhZPynkpDw9IHFeqZDUSPzxQsq7FibKmfEpEmWEz+Npe8JI1kl694XYV/kqErKa3JrZS7Jm8zFcv7DSY/V5bdy4Is8ZSRtHiP/aVzFdsvjwtissCDnCl7zRZjXUcN0FssvPHBZHxLuc68EoagIw1aVSzkvSVBXer4rFdlefjskFelRnUr3pvm188=,iv:VnvPFDFGz/QyfQmZxQFB3J2ReqaHdRaypb2Vnq7Dthw=,tag:19rx0nlmXLj/6yPRAFGigA==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:Nd0vsnuJficsdZaqeBZXa9vD7PLMdDtV9sMX0TxUSEMNU7Reu3HLCWuvP0easPU=,iv:4mrfQc1tobg/QiExUuWST6iU9TdNwiS1BMmOnQqCFZU=,tag:85aRoD3IkRq3mcoPdLKaBQ==,type:str] +gitea-runner: ENC[AES256_GCM,data:NYG3qRLiMjmfA+oHYBXBbxpuX2ZjB/VgvLaS7yr5kJeDN/NukB/B3OZcEfsUWgbBS5IsLENESngWTFmK4W3htN4lSqdg/g4UsUr20beNov+pbyPN05rkBYmSCZZFwZ1L9POEE4GF4LuuoNpDlWIw0mrA8oV8MoI4W5QS2IGranBTIQQaYXU5TEGYa4XMVo4oC75iuH6DIq1KD6OgFAfMhm/wlbP8CP/Iaw2K8CNPxktk93pm3OSmggf22Z4JPEnvV25sc9iBkxLkDk9FXYFys0g=,iv:UzL5ncVOC/loJwcFSG1QJHnzLp3il4Hf3qDwLWxrIlo=,tag:w0Zn/E+02KyAsPXZdOLrew==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:HpBjLS10w78ihbnAUrlCRGvwrXLBYKH5v/P7XggoUSWLoAazSVQArABxaK7PJas=,iv:q3Y6jV0gmug06O0EYqGVyIJ4AvMGr2ydwY17YKxo0Qw=,tag:Ws5HLbdaeYGGXzDZW/FX4w==,type:str] home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str] home-assistant-secrets.yaml: ENC[AES256_GCM,data:m7uOVo7hPk/RmqqRS6y7NKoMKsR9Bdi1ntatsZdDOAbJMjZmZL2FgPEHi/zF73zCfRfTOca3dwpulR3WXZ9Ic1sbUIggmusJMg4Gellw1CUhx7SbQN5nieAbPbB9GVxMuV4OakD1u7Swz8JggDT6IwojSnuD5omCRCyUH1wvKB+Re59q6EStderlm5MJNVFlVrbKVbLKLcw4yRgTh34BGnTTjcJmgSlQjO1ciu2B7YQmdl0Fw6d8AdbEzgB5TFG5ONc85UhJDE8Wlw==,iv:GCtpcVChN2UMWtfnWURozCfVj2YbRPqp/bH4Jjntybs=,tag:pcxP7gTBtXMNT5iyW5YXTw==,type:str] matrix-shared-secret: ENC[AES256_GCM,data:67imd3m6WBeGP/5Msmjy8B6sP983jMyWzRIzWgNVV5jZslX+GBJyEYzm3OTDs1iTZf4ScvuYheTH0QFPfw==,iv:7ElCpESWumbIHmmFaedcpkFm5M58ZT3vW9wb9e1Sbh4=,tag:wr4FIymtJBtCerVqae+Xlw==,type:str] @@ -57,8 +57,8 @@ sops: WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T19:36:40Z" - mac: ENC[AES256_GCM,data:Fn/YkHb9qwTRpm8KfII+rwHEvrZ+en4AzTqkrsubR1o+7cQ3NZkU1/DOLxTz/CJ4Eq68scg0rYr+0Q1FI27ypoYwQR5+8K9RDJkIM5JDt1afovx4UysyP8peLL+Ccl27YRGbjWGrprzF5oWUWee0nztI4H6+R9NyYdCZ0JVo8/8=,iv:DwmsWE4d4aTxy/1wCP7wWm+TtZ0VEmF0TVY+8G66ZEs=,tag:mRNUTlrCKusvlWasio78YA==,type:str] + lastmodified: "2024-11-20T21:39:00Z" + mac: ENC[AES256_GCM,data:JCFvFwSqnAQCOB76n5pfQsdsaod8bBiVZ2VY+WWBDWi84gQByhqy808E2ZZJSJ1/amUi8dNBeOPNWZIGdieuWJyatrqjWziAl7gXx5u35i77sS6hAD+G/Fc/elgRbjc0VIbplZ7UxBmwo3vkVpI4RqQiQv63MvKHI+TkoY8vFUM=,iv:uy50x8FqqDW7hCLZeHfhFB/dxa3N6kM2Vj9waAZJngg=,tag:Wt1FG0kW4VFZ2fvvAC0T4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nb-new.cloonar.com/modules/nvim/default.nix b/hosts/nb-new.cloonar.com/modules/nvim/default.nix index 4a37415..e281ce2 100644 --- a/hosts/nb-new.cloonar.com/modules/nvim/default.nix +++ b/hosts/nb-new.cloonar.com/modules/nvim/default.nix @@ -16,6 +16,7 @@ configure = { packages.myPlugins = with pkgs.vimPlugins; { start = [ + bigfile-nvim bufferline-nvim catppuccin-nvim cmp-buffer diff --git a/hosts/nb-new.cloonar.com/modules/sway/sway.conf b/hosts/nb-new.cloonar.com/modules/sway/sway.conf index 185c374..ed98287 100644 --- a/hosts/nb-new.cloonar.com/modules/sway/sway.conf +++ b/hosts/nb-new.cloonar.com/modules/sway/sway.conf @@ -11,10 +11,10 @@ font pango:Source Sans Pro 14 set $mod Mod4 # use these keys for focus, movement, and resize directions -set $left h -set $down j -set $up k -set $right l +set $left j +set $down h +set $up l +set $right k # define names for workspaces set $ws1 "1: " diff --git a/hosts/nb-new.cloonar.com/modules/sway/sway.nix b/hosts/nb-new.cloonar.com/modules/sway/sway.nix index 80c92dd..02bc4f6 100644 --- a/hosts/nb-new.cloonar.com/modules/sway/sway.nix +++ b/hosts/nb-new.cloonar.com/modules/sway/sway.nix @@ -32,7 +32,7 @@ let url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz"; }) {}; ddev-pin = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/d4f247e89f6e10120f911e2e2d2254a050d0f732.tar.gz"; + url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz"; }) {}; in { imports = [ diff --git a/hosts/nb-new.cloonar.com/users/dominik.nix b/hosts/nb-new.cloonar.com/users/dominik.nix index 90a5e4c..1cf5bea 100644 --- a/hosts/nb-new.cloonar.com/users/dominik.nix +++ b/hosts/nb-new.cloonar.com/users/dominik.nix @@ -497,11 +497,16 @@ in icon = "fingerprint"; id = 1; }; - "cloonar" = { - color = "purple"; + "cloonar technologies" = { + color = "red"; icon = "briefcase"; id = 2; }; + "cloonar eu" = { + color = "purple"; + icon = "briefcase"; + id = 4; + }; "epicenter.works" = { color = "blue"; icon = "briefcase"; @@ -624,16 +629,12 @@ in TERM = "xterm-256color"; }; }; - "*.social-grow.tech" = { - user = "root"; # prod - identityFile = "~/.ssh/social-grow.tech_id_ed25519"; + "amz-websrv-01.amz.at" = { + user = "ebs"; setEnv = { TERM = "xterm-256color"; }; }; - "amz-websrv-01.amz.at" = { - user = "ebs"; - }; "u149513.your-backup.de" = { user = "u149513"; # user = "u149513-sub2"; # fw.cloonar.com