diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index cbe9390..a1c89df 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -46,9 +46,8 @@ ./modules/snapserver.nix # gaming - # ./modules/palworld.nix + ./modules/palworld.nix # ./modules/ark-survival-evolved.nix - ./modules/foundry-vtt.nix # setup network ./modules/setupnetwork.nix diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix index 7f0e90c..50ddbb6 100644 --- a/hosts/fw.cloonar.com/modules/dhcp4.nix +++ b/hosts/fw.cloonar.com/modules/dhcp4.nix @@ -57,13 +57,7 @@ ip-address = "10.42.96.100"; server-hostname = "brn30055c566237.cloonar.com"; } - { - hw-address = "24:df:a7:b1:1b:74"; - ip-address = "10.42.96.101"; - server-hostname = "rmproplus-b1-1b-74.cloonar.com"; - } ]; - } { pools = [ @@ -252,16 +246,113 @@ } ]; reservations = [ + # need fixed ips for all shelly devices + # living room 1 - 14 + # 10.42.100.8 # piano + # 10.42.100.9 # switch + # 10.42.100.10 # steamdeck + # kitchen: + # 10.42.100.17 # coffee + # 10.42.100.18 # bar + # bedroom: + # 10.42.100.33 # switch + # 10.42.100.34 # button1 + # 10.42.100.35 # button2 + # 10.42.100.36 # readingled1 + # 10.42.100.37 # readingled2 + # 10.42.100.38 # bedled + # bath: + # 10.42.100.52 # smallswitch + # 10.42.100.53 # ht + # hallway: + # 10.42.100.65 # switch + # toilet: + # 10.42.100.81 # switch + # 10.42.100.82 # bulb + # storage: + # 10.42.100.97 # switch + { hw-address = "fc:ee:28:03:63:e9"; ip-address = "10.42.100.148"; server-hostname = "k1c"; } + { + hw-address = "60:a4:23:97:4a:ec"; + ip-address = "10.42.100.21"; + server-hostname = "shellymotionsensor-60A423974AEC"; + } + { + hw-address = "8c:aa:b5:61:6f:e2"; + ip-address = "10.42.100.103"; + server-hostname = "ShellyBulbDuo-8CAAB5616FE2"; + } + { + hw-address = "8c:aa:b5:61:6e:9e"; + ip-address = "10.42.100.104"; + server-hostname = "ShellyBulbDuo-8CAAB5616E9E"; + } { hw-address = "cc:50:e3:bc:27:64"; ip-address = "10.42.100.112"; server-hostname = "Nuki_Bridge_1A753F72"; } + { + hw-address = "e8:db:84:a9:ea:be"; + ip-address = "10.42.100.117"; + server-hostname = "ShellyBulbDuo-E8DB84A9EABE"; + } + { + hw-address = "e8:db:84:a9:d1:8b"; + ip-address = "10.42.100.119"; + server-hostname = "shellycolorbulb-E8DB84A9D18B"; + } + { + hw-address = "3c:61:05:e5:96:e0"; + ip-address = "10.42.100.120"; + server-hostname = "shellycolorbulb-3C6105E596E0"; + } + { + hw-address = "e8:db:84:a9:d7:ef"; + ip-address = "10.42.100.121"; + server-hostname = "shellycolorbulb-E8DB84A9D7EF"; + } + { + hw-address = "e8:db:84:aa:51:aa"; + ip-address = "10.42.100.122"; + server-hostname = "shellycolorbulb-E8DB84AA51AA"; + } + + { + hw-address = "34:94:54:79:bc:57"; + ip-address = "10.42.100.130"; + server-hostname = "shellycolorbulb-34945479bc57"; + } + { + hw-address = "48:55:19:d9:a1:b2"; + ip-address = "10.42.100.131"; + server-hostname = "shellycolorbulb-485519d9a1b2"; + } + { + hw-address = "48:55:19:d9:ae:95"; + ip-address = "10.42.100.132"; + server-hostname = "shellycolorbulb-485519d9ae95"; + } + { + hw-address = "48:55:19:d9:4a:28"; + ip-address = "10.42.100.133"; + server-hostname = "shellycolorbulb-485519d94a28"; + } + { + hw-address = "48:55:19:da:6b:6a"; + ip-address = "10.42.100.134"; + server-hostname = "shellycolorbulb-485519da6b6a"; + } + { + hw-address = "48:55:19:d9:e0:18"; + ip-address = "10.42.100.135"; + server-hostname = "shellycolorbulb-485519d9e018"; + } { hw-address = "34:6f:24:f3:af:ad"; diff --git a/hosts/fw.cloonar.com/modules/foundry-vtt.nix b/hosts/fw.cloonar.com/modules/foundry-vtt.nix deleted file mode 100644 index 05d514c..0000000 --- a/hosts/fw.cloonar.com/modules/foundry-vtt.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, pkgs, ... }: -let - foundry-vtt = pkgs.callPackage ../pkgs/foundry-vtt {}; - cids = import ../modules/staticids.nix; -in { - users.users.foundry-vtt = { - isSystemUser = true; - uid = cids.uids.foundry-vtt; - home = "/var/lib/foundry-vtt"; - group = "foundry-vtt"; - createHome = true; - }; - - users.groups.foundry-vtt = { - gid = cids.gids.foundry-vtt; - }; - - - containers.foundry-vtt = { - autoStart = true; - ephemeral = true; - privateNetwork = true; - hostBridge = "server"; - hostAddress = "10.42.97.1"; - localAddress = "10.42.97.21/24"; - bindMounts = { - "/var/lib/foundry-vtt" = { - hostPath = "/var/lib/foundry-vtt"; - isReadOnly = false; - }; - }; - config = { lib, config, pkgs, ... }: { - networking = { - hostName = "foundry-vtt"; - useHostResolvConf = false; - defaultGateway = { - address = "10.42.97.1"; - interface = "eth0"; - }; - nameservers = [ "10.42.97.1" ]; - }; - systemd.services.foundry-vtt = { - description = "Foundry VTT Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - environment = { - NODE_ENV = "production"; - }; - serviceConfig = { - ExecStart = "${pkgs.nodejs}/bin/node ${foundry-vtt}/share/foundry-vtt/resources/app/main.js --dataPath=${config.users.users.foundry-vtt.home}"; - Restart = "always"; - User = "foundry-vtt"; - WorkingDirectory = "${config.users.users.foundry-vtt.home}"; - }; - }; - - users.users.foundry-vtt = { - isSystemUser = true; - uid = cids.uids.foundry-vtt; - home = "/var/lib/foundry-vtt"; - group = "foundry-vtt"; - }; - - users.groups.foundry-vtt = { - gid = cids.gids.foundry-vtt; - }; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ 30000 ]; - }; - - - system.stateVersion = "24.05"; - }; - }; -} diff --git a/hosts/fw.cloonar.com/modules/gitea-vm.nix b/hosts/fw.cloonar.com/modules/gitea-vm.nix index b9c65b5..6da9b20 100644 --- a/hosts/fw.cloonar.com/modules/gitea-vm.nix +++ b/hosts/fw.cloonar.com/modules/gitea-vm.nix @@ -1,226 +1,162 @@ -{ lib, nixpkgs, pkgs, ... }: let - # hostname = "git-02"; - # json = pkgs.formats.json { }; - runners = ["git-runner-1" "git-runner-2"]; - indexedRunners = lib.lists.imap1 (i: v: { name=v; value=i; }) runners; +{ nixpkgs, pkgs, ... }: let + hostname = "git-02"; + json = pkgs.formats.json { }; in { - microvm.vms = lib.mapAttrs (runner: idx: { - config = { - microvm = { - mem = 4048; - shares = [ - { - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - { - source = "/run/secrets"; - mountPoint = "/run/secrets"; - tag = "ro-token"; - proto = "virtiofs"; - } - ]; - volumes = [ - { - image = "rootfs.img"; - mountPoint = "/"; - size = 51200; - } - ]; - interfaces = [ - { - type = "tap"; - id = "vm-${runner}"; - mac = "02:00:00:00:00:0${toString idx}"; - } - ]; - }; + microvm.vms = { + # gitea = { + # config = { + # microvm = { + # hypervisor = "cloud-hypervisor"; + # shares = [ + # { + # source = "/nix/store"; + # mountPoint = "/nix/.ro-store"; + # tag = "ro-store"; + # proto = "virtiofs"; + # } + # { + # source = "/var/lib/acme/git.cloonar.com"; + # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; + # tag = "ro-cert"; + # proto = "virtiofs"; + # } + # ]; + # interfaces = [ + # { + # type = "tap"; + # id = "vm-${hostname}"; + # mac = "02:00:00:00:00:01"; + # } + # ]; + # }; + # + # imports = [ + # ../fleet.nix + # ]; + # + # environment.systemPackages = with pkgs; [ + # vim # my preferred editor + # ]; + # + # networking = { + # hostName = hostname; + # firewall = { + # enable = true; + # allowedTCPPorts = [ 22 80 443 ]; + # }; + # }; + # + # services.nginx.enable = true; + # services.nginx.virtualHosts."${hostname}.cloonar.com" = { + # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; + # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; + # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://localhost:3001/"; + # }; + # }; + # + # services.gitea = { + # enable = true; + # appName = "Cloonar Gitea server"; # Give the site a name + # settings = { + # server = { + # ROOT_URL = "https://${hostname}.cloonar.com/"; + # HTTP_PORT = 3001; + # DOMAIN = "${hostname}.cloonar.com"; + # }; + # openid = { + # ENABLE_OPENID_SIGNIN = true; + # ENABLE_OPENID_SIGNUP = true; + # WHITELISTED_URIS = "auth.cloonar.com"; + # }; + # service = { + # DISABLE_REGISTRATION = true; + # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + # SHOW_REGISTRATION_BUTTON = false; + # }; + # actions.ENABLED=true; + # }; + # }; + # + # services.openssh.enable = true; + # users.users.root.openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + # ]; + # + # system.stateVersion = "22.05"; + # }; + # }; - networking.hostName = runner; + gitea-runner = { + config = { + microvm = { + mem = 12288; + shares = [ + { + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "ro-store"; + proto = "virtiofs"; + } + { + source = "/run/secrets"; + mountPoint = "/run/secrets"; + tag = "ro-token"; + proto = "virtiofs"; + } + ]; + volumes = [ + { + image = "rootfs.img"; + mountPoint = "/"; + size = 102400; + } + ]; + interfaces = [ + { + type = "tap"; + id = "vm-gitea-runner"; + mac = "02:00:00:00:00:02"; + } + ]; + }; - virtualisation.podman.enable = true; - - services.gitea-actions-runner.instances.${runner} = { - enable = true; - url = "https://git.cloonar.com"; - name = runner; - tokenFile = "/run/secrets/gitea-runner-token"; - labels = [ - "ubuntu-latest:docker://shivammathur/node:latest" + environment.systemPackages = with pkgs; [ + vim # my preferred editor ]; - settings = { - container = { - network = "podman"; + + networking.hostName = "gitea-runner"; + + virtualisation.podman.enable = true; + + services.gitea-actions-runner.instances.vm = { + enable = true; + url = "https://git.cloonar.com"; + name = "vm"; + tokenFile = "/run/secrets/gitea-runner-token"; + labels = [ + "ubuntu-latest:docker://shivammathur/node:latest" + ]; + settings = { + container = { + network = "podman"; + }; }; }; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" + ]; + + system.stateVersion = "22.05"; }; - - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - ]; - - system.stateVersion = "22.05"; }; - }) (lib.listToAttrs (lib.lists.imap1 (i: v: { name=v; value=i; }) runners)); - - # microvm.vms = { - # gitea = { - # config = { - # microvm = { - # hypervisor = "cloud-hypervisor"; - # shares = [ - # { - # source = "/nix/store"; - # mountPoint = "/nix/.ro-store"; - # tag = "ro-store"; - # proto = "virtiofs"; - # } - # { - # source = "/var/lib/acme/git.cloonar.com"; - # mountPoint = "/var/lib/acme/${hostname}.cloonar.com"; - # tag = "ro-cert"; - # proto = "virtiofs"; - # } - # ]; - # interfaces = [ - # { - # type = "tap"; - # id = "vm-${hostname}"; - # mac = "02:00:00:00:00:01"; - # } - # ]; - # }; - # - # imports = [ - # ../fleet.nix - # ]; - # - # environment.systemPackages = with pkgs; [ - # vim # my preferred editor - # ]; - # - # networking = { - # hostName = hostname; - # firewall = { - # enable = true; - # allowedTCPPorts = [ 22 80 443 ]; - # }; - # }; - # - # services.nginx.enable = true; - # services.nginx.virtualHosts."${hostname}.cloonar.com" = { - # sslCertificate = "/var/lib/acme/${hostname}.cloonar.com/fullchain.pem"; - # sslCertificateKey = "/var/lib/acme/${hostname}.cloonar.com/key.pem"; - # sslTrustedCertificate = "/var/lib/acme/${hostname}.cloonar.com/chain.pem"; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://localhost:3001/"; - # }; - # }; - # - # services.gitea = { - # enable = true; - # appName = "Cloonar Gitea server"; # Give the site a name - # settings = { - # server = { - # ROOT_URL = "https://${hostname}.cloonar.com/"; - # HTTP_PORT = 3001; - # DOMAIN = "${hostname}.cloonar.com"; - # }; - # openid = { - # ENABLE_OPENID_SIGNIN = true; - # ENABLE_OPENID_SIGNUP = true; - # WHITELISTED_URIS = "auth.cloonar.com"; - # }; - # service = { - # DISABLE_REGISTRATION = true; - # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - # SHOW_REGISTRATION_BUTTON = false; - # }; - # actions.ENABLED=true; - # }; - # }; - # - # services.openssh.enable = true; - # users.users.root.openssh.authorizedKeys.keys = [ - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - # ]; - # - # system.stateVersion = "22.05"; - # }; - # }; - # - # gitea-runner-1 = { - # config = { - # microvm = { - # mem = 4048; - # shares = [ - # { - # source = "/nix/store"; - # mountPoint = "/nix/.ro-store"; - # tag = "ro-store"; - # proto = "virtiofs"; - # } - # { - # source = "/run/secrets"; - # mountPoint = "/run/secrets"; - # tag = "ro-token"; - # proto = "virtiofs"; - # } - # ]; - # volumes = [ - # { - # image = "rootfs.img"; - # mountPoint = "/"; - # size = 102400; - # } - # ]; - # interfaces = [ - # { - # type = "tap"; - # id = "vm-gitea-runner-1"; - # mac = "02:00:00:00:00:02"; - # } - # ]; - # }; - # - # environment.systemPackages = with pkgs; [ - # vim # my preferred editor - # ]; - # - # networking.hostName = "gitea-runner"; - # - # virtualisation.podman.enable = true; - # - # services.gitea-actions-runner.instances.vm = { - # enable = true; - # url = "https://git.cloonar.com"; - # name = "vm"; - # tokenFile = "/run/secrets/gitea-runner-token"; - # labels = [ - # "ubuntu-latest:docker://shivammathur/node:latest" - # ]; - # settings = { - # container = { - # network = "podman"; - # }; - # }; - # }; - # - # services.openssh.enable = true; - # users.users.root.openssh.authorizedKeys.keys = [ - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" - # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius" - # ]; - # - # system.stateVersion = "22.05"; - # }; - # }; - # }; + }; sops.secrets.gitea-runner-token = {}; diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index 0b48ffc..5d80797 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -92,7 +92,6 @@ in DISABLE_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; - ENABLE_NOTIFY_MAIL = true; }; mailer = { ENABLED = true; diff --git a/hosts/fw.cloonar.com/modules/staticids.nix b/hosts/fw.cloonar.com/modules/staticids.nix index 498d9db..12fee94 100644 --- a/hosts/fw.cloonar.com/modules/staticids.nix +++ b/hosts/fw.cloonar.com/modules/staticids.nix @@ -4,13 +4,11 @@ gitea = 10002; gitea-runner = 10003; podman = 10004; - foundry-vtt = 10005; }; gids = { unbound = 10001; gitea = 10002; gitea-runner = 10003; podman = 10004; - foundry-vtt = 10005; }; } diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index c566859..26dc0f7 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -111,9 +111,6 @@ let "\"web.hilgenberg-gmbh.de IN A 91.107.197.169\"" - # gaming - "\"foundry-vtt.cloonar.com IN A 10.42.97.5\"" - "\"deconz.cloonar.multimedia IN A 10.42.97.22\"" "\"metz.cloonar.multimedia IN A 10.42.99.10\"" # "\"ps5.cloonar.multimedia IN A 10.42.99.12\"" @@ -273,12 +270,12 @@ in { do if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then echo ''\${hostname} ''\$2 ''\${address} - unbound-control local_data ''\${hostname} ''\$2 ''\${address} > /dev/null 2>&1 + unbound-control local_data ''\${hostname} ''\$2 ''\${address} if [[ "''\$2" == "A" ]] ; then echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 do - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} done fi else @@ -294,14 +291,14 @@ in { domain=cloonar.smart fi if [[ "''\${hostname}" != *. ]]; then - unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 + unbound-control local_data ''\${hostname}.''\${domain} ''\$2 ''\${address} else - unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} > /dev/null 2>&1 + unbound-control local_data ''\${hostname}''\${domain} ''\$2 ''\${address} fi fi - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} > /dev/null 2>&1 - unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} > /dev/null 2>&1 + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} done fi fi diff --git a/hosts/fw.cloonar.com/modules/web/default.nix b/hosts/fw.cloonar.com/modules/web/default.nix index bf2fce6..f9afea1 100644 --- a/hosts/fw.cloonar.com/modules/web/default.nix +++ b/hosts/fw.cloonar.com/modules/web/default.nix @@ -42,7 +42,7 @@ in { { type = "tap"; id = "vm-${hostname}"; - mac = "02:00:00:00:01:01"; + mac = "02:00:00:00:00:03"; } ]; }; @@ -53,7 +53,7 @@ in { ../../utils/modules/lego/lego.nix # ../../utils/modules/borgbackup.nix - ./zammad.nix + # ./zammad.nix ./proxies.nix ./matrix.nix ]; @@ -61,7 +61,7 @@ in { time.timeZone = "Europe/Vienna"; systemd.network.networks."10-lan" = { - matchConfig.PermanentMACAddress = "02:00:00:00:01:01"; + matchConfig.PermanentMACAddress = "02:00:00:00:00:03"; address = [ "10.42.97.5/24" ]; gateway = [ "10.42.97.1" ]; dns = [ "10.42.97.1" ]; diff --git a/hosts/fw.cloonar.com/modules/web/matrix.nix b/hosts/fw.cloonar.com/modules/web/matrix.nix index 4c9cb7f..93a1727 100644 --- a/hosts/fw.cloonar.com/modules/web/matrix.nix +++ b/hosts/fw.cloonar.com/modules/web/matrix.nix @@ -418,7 +418,7 @@ in { permissions."*" = "relay"; permissions."cloonar.com" = "user"; relay.enabled = true; - restricted_rooms = false; + restricted_rooms = true; encryption = { allow = true; default = true; diff --git a/hosts/fw.cloonar.com/modules/web/proxies.nix b/hosts/fw.cloonar.com/modules/web/proxies.nix index cf0f234..ae3dd6c 100644 --- a/hosts/fw.cloonar.com/modules/web/proxies.nix +++ b/hosts/fw.cloonar.com/modules/web/proxies.nix @@ -7,13 +7,4 @@ proxyPass = "https://git.cloonar.com/"; }; }; - services.nginx.virtualHosts."foundry-vtt.cloonar.com" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/" = { - proxyPass = "http://10.42.97.21:30000"; - proxyWebsockets = true; - }; - }; } diff --git a/hosts/fw.cloonar.com/pkgs/foundry-vtt/FoundryVTT-12.331.zip b/hosts/fw.cloonar.com/pkgs/foundry-vtt/FoundryVTT-12.331.zip deleted file mode 100644 index dca1421..0000000 Binary files a/hosts/fw.cloonar.com/pkgs/foundry-vtt/FoundryVTT-12.331.zip and /dev/null differ diff --git a/hosts/fw.cloonar.com/pkgs/foundry-vtt/default.nix b/hosts/fw.cloonar.com/pkgs/foundry-vtt/default.nix deleted file mode 100644 index 69a34c5..0000000 --- a/hosts/fw.cloonar.com/pkgs/foundry-vtt/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ stdenv, lib, unzip }: - -stdenv.mkDerivation rec { - pname = "foundry-vtt"; - version = "12.331"; - - src = ./FoundryVTT-12.331.zip; - - nativeBuildInputs = [ unzip ]; - - unpackPhase = '' - unzip $src - ''; - - installPhase = '' - mkdir -p $out/share/foundry-vtt - cp -r . $out/share/foundry-vtt - ''; - - meta = with lib; { - description = "Tabletop simulator"; - license = licenses.mit; # Adjust as needed - platforms = platforms.all; - }; -} diff --git a/hosts/fw.cloonar.com/secrets.yaml b/hosts/fw.cloonar.com/secrets.yaml index 9c0f73d..63336d9 100644 --- a/hosts/fw.cloonar.com/secrets.yaml +++ b/hosts/fw.cloonar.com/secrets.yaml @@ -7,8 +7,8 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str] wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str] gitea-mailer-password: ENC[AES256_GCM,data:M4qCWNt1oQVJzxThIjocm2frwuVMyx+69TBpke25RwxJxEQnvHL1CM579OVroTm7+gGE/oOJqAwDIepfiDtyM1xm,iv:jayFZMbu3uDimS/rIKZSeoU0MsYwWp880iEMs1oQE4k=,tag:qGDncRkyuCWaELhcxUrqtQ==,type:str] -gitea-runner: ENC[AES256_GCM,data:NYG3qRLiMjmfA+oHYBXBbxpuX2ZjB/VgvLaS7yr5kJeDN/NukB/B3OZcEfsUWgbBS5IsLENESngWTFmK4W3htN4lSqdg/g4UsUr20beNov+pbyPN05rkBYmSCZZFwZ1L9POEE4GF4LuuoNpDlWIw0mrA8oV8MoI4W5QS2IGranBTIQQaYXU5TEGYa4XMVo4oC75iuH6DIq1KD6OgFAfMhm/wlbP8CP/Iaw2K8CNPxktk93pm3OSmggf22Z4JPEnvV25sc9iBkxLkDk9FXYFys0g=,iv:UzL5ncVOC/loJwcFSG1QJHnzLp3il4Hf3qDwLWxrIlo=,tag:w0Zn/E+02KyAsPXZdOLrew==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:HpBjLS10w78ihbnAUrlCRGvwrXLBYKH5v/P7XggoUSWLoAazSVQArABxaK7PJas=,iv:q3Y6jV0gmug06O0EYqGVyIJ4AvMGr2ydwY17YKxo0Qw=,tag:Ws5HLbdaeYGGXzDZW/FX4w==,type:str] +gitea-runner: ENC[AES256_GCM,data:IRx9QzbLJrkF/DYvpVf2012BiSBnHZJe10opkRO2kJuegdb0denW3mvmnU4isoj7jO/0QyN6HZHlHb5ihC7fFl4LavPDVjAAhZPynkpDw9IHFeqZDUSPzxQsq7FibKmfEpEmWEz+Npe8JI1kl694XYV/kqErKa3JrZS7Jm8zFcv7DSY/V5bdy4Is8ZSRtHiP/aVzFdsvjwtissCDnCl7zRZjXUcN0FssvPHBZHxLuc68EoagIw1aVSzkvSVBXer4rFdlefjskFelRnUr3pvm188=,iv:VnvPFDFGz/QyfQmZxQFB3J2ReqaHdRaypb2Vnq7Dthw=,tag:19rx0nlmXLj/6yPRAFGigA==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:Nd0vsnuJficsdZaqeBZXa9vD7PLMdDtV9sMX0TxUSEMNU7Reu3HLCWuvP0easPU=,iv:4mrfQc1tobg/QiExUuWST6iU9TdNwiS1BMmOnQqCFZU=,tag:85aRoD3IkRq3mcoPdLKaBQ==,type:str] home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str] home-assistant-secrets.yaml: ENC[AES256_GCM,data:m7uOVo7hPk/RmqqRS6y7NKoMKsR9Bdi1ntatsZdDOAbJMjZmZL2FgPEHi/zF73zCfRfTOca3dwpulR3WXZ9Ic1sbUIggmusJMg4Gellw1CUhx7SbQN5nieAbPbB9GVxMuV4OakD1u7Swz8JggDT6IwojSnuD5omCRCyUH1wvKB+Re59q6EStderlm5MJNVFlVrbKVbLKLcw4yRgTh34BGnTTjcJmgSlQjO1ciu2B7YQmdl0Fw6d8AdbEzgB5TFG5ONc85UhJDE8Wlw==,iv:GCtpcVChN2UMWtfnWURozCfVj2YbRPqp/bH4Jjntybs=,tag:pcxP7gTBtXMNT5iyW5YXTw==,type:str] matrix-shared-secret: ENC[AES256_GCM,data:67imd3m6WBeGP/5Msmjy8B6sP983jMyWzRIzWgNVV5jZslX+GBJyEYzm3OTDs1iTZf4ScvuYheTH0QFPfw==,iv:7ElCpESWumbIHmmFaedcpkFm5M58ZT3vW9wb9e1Sbh4=,tag:wr4FIymtJBtCerVqae+Xlw==,type:str] @@ -57,8 +57,8 @@ sops: WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-20T21:39:00Z" - mac: ENC[AES256_GCM,data:JCFvFwSqnAQCOB76n5pfQsdsaod8bBiVZ2VY+WWBDWi84gQByhqy808E2ZZJSJ1/amUi8dNBeOPNWZIGdieuWJyatrqjWziAl7gXx5u35i77sS6hAD+G/Fc/elgRbjc0VIbplZ7UxBmwo3vkVpI4RqQiQv63MvKHI+TkoY8vFUM=,iv:uy50x8FqqDW7hCLZeHfhFB/dxa3N6kM2Vj9waAZJngg=,tag:Wt1FG0kW4VFZ2fvvAC0T4A==,type:str] + lastmodified: "2024-11-12T19:36:40Z" + mac: ENC[AES256_GCM,data:Fn/YkHb9qwTRpm8KfII+rwHEvrZ+en4AzTqkrsubR1o+7cQ3NZkU1/DOLxTz/CJ4Eq68scg0rYr+0Q1FI27ypoYwQR5+8K9RDJkIM5JDt1afovx4UysyP8peLL+Ccl27YRGbjWGrprzF5oWUWee0nztI4H6+R9NyYdCZ0JVo8/8=,iv:DwmsWE4d4aTxy/1wCP7wWm+TtZ0VEmF0TVY+8G66ZEs=,tag:mRNUTlrCKusvlWasio78YA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nb-new.cloonar.com/modules/nvim/default.nix b/hosts/nb-new.cloonar.com/modules/nvim/default.nix index e281ce2..4a37415 100644 --- a/hosts/nb-new.cloonar.com/modules/nvim/default.nix +++ b/hosts/nb-new.cloonar.com/modules/nvim/default.nix @@ -16,7 +16,6 @@ configure = { packages.myPlugins = with pkgs.vimPlugins; { start = [ - bigfile-nvim bufferline-nvim catppuccin-nvim cmp-buffer diff --git a/hosts/nb-new.cloonar.com/modules/sway/sway.conf b/hosts/nb-new.cloonar.com/modules/sway/sway.conf index ed98287..185c374 100644 --- a/hosts/nb-new.cloonar.com/modules/sway/sway.conf +++ b/hosts/nb-new.cloonar.com/modules/sway/sway.conf @@ -11,10 +11,10 @@ font pango:Source Sans Pro 14 set $mod Mod4 # use these keys for focus, movement, and resize directions -set $left j -set $down h -set $up l -set $right k +set $left h +set $down j +set $up k +set $right l # define names for workspaces set $ws1 "1: " diff --git a/hosts/nb-new.cloonar.com/modules/sway/sway.nix b/hosts/nb-new.cloonar.com/modules/sway/sway.nix index 02bc4f6..80c92dd 100644 --- a/hosts/nb-new.cloonar.com/modules/sway/sway.nix +++ b/hosts/nb-new.cloonar.com/modules/sway/sway.nix @@ -32,7 +32,7 @@ let url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz"; }) {}; ddev-pin = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/34a626458d686f1b58139620a8b2793e9e123bba.tar.gz"; + url = "https://github.com/NixOS/nixpkgs/archive/d4f247e89f6e10120f911e2e2d2254a050d0f732.tar.gz"; }) {}; in { imports = [ diff --git a/hosts/nb-new.cloonar.com/users/dominik.nix b/hosts/nb-new.cloonar.com/users/dominik.nix index 1cf5bea..90a5e4c 100644 --- a/hosts/nb-new.cloonar.com/users/dominik.nix +++ b/hosts/nb-new.cloonar.com/users/dominik.nix @@ -497,15 +497,10 @@ in icon = "fingerprint"; id = 1; }; - "cloonar technologies" = { - color = "red"; - icon = "briefcase"; - id = 2; - }; - "cloonar eu" = { + "cloonar" = { color = "purple"; icon = "briefcase"; - id = 4; + id = 2; }; "epicenter.works" = { color = "blue"; @@ -629,12 +624,16 @@ in TERM = "xterm-256color"; }; }; - "amz-websrv-01.amz.at" = { - user = "ebs"; + "*.social-grow.tech" = { + user = "root"; # prod + identityFile = "~/.ssh/social-grow.tech_id_ed25519"; setEnv = { TERM = "xterm-256color"; }; }; + "amz-websrv-01.amz.at" = { + user = "ebs"; + }; "u149513.your-backup.de" = { user = "u149513"; # user = "u149513-sub2"; # fw.cloonar.com