jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modularizing of vps ips

Browse Source
This commit is contained in:
Danilo Reyes 2025-09-16 14:56:42 -06:00
parent cfca87a703
commit 17b2d98b6c
8 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/base.nix
View File

@ -123,7 +123,6 @@
"ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"cache.servidos.lat:om+P81I+m8Hawcvt1ydaSNVxGNnR0POJ8Wz+QVjQ3hA="
]; ];
}; };
}; };

6
hosts/server/configuration.nix
View File

@ -5,7 +5,7 @@
../../config/base.nix ../../config/base.nix
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix; my = import ./toggles.nix { inherit config; };
sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml; sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
networking = networking =
let let
@ -42,13 +42,13 @@
interfaces.wg0.allowedTCPPorts = [ 8081 ]; interfaces.wg0.allowedTCPPorts = [ 8081 ];
}; };
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "10.77.0.2/32" ]; ips = [ "${config.my.wgServerIp}/32" ];
privateKeyFile = config.sops.secrets."vps/home/private".path; privateKeyFile = config.sops.secrets."vps/home/private".path;
peers = [ peers = [
{ {
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY="; publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "51.222.141.104:51820"; endpoint = "51.222.141.104:51820";
allowedIPs = [ "10.77.0.1/32" ]; allowedIPs = [ "${config.my.wgVpsIp}/32" ];
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];

5
hosts/server/toggles.nix
View File

@ -1,3 +1,4 @@
{ config }:
let let
mkEnabled = name: { mkEnabled = name: {
inherit name; inherit name;
@ -7,7 +8,7 @@ let
inherit name; inherit name;
value = { value = {
enable = true; enable = true;
ip = "10.77.0.2"; ip = config.my.wgServerIp;
}; };
}; };
mkEnabledProxy = name: { mkEnabledProxy = name: {
@ -86,7 +87,6 @@ in
"plex" "plex"
"prowlarr" "prowlarr"
"radarr" "radarr"
"readeck"
"ryot" "ryot"
"sonarr" "sonarr"
"synapse" "synapse"
@ -95,5 +95,6 @@ in
// enableList mkEnabledIp [ // enableList mkEnabledIp [
"audiobookshelf" "audiobookshelf"
"vaultwarden" "vaultwarden"
"readeck"
]; ];
} }

12
modules/modules.nix
View File

@ -40,7 +40,17 @@ in
default = "::1"; default = "::1";
description = "The localhost ipv6 address."; description = "The localhost ipv6 address.";
}; };
routerip = lib.mkOption { wgVpsIp = lib.mkOption {
type = lib.types.str;
default = "10.77.0.1";
description = "The ip address of my router.";
};
wgServerIp = lib.mkOption {
type = lib.types.str;
default = "10.77.0.2";
description = "The ip address of my router.";
};
routerIp = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "192.168.100.1"; default = "192.168.100.1";
description = "The ip address of my router."; description = "The ip address of my router.";

2
modules/servers/homepage/service-widgets.nix
View File

@ -196,7 +196,7 @@
icon = "${cfg.name}.png"; icon = "${cfg.name}.png";
href = cfg.url; href = cfg.url;
widget = { widget = {
url = "http://10.77.0.2:8081"; url = "http://${config.my.wgServerIp}:8081";
type = cfg.name; type = cfg.name;
username = "{{HOMEPAGE_VAR_NEXTCLOUD_USERNAME}}"; username = "{{HOMEPAGE_VAR_NEXTCLOUD_USERNAME}}";
password = "{{HOMEPAGE_VAR_NEXTCLOUD_PASSWORD}}"; password = "{{HOMEPAGE_VAR_NEXTCLOUD_PASSWORD}}";

12
modules/servers/nextcloud.nix
View File

@ -126,14 +126,14 @@ in
trusted_proxies = [ trusted_proxies = [
config.my.localhost config.my.localhost
config.my.localhost6 config.my.localhost6
config.my.routerip config.my.routerIp
"10.77.0.1" # vps config.my.wgVpsIp
]; ];
trusted_domains = [ trusted_domains = [
cfg.host
config.my.ips.${config.networking.hostName} config.my.ips.${config.networking.hostName}
"localhost" "localhost"
"cloud.rotehaare.art" "cloud.rotehaare.art"
"cloud.servidos.lat"
]; ];
overwriteprotocol = "https"; overwriteprotocol = "https";
"overwrite.cli.url" = "${cfg.url}"; "overwrite.cli.url" = "${cfg.url}";
@ -180,11 +180,11 @@ in
#vps #vps
listen = [ listen = [
{ {
addr = "10.77.0.2"; addr = config.my.wgServerIp;
port = 8081; port = 8081;
} }
{ {
addr = "127.0.0.1"; addr = config.my.localhost;
port = 8081; port = 8081;
} }
]; ];
@ -257,7 +257,7 @@ in
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
domain = cfg.host; domain = cfg.host;
aliasgroup1 = "cloud.servidos.lat:443"; aliasgroup1 = "${cfg.host}:443";
aliasgroup2 = "cloud.rotehaare.art:443"; aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = '' extra_params = ''

5
modules/servers/readeck.nix
View File

@ -16,7 +16,10 @@ in
log_level = "warn"; log_level = "warn";
data_directory = "/var/lib/readeck"; data_directory = "/var/lib/readeck";
}; };
server.port = cfg.port; server = {
port = cfg.port;
host = cfg.ip;
};
}; };
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);

2
modules/servers/synapse.nix
View File

@ -59,7 +59,7 @@ in
bind_addresses = [ bind_addresses = [
config.my.localhost config.my.localhost
config.my.localhost6 config.my.localhost6
"10.77.0.2" config.my.wgServerIp
]; ];
type = "http"; type = "http";
tls = false; tls = false;