jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

joint ips & ports open through lambda

Browse Source
This commit is contained in:
Danilo Reyes 2025-09-20 15:48:05 -06:00
parent 6e49c741f3
commit e3272a1dce
6 changed files with 25 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
hosts/server/configuration.nix
View File

@ -1,4 +1,9 @@
{ pkgs, config, ... }: {
pkgs,
config,
lib,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -9,32 +14,15 @@
sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml; sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
networking = networking =
let let
ports = [ enabledPorts =
config.my.servers
|> lib.filterAttrs (_: srv: (srv.enable or false) && (srv ? port))
|> lib.attrValues
|> map (srv: srv.port);
ports = enabledPorts ++ [
2049 # idk 2049 # idk
9999 # stash
8384 # syncthing 8384 # syncthing
5201 # vps speed test
3452 # sonarqube 3452 # sonarqube
config.my.servers.audiobookshelf.port
config.my.servers.bazarr.port
config.my.servers.collabora.port
config.my.servers.homepage.port
config.my.servers.kavita.port
config.my.servers.lidarr.port
config.my.servers.maloja.port
config.my.servers.microbin.port
config.my.servers.multi-scrobbler.port
config.my.servers.plex.port
config.my.servers.prowlarr.port
config.my.servers.radarr.port
config.my.servers.readeck.port
config.my.servers.ryot.port
config.my.servers.sonarr.port
config.my.servers.synapse.port
config.my.servers.vaultwarden.port
config.my.servers.jellyfin.port
config.my.servers.mealie.port
config.my.servers.gitea.port
config.services.gitea.settings.server.SSH_PORT config.services.gitea.settings.server.SSH_PORT
]; ];
in in
@ -46,13 +34,13 @@
interfaces.wg0.allowedTCPPorts = [ 8081 ]; interfaces.wg0.allowedTCPPorts = [ 8081 ];
}; };
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "${config.my.wgServerIp}/32" ]; ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."vps/home/private".path; privateKeyFile = config.sops.secrets."vps/home/private".path;
peers = [ peers = [
{ {
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY="; publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "51.222.141.104:51820"; endpoint = "${config.my.ips.vps}:51820";
allowedIPs = [ "${config.my.wgVpsIp}/32" ]; allowedIPs = [ "${config.my.ips.wg-vps}/32" ];
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];

11
hosts/server/toggles.nix
View File

@ -8,14 +8,7 @@ let
inherit name; inherit name;
value = { value = {
enable = true; enable = true;
ip = config.my.wgServerIp; ip = config.my.ips.wg-server;
};
};
mkEnabledProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
}; };
}; };
enableList = func: list: list |> map func |> builtins.listToAttrs; enableList = func: list: list |> map func |> builtins.listToAttrs;
@ -74,8 +67,6 @@ in
"postgres" "postgres"
"paperless" "paperless"
# "stash" # "stash"
# ]
# // enableList mkEnabledProxy [
"bazarr" "bazarr"
"collabora" "collabora"
"homepage" "homepage"

19
modules/modules.nix
View File

@ -40,21 +40,6 @@ in
default = "::1"; default = "::1";
description = "The localhost ipv6 address."; description = "The localhost ipv6 address.";
}; };
wgVpsIp = lib.mkOption {
type = lib.types.str;
default = "10.77.0.1";
description = "The ip address of my router.";
};
wgServerIp = lib.mkOption {
type = lib.types.str;
default = "10.77.0.2";
description = "The ip address of my router.";
};
routerIp = lib.mkOption {
type = lib.types.str;
default = "192.168.100.1";
description = "The ip address of my router.";
};
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "servidos.lat"; default = "servidos.lat";
@ -63,9 +48,13 @@ in
ips = lib.mkOption { ips = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
default = { default = {
router = "192.168.100.1";
server = "192.168.100.15"; server = "192.168.100.15";
miniserver = "192.168.1.100"; miniserver = "192.168.1.100";
workstation = "192.168.100.18"; workstation = "192.168.100.18";
vps = "51.222.141.104";
wg-vps = "10.77.0.1";
wg-server = "10.77.0.2";
}; };
description = "Set of IP's for all my computers."; description = "Set of IP's for all my computers.";
}; };

2
modules/servers/homepage/service-widgets.nix
View File

@ -196,7 +196,7 @@
icon = "${cfg.name}.png"; icon = "${cfg.name}.png";
href = cfg.url; href = cfg.url;
widget = { widget = {
url = "http://${config.my.wgServerIp}:8081"; url = "http://${config.my.ips.wg-server}:8081";
type = cfg.name; type = cfg.name;
username = "{{HOMEPAGE_VAR_NEXTCLOUD_USERNAME}}"; username = "{{HOMEPAGE_VAR_NEXTCLOUD_USERNAME}}";
password = "{{HOMEPAGE_VAR_NEXTCLOUD_PASSWORD}}"; password = "{{HOMEPAGE_VAR_NEXTCLOUD_PASSWORD}}";

6
modules/servers/nextcloud.nix
View File

@ -111,8 +111,8 @@ in
trusted_proxies = [ trusted_proxies = [
config.my.localhost config.my.localhost
config.my.localhost6 config.my.localhost6
config.my.routerIp config.my.ips.router
config.my.wgVpsIp config.my.ips.wg-vps
]; ];
trusted_domains = [ trusted_domains = [
cfg.host cfg.host
@ -165,7 +165,7 @@ in
#vps #vps
listen = [ listen = [
{ {
addr = config.my.wgServerIp; addr = config.my.ips.wg-server;
port = 8081; port = 8081;
} }
{ {

2
modules/servers/synapse.nix
View File

@ -59,7 +59,7 @@ in
bind_addresses = [ bind_addresses = [
config.my.localhost config.my.localhost
config.my.localhost6 config.my.localhost6
config.my.wgServerIp config.my.ips.wg-server
]; ];
type = "http"; type = "http";
tls = false; tls = false;