1
0
Fork 0
This commit is contained in:
Daniel Kempkens 2023-06-10 20:48:07 +02:00
parent 906d910b91
commit 409e1332f8
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
16 changed files with 106 additions and 52 deletions

Binary file not shown.

View file

@ -14,6 +14,10 @@
file = ./tailscale/authkey.age;
};
adguardhome-sync-environment = {
file = ./adguardhome-sync/environment.age;
};
weewx-proxy-environment = {
file = ./weewx-proxy/environment.age;
};

View file

@ -110,11 +110,11 @@
]
},
"locked": {
"lastModified": 1685559570,
"narHash": "sha256-MNIQvLRoq92isMLR/ordKNCl+aXNiuwBM4QyqmS8d00=",
"lastModified": 1686307493,
"narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4338bc869e9874d54a4c89539af72f16666b2abe",
"rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f",
"type": "github"
},
"original": {
@ -253,11 +253,11 @@
]
},
"locked": {
"lastModified": 1686142265,
"narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=",
"lastModified": 1686391840,
"narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5",
"rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f",
"type": "github"
},
"original": {
@ -276,11 +276,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1686106284,
"narHash": "sha256-UsJTmzpM6gtQDo4QnMNjCNSQSlqlRoUWwH8JL4ZLRxw=",
"lastModified": 1686365071,
"narHash": "sha256-6yybShpkWPJv8byx7lF1q55uzsnKX1/z0A2Xb74y3I4=",
"owner": "neovim",
"repo": "neovim",
"rev": "a217675a67233ca2032cd668e919858d2aed92e7",
"rev": "b6d2f49b4536f89cf2428d1f214468aa5fb21788",
"type": "github"
},
"original": {
@ -301,11 +301,11 @@
"weewx-proxy-flake": "weewx-proxy-flake"
},
"locked": {
"lastModified": 1686126028,
"narHash": "sha256-qZcjDerxaAejZWOKIZ/BRzlO6Dk3kSAcGScImAjHKuo=",
"lastModified": 1686385112,
"narHash": "sha256-6hH97tMLpMmiv5+5I3fsNDYsbElqgjQ0mJ8K2N7Q4VA=",
"owner": "nifoc",
"repo": "nix-overlay",
"rev": "34792fe066ac58e2441ffc6c854ef6c809c3d91d",
"rev": "6964b80444fb9574596a90cc5444f87acad037af",
"type": "github"
},
"original": {
@ -316,11 +316,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1684899633,
"narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
"lastModified": 1686396027,
"narHash": "sha256-gE+csxJoXuNn5ZnlgNj0GnMQ2y4heBtDqkB1af8vfjU=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
"rev": "70d5f55faee9c1e141e32e6be1e77d13e5a570db",
"type": "github"
},
"original": {

View file

@ -12,6 +12,7 @@
"net.ipv4.tcp_syncookies" = 0;
"net.ipv4.tcp_timestamps" = 1;
"net.ipv4.tcp_window_scaling" = 1;
"net.core.rmem_max" = 2500000;
};
};

View file

@ -49,6 +49,7 @@ args@{ pkgs, config, lib, ... }:
curlHTTP3
dasel
deploy-rs
dig
exa
exiftool
fd

View file

@ -19,12 +19,12 @@ in
};
plenary-nvim = buildVimPluginFrom2Nix {
pname = "plenary.nvim";
version = "2023-05-31";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "nvim-lua";
repo = "plenary.nvim";
rev = "499e0743cf5e8075cd32af68baa3946a1c76adf1";
sha256 = "0r9aw3a53vzq0rdyvq7pi99pqbmnww0dm146pbj2kd33rb34daz6";
rev = "36aaceb6e93addd20b1b18f94d86aecc552f30c4";
sha256 = "0r0z27kwpgd8ladjj86h9gmyq2mxcwbiaj3a6mi1bz2dwxqiddxb";
fetchSubmodules = false;
};
};
@ -107,12 +107,12 @@ in
};
nvim-treesitter = buildVimPluginFrom2Nix {
pname = "nvim-treesitter";
version = "2023-06-07";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "46ddea9deccb0608df416822228786d1a5a2b7d1";
sha256 = "17rlv3gqh9glskr3ncnvwa6pgk6iansdl6b2fjyrk3zw5kj99gak";
rev = "f9d701176cb9a3e206a4c690920a8993630c3ec8";
sha256 = "08zc1irs12clw8fy140j4lk9m4wfjmmmm64dw915gyl0l6r9g0rb";
fetchSubmodules = false;
};
};
@ -140,12 +140,12 @@ in
};
telescope-nvim = buildVimPluginFrom2Nix {
pname = "telescope.nvim";
version = "2023-06-07";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "nvim-telescope";
repo = "telescope.nvim";
rev = "be49680937e821e4d8522329727e50734fdb9b97";
sha256 = "15bq92f9vvqhzhr6djm8r0vybsm0z030xp5wpf904kir1svpwdgb";
rev = "116dbea5800c908de4afa6e793f28f782621c65d";
sha256 = "1scp1pr8innnpk35wz9rq9npkha5j3hacpggrbafy0madvs92x60";
fetchSubmodules = false;
};
};
@ -220,23 +220,23 @@ in
};
nvim-lspconfig = buildVimPluginFrom2Nix {
pname = "nvim-lspconfig";
version = "2023-06-07";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "neovim";
repo = "nvim-lspconfig";
rev = "1028360e0f2f724d93e876df3d22f63c1acd6ff9";
sha256 = "17n18dkhd39vkbqx0hxgg6zf1yq1052rlnxpqj0x5p7s0zxwqhmr";
rev = "08f1f347c718e945c3b1712ebb68c6834182cf3a";
sha256 = "0kqxbyb5hg6r4rv79bxjj8dvm3440137xxppp2a5idxi8sisdqad";
fetchSubmodules = false;
};
};
nvim-jdtls = buildVimPluginFrom2Nix {
pname = "nvim-jdtls";
version = "2023-06-02";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "mfussenegger";
repo = "nvim-jdtls";
rev = "8597d57fb40d4ad503cf3acb2fdcfe1b0d8a193d";
sha256 = "1s7xnl8rsav4237mzh37q4qflhbfb2sq7vasdfgzx4mgad2x6kx5";
rev = "dbb8a403e90302bd5611da91975d37a0a26e1473";
sha256 = "11pfy4w67170fc32fhcyjr8lnw1g9yxrvsp9y676rfbp8imh1sf4";
fetchSubmodules = false;
};
};
@ -308,23 +308,23 @@ in
};
friendly-snippets = buildVimPluginFrom2Nix {
pname = "friendly-snippets";
version = "2023-06-06";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "rafamadriz";
repo = "friendly-snippets";
rev = "b471f5419155ce832eff71ad8920ea8cfbd54840";
sha256 = "14yjacmzryd8mkbi7dkacq0zqc8r52dipdsjyzak45pqacc4wzvs";
rev = "b71d1ddc30a10ce0474156f7ee93bc9006d0cd74";
sha256 = "0jxj57996c4ab54p0zd4h5ldkz9yad1jy0ylzikfq8ylvw7z4p31";
fetchSubmodules = false;
};
};
nvim-cmp = buildVimPluginFrom2Nix {
pname = "nvim-cmp";
version = "2023-05-30";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "hrsh7th";
repo = "nvim-cmp";
rev = "fc0f694af1a742ada77e5b1c91ff405c746f4a26";
sha256 = "1vmsa4vrx7nsrq2kzh8pyjfssfhb9b7xy7qqcyja4g0xp9z9z077";
rev = "69e7d280cbe17e318b549a10ae3cae5810946be6";
sha256 = "119cfn70bb5bbfaq9rfc51dms64qfzzkn6aknj4lnd2dx1r56k00";
fetchSubmodules = false;
};
};
@ -396,12 +396,12 @@ in
};
cmp-cmdline = buildVimPluginFrom2Nix {
pname = "cmp-cmdline";
version = "2023-04-24";
version = "2023-06-08";
src = fetchFromGitHub {
owner = "hrsh7th";
repo = "cmp-cmdline";
rev = "5af1bb7d722ef8a96658f01d6eb219c4cf746b32";
sha256 = "02xpxdbjvic4l2s4fmhiy38igvvg0mdpi6hr49kvnibx1dyzhx5k";
rev = "8ee981b4a91f536f52add291594e89fb6645e451";
sha256 = "03j79ncxnnpilx17x70my7s8vvc4w81kipraq29g4vp32dggzjsv";
fetchSubmodules = false;
};
};
@ -462,12 +462,12 @@ in
};
nvim-treesitter-textobjects = buildVimPluginFrom2Nix {
pname = "nvim-treesitter-textobjects";
version = "2023-06-02";
version = "2023-06-08";
src = fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter-textobjects";
rev = "23e883b99228f8d438254e5ef8c897e5e60e75d1";
sha256 = "1xjwah0g96mjv01lhd7yfml2gd15syhj2axbvid9xk4yn4m6hks8";
rev = "2d6d3c7e49a24f6ffbbf7898241fefe9784f61bd";
sha256 = "1mlx0hkx42al578ilwsj4547rqny85x089is189hdic287yw59gp";
fetchSubmodules = false;
};
};
@ -550,12 +550,12 @@ in
};
nui-nvim = buildVimPluginFrom2Nix {
pname = "nui.nvim";
version = "2023-06-04";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "MunifTanjim";
repo = "nui.nvim";
rev = "d5a82aae64426a805e19d8ef5a379292f9dc55d3";
sha256 = "14mnskwvzsva5pxh909xgrzg1cy7r4459f0g85dkqr8z4c9yajic";
rev = "64bdc579873fa5bd303f6951ead2b419493c88e8";
sha256 = "1hffqk9vz6lw6jrixqy9sxj1wv2z7cbj08ykccyfym2zpij40gx6";
fetchSubmodules = false;
};
};
@ -572,12 +572,12 @@ in
};
noice-nvim = buildVimPluginFrom2Nix {
pname = "noice.nvim";
version = "2023-06-06";
version = "2023-06-10";
src = fetchFromGitHub {
owner = "folke";
repo = "noice.nvim";
rev = "acf47e2b863eb20f177aa1bd5398041513e731e1";
sha256 = "1w4vzkashi7yqkzgb9cdq7nv27ibkw94ih041jf36k9axmlffqbr";
rev = "a070cb87a180fd7e2c4387accff0be90268fb736";
sha256 = "0838s3vqp2f6g8q7dwd4ga0m4qr8kj02snbrxd6xz4zzzaz1hlbq";
fetchSubmodules = false;
};
};

View file

@ -26,7 +26,7 @@ in
extraConfig = ''
IdentityAgent "${auth-socket}"
UpdateHostKeys ask
VerifyHostKeyDNS yes
# VerifyHostKeyDNS yes
'';
matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks;

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -81,5 +81,7 @@ in
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
"agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon;
}

View file

@ -24,6 +24,9 @@ in
../nixos/tailscale.nix
../nixos/weewx-proxy.nix
../nixos/container.nix
../nixos/adguardhome-sync.nix
];
system.stateVersion = "22.11";
@ -77,6 +80,17 @@ in
useNetworkd = true;
};
environment.etc."resolv.conf".text = lib.mkForce ''
nameserver 127.0.0.1
nameserver 10.0.0.110
options edns0 trust-ad
search .
'';
services.resolved.extraConfig = ''
DNSStubListener=no
'';
systemd.network = {
enable = true;

View file

@ -16,6 +16,8 @@ in
../nixos/acme-mediaserver.nix
../nixos/nginx.nix
(import ../nixos/adguardhome.nix (args // { inherit secret; }))
../nixos/attic.nix
../nixos/bdfr-browser.nix

View file

@ -0,0 +1,18 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.adguardhome-sync = {
image = "ghcr.io/bakito/adguardhome-sync";
cmd = [ "run" ];
environmentFiles = [ config.age.secrets.adguardhome-sync-environment.path ];
extraOptions = [
"--label=com.centurylinklabs.watchtower.enable=true"
"--label=io.containers.autoupdate=registry"
];
};
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 443 ];
allowedTCPPorts = [ 443 ];
};
}

View file

@ -18,7 +18,7 @@
debug_pprof = false;
dns = {
bind_hosts = [ "127.0.0.1" "10.0.0.5" ];
bind_hosts = secret.adguardhome.bind_hosts;
port = 53;
bootstrap_dns = [
@ -54,7 +54,9 @@
})
(builtins.filter builtins.isString interfaces));
services.nginx.virtualHosts."agh.internal.kempkens.network" = {
virtualisation.podman.defaultNetwork.settings.dns_enabled = lib.mkForce secret.adguardhome.podmanDNS;
services.nginx.virtualHosts."${secret.adguardhome.domain_prefix}.internal.kempkens.network" = {
serverAliases = [ "dns.internal.kempkens.network" ];
listen = [

View file

@ -22,8 +22,18 @@
upstreams.dns = {
servers = {
"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { };
"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {
fail_timeout = "5s";
};
"${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {
backup = true;
};
};
extraConfig = ''
keepalive 8;
'';
};
virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {