various: config update

agenix/hosts/neon/tailscale/authkey.age

@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY
-I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY
--> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk
-v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8
---- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ
-ýt5†r<E280A0>ò“íÂbuŸt [À¼u}’–OÒQ(ÒMÇçÀF'1ôö½™ÜÐ3`Oë0AUÁªúqÂÀ#Åù¿!d–ÎSiæä™<C3A4><…Yø‡ˆÿÊ
+-> ssh-ed25519 MtGp6g Yjj3Is7pvIjmADdYml9T9cAqrFehxaZNLqnTeygsoR4
+fVM3UJp9X30jm9op5Mf8lY7orr2xgdY2ruOkduZxpTw
+-> ssh-ed25519 60lgJw JiT32mwd55t9JJvUvDnfNmdgCReIluuSJ9NRsbyJ8i4
+DInJZIetUuIoDvBgCCHq1mBxrpT+XshL61V0bFznups
+--- 1Y0YFM+WYxuHtPpH1bB4X9NLFuuvfktlW7rOnCaAeGQ
+X'ÁB×Lf…Ú¯bÚ,kŠ¨.G;5Ë5„õŸ9À!>ßMÕÅìù"uÑz欫ûa™³ŽlªðôºFxF–ÍøG%ŽÑLGŠ€#ÿZø<><C3B8>õw¥F=#!+rGáKâ

container/proxitok/default.nix

@@ -50,7 +50,7 @@
   networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
 
   services.nginx.virtualHosts."tictac.daniel.sx" = {
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
     quic = true;
     http3 = true;
 

home/programs/amethyst.nix

@@ -41,8 +41,8 @@ let
       "com.eltima.elmedia-setapp"
       "com.jonny.mona"
       "com.kapeli.dash-setapp"
-      "com.monarch.macos"
       "com.sindresorhus.Dato-setapp"
+      "com.tapbots.Ivory"
     ];
 
     new-windows-to-main = false;

system/hosts/argon.nix

@@ -28,7 +28,7 @@ in
 
     (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
 
-    ../nixos/tailscale.nix
+    ../nixos/tailscale-router.nix
     ../nixos/tailscale-nodns.nix
 
     ../nixos/unbound.nix

system/hosts/mediaserver.nix

@@ -25,7 +25,7 @@ in
 
     ../nixos/ddg.nix
 
-    ../nixos/tailscale.nix
+    ../nixos/tailscale-router.nix
     ../nixos/tailscale-nodns.nix
 
     ../nixos/unbound.nix
@@ -152,7 +152,6 @@ in
   };
 
   fonts.fontconfig.enable = false;
-  sound.enable = false;
 
   programs = {
     fish.enable = true;

system/nixos/adguardhome.nix

@@ -47,8 +47,8 @@
             "fd00::/8"
             "fe80::/10"
 
-            "100.64.10.0/24"
-            "fd7a:115c:a1e0:1010::/64"
+            "100.64.0.0/10"
+            "fd7a:115c:a1e0::/96"
           ];
         };
       };
@@ -172,8 +172,8 @@
       useACMEHost = "internal.kempkens.network";
 
       extraConfig = ''
-        set_real_ip_from 100.64.10.2/32;
-        set_real_ip_from fd7a:115c:a1e0:1010::2/128;
+        set_real_ip_from 100.122.253.109/32;
+        set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128;
         real_ip_header X-Forwarded-For;
       '';
 

system/nixos/anonymous-overflow.nix

@@ -39,7 +39,7 @@ in
   };
 
   services.nginx.virtualHosts."overflow.daniel.sx" = {
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
     quic = true;
     http3 = true;
 

system/nixos/atuin-sync.nix

@@ -9,7 +9,7 @@
   };
 
   services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
     quic = true;
     http3 = true;
 

system/nixos/invidious.nix

@@ -43,7 +43,7 @@ in
   };
 
   services.nginx.virtualHosts."${fqdn}" = {
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
     quic = true;
     http3 = true;
 

system/nixos/jellyfin.nix

@@ -88,8 +88,8 @@
     useACMEHost = "internal.kempkens.network";
 
     extraConfig = ''
-      set_real_ip_from 100.64.10.2/32;
-      set_real_ip_from fd7a:115c:a1e0:1010::2/128;
+      set_real_ip_from 100.122.253.109/32;
+      set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128;
       real_ip_header proxy_protocol;
     '';
 

system/nixos/matrix/synapse.nix

@@ -68,6 +68,7 @@ in
         "224.0.0.0/4"
         "::1/128"
         "fc00::/7"
+        "fd7a:115c:a1e0::/96"
         "fe80::/10"
         "fec0::/10"
         "ff00::/8"

system/nixos/postgresql.nix

@@ -23,7 +23,7 @@
     };
 
     authentication = ''
-      host all all 100.64.10.3/32 md5
+      host all all 100.64.0.0/10 md5
       host all all 10.88.0.0/16 md5
     '';
   };

system/nixos/redlib.nix

@@ -46,30 +46,7 @@
     };
 
   services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
-    # listen = [
-    #   {
-    #     addr = "100.64.10.2";
-    #     port = 443;
-    #     ssl = true;
-    #     extraParameters = [
-    #       "fastopen=63"
-    #       "backlog=1023"
-    #       "deferred"
-    #     ];
-    #   }
-    #
-    #   {
-    #     addr = "[fd7a:115c:a1e0:1010::2]";
-    #     port = 443;
-    #     ssl = true;
-    #     extraParameters = [
-    #       "fastopen=63"
-    #       "backlog=1023"
-    #     ];
-    #   }
-    # ];
-
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
 
     quic = true;
     http3 = true;

system/nixos/rimgo.nix

@@ -41,7 +41,7 @@ in
   };
 
   services.nginx.virtualHosts."ringo.daniel.sx" = {
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
     quic = true;
     http3 = true;
 

system/nixos/tailscale-router.nix

@@ -7,7 +7,7 @@
     useRoutingFeatures = "server";
 
     extraUpFlags = [
-      "--advertise-routes=10.0.0.0/24"
+      "--advertise-routes=10.0.0.0/24,10.0.50.0/24,10.0.51.0/24"
     ];
   };
 }

system/nixos/tailscale.nix

@@ -1,8 +1,5 @@
 { pkgs, config, ... }:
 
-let
-  headscale = "https://ctrl.headscale.kempkens.network";
-in
 {
   environment.systemPackages = [ pkgs.tailscale ];
 
@@ -11,7 +8,6 @@ in
     authKeyFile = config.age.secrets.tailscale-authkey.path;
 
     extraUpFlags = [
-      "--login-server=${headscale}"
       "--stateful-filtering"
     ];
   };

system/nixos/unbound.nix

@@ -32,23 +32,23 @@
           "169.254.0.0/16"
           "172.16.0.0/12"
           "10.0.0.0/8"
-          "100.64.10.0/24"
+          "100.64.0.0/10"
           "fd00::/8"
           "fe80::/10"
-          "fd7a:115c:a1e0:1010::/64"
+          "fd7a:115c:a1e0::/96"
         ];
       };
 
       forward-zone = [
-        {
-          name = "10.64.100.in-addr.arpa.";
-          forward-addr = "100.100.100.100";
-        }
-
-        {
-          name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.";
-          forward-addr = "100.100.100.100";
-        }
+        # {
+        #   name = "10.64.100.in-addr.arpa.";
+        #   forward-addr = "100.100.100.100";
+        # }
+        #
+        # {
+        #   name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.";
+        #   forward-addr = "100.100.100.100";
+        # }
 
         {
           name = "in-addr.arpa.";

system/nixos/voyager.nix

@@ -9,7 +9,7 @@
   };
 
   services.nginx.virtualHosts."voyager.daniel.sx" = {
-    listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
+    listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
     quic = true;
     http3 = true;