diff --git a/agenix/hosts/argon/tailscale/authkey.age b/agenix/hosts/argon/tailscale/authkey.age index e24503b..16d36a6 100644 Binary files a/agenix/hosts/argon/tailscale/authkey.age and b/agenix/hosts/argon/tailscale/authkey.age differ diff --git a/agenix/hosts/argon/weewx-proxy/environment.age b/agenix/hosts/argon/weewx-proxy/environment.age index 14c296f..2b135de 100644 Binary files a/agenix/hosts/argon/weewx-proxy/environment.age and b/agenix/hosts/argon/weewx-proxy/environment.age differ diff --git a/agenix/hosts/mediaserver/tailscale/authkey.age b/agenix/hosts/mediaserver/tailscale/authkey.age index b008c23..576fd29 100644 Binary files a/agenix/hosts/mediaserver/tailscale/authkey.age and b/agenix/hosts/mediaserver/tailscale/authkey.age differ diff --git a/agenix/hosts/neon/tailscale/authkey.age b/agenix/hosts/neon/tailscale/authkey.age index cce9217..5403efa 100644 --- a/agenix/hosts/neon/tailscale/authkey.age +++ b/agenix/hosts/neon/tailscale/authkey.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY -I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY --> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk -v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8 ---- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ -t5rbut [u}OQ(MF'13`O0AUq#!dSi䙝<Y \ No newline at end of file +-> ssh-ed25519 MtGp6g Yjj3Is7pvIjmADdYml9T9cAqrFehxaZNLqnTeygsoR4 +fVM3UJp9X30jm9op5Mf8lY7orr2xgdY2ruOkduZxpTw +-> ssh-ed25519 60lgJw JiT32mwd55t9JJvUvDnfNmdgCReIluuSJ9NRsbyJ8i4 +DInJZIetUuIoDvBgCCHq1mBxrpT+XshL61V0bFznups +--- 1Y0YFM+WYxuHtPpH1bB4X9NLFuuvfktlW7rOnCaAeGQ +X'BLfگb,k.G;559!>M"uz欫alFxFG%LG#ZwF=#!+rGK \ No newline at end of file diff --git a/agenix/hosts/tanker/tailscale/authkey.age b/agenix/hosts/tanker/tailscale/authkey.age index 8951417..87827a6 100644 Binary files a/agenix/hosts/tanker/tailscale/authkey.age and b/agenix/hosts/tanker/tailscale/authkey.age differ diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix index ea39316..a7460d8 100644 --- a/container/proxitok/default.nix +++ b/container/proxitok/default.nix @@ -50,7 +50,7 @@ networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ]; services.nginx.virtualHosts."tictac.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/home/programs/amethyst.nix b/home/programs/amethyst.nix index dcd8b91..f6d239d 100644 --- a/home/programs/amethyst.nix +++ b/home/programs/amethyst.nix @@ -41,8 +41,8 @@ let "com.eltima.elmedia-setapp" "com.jonny.mona" "com.kapeli.dash-setapp" - "com.monarch.macos" "com.sindresorhus.Dato-setapp" + "com.tapbots.Ivory" ]; new-windows-to-main = false; diff --git a/secret/hosts/tanker.nix b/secret/hosts/tanker.nix index b504dfc..93d843e 100644 Binary files a/secret/hosts/tanker.nix and b/secret/hosts/tanker.nix differ diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix index 9a6a6df..50cf281 100644 --- a/system/hosts/argon.nix +++ b/system/hosts/argon.nix @@ -28,7 +28,7 @@ in (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) - ../nixos/tailscale.nix + ../nixos/tailscale-router.nix ../nixos/tailscale-nodns.nix ../nixos/unbound.nix diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix index 9f313de..b3f3c0f 100644 --- a/system/hosts/mediaserver.nix +++ b/system/hosts/mediaserver.nix @@ -25,7 +25,7 @@ in ../nixos/ddg.nix - ../nixos/tailscale.nix + ../nixos/tailscale-router.nix ../nixos/tailscale-nodns.nix ../nixos/unbound.nix @@ -152,7 +152,6 @@ in }; fonts.fontconfig.enable = false; - sound.enable = false; programs = { fish.enable = true; diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix index f73f1b4..a8962f0 100644 --- a/system/nixos/adguardhome.nix +++ b/system/nixos/adguardhome.nix @@ -47,8 +47,8 @@ "fd00::/8" "fe80::/10" - "100.64.10.0/24" - "fd7a:115c:a1e0:1010::/64" + "100.64.0.0/10" + "fd7a:115c:a1e0::/96" ]; }; }; @@ -172,8 +172,8 @@ useACMEHost = "internal.kempkens.network"; extraConfig = '' - set_real_ip_from 100.64.10.2/32; - set_real_ip_from fd7a:115c:a1e0:1010::2/128; + set_real_ip_from 100.122.253.109/32; + set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128; real_ip_header X-Forwarded-For; ''; diff --git a/system/nixos/anonymous-overflow.nix b/system/nixos/anonymous-overflow.nix index b364512..bcc1875 100644 --- a/system/nixos/anonymous-overflow.nix +++ b/system/nixos/anonymous-overflow.nix @@ -39,7 +39,7 @@ in }; services.nginx.virtualHosts."overflow.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/atuin-sync.nix b/system/nixos/atuin-sync.nix index adb53f8..4a0ba1c 100644 --- a/system/nixos/atuin-sync.nix +++ b/system/nixos/atuin-sync.nix @@ -9,7 +9,7 @@ }; services.nginx.virtualHosts."atuin-sync.kempkens.io" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/invidious.nix b/system/nixos/invidious.nix index 8778b78..7b1c012 100644 --- a/system/nixos/invidious.nix +++ b/system/nixos/invidious.nix @@ -43,7 +43,7 @@ in }; services.nginx.virtualHosts."${fqdn}" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix index de6cf97..38a8819 100644 --- a/system/nixos/jellyfin.nix +++ b/system/nixos/jellyfin.nix @@ -88,8 +88,8 @@ useACMEHost = "internal.kempkens.network"; extraConfig = '' - set_real_ip_from 100.64.10.2/32; - set_real_ip_from fd7a:115c:a1e0:1010::2/128; + set_real_ip_from 100.122.253.109/32; + set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128; real_ip_header proxy_protocol; ''; diff --git a/system/nixos/matrix/synapse.nix b/system/nixos/matrix/synapse.nix index c137de5..b5143d5 100644 --- a/system/nixos/matrix/synapse.nix +++ b/system/nixos/matrix/synapse.nix @@ -68,6 +68,7 @@ in "224.0.0.0/4" "::1/128" "fc00::/7" + "fd7a:115c:a1e0::/96" "fe80::/10" "fec0::/10" "ff00::/8" diff --git a/system/nixos/postgresql.nix b/system/nixos/postgresql.nix index c102f17..47dbe8f 100644 --- a/system/nixos/postgresql.nix +++ b/system/nixos/postgresql.nix @@ -23,7 +23,7 @@ }; authentication = '' - host all all 100.64.10.3/32 md5 + host all all 100.64.0.0/10 md5 host all all 10.88.0.0/16 md5 ''; }; diff --git a/system/nixos/redlib.nix b/system/nixos/redlib.nix index 85ee723..619989a 100644 --- a/system/nixos/redlib.nix +++ b/system/nixos/redlib.nix @@ -46,30 +46,7 @@ }; services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { - # listen = [ - # { - # addr = "100.64.10.2"; - # port = 443; - # ssl = true; - # extraParameters = [ - # "fastopen=63" - # "backlog=1023" - # "deferred" - # ]; - # } - # - # { - # addr = "[fd7a:115c:a1e0:1010::2]"; - # port = 443; - # ssl = true; - # extraParameters = [ - # "fastopen=63" - # "backlog=1023" - # ]; - # } - # ]; - - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/rimgo.nix b/system/nixos/rimgo.nix index 6093a0f..ac9fc58 100644 --- a/system/nixos/rimgo.nix +++ b/system/nixos/rimgo.nix @@ -41,7 +41,7 @@ in }; services.nginx.virtualHosts."ringo.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/tailscale-router.nix b/system/nixos/tailscale-router.nix index ff75cfd..073ddd2 100644 --- a/system/nixos/tailscale-router.nix +++ b/system/nixos/tailscale-router.nix @@ -7,7 +7,7 @@ useRoutingFeatures = "server"; extraUpFlags = [ - "--advertise-routes=10.0.0.0/24" + "--advertise-routes=10.0.0.0/24,10.0.50.0/24,10.0.51.0/24" ]; }; } diff --git a/system/nixos/tailscale.nix b/system/nixos/tailscale.nix index 16132cf..9645ee3 100644 --- a/system/nixos/tailscale.nix +++ b/system/nixos/tailscale.nix @@ -1,8 +1,5 @@ { pkgs, config, ... }: -let - headscale = "https://ctrl.headscale.kempkens.network"; -in { environment.systemPackages = [ pkgs.tailscale ]; @@ -11,7 +8,6 @@ in authKeyFile = config.age.secrets.tailscale-authkey.path; extraUpFlags = [ - "--login-server=${headscale}" "--stateful-filtering" ]; }; diff --git a/system/nixos/unbound.nix b/system/nixos/unbound.nix index 618e4b4..3528bfb 100644 --- a/system/nixos/unbound.nix +++ b/system/nixos/unbound.nix @@ -32,23 +32,23 @@ "169.254.0.0/16" "172.16.0.0/12" "10.0.0.0/8" - "100.64.10.0/24" + "100.64.0.0/10" "fd00::/8" "fe80::/10" - "fd7a:115c:a1e0:1010::/64" + "fd7a:115c:a1e0::/96" ]; }; forward-zone = [ - { - name = "10.64.100.in-addr.arpa."; - forward-addr = "100.100.100.100"; - } - - { - name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."; - forward-addr = "100.100.100.100"; - } + # { + # name = "10.64.100.in-addr.arpa."; + # forward-addr = "100.100.100.100"; + # } + # + # { + # name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."; + # forward-addr = "100.100.100.100"; + # } { name = "in-addr.arpa."; diff --git a/system/nixos/voyager.nix b/system/nixos/voyager.nix index 8544f54..b099fd3 100644 --- a/system/nixos/voyager.nix +++ b/system/nixos/voyager.nix @@ -9,7 +9,7 @@ }; services.nginx.virtualHosts."voyager.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true;