From 66d2e3d01e6c51708b21c21ef2901f0e62f55a5c Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Thu, 18 Jul 2024 23:07:07 +0200 Subject: [PATCH] various: config update --- agenix/hosts/argon/tailscale/authkey.age | Bin 371 -> 384 bytes .../hosts/argon/weewx-proxy/environment.age | Bin 863 -> 867 bytes .../hosts/mediaserver/tailscale/authkey.age | Bin 371 -> 384 bytes agenix/hosts/neon/tailscale/authkey.age | 12 ++++----- agenix/hosts/tanker/tailscale/authkey.age | Bin 371 -> 384 bytes container/proxitok/default.nix | 2 +- home/programs/amethyst.nix | 2 +- secret/hosts/tanker.nix | Bin 1269 -> 1272 bytes system/hosts/argon.nix | 2 +- system/hosts/mediaserver.nix | 3 +-- system/nixos/adguardhome.nix | 8 +++--- system/nixos/anonymous-overflow.nix | 2 +- system/nixos/atuin-sync.nix | 2 +- system/nixos/invidious.nix | 2 +- system/nixos/jellyfin.nix | 4 +-- system/nixos/matrix/synapse.nix | 1 + system/nixos/postgresql.nix | 2 +- system/nixos/redlib.nix | 25 +----------------- system/nixos/rimgo.nix | 2 +- system/nixos/tailscale-router.nix | 2 +- system/nixos/tailscale.nix | 4 --- system/nixos/unbound.nix | 22 +++++++-------- system/nixos/voyager.nix | 2 +- 23 files changed, 36 insertions(+), 63 deletions(-) diff --git a/agenix/hosts/argon/tailscale/authkey.age b/agenix/hosts/argon/tailscale/authkey.age index e24503bbdee902b9f0518fdbcd2064ddbff99f36..16d36a6935df6fdf3a60d20cd1c84681f6e464ea 100644 GIT binary patch delta 349 zcmV-j0iyo%0)PXMEProDIaN1eIcjD_ba8bxXLWftZf#OcXliP1LrHOEHbpXVV{2gLw5mg11Eh1FVPApu delta 336 zcmV-W0k8gm1M>oqEPr+{FhVhOR7f{uaW-RXLS=badTuv*H)2$GWJ-B5YHwIZP*iSW zc}Pb=RSGmpH8DqOPi9s)Ich|3R8MMlZbf=SV`Oqladc@|cuz-la5FSRNN96-Sqd#a zAaiqQEoEdfH8n9gATefROjS`JK~Qu^GjMJ%MM5h?FEds`R)0fmOfYdbL`_IJIAt+1 zF+?wVZAo%Rctu1-3U6m*NKQ9oI9NquNpeC_NkdC#V{L6!Mszqeb7)0nP%t=Da7##d zYjt`>3N0-yAZKMwbZ$vDRdiuAdO2i7Y)WZ$Y&ByrP&as4LuF!iSW9tPcWPo}LsDZ& z3SVIj%BxgSgh^;B8Icl_T{hZ2u|>r#a_W45Tws9hKKVZGH|!RrsrCh_P`%QcuQUY& iI~7eNl-Au!#9ZGX#-sI9LS$=fJ|XcCc6`8A6EN9h9(St% diff --git a/agenix/hosts/argon/weewx-proxy/environment.age b/agenix/hosts/argon/weewx-proxy/environment.age index 14c296ff0b80f6a79dd475a8c3fed7a9df11b95a..2b135de8cf28f74eb9e665d815e8c5c041a70b95 100644 GIT binary patch delta 836 zcmV-K1H1g+2IB^hEPq#QbVXB8M|w4BGihaLMNv{~HE=gqLP2?HIb}09RyHztSvN*6 zNp>}8ZwfwAbb5I~O+h$nS!gRUIZsVQPiawCPcwQ>cvC_(a7I=* zQ*LZo3N0-yAXINOb#g>ZO=Dw4H(6J3MN}&?NI`K+Rd-fVbaPQuLRD!{HduO0P&Y79 z3bYh65@uH3Gk@|r2Onlg9M!a}!&C}Oo}SqEdmBq=3yuBW*MPI&U2<&ac-~r;PGP1% zyJD%H&+|t3=rj>+ZRz_9*rc4>1z;U2+)YIfb2;3g>$cxp5R17PVs|Zj;8L;dJ$nMu zk953++oM_)|0WA9AYpL)>GQ1ND^>iesK1F!2T+M5IDhoKc|!Rfmzk8#80-uzyHXP% zu-YQ8C_?!lTmG~L9oR7T9oc5!JAE*a*>M6eiPSm!qJ38MekHrzz90%XewY$zO2Ywe zLGwCE@r%*n0Jl;3owECI4yh`@WR5jq6yB5GxyEb=8VsH;y-Zg4cMfd=AIlAhQ>{4L zN+?;KO@9Q>>sWUus^K1e*u`IyxJO+D&O>=4_x%?IQ`K6S0Mj84ffY=3b8F8RXSk?6(ieP3cETxEfP<g57nrgfa56^b9p$lh($&z`< zWIf-5tXL$s`~#5C$KvpOf&SN24RrJZbuvif8zIm~!Sdo#o(S(0SA)RArfq_e&-Hs> OYFate0V4M0OL6u_C2bi1 delta 832 zcmV-G1Hb&^2HysdEPrA!OfN!lHb!i6OE^w7FF{L5QBPVcc1vnEQ8GtzGjMTGYfET% zNHl6kV+v_PR$6Lybu=qjZZBCjM0iLqVp>%zGh;7DR!2m4XEJAMMKV)MI7dNxV+t)k zAaiqQEoEdfH8n9gATefROjS`JL{D%~CYE)=SGg4?vK|x|^cvez$STRyiO*2?e zZ8u3p3N0-yAbD0wGgvi9Ic{k)b~#5cZB=n=Zd5ciaBoawYBxA?RxnX;NMTcNWK~2s z3T&!(;!H*qdVlx!LuswM_38+@QHy?Ks5pIl1RCIhR9=Dh9h~;|11vcsCN3H%_Qs-P zYi?9>+GZ3r9>5$ug<%G)9nxSi2{g5^gAyb&Dm?}KHc;*QQr zJ>l#&F#TpsbFQ+s=zPim4F7t#Trcs`-N${WF73Hdg@26Zu+%l0^as#7P#eMXJe1`G zJ9~XR4k`y$fA4qA8|t1P^M|W2U;{_qOBUywjj`S!Uvw!{-(PAGA|}L$IOvvFYQxL) zfTJ{-{LXdx_tT(y7PYX(2U$58k0Ec^^J7m)@qf7gc82{gfaKbs-8Sq3GDto48wPez zmApDRqkqT(fZ)#k!zeC;)7U=Y+;HRQz&NIvMdGb5WQ-O$ z{?^ean@%en8cg^*sfr{7ztM+KmS<{+o$E@iTE^%g82aP1_WX~qMA>@~Yqwqt=hM({ z)Hx&?*^@VR9eR%!Og2LF1rZQ+*S%Sr*c7)>ta3(iz&3F}qdx(UH~Lj;<^|iM0mWl2#FnK|DPI7W` za(GZkZwgjsPh(hONl7m@SygyLMmT49MNe*6GB0FEM@n^VYEW!cXERGQLu+C)Gzu*~ zAaiqQEoEdfH8n9gAXzyyS!rh=a%N>WWHCiAH7{y;PBcYgOMf{pbYfOPZgDn7Sx|E_ zGgV|aQgAXjc4b&^3PEvWSxb0PGjVoQd1o_9Y-UkJRBty`M>$J1F>_OOc`|8uQD-n$ zN@PVa3N0-yAV)S>K}KducVluea9L??Mp$-IK~;7uQ%_Y@Wm;8HacMVDR4`;UYDZE{ z3T97W8(3~nU{=rLOmaLhcJh9dXu^!s_iYNOeA#p($$&Kg3AU;NyffZi*ngT9GRCkF v(x@GW86|A2TG%@uJo<^Ww+j*!)_J)Du`g%a;}!Ak$kAdAS}eRe8t?veZybGa delta 336 zcmV-W0k8gm1M>oqEPpXnVoP;4aZzedd3r%rY-n~WdDbz~Q?j2|5Qy}J4mvaD)ccl{u9ABE76vZ@#Sy-HMcYn-a ipiYeV3@8`v)g~Qe>a?JWLv(9ywCM*v^Q)^c6tf` diff --git a/agenix/hosts/neon/tailscale/authkey.age b/agenix/hosts/neon/tailscale/authkey.age index cce9217..5403efa 100644 --- a/agenix/hosts/neon/tailscale/authkey.age +++ b/agenix/hosts/neon/tailscale/authkey.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY -I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY --> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk -v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8 ---- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ -t5rbut [u}OQ(MF'13`O0AUq#!dSi䙝<Y \ No newline at end of file +-> ssh-ed25519 MtGp6g Yjj3Is7pvIjmADdYml9T9cAqrFehxaZNLqnTeygsoR4 +fVM3UJp9X30jm9op5Mf8lY7orr2xgdY2ruOkduZxpTw +-> ssh-ed25519 60lgJw JiT32mwd55t9JJvUvDnfNmdgCReIluuSJ9NRsbyJ8i4 +DInJZIetUuIoDvBgCCHq1mBxrpT+XshL61V0bFznups +--- 1Y0YFM+WYxuHtPpH1bB4X9NLFuuvfktlW7rOnCaAeGQ +X'BLfگb,k.G;559!>M"uz欫alFxFG%LG#ZwF=#!+rGK \ No newline at end of file diff --git a/agenix/hosts/tanker/tailscale/authkey.age b/agenix/hosts/tanker/tailscale/authkey.age index 8951417e306f2e95e88959beb970d9aa7a36e3be..87827a619911347e263350c4c52c73d4266ce214 100644 GIT binary patch delta 349 zcmV-j0iyo%0)PXMEPrh?d2)JfbZ=ryXf$|sY)@BHa(GB~LSbolPEbKGNpD#&b9ysH zVremVYYIq3a8ET%YB_pQMs9jTXKOWPNHJqhPclPscS~Vya6@i-Zfq}bVRTJoMG7rG zAaiqQEoEdfH8n9gAZbrHFEnQ$acM|rRcT{6GHpyScxrlVRDWwuQ#V9rZD&YPP-9qY zF*s65cuZH84(dR!B1|V>nV- z3eP~C#y^o@3RZ201n~=E3`y}{34HbQI?isS87t4n?BwJz76XAx0sCHIa9LzCIs!h5 v)LfrUcdW@1F`O`cjLqGR-K=2Iqf59-j9b7Ode2t!Z5ee~eao`;nq&R0?%;vH delta 336 zcmV-W0k8gm1M>oqEPqO5c56sZZZu3uaWGnNHZ(+IXiaf&b9HJqZ9_IfP-t^ONLF}Q zacVYbGzv0kRcTCUc3O34MLA?MSy5v{FnVHEWH)+bLv49VL2giNLs~I%HeoY4RSGRW zAaiqQEoEdfH8n9gAZbrHFEnQ$NSnGHrQl3Pe{gOJ;UMMr3zNL@O&{IY~=ybTT++bZbv#Yf)$~dN*@)c|wyyWNLLQG;m~BPb({9Z!vQ@YeGg-QB_w=QD{#|YD`3D z3TUEi!@y->qe&tCLSQ|}DWP$$Y%ky>H&c)76yuEOTYY)itB-0^pNItg5{_yeXd0^k i0kZf}RE9zZ5c`Bl;T^~&;cKL3w^=9@y%zFv| diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix index ea39316..a7460d8 100644 --- a/container/proxitok/default.nix +++ b/container/proxitok/default.nix @@ -50,7 +50,7 @@ networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ]; services.nginx.virtualHosts."tictac.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/home/programs/amethyst.nix b/home/programs/amethyst.nix index dcd8b91..f6d239d 100644 --- a/home/programs/amethyst.nix +++ b/home/programs/amethyst.nix @@ -41,8 +41,8 @@ let "com.eltima.elmedia-setapp" "com.jonny.mona" "com.kapeli.dash-setapp" - "com.monarch.macos" "com.sindresorhus.Dato-setapp" + "com.tapbots.Ivory" ]; new-windows-to-main = false; diff --git a/secret/hosts/tanker.nix b/secret/hosts/tanker.nix index b504dfcb59801c9c079c4d22781035c96c266b57..93d843e7fe125b6f18dff0fa40ecd98ce9705575 100644 GIT binary patch literal 1272 zcmVi>4}Y7{uu$6sAKLt4jy7%s8xeDq|Stgs?Xwb(w<6!eswi zmvgn?33Wm(ZA$s(6|#@MyhgnZPpSF2*o&DeP!k+v*FFTi`WT~6BJE|W+=8uIh;to> z(N41A)h4F3(rgg-OINPVCyQPlmtU1p9BDwjO`wIb*@qnvl|;HA7{MBN@w;E!^X{su z&?#QePCIepCUulF8AG@mu=k9BVpZ4uDuG~v{z~?k=eMz5|JdH;t*tm+BqwzlU!5}Jgvk5qe)2l0DooxgWtz(v?vg@ ze37m8NQ~=X433?*lx4BwVjd&#)0EN`2tYrf71a%riEwEBZv4o`>Hw+kU`8E3N%g+R z#B&!fwc)(~{IY;iHuY!VUPyHPYJJ@d>WG~v@b~prrKlk;qxwM_&DnH@f6lg|+li@$ zXw7IKQcmpI#3*V)M4h-h{qm<{*ISNkCv^q$ijd;Hm5b4;ime18Cgo8`F9e9e{xK6x zP|9HzrDC;6w+BBZqPgI_vv?gU7+eozh{OL0+xF4qP6miX-$A~BB!(wJ7Q=Zpx-`WL z1}q@3bY!sg-&_omN=QA#0S+*DuY_4*s=myf_5@i&k%6D?o;~u8D;L~&L=@Kogm?>j zR7~oNG3q2LPDX_3g3+hel*kW_v0X~^02J=rV!yjQ{XusVGu{LOXyQ9C)W7@ z4|f3i%dZ*;o+;jMy`SVLqMyGc5F&-5FnDjohG1<&XvSX+JcvjSkNDsFCU5cz%ZcAX z)biamHKSj^r*cR6d+p8BB5n=% zW_@^Jo3t_STuu7}`ZmAl~%l*ds6-yCDd@Z|NNJEVyEl1^O8hzk?Sm8Ne= zn=P1?8}8o!w&`PHfD&cV?L%i;6l$n6FIpOWU2xpM%Ttz#GdC395HL(~v=jWYSVp*3 zBZbjvzLlvyIC8O1-Gd8u#Fv|UpJZ)ja%Q0=&wEGMq41=SNE0%`?xM~{oZlJk3^hd+ zX)o5BG-a(lx9qE3uNxg!P7uEkKdWWK=w4)7wK!bML>K0@#r_eUZxterKob2nLL0}V zW?vM7y+0kUuYht1Rfz9-=SR7*bW|M<88m`jvM-~?1JEfL(rSsCxhah@mk7+ z={`p}emR3@l6T*UGqU|!eY7WlLbW{n5fak3-IG~o=#4DUx$ZUcK?PxwCOMy_j7u%C zd2D4|`y^m3_MDu()cNMZKxZ>$v+e$GZC1gGK0l^N4IAF0K3`i|8iNnowr<=Z70WOm zpMd2|!-2shQ|8wV5pM{&_J&qxDWmmyh$-5jHV-(G87z6#_wgB~)YhKS#Bnx$%x@Wp iGuyyM;)z4sW%li{YzZTHi=xn_5&}o$IkfrfUS6$Ke0MAW literal 1269 zcmV|w3lIR4KBMu24psaUiBHd*;nvTJAWJ_lGl8*gJD-H z+n|A+bq`0LE6m6(K^V!&=bz9x<*jWuc48@PbniNB6dz?{UpEm2-5TDi4AkPXP*64}> zeEzJWLN$jz2Mx_wLz<*{$}&MD<|beGL4PpL_OA5yx^IT?UIxmU<+R*8X4ARQzou1I zQ*B-Sc{J~{|J!#nKh_oh%+*SQdhOgCp7=kaj|Y0$5aLNM^(B`TbreF<16v8CbI6S& zyiQ1IlIFbsqBEJY2=m;nr-UZ?)uQMV*LF}LlHyvhr90yYu@7@wKI>(v2gZ@5Gc?1n zLLv!@DpSMU)AfCGu9$6WoCc*2S>V$V1;w&=wyzN^A3TX6OTCz|QP%j;*d)$EvW56k z5qt0Qw^nx>3DIJOys!h(Dv+bF3iLCg4_rSw+d-e}knE$j=eV4w?HJ5wg@;jhj=wA2 zg84}Co(j|-kbe+5MrNekDg&n$NbOY(D6V@Fm{{tvjAV(B%^j2{~j< zh~OF6e3M-WCh5!yUjO?|QKI21TEY#%B%D?tYL;9S{&1%#D3mz5wI6E;584r`1bEe#y<=@>6 zh;(}*p^U4qUyHvKMH(xA1Hp9Cr(K?%w%f}N3Zc5{U|!DkqOMqZp>Sh4?Z>04|9V<9 z^3J|IkHlf~RT~{u$$UC`$&0Fo{fGkoF|dY@V0P|W@)Q(KD~G6&>^qn-`H2Q>HjABk z7Dmx3_YI)iRO$~@uO`}@@v_}NL$gTaUzvCk(p{=AF4oPEB zR{f;oY>K0FdUvn%fLK)>p zZ&qRxi>=Ql7#d)DxCqlm=%)bd(!wpXvwEFTw0=9Ms9_sA;T*wNGWDC#*o-{{Oa*KVb{xO&wEs^gyV=Cp<>+1{)jMVk(VAe|Frd-PwW#;If8XbLEpVM(L;#2Gyw z%Zq5riM9p$;MTV8!pYxB!4%{&G`3zS&P!1$tGwk&Diq1ennuMdR-R`V1KX->7DMaK zuVQ}Hp#~5a~l6xM-jbtN2yD7cD=tQ`=t;>ekdwkq>qx diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix index 9a6a6df..50cf281 100644 --- a/system/hosts/argon.nix +++ b/system/hosts/argon.nix @@ -28,7 +28,7 @@ in (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) - ../nixos/tailscale.nix + ../nixos/tailscale-router.nix ../nixos/tailscale-nodns.nix ../nixos/unbound.nix diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix index 9f313de..b3f3c0f 100644 --- a/system/hosts/mediaserver.nix +++ b/system/hosts/mediaserver.nix @@ -25,7 +25,7 @@ in ../nixos/ddg.nix - ../nixos/tailscale.nix + ../nixos/tailscale-router.nix ../nixos/tailscale-nodns.nix ../nixos/unbound.nix @@ -152,7 +152,6 @@ in }; fonts.fontconfig.enable = false; - sound.enable = false; programs = { fish.enable = true; diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix index f73f1b4..a8962f0 100644 --- a/system/nixos/adguardhome.nix +++ b/system/nixos/adguardhome.nix @@ -47,8 +47,8 @@ "fd00::/8" "fe80::/10" - "100.64.10.0/24" - "fd7a:115c:a1e0:1010::/64" + "100.64.0.0/10" + "fd7a:115c:a1e0::/96" ]; }; }; @@ -172,8 +172,8 @@ useACMEHost = "internal.kempkens.network"; extraConfig = '' - set_real_ip_from 100.64.10.2/32; - set_real_ip_from fd7a:115c:a1e0:1010::2/128; + set_real_ip_from 100.122.253.109/32; + set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128; real_ip_header X-Forwarded-For; ''; diff --git a/system/nixos/anonymous-overflow.nix b/system/nixos/anonymous-overflow.nix index b364512..bcc1875 100644 --- a/system/nixos/anonymous-overflow.nix +++ b/system/nixos/anonymous-overflow.nix @@ -39,7 +39,7 @@ in }; services.nginx.virtualHosts."overflow.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/atuin-sync.nix b/system/nixos/atuin-sync.nix index adb53f8..4a0ba1c 100644 --- a/system/nixos/atuin-sync.nix +++ b/system/nixos/atuin-sync.nix @@ -9,7 +9,7 @@ }; services.nginx.virtualHosts."atuin-sync.kempkens.io" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/invidious.nix b/system/nixos/invidious.nix index 8778b78..7b1c012 100644 --- a/system/nixos/invidious.nix +++ b/system/nixos/invidious.nix @@ -43,7 +43,7 @@ in }; services.nginx.virtualHosts."${fqdn}" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix index de6cf97..38a8819 100644 --- a/system/nixos/jellyfin.nix +++ b/system/nixos/jellyfin.nix @@ -88,8 +88,8 @@ useACMEHost = "internal.kempkens.network"; extraConfig = '' - set_real_ip_from 100.64.10.2/32; - set_real_ip_from fd7a:115c:a1e0:1010::2/128; + set_real_ip_from 100.122.253.109/32; + set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128; real_ip_header proxy_protocol; ''; diff --git a/system/nixos/matrix/synapse.nix b/system/nixos/matrix/synapse.nix index c137de5..b5143d5 100644 --- a/system/nixos/matrix/synapse.nix +++ b/system/nixos/matrix/synapse.nix @@ -68,6 +68,7 @@ in "224.0.0.0/4" "::1/128" "fc00::/7" + "fd7a:115c:a1e0::/96" "fe80::/10" "fec0::/10" "ff00::/8" diff --git a/system/nixos/postgresql.nix b/system/nixos/postgresql.nix index c102f17..47dbe8f 100644 --- a/system/nixos/postgresql.nix +++ b/system/nixos/postgresql.nix @@ -23,7 +23,7 @@ }; authentication = '' - host all all 100.64.10.3/32 md5 + host all all 100.64.0.0/10 md5 host all all 10.88.0.0/16 md5 ''; }; diff --git a/system/nixos/redlib.nix b/system/nixos/redlib.nix index 85ee723..619989a 100644 --- a/system/nixos/redlib.nix +++ b/system/nixos/redlib.nix @@ -46,30 +46,7 @@ }; services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { - # listen = [ - # { - # addr = "100.64.10.2"; - # port = 443; - # ssl = true; - # extraParameters = [ - # "fastopen=63" - # "backlog=1023" - # "deferred" - # ]; - # } - # - # { - # addr = "[fd7a:115c:a1e0:1010::2]"; - # port = 443; - # ssl = true; - # extraParameters = [ - # "fastopen=63" - # "backlog=1023" - # ]; - # } - # ]; - - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/rimgo.nix b/system/nixos/rimgo.nix index 6093a0f..ac9fc58 100644 --- a/system/nixos/rimgo.nix +++ b/system/nixos/rimgo.nix @@ -41,7 +41,7 @@ in }; services.nginx.virtualHosts."ringo.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true; diff --git a/system/nixos/tailscale-router.nix b/system/nixos/tailscale-router.nix index ff75cfd..073ddd2 100644 --- a/system/nixos/tailscale-router.nix +++ b/system/nixos/tailscale-router.nix @@ -7,7 +7,7 @@ useRoutingFeatures = "server"; extraUpFlags = [ - "--advertise-routes=10.0.0.0/24" + "--advertise-routes=10.0.0.0/24,10.0.50.0/24,10.0.51.0/24" ]; }; } diff --git a/system/nixos/tailscale.nix b/system/nixos/tailscale.nix index 16132cf..9645ee3 100644 --- a/system/nixos/tailscale.nix +++ b/system/nixos/tailscale.nix @@ -1,8 +1,5 @@ { pkgs, config, ... }: -let - headscale = "https://ctrl.headscale.kempkens.network"; -in { environment.systemPackages = [ pkgs.tailscale ]; @@ -11,7 +8,6 @@ in authKeyFile = config.age.secrets.tailscale-authkey.path; extraUpFlags = [ - "--login-server=${headscale}" "--stateful-filtering" ]; }; diff --git a/system/nixos/unbound.nix b/system/nixos/unbound.nix index 618e4b4..3528bfb 100644 --- a/system/nixos/unbound.nix +++ b/system/nixos/unbound.nix @@ -32,23 +32,23 @@ "169.254.0.0/16" "172.16.0.0/12" "10.0.0.0/8" - "100.64.10.0/24" + "100.64.0.0/10" "fd00::/8" "fe80::/10" - "fd7a:115c:a1e0:1010::/64" + "fd7a:115c:a1e0::/96" ]; }; forward-zone = [ - { - name = "10.64.100.in-addr.arpa."; - forward-addr = "100.100.100.100"; - } - - { - name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."; - forward-addr = "100.100.100.100"; - } + # { + # name = "10.64.100.in-addr.arpa."; + # forward-addr = "100.100.100.100"; + # } + # + # { + # name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."; + # forward-addr = "100.100.100.100"; + # } { name = "in-addr.arpa."; diff --git a/system/nixos/voyager.nix b/system/nixos/voyager.nix index 8544f54..b099fd3 100644 --- a/system/nixos/voyager.nix +++ b/system/nixos/voyager.nix @@ -9,7 +9,7 @@ }; services.nginx.virtualHosts."voyager.daniel.sx" = { - listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; + listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ]; quic = true; http3 = true;