1
0
Fork 0

various: config update

This commit is contained in:
Daniel Kempkens 2024-07-18 23:07:07 +02:00
parent a0cc56d3c1
commit 66d2e3d01e
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
23 changed files with 36 additions and 63 deletions

View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g IpMaz0qI0Ivp7TyqDi4djSNMpER5miWSzBA2UD9AQFY -> ssh-ed25519 MtGp6g Yjj3Is7pvIjmADdYml9T9cAqrFehxaZNLqnTeygsoR4
I5RskNS/ivjVePa3PTALthu5j2WSI0IbZVD+JDCTBYY fVM3UJp9X30jm9op5Mf8lY7orr2xgdY2ruOkduZxpTw
-> ssh-ed25519 60lgJw VScx05bSHq7e1NdNwbAIYSbytDUPe82cKpnOy++ujwk -> ssh-ed25519 60lgJw JiT32mwd55t9JJvUvDnfNmdgCReIluuSJ9NRsbyJ8i4
v2e/tqOQPiX/q1S0GNa7ANR68+f71/jKU1WoYPrn0M8 DInJZIetUuIoDvBgCCHq1mBxrpT+XshL61V0bFznups
--- z7ktAaEVhNL4tvjb1wjRnEfxhH5DZm8kJc1BGrlQzgQ --- 1Y0YFM+WYxuHtPpH1bB4X9NLFuuvfktlW7rOnCaAeGQ
ýt5†r<E280A0>ò“íÂbuŸt [À¼u}OÒQ(ÒMÇçÀF'1ôö½™ÜÐ3`Oë0AUÁªúqÂÀ#Åù¿!dÎSiæä™<C3A4><…Yø‡ˆÿÊ X'ÁB×Lf…Ú¯bÚ,kŠ¨.G;5Ë5„õŸ9À!>ßMÕÅìù"uÑz欫ûa™³ŽlªðôºFxF–ÍøG%ŽÑLGŠ€#ÿZø<><C3B8>õw¥F=#!+rGáKâ

View file

@ -50,7 +50,7 @@
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ]; networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
services.nginx.virtualHosts."tictac.daniel.sx" = { services.nginx.virtualHosts."tictac.daniel.sx" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
quic = true; quic = true;
http3 = true; http3 = true;

View file

@ -41,8 +41,8 @@ let
"com.eltima.elmedia-setapp" "com.eltima.elmedia-setapp"
"com.jonny.mona" "com.jonny.mona"
"com.kapeli.dash-setapp" "com.kapeli.dash-setapp"
"com.monarch.macos"
"com.sindresorhus.Dato-setapp" "com.sindresorhus.Dato-setapp"
"com.tapbots.Ivory"
]; ];
new-windows-to-main = false; new-windows-to-main = false;

Binary file not shown.

View file

@ -28,7 +28,7 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/tailscale.nix ../nixos/tailscale-router.nix
../nixos/tailscale-nodns.nix ../nixos/tailscale-nodns.nix
../nixos/unbound.nix ../nixos/unbound.nix

View file

@ -25,7 +25,7 @@ in
../nixos/ddg.nix ../nixos/ddg.nix
../nixos/tailscale.nix ../nixos/tailscale-router.nix
../nixos/tailscale-nodns.nix ../nixos/tailscale-nodns.nix
../nixos/unbound.nix ../nixos/unbound.nix
@ -152,7 +152,6 @@ in
}; };
fonts.fontconfig.enable = false; fonts.fontconfig.enable = false;
sound.enable = false;
programs = { programs = {
fish.enable = true; fish.enable = true;

View file

@ -47,8 +47,8 @@
"fd00::/8" "fd00::/8"
"fe80::/10" "fe80::/10"
"100.64.10.0/24" "100.64.0.0/10"
"fd7a:115c:a1e0:1010::/64" "fd7a:115c:a1e0::/96"
]; ];
}; };
}; };
@ -172,8 +172,8 @@
useACMEHost = "internal.kempkens.network"; useACMEHost = "internal.kempkens.network";
extraConfig = '' extraConfig = ''
set_real_ip_from 100.64.10.2/32; set_real_ip_from 100.122.253.109/32;
set_real_ip_from fd7a:115c:a1e0:1010::2/128; set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
''; '';

View file

@ -39,7 +39,7 @@ in
}; };
services.nginx.virtualHosts."overflow.daniel.sx" = { services.nginx.virtualHosts."overflow.daniel.sx" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
quic = true; quic = true;
http3 = true; http3 = true;

View file

@ -9,7 +9,7 @@
}; };
services.nginx.virtualHosts."atuin-sync.kempkens.io" = { services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
quic = true; quic = true;
http3 = true; http3 = true;

View file

@ -43,7 +43,7 @@ in
}; };
services.nginx.virtualHosts."${fqdn}" = { services.nginx.virtualHosts."${fqdn}" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
quic = true; quic = true;
http3 = true; http3 = true;

View file

@ -88,8 +88,8 @@
useACMEHost = "internal.kempkens.network"; useACMEHost = "internal.kempkens.network";
extraConfig = '' extraConfig = ''
set_real_ip_from 100.64.10.2/32; set_real_ip_from 100.122.253.109/32;
set_real_ip_from fd7a:115c:a1e0:1010::2/128; set_real_ip_from fd7a:115c:a1e0::3a01:fd6d/128;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
''; '';

View file

@ -68,6 +68,7 @@ in
"224.0.0.0/4" "224.0.0.0/4"
"::1/128" "::1/128"
"fc00::/7" "fc00::/7"
"fd7a:115c:a1e0::/96"
"fe80::/10" "fe80::/10"
"fec0::/10" "fec0::/10"
"ff00::/8" "ff00::/8"

View file

@ -23,7 +23,7 @@
}; };
authentication = '' authentication = ''
host all all 100.64.10.3/32 md5 host all all 100.64.0.0/10 md5
host all all 10.88.0.0/16 md5 host all all 10.88.0.0/16 md5
''; '';
}; };

View file

@ -46,30 +46,7 @@
}; };
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
# listen = [ listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
# {
# addr = "100.64.10.2";
# port = 443;
# ssl = true;
# extraParameters = [
# "fastopen=63"
# "backlog=1023"
# "deferred"
# ];
# }
#
# {
# addr = "[fd7a:115c:a1e0:1010::2]";
# port = 443;
# ssl = true;
# extraParameters = [
# "fastopen=63"
# "backlog=1023"
# ];
# }
# ];
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
quic = true; quic = true;
http3 = true; http3 = true;

View file

@ -41,7 +41,7 @@ in
}; };
services.nginx.virtualHosts."ringo.daniel.sx" = { services.nginx.virtualHosts."ringo.daniel.sx" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
quic = true; quic = true;
http3 = true; http3 = true;

View file

@ -7,7 +7,7 @@
useRoutingFeatures = "server"; useRoutingFeatures = "server";
extraUpFlags = [ extraUpFlags = [
"--advertise-routes=10.0.0.0/24" "--advertise-routes=10.0.0.0/24,10.0.50.0/24,10.0.51.0/24"
]; ];
}; };
} }

View file

@ -1,8 +1,5 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let
headscale = "https://ctrl.headscale.kempkens.network";
in
{ {
environment.systemPackages = [ pkgs.tailscale ]; environment.systemPackages = [ pkgs.tailscale ];
@ -11,7 +8,6 @@ in
authKeyFile = config.age.secrets.tailscale-authkey.path; authKeyFile = config.age.secrets.tailscale-authkey.path;
extraUpFlags = [ extraUpFlags = [
"--login-server=${headscale}"
"--stateful-filtering" "--stateful-filtering"
]; ];
}; };

View file

@ -32,23 +32,23 @@
"169.254.0.0/16" "169.254.0.0/16"
"172.16.0.0/12" "172.16.0.0/12"
"10.0.0.0/8" "10.0.0.0/8"
"100.64.10.0/24" "100.64.0.0/10"
"fd00::/8" "fd00::/8"
"fe80::/10" "fe80::/10"
"fd7a:115c:a1e0:1010::/64" "fd7a:115c:a1e0::/96"
]; ];
}; };
forward-zone = [ forward-zone = [
{ # {
name = "10.64.100.in-addr.arpa."; # name = "10.64.100.in-addr.arpa.";
forward-addr = "100.100.100.100"; # forward-addr = "100.100.100.100";
} # }
#
{ # {
name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."; # name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.";
forward-addr = "100.100.100.100"; # forward-addr = "100.100.100.100";
} # }
{ {
name = "in-addr.arpa."; name = "in-addr.arpa.";

View file

@ -9,7 +9,7 @@
}; };
services.nginx.virtualHosts."voyager.daniel.sx" = { services.nginx.virtualHosts."voyager.daniel.sx" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ]; listenAddresses = [ "100.122.253.109" "[fd7a:115c:a1e0::3a01:fd6d]" ];
quic = true; quic = true;
http3 = true; http3 = true;