containers/emerald: move to alyssum

2026-06-19 08:01:17 +10:00 · 2026-06-19 08:01:17 +10:00 · e1c02d7a91
commit e1c02d7a91
parent 4dfc898140
6 changed files with 15 additions and 12 deletions
--- a/containers/emerald/flake.nix
+++ b/containers/emerald/flake.nix
@ -9,11 +9,11 @@
    shareFqdn = "muse.lava.moe";
    subnetId = "5";

-    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    subnet = x: "fd0d:2::${subnetId}:${toString x}";
    host = subnet 1;
    client = subnet 2;

-    subnet4 = x: "10.30.${subnetId}.${toString x}";
+    subnet4 = x: "10.32.${subnetId}.${toString x}";
    host4 = subnet4 1;
    client4 = subnet4 2;

@ -39,13 +39,7 @@
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:4533";
-        listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
-      };
-      services.nginx.virtualHosts."${shareFqdn}" = {
-        useACMEHost = "lava.moe";
-        forceSSL = true;
-        locations."/".return = "404";
-        locations."/share/".proxyPass = "http://[${client}]:4533";
+        listenAddresses = [ "100.67.2.1" ];
      };

      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
--- a/hosts/alyssum/default.nix
+++ b/hosts/alyssum/default.nix
@ -6,6 +6,7 @@
  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
    passwd.file = ../../secrets/passwd.age;
+    navidrome_env.file = ../../secrets/navidrome_env.age;
    wpa_conf = {
      file = ../../secrets/wpa_conf.age;
      path = "/etc/wpa_supplicant/imperative.conf";
@ -27,6 +28,7 @@
    modules.services.nginx
    modules.services.syncthing

+    inputs.c-emerald.nixosModule
    inputs.c-garnet.nixosModule

    ./filesystem.nix
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@ -5,7 +5,6 @@

  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
-    navidrome_env.file = ../../secrets/navidrome_env.age;
    slskd_env.file = ../../secrets/slskd_env.age;
    wg_dandelion.file = ../../secrets/wg_dandelion.age;
  };
@ -31,12 +30,12 @@
    inputs.c-beryllium.nixosModule
    inputs.c-citrine.nixosModule
    inputs.c-diamond.nixosModule
-    inputs.c-emerald.nixosModule
    inputs.c-fluorite.nixosModule

    ./filesystem.nix
    ./kernel.nix
    ./networking.nix
+    ./nginx.nix

    ../../users/hana
  ];
--- a/hosts/dandelion/nginx.nix
+++ b/hosts/dandelion/nginx.nix
@ -0,0 +1,8 @@
+{ ... }: {
+  services.nginx.virtualHosts."muse.lava.moe" = {
+    useACMEHost = "lava.moe";
+    forceSSL = true;
+    locations."/".return = "404";
+    locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
+  };
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -13,7 +13,7 @@ in {
  "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];

  "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
-  "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ];
+  "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
  "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
  "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
  "secrets/warden_admin.age".publicKeys = [ rin ];
--- a/secrets/navidrome_env.age
+++ b/secrets/navidrome_env.age