diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 739c3e5..5b9817e 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -21,8 +21,7 @@ services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; - locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 6629a31..07740d2 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -9,15 +9,14 @@ networking.firewall.allowedUDPPorts = [ 6167 ]; # TODO: this should be generically set networking.useHostResolvConf = false; - networking.nameservers = [ "8.8.8.8" ]; + networking.nameservers = [ "fd0d:1::2:1" ]; services.matrix-continuwuity = { enable = true; settings.global = { # TODO: link this with outer container's address - address = [ "10.30.2.2" ]; + address = [ "fd0d:1::2:2" ]; server_name = "lava.moe"; - rocksdb_recovery_mode = 2; }; }; } diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 5805401..c6b6cae 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -22,9 +22,9 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; - locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167"; - locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167"; - locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; }; services.nginx.virtualHosts."lava.moe" = { @@ -52,8 +52,9 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.${subnet}.1"; - localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; + # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; config = { imports = [ ./configuration.nix ]; }; @@ -63,6 +64,7 @@ mountPoint = "/persist"; isReadOnly = false; }; + # flake = "path:" + ./.; }; }; }; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 087c77f..4a6ef0c 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -20,7 +20,6 @@ nix-stable packages security - tailscale ./filesystem.nix ./kernel.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 33b6eec..92e53be 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -19,7 +19,6 @@ nix-stable packages security - tailscale wireguard modules.services.banksia diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index a02b7e9..51641b4 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -6,7 +6,7 @@ email = "me@lava.moe"; group = "nginx"; dnsProvider = "cloudflare"; - environmentFile = config.age.secrets."acme_dns".path; + credentialsFile = config.age.secrets."acme_dns".path; }; certs."lava.moe" = { extraDomainNames = [ diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 8aae0fd..349f9e8 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -27,12 +27,8 @@ in { forward-addr = [ "2606:4700:4700::1111@853#cloudflare-dns.com" "2606:4700:4700::1001@853#cloudflare-dns.com" - "2001:4860:4860::8888@853#dns.google" - "2001:4860:4860::8844@853#dns.google" "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" - "8.8.8.8@853#dns.google" - "8.8.4.4@853#dns.google" ]; }]; @@ -41,10 +37,8 @@ in { access-control = [ "127.0.0.1/8 allow" "10.0.0.0/8 allow" - "100.64.0.0/10 allow" "192.168.100.0/24 allow" - "fd0d::/16 allow" - "fd7a:115c:a1e0::/48 allow" + "fd0d::/16 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 71f85ad..bdfe900 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -6,7 +6,7 @@ let serverIp = gcSecrets.wireguard.gateway; forwarding = { - "22727" = [ "10.100.0.3" "7777" ]; +# "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -18,8 +18,6 @@ let in '' ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT - ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport} - ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT '') forwarding ); diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix index 392097d..a7d3f8c 100644 --- a/modules/user/neovim-minimal.nix +++ b/modules/user/neovim-minimal.nix @@ -9,8 +9,6 @@ vimAlias = true; vimdiffAlias = true; withNodeJs = false; - withPython3 = false; - withRuby = false; plugins = with pkgs.vimPlugins; [ fzf-vim diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index d691c61..30ffac9 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -17,8 +17,6 @@ in { vimdiffAlias = true; #package = pkgs.neovim-nightly; withNodeJs = true; - withPython3 = true; - withRuby = false; extraPackages = with pkgs; [ rust-analyzer diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index eded5d0..7515e1f 100644 Binary files a/secrets/slskd_env.age and b/secrets/slskd_env.age differ