Compare commits
No commits in common. "d0e090bb6815110376b9bceb40880a9a5ee00ee3" and "c8c6fb1b5e94b61e5880a8eff8e63417b64309b6" have entirely different histories.
d0e090bb68
...
c8c6fb1b5e
11 changed files with 13 additions and 27 deletions
|
|
@ -21,8 +21,7 @@
|
|||
services.nginx.virtualHosts."${fqdn}" = {
|
||||
useACMEHost = "lava.moe";
|
||||
forceSSL = true;
|
||||
#locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
|
||||
locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
|
||||
locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
|
||||
listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -9,15 +9,14 @@
|
|||
networking.firewall.allowedUDPPorts = [ 6167 ];
|
||||
# TODO: this should be generically set
|
||||
networking.useHostResolvConf = false;
|
||||
networking.nameservers = [ "8.8.8.8" ];
|
||||
networking.nameservers = [ "fd0d:1::2:1" ];
|
||||
|
||||
services.matrix-continuwuity = {
|
||||
enable = true;
|
||||
settings.global = {
|
||||
# TODO: link this with outer container's address
|
||||
address = [ "10.30.2.2" ];
|
||||
address = [ "fd0d:1::2:2" ];
|
||||
server_name = "lava.moe";
|
||||
rocksdb_recovery_mode = 2;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@
|
|||
useACMEHost = "lava.moe";
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = "return 302 'https://lava.moe';";
|
||||
locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
|
||||
locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
|
||||
locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
|
||||
locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
|
||||
locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
|
||||
locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."lava.moe" = {
|
||||
|
|
@ -52,8 +52,9 @@
|
|||
containers.${name} = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.30.${subnet}.1";
|
||||
localAddress = "10.30.${subnet}.2";
|
||||
hostAddress6 = "fd0d:1::${subnet}:1";
|
||||
localAddress6 = "fd0d:1::${subnet}:2";
|
||||
# privateUsers = "pick";
|
||||
nixpkgs = nixpkgs;
|
||||
ephemeral = true;
|
||||
config = { imports = [ ./configuration.nix ]; };
|
||||
|
|
@ -63,6 +64,7 @@
|
|||
mountPoint = "/persist";
|
||||
isReadOnly = false;
|
||||
};
|
||||
# flake = "path:" + ./.;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@
|
|||
nix-stable
|
||||
packages
|
||||
security
|
||||
tailscale
|
||||
|
||||
./filesystem.nix
|
||||
./kernel.nix
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@
|
|||
nix-stable
|
||||
packages
|
||||
security
|
||||
tailscale
|
||||
wireguard
|
||||
|
||||
modules.services.banksia
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
email = "me@lava.moe";
|
||||
group = "nginx";
|
||||
dnsProvider = "cloudflare";
|
||||
environmentFile = config.age.secrets."acme_dns".path;
|
||||
credentialsFile = config.age.secrets."acme_dns".path;
|
||||
};
|
||||
certs."lava.moe" = {
|
||||
extraDomainNames = [
|
||||
|
|
|
|||
|
|
@ -27,12 +27,8 @@ in {
|
|||
forward-addr = [
|
||||
"2606:4700:4700::1111@853#cloudflare-dns.com"
|
||||
"2606:4700:4700::1001@853#cloudflare-dns.com"
|
||||
"2001:4860:4860::8888@853#dns.google"
|
||||
"2001:4860:4860::8844@853#dns.google"
|
||||
"1.1.1.1@853#cloudflare-dns.com"
|
||||
"1.0.0.1@853#cloudflare-dns.com"
|
||||
"8.8.8.8@853#dns.google"
|
||||
"8.8.4.4@853#dns.google"
|
||||
];
|
||||
}];
|
||||
|
||||
|
|
@ -41,10 +37,8 @@ in {
|
|||
access-control = [
|
||||
"127.0.0.1/8 allow"
|
||||
"10.0.0.0/8 allow"
|
||||
"100.64.0.0/10 allow"
|
||||
"192.168.100.0/24 allow"
|
||||
"fd0d::/16 allow"
|
||||
"fd7a:115c:a1e0::/48 allow"
|
||||
"fd0d::/16 allow"
|
||||
"${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
|
||||
];
|
||||
domain-insecure = [ "\"local.lava.moe\"" ];
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ let
|
|||
serverIp = gcSecrets.wireguard.gateway;
|
||||
|
||||
forwarding = {
|
||||
"22727" = [ "10.100.0.3" "7777" ];
|
||||
# "22727" = [ "10.100.0.3" "7777" ];
|
||||
};
|
||||
|
||||
mapForwards = type:
|
||||
|
|
@ -18,8 +18,6 @@ let
|
|||
in ''
|
||||
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
|
||||
${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
|
||||
${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
|
||||
'') forwarding
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -9,8 +9,6 @@
|
|||
vimAlias = true;
|
||||
vimdiffAlias = true;
|
||||
withNodeJs = false;
|
||||
withPython3 = false;
|
||||
withRuby = false;
|
||||
|
||||
plugins = with pkgs.vimPlugins; [
|
||||
fzf-vim
|
||||
|
|
|
|||
|
|
@ -17,8 +17,6 @@ in {
|
|||
vimdiffAlias = true;
|
||||
#package = pkgs.neovim-nightly;
|
||||
withNodeJs = true;
|
||||
withPython3 = true;
|
||||
withRuby = false;
|
||||
|
||||
extraPackages = with pkgs; [
|
||||
rust-analyzer
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue