cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: cilly:d0e090bb6815110376b9bceb40880a9a5ee00ee3
Branches Tags
cilly:master
cilly:feat/immich
cilly:feat/restic
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2
..
compare: cilly:c8c6fb1b5e94b61e5880a8eff8e63417b64309b6
Branches Tags
cilly:feat/immich
cilly:feat/restic
cilly:master
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2

No commits in common. "d0e090bb6815110376b9bceb40880a9a5ee00ee3" and "c8c6fb1b5e94b61e5880a8eff8e63417b64309b6" have entirely different histories.
d0e090bb68 ... c8c6fb1b5e

11 changed files with 13 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

3
containers/amethyst/flake.nix
View file

@ -21,8 +21,7 @@
services.nginx.virtualHosts."${fqdn}" = { services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe"; useACMEHost = "lava.moe";
forceSSL = true; forceSSL = true;
#locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
}; };

5
containers/beryllium/configuration.nix
View file

@ -9,15 +9,14 @@
networking.firewall.allowedUDPPorts = [ 6167 ]; networking.firewall.allowedUDPPorts = [ 6167 ];
# TODO: this should be generically set # TODO: this should be generically set
networking.useHostResolvConf = false; networking.useHostResolvConf = false;
networking.nameservers = [ "8.8.8.8" ]; networking.nameservers = [ "fd0d:1::2:1" ];
services.matrix-continuwuity = { services.matrix-continuwuity = {
enable = true; enable = true;
settings.global = { settings.global = {
# TODO: link this with outer container's address # TODO: link this with outer container's address
address = [ "10.30.2.2" ]; address = [ "fd0d:1::2:2" ];
server_name = "lava.moe"; server_name = "lava.moe";
rocksdb_recovery_mode = 2;
}; };
}; };
} }

12
containers/beryllium/flake.nix
View file

@ -22,9 +22,9 @@
useACMEHost = "lava.moe"; useACMEHost = "lava.moe";
forceSSL = true; forceSSL = true;
locations."/".extraConfig = "return 302 'https://lava.moe';"; locations."/".extraConfig = "return 302 'https://lava.moe';";
locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167"; locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167";
}; };
services.nginx.virtualHosts."lava.moe" = { services.nginx.virtualHosts."lava.moe" = {
@ -52,8 +52,9 @@
containers.${name} = { containers.${name} = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "10.30.${subnet}.1"; hostAddress6 = "fd0d:1::${subnet}:1";
localAddress = "10.30.${subnet}.2"; localAddress6 = "fd0d:1::${subnet}:2";
# privateUsers = "pick";
nixpkgs = nixpkgs; nixpkgs = nixpkgs;
ephemeral = true; ephemeral = true;
config = { imports = [ ./configuration.nix ]; }; config = { imports = [ ./configuration.nix ]; };
@ -63,6 +64,7 @@
mountPoint = "/persist"; mountPoint = "/persist";
isReadOnly = false; isReadOnly = false;
}; };
# flake = "path:" + ./.;
}; };
}; };
}; };

1
hosts/alyssum/default.nix
View file

@ -20,7 +20,6 @@
nix-stable nix-stable
packages packages
security security
tailscale
./filesystem.nix ./filesystem.nix
./kernel.nix ./kernel.nix

1
hosts/dandelion/default.nix
View file

@ -19,7 +19,6 @@
nix-stable nix-stable
packages packages
security security
tailscale
wireguard wireguard
modules.services.banksia modules.services.banksia

2
modules/services/nginx.nix
View file

@ -6,7 +6,7 @@
email = "me@lava.moe"; email = "me@lava.moe";
group = "nginx"; group = "nginx";
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
environmentFile = config.age.secrets."acme_dns".path; credentialsFile = config.age.secrets."acme_dns".path;
}; };
certs."lava.moe" = { certs."lava.moe" = {
extraDomainNames = [ extraDomainNames = [

6
modules/services/unbound.nix
View file

@ -27,12 +27,8 @@ in {
forward-addr = [ forward-addr = [
"2606:4700:4700::1111@853#cloudflare-dns.com" "2606:4700:4700::1111@853#cloudflare-dns.com"
"2606:4700:4700::1001@853#cloudflare-dns.com" "2606:4700:4700::1001@853#cloudflare-dns.com"
"2001:4860:4860::8888@853#dns.google"
"2001:4860:4860::8844@853#dns.google"
"1.1.1.1@853#cloudflare-dns.com" "1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
]; ];
}]; }];
@ -41,10 +37,8 @@ in {
access-control = [ access-control = [
"127.0.0.1/8 allow" "127.0.0.1/8 allow"
"10.0.0.0/8 allow" "10.0.0.0/8 allow"
"100.64.0.0/10 allow"
"192.168.100.0/24 allow" "192.168.100.0/24 allow"
"fd0d::/16 allow" "fd0d::/16 allow"
"fd7a:115c:a1e0::/48 allow"
"${gcSecrets.wireguard.ipv6Subnet}:/80 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
]; ];
domain-insecure = [ "\"local.lava.moe\"" ]; domain-insecure = [ "\"local.lava.moe\"" ];

4
modules/system/wireguard.nix
View file

@ -6,7 +6,7 @@ let
serverIp = gcSecrets.wireguard.gateway; serverIp = gcSecrets.wireguard.gateway;
forwarding = { forwarding = {
"22727" = [ "10.100.0.3" "7777" ]; # "22727" = [ "10.100.0.3" "7777" ];
}; };
mapForwards = type: mapForwards = type:
@ -18,8 +18,6 @@ let
in '' in ''
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
'') forwarding '') forwarding
); );

2
modules/user/neovim-minimal.nix
View file

@ -9,8 +9,6 @@
vimAlias = true; vimAlias = true;
vimdiffAlias = true; vimdiffAlias = true;
withNodeJs = false; withNodeJs = false;
withPython3 = false;
withRuby = false;
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
fzf-vim fzf-vim

2
modules/user/neovim.nix
View file

@ -17,8 +17,6 @@ in {
vimdiffAlias = true; vimdiffAlias = true;
#package = pkgs.neovim-nightly; #package = pkgs.neovim-nightly;
withNodeJs = true; withNodeJs = true;
withPython3 = true;
withRuby = false;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
rust-analyzer rust-analyzer

BIN
secrets/slskd_env.age
View file

Binary file not shown.