commit e2d54320a2d663a5ad3cef49c0e4966ee3f7904d · ryan.freumh.org/nixos

+6 -7

hosts/elephant/services.nix

···

       1
       1
        
       { config, pkgs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
       -
         security.acme = {

     

       5
       5
       -
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       6
       6
       -
           acceptTerms = true;

     

       7
       7
       -
         };

     

       8
       8
       -
       

     

       9
       4
        
         custom = {

     

       10
       5
        
           nix-cache = {

     

       11
       6
        
             enable = true;

     
···

       16
       11
        
         age.secrets."eon-vpn.freumh.org.cap" = {

     

       17
       12
        
           file = ../../secrets/eon-vpn.freumh.org.cap.age;

     

       18
       13
        
           mode = "770";

     

       19
       19
       -
           owner = "eon";

     

       20
       20
       -
           group = "eon";

     

       14
       14
       +
           owner = "acme-eon";

     

       15
       15
       +
           group = "acme-eon";

     

       21
       16
        
         };

     

       22
       17
        
         security.acme-eon = {

     

       18
       18
       +
           acceptTerms = true;

     

       19
       19
       +
           defaults.email = "${config.custom.username}@${config.networking.domain}";

     

       23
       20
        
           defaults.capFile = config.age.secrets."eon-vpn.freumh.org.cap".path;

     

       24
       21
        
           nginxCerts = [

     

       25
       22
        
             "nix-cache.vpn.freumh.org"

     
···

       33
       30
        
           virtualHosts = {

     

       34
       31
        
             "nix-cache.vpn.freumh.org" = { listenAddresses = [ "100.64.0.9" ]; };

     

       35
       32
        
             "jellyfin.vpn.freumh.org" = {

     

       33
       33
       +
               enableSSL = true;

     

       36
       34
        
               listenAddresses = [ "100.64.0.9" ];

     

       37
       35
        
               locations."/" = {

     

       38
       36
        
                 proxyPass = ''

     
···

       42
       40
        
               };

     

       43
       41
        
             };

     

       44
       42
        
             "transmission.vpn.freumh.org" = {

     

       43
       43
       +
               enableSSL = true;

     

       45
       44
        
               listenAddresses = [ "100.64.0.9" ];

     

       46
       45
        
               locations."/" = {

     

       47
       46
        
                 proxyPass = ''

+25 -23

hosts/owl/default.nix

···

       1
       1
        
       { pkgs, config, lib, eon, ... }@inputs:

     

       2
       2
        
       

     

       3
       3
       +
       let vpnRecords = [

     

       4
       4
       +
           {

     

       5
       5
       +
             name = "nix-cache.vpn.${config.networking.domain}";

     

       6
       6
       +
             type = "A";

     

       7
       7
       +
             value = "100.64.0.9";

     

       8
       8
       +
           }

     

       9
       9
       +
           {

     

       10
       10
       +
             name = "jellyfin.vpn.${config.networking.domain}";

     

       11
       11
       +
             type = "A";

     

       12
       12
       +
             value = "100.64.0.9";

     

       13
       13
       +
           }

     

       14
       14
       +
           {

     

       15
       15
       +
             name = "nextcloud.vpn.${config.networking.domain}";

     

       16
       16
       +
             type = "A";

     

       17
       17
       +
             value = "100.64.0.9";

     

       18
       18
       +
           }

     

       19
       19
       +
           {

     

       20
       20
       +
             name = "transmission.vpn.${config.networking.domain}";

     

       21
       21
       +
             type = "A";

     

       22
       22
       +
             value = "100.64.0.9";

     

       23
       23
       +
           }

     

       24
       24
       +
         ];

     

       25
       25
       +
       in

     

       3
       26
        
       {

     

       4
       27
        
         imports = [

     

       5
       28
        
           ./hardware-configuration.nix

     
···

       218
       241
        
                 value =

     

       219
       242
        
                   "2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270";

     

       220
       243
        
               }

     

       221
       221
       -
             ];

     

       244
       244
       +
             ] ++ vpnRecords;

     

       222
       245
        
           };

     

       223
       246
        
           "fn06.org" = {

     

       224
       247
        
             soa.serial = 1706745602;

     
···

       361
       384
        
           "net.ipv6.conf.all.forwarding" = 1;

     

       362
       385
        
         };

     

       363
       386
        
       

     

       364
       364
       -
         services.headscale.settings.dns_config.extra_records = [

     

       365
       365
       -
           {

     

       366
       366
       -
             name = "nix-cache.vpn.${config.networking.domain}";

     

       367
       367
       -
             type = "A";

     

       368
       368
       -
             value = "100.64.0.9";

     

       369
       369
       -
           }

     

       370
       370
       -
           {

     

       371
       371
       -
             name = "jellyfin.vpn.${config.networking.domain}";

     

       372
       372
       -
             type = "A";

     

       373
       373
       -
             value = "100.64.0.9";

     

       374
       374
       -
           }

     

       375
       375
       -
           {

     

       376
       376
       -
             name = "nextcloud.vpn.${config.networking.domain}";

     

       377
       377
       -
             type = "A";

     

       378
       378
       -
             value = "100.64.0.9";

     

       379
       379
       -
           }

     

       380
       380
       -
           {

     

       381
       381
       -
             name = "transmission.vpn.${config.networking.domain}";

     

       382
       382
       -
             type = "A";

     

       383
       383
       -
             value = "100.64.0.9";

     

       384
       384
       -
           }

     

       385
       385
       -
         ];

     

       387
       387
       +
         services.headscale.settings.dns_config.extra_records = vpnRecords;

     

       386
       388
        
       

     

       387
       389
        
         age.secrets.restic-owl.file = ../../secrets/restic-owl.age;

     

       388
       390
        
         services.restic.backups.${config.networking.hostName} = {