kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:727f771c4fae602de3886439c28db1ac948e38e7
Branches Tags
kalipso:master kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
...
compare: kalipso:local-testing-v2
Branches Tags
kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

25 Commits
727f771c4f ... local-test

Author SHA1 Message Date
ahtlon
d4ef6381a0 i don't know if this should be used
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m9s
Details 
Since only passing though the ssh dir doesn't work, the host would be polluted by all the other hosts writing to etc
 2025-01-18 17:39:28 +01:00
ahtlon
c416f27c81 add note to docs 2025-01-18 16:35:34 +01:00
ahtlon
0d61107515 Try constant test keys 2025-01-18 16:34:24 +01:00
kalipso
d8d910f5fd [uptimekuma] mv from fanny to hetzner server
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m7s
Details 
after thinking about it it makes no sense to have status/alerting
running on fanny. as soon as fanny fails we wont get any alerts anymore.
thats why i think having it running on the hetzner server, which is
quite stable, makes sense
 2025-01-17 14:19:38 +01:00
kalipso
a4f6b77e30 [fanny] deploy uptimekuma
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m21s
Details
2025-01-17 14:00:41 +01:00
kalipso
6aa6f2e171 [uptimekuma] set redirects 2025-01-17 13:59:54 +01:00
kalipso
d9bb933891 [uptimekuma] init 2025-01-17 13:59:35 +01:00
kalipso
168d45ed8a [vpn] set mtu 1340
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 5m47s
Details
2025-01-17 00:29:11 +01:00
kalipso
2f477d3566 [fanny] undo proxy settings
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m18s
Details
2025-01-17 00:19:23 +01:00
kalipso
b40cb40b01 [fanny] try fix incomplete file transfer
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m5s
Details
2025-01-16 19:30:49 +01:00
kalipso
b15b2ae789 [fanny] disable proxy_buffer
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m2s
Details
2025-01-16 16:36:38 +01:00
kalipso
c7b02b9366 [vpn] disable proxy_buffer
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 4m5s
Details 
url http://10.100.0.101:80/css/variables.css only returns half the file
hopefully this fixes it
 2025-01-16 16:26:23 +01:00
kalipso
c78eb9cbc1 [fanny][vpn] open port 80, enable nginx
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 5m49s
Details
2025-01-16 14:24:19 +01:00
kalipso
429be2c7b9 [fanny] setup as microvm host
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m55s
Details
2025-01-16 13:17:50 +01:00
kalipso
a12ad8db31 [fanny] setup proxypass chain 2025-01-16 13:17:50 +01:00
kalipso
ea99bbde25 [infradocs] init 2025-01-16 13:17:50 +01:00
kalipso
8e8ddb1435 [vpn] fix persistentKeepalive
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m53s
Details
2025-01-14 21:37:17 +01:00
kalipso
50a506d1c2 [bakunin] fix disk id
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 7m4s
Details
2025-01-14 17:56:39 +01:00
kalipso
3bc69085b3 [bakunin] use disko module
Some checks failed
Evaluate Hydra Jobs / eval-hydra-jobs (push) Has been cancelled
Details
2025-01-14 17:53:58 +01:00
kalipso
3b6107c13d [fanny] set persistentKeepalive
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m44s
Details 
to be able to ssh even if fanny was not active for a while
 2025-01-14 16:47:08 +01:00
kalipso
aaf1e280fc [vpn] enable ip_forward on servers
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m50s
Details
2025-01-14 15:40:22 +01:00
kalipso
c6c7fe5a57 [vpn] allow peers to communicate within subnet
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m49s
Details
2025-01-14 15:14:58 +01:00
kalipso
60221f474c [vpn] fix allowedIps
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m48s
Details 
it seems allowedIPs need to have /32 subnet
 2025-01-14 15:04:49 +01:00
kalipso
9b526906c0 [vpn] fix allowedIPs in peers.nix
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m52s
Details
2025-01-14 14:38:09 +01:00
kalipso
642bb8ba64 [fanny] fix vpn name
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m45s
Details
2025-01-14 13:53:20 +01:00
13 changed files with 214 additions and 18 deletions
Expand all files Collapse all files

3
doc/src/anleitung/microvm.md
View File

@@ -44,6 +44,9 @@ sudo mkdir -p /var/lib/microvms/durruti/{var,etc}
# alternatively u can run the vm in interactive mode (maybe stop the microvm@durruti.service first) # alternatively u can run the vm in interactive mode (maybe stop the microvm@durruti.service first)
microvm -r durruti microvm -r durruti
#if you get an error like "Error booting VM: VmBoot(DeviceManager(CreateVirtioFs(VhostUserConnect)))", try starting the virtio service manually
sudo systemctl start microvm-virtiofsd@{host}.service
# after u made changes to the microvm update and restart the vm # after u made changes to the microvm update and restart the vm
microvm -uR durruti microvm -uR durruti

7
machines/.sops.yaml
View File

@@ -66,3 +66,10 @@ creation_rules:
- *admin_kalipso_dsktp - *admin_kalipso_dsktp
age: age:
- *admin_atlan - *admin_atlan
- path_regex: bakunin/disk.key
key_groups:
- pgp:
- *admin_kalipso
- *admin_kalipso_dsktp
age:
- *admin_atlan

21
machines/bakunin/configuration.nix
View File

@@ -1,5 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, inputs, ... }:
let
sshKeys = import ../ssh_keys.nix;
in
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@@ -9,6 +12,8 @@
../modules/sshd.nix ../modules/sshd.nix
../modules/minimal_tools.nix ../modules/minimal_tools.nix
../modules/autoupdate.nix ../modules/autoupdate.nix
inputs.self.nixosModules.malobeo.disko
inputs.self.nixosModules.malobeo.initssh
]; ];
malobeo.autoUpdate = { malobeo.autoUpdate = {
@@ -19,7 +24,19 @@
cacheurl = "https://cache.dynamicdiscord.de"; cacheurl = "https://cache.dynamicdiscord.de";
}; };
boot.loader.systemd-boot.enable = true; malobeo.disks = {
enable = true;
hostId = "a3c3102f";
root = {
disk0 = "disk/by-id/ata-HITACHI_HTS725016A9A364_110308PCKB04VNHX9XTJ";
};
};
malobeo.initssh = {
enable = true;
authorizedKeys = sshKeys.admins;
ethernetDrivers = ["r8169"];
};
hardware.sane.enable = true; #scanner support hardware.sane.enable = true; #scanner support

31
machines/bakunin/disk.key Normal file
View File

@@ -0,0 +1,31 @@
{
"data": "ENC[AES256_GCM,data:2/tfkG7SwWNpnqgkFkmUqbAJBF2eN/lfZCK/9VsZag==,iv:Sps+ZIQGveS/zumjVE8VFfVTlNwQJ093eMDndlne2nU=,tag:lW8xcz43jj1XPV6M/0e11g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRU003cys0d0d4MXFmVVVH\ndDg1eHZpVjFMeDBGL3JQcjB5a0luSVRaSWtnCmxNOEUyZ2oybkNLdm12ZTVmNUpo\nVCtUem44bXA2dGhURGdyRWxKdUF6OVkKLS0tIDdVbUt2eGVHMHBzOEt6QnRpOXZF\nVWFEUFloRXpIUGJxblpaNUNuTjlLbDQKQii2qUIl72d02D3P0oTDHZQT1srSk6jS\n89XSBy6ND9vP0tGXcZ4a7jghO0Q1OVNe1fm6Ez41lKOuUu77hgOAWg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-01-14T16:40:57Z",
"mac": "ENC[AES256_GCM,data:M8l4a2SbBikF/tEtGx4ZY13eK3ffM70aUCDYo4ljgTAtQEbGLx1SJM/mrFW325LycFMNOerWhXyipbXPZPw2VfnSJ9dz+bQ53xK7Mpf/bOZs5aQZJpJ1/MJh6lkmR/zPeQXhE08WsyJ1rCRqAfygau2CqdV8ujY5li3jIIDQMcQ=,iv:lJZhTjJAxSky9MrzYldkJOG0dCIzkv4IE3ZKzxgUxvo=,tag:t/grczWX+0sDcsHC5SCd/A==,type:str]",
"pgp": [
{
"created_at": "2025-01-14T16:40:08Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQGMA5HdvEwzh/H7AQv/S6LvVBsznEqLZbT/UAom1KmfmA3swxAJnQ5tl/vnnix6\nvzs4KSFGZMOQZihEKC/M/og8qTCvlUFBAUMkYLgX+8ehZeZwnnH9V8EDGDIyoWXE\n6AIHP9Ur6yk62gHqmfHlMxFG2A9/A4a+mOvxyKKPDK/AYG0PBaSVMkM6cp7efWwe\n7C6m4BpPRU+3NsNKy/4FkWt9xoFy82K89FqUGC8oZOQW1q+fS7ZIhmnTzzApwILy\n5Y77yBnpPECDYNZdH097bZli6KGWob7aXJ431gyw2OMVQHFb0DlQbKxemo9eWpIr\nnXu2FYrY2D7YxXBGQvXTuNQD3BuvrccOgWAmmi852C1gVVKV+egeOBRq2RYPl6+j\n8TBaNzl0rcvaoWeTJGR142pR9ht9B3aGzXcvCsciZo3SjYyt31J0huzPfv4Dakfn\nyY8BvOaNfugjx0aS6BOZgZiOPlBer86/0FKX469QQAnqL0LRoPyjn53JYUdPdI+s\nCI2WuVynSl7ItiwoKkJK0lgBm0oMhpSiGOC4Z2Bkk2xdpiuXUdMcP6m8OlG9ldCs\n0KrWubh9Ne6CP7etvTkwqWvMuSpCuheToIQ0rp8j21/YdCFX5LpxA3+em0t9M7Is\nV4ZoLnqA2KjI\n=4+Yl\n-----END PGP MESSAGE-----",
"fp": "c4639370c41133a738f643a591ddbc4c3387f1fb"
},
{
"created_at": "2025-01-14T16:40:08Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA98TrrsQEbXUAQ//c/UkuZRpJM5sH1snP8Kidek6nHgC11hUaY1G15a5ap1D\nn9cMIn4xUdfCAN/DoNiE14NzeTDQyawmIV1ZmrYZzItFdNgunf1r9jQNa3EqcWfE\norJS2RwWDrsw7tmx0wyenr9BLefMGJYaJ6Rd7J3j8sXL7aT+SbNw27mmVbYrJiFJ\nYh2usIsxDu2C+dCeTb3J9sKK6F96IbNnj/2Sx8AGYsIQvcpwloCRrnjiEa+hrEBn\nj1I6U4B/NjRGv20PAR1OnQ2OhKVL5UgTJgNKWCLdvGVOQnqJgDNUrrNEBY19wDQL\nQzJEzL21aiyF+8BB3IrtQlntmAIMcUUHTpqIols9rpVJl54yiK1mQ3UqTQPQ2+gd\nu2gtjXXk3FMnVzaI33ZMcxENGHy/+ZdZMfY70/EwJpRvneHTsLr3Z/bHUxavSYdL\nQqbeWLUm7a2/pnOl5JKa9asKYaNBNdmzO/YVgQNhLQzFtHJ9riVN7Ro+S2bocN9Z\npHGCCISAdMDyuFC7aSngnZEwE4NACbQEc8Udu+YCAUIeeBaPI/QWu3n61fZrkxR7\nmik9uJdXnMzKpmNGVQbPurifykDA6Bsqakn69AZQIPyxMtEDBV+pDX0yy3tI5D12\nhksuXSC7fpV/4BsZWKczK9fpDUJMDTFajSSVrSKb4nr2hk49IAZX9rhgbiHmT1LS\nWAHa5YGYUMkVQc59J3uhAjuSckWA/7R7oMhIrL5e/vnnHVR5zFW/auHkDytzZ0d0\nbGdrIRZh81C+yxB1pSJvlUnIWbYnpqhaH3xL+8yARpGZMNi595x0EJM=\n=8puy\n-----END PGP MESSAGE-----",
"fp": "aef8d6c7e4761fc297cda833df13aebb1011b5d4"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.2"
}
}

40
machines/configuration.nix
View File

@@ -56,11 +56,11 @@ let
socket = "store.socket"; socket = "store.socket";
} }
{ {
source = "/var/lib/microvms/${hostName}/etc"; source = "/var/lib/microvms/test/etc/";
mountPoint = "/etc"; mountPoint = "/etc";
tag = "etc"; tag = "etcssh";
proto = "virtiofs"; proto = "virtiofs";
socket = "etc.socket"; socket = "etcssh.socket";
} }
{ {
source = "/var/lib/microvms/${hostName}/var"; source = "/var/lib/microvms/${hostName}/var";
@@ -93,6 +93,8 @@ let
}; };
} }
] ++ defaultModules ++ modules; ] ++ defaultModules ++ modules;
inputsMod = inputs // { malobeo = self; };
in in
{ {
louise = nixosSystem { louise = nixosSystem {
@@ -109,13 +111,21 @@ in
modules = defaultModules ++ [ modules = defaultModules ++ [
./bakunin/configuration.nix ./bakunin/configuration.nix
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./modules/disko/btrfs-laptop.nix ];
};
lucia = nixosSystem {
system = "aarch64-linux";
specialArgs.inputs = inputs;
modules = defaultModules ++ [
./lucia/configuration.nix
./lucia/hardware_configuration.nix
]; ];
}; };
fanny = nixosSystem { fanny = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs.inputs = inputs; specialArgs.inputs = inputsMod;
modules = defaultModules ++ [ modules = defaultModules ++ [
self.nixosModules.malobeo.vpn self.nixosModules.malobeo.vpn
./fanny/configuration.nix ./fanny/configuration.nix
@@ -141,12 +151,22 @@ in
]; ];
}; };
lucia = nixosSystem { infradocs = nixosSystem {
system = "aarch64-linux"; system = "x86_64-linux";
specialArgs.inputs = inputs; specialArgs.inputs = inputs;
modules = defaultModules ++ [ specialArgs.self = self;
./lucia/configuration.nix modules = makeMicroVM "infradocs" "10.0.0.11" "D0:E5:CA:F0:D7:E7" [
./lucia/hardware_configuration.nix self.nixosModules.malobeo.vpn
./infradocs/configuration.nix
];
};
uptimekuma = nixosSystem {
system = "x86_64-linux";
specialArgs.inputs = inputs;
specialArgs.self = self;
modules = makeMicroVM "uptimekuma" "10.0.0.12" "D0:E5:CA:F0:D7:E8" [
./uptimekuma/configuration.nix
]; ];
}; };

9
machines/durruti/documentation.nix
View File

@@ -8,6 +8,15 @@
{ addr = "0.0.0.0"; port = 9000; } { addr = "0.0.0.0"; port = 9000; }
]; ];
root = "${self.packages.x86_64-linux.docs}/share/doc"; root = "${self.packages.x86_64-linux.docs}/share/doc";
extraConfig = ''
proxy_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
}; };
}; };

16
machines/durruti/host_config.nix
View File

@@ -36,7 +36,21 @@ in
services.nginx.virtualHosts."docs.malobeo.org" = { services.nginx.virtualHosts."docs.malobeo.org" = {
forceSSL = true; forceSSL = true;
enableACME= true; enableACME= true;
locations."/".proxyPass = "http://${cfg.host_ip}:9000"; locations."/" = {
proxyPass = "http://10.0.0.10";
extraConfig = ''
'';
};
};
services.nginx.virtualHosts."status.malobeo.org" = {
forceSSL = true;
enableACME= true;
locations."/" = {
proxyPass = "http://10.0.0.12";
extraConfig = ''
'';
};
}; };
services.nginx.virtualHosts."tasklist.malobeo.org" = { services.nginx.virtualHosts."tasklist.malobeo.org" = {

23
machines/fanny/configuration.nix
View File

@@ -15,6 +15,7 @@ in
../modules/autoupdate.nix ../modules/autoupdate.nix
inputs.self.nixosModules.malobeo.initssh inputs.self.nixosModules.malobeo.initssh
inputs.self.nixosModules.malobeo.disko inputs.self.nixosModules.malobeo.disko
inputs.self.nixosModules.malobeo.microvm
]; ];
malobeo.autoUpdate = { malobeo.autoUpdate = {
@@ -47,10 +48,30 @@ in
services.malobeo.vpn = { services.malobeo.vpn = {
enable = true; enable = true;
name = "vpn"; name = "fanny";
privateKeyFile = config.sops.secrets.wg_private.path; privateKeyFile = config.sops.secrets.wg_private.path;
}; };
services.malobeo.microvm.enableHostBridge = true;
services.malobeo.microvm.deployHosts = [ "infradocs" ];
networking = {
firewall = {
allowedTCPPorts = [ 80 ];
};
};
services.nginx = {
enable = true;
virtualHosts."docs.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.0.0.11:9000";
extraConfig = ''
'';
};
};
};
services.tor = { services.tor = {
enable = true; enable = true;
client.enable = true; client.enable = true;

20
machines/infradocs/configuration.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
{
networking = {
hostName = mkDefault "infradocs";
useDHCP = false;
nameservers = [ "1.1.1.1" ];
};
imports = [
../durruti/documentation.nix
../modules/malobeo_user.nix
../modules/sshd.nix
];
system.stateVersion = "22.11"; # Did you read the comment?
}

9
machines/modules/malobeo/peers.nix
View File

@@ -6,33 +6,34 @@
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.0/24" ];
listenPort = 51821; listenPort = 51821;
publicKey = "hF9H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4="; publicKey = "hF9H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
persistentKeepalive = 25;
}; };
"celine" = { "celine" = {
role = "client"; role = "client";
address = [ "10.100.0.2/24" ]; address = [ "10.100.0.2/24" ];
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.2/32" ];
publicKey = "Jgx82tSOmZJS4sm1o8Eci9ahaQdQir2PLq9dBqsWZw4="; publicKey = "Jgx82tSOmZJS4sm1o8Eci9ahaQdQir2PLq9dBqsWZw4=";
}; };
"desktop" = { "desktop" = {
role = "client"; role = "client";
address = [ "10.100.0.3/24" ]; address = [ "10.100.0.3/24" ];
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.3/32" ];
publicKey = "FtY2lcdWcw+nvtydOOUDyaeh/xkaqHA8y9GXzqU0Am0="; publicKey = "FtY2lcdWcw+nvtydOOUDyaeh/xkaqHA8y9GXzqU0Am0=";
}; };
"atlan-pc" = { "atlan-pc" = {
role = "client"; role = "client";
address = [ "10.100.0.5/24" ]; address = [ "10.100.0.5/24" ];
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.5/32" ];
publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y="; publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
}; };
"fanny" = { "fanny" = {
role = "client"; role = "client";
address = [ "10.100.0.101/24" ]; address = [ "10.100.0.101/24" ];
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.101/32" ];
publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
}; };
} }

3
machines/modules/malobeo/wireguard.nix
View File

@@ -64,9 +64,12 @@ in
} }
]; ];
boot.kernel.sysctl."net.ipv4.ip_forward" = mkIf (myPeer.role == "server") 1;
networking.wg-quick = { networking.wg-quick = {
interfaces = { interfaces = {
malovpn = { malovpn = {
mtu = 1340; #seems to be necessary to proxypass nginx traffic through vpn
address = myPeer.address; address = myPeer.address;
autostart = cfg.autostart; autostart = cfg.autostart;
listenPort = mkIf (myPeer.role == "server") myPeer.listenPort; listenPort = mkIf (myPeer.role == "server") myPeer.listenPort;

37
machines/uptimekuma/configuration.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
{
networking = {
hostName = mkDefault "uptimekuma";
useDHCP = false;
nameservers = [ "1.1.1.1" ];
};
imports = [
../modules/malobeo_user.nix
../modules/sshd.nix
];
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."status.malobeo.org" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
extraConfig = ''
'';
};
};
};
services.uptime-kuma = {
enable = true;
};
system.stateVersion = "22.11"; # Did you read the comment?
}

13
machines/vpn/configuration.nix
View File

@@ -12,6 +12,7 @@ with lib;
nameservers = [ "1.1.1.1" ]; nameservers = [ "1.1.1.1" ];
firewall = { firewall = {
allowedUDPPorts = [ 51821 ]; allowedUDPPorts = [ 51821 ];
allowedTCPPorts = [ 80 ];
}; };
}; };
@@ -27,6 +28,18 @@ with lib;
privateKeyFile = config.sops.secrets.wg_private.path; privateKeyFile = config.sops.secrets.wg_private.path;
}; };
services.nginx = {
enable = true;
virtualHosts."docs.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.100.0.101";
extraConfig = ''
'';
};
};
};
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }