diff --git a/flake.lock b/flake.lock index 90e22b4..61f5589 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,27 @@ "type": "github" } }, + "dns": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768143854, + "narHash": "sha256-E5/kyPz4zAZn/lZdvqlF83jMgCWNxmqYjjWuadngCbk=", + "owner": "kirelagin", + "repo": "dns.nix", + "rev": "a97cf4156e9f044fe4bed5be531061000dfabb07", + "type": "github" + }, + "original": { + "owner": "kirelagin", + "repo": "dns.nix", + "type": "github" + } + }, "ep3-bs": { "inputs": { "nixpkgs": [ @@ -43,6 +64,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1614513358, + "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_3" }, @@ -102,7 +138,7 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -225,6 +261,7 @@ "root": { "inputs": { "disko": "disko", + "dns": "dns", "ep3-bs": "ep3-bs", "home-manager": "home-manager", "mfsync": "mfsync", diff --git a/flake.nix b/flake.nix index 90300a6..decbc2c 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,11 @@ disko.url = "github:nix-community/disko/latest"; disko.inputs.nixpkgs.follows = "nixpkgs"; + dns = { + url = "github:kirelagin/dns.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + utils = { url = "github:numtide/flake-utils"; }; diff --git a/machines/durruti/configuration.nix b/machines/durruti/configuration.nix index e86456a..f0573d0 100644 --- a/machines/durruti/configuration.nix +++ b/machines/durruti/configuration.nix @@ -29,7 +29,6 @@ with lib; enable = true; enablePromtail = true; logNginx = true; - lokiHost = "10.0.0.14"; }; services.malobeo-tasklist.enable = true; diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index 229b238..bcef133 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -43,20 +43,6 @@ in }; }; - services.nginx.virtualHosts."cloud.malobeo.org" = { - forceSSL = true; - enableACME= true; - locations."/" = { - proxyPass = "http://10.0.0.10"; - extraConfig = '' - client_max_body_size 10G; - client_body_timeout 3600s; - send_timeout 3600s; - fastcgi_buffers 64 4K; - ''; - }; - }; - services.nginx.virtualHosts."keys.malobeo.org" = { forceSSL = true; enableACME= true; @@ -67,7 +53,6 @@ in }; }; - services.nginx.virtualHosts."grafana.malobeo.org" = { forceSSL = true; enableACME= true; @@ -88,24 +73,6 @@ in }; }; - - services.nginx.virtualHosts."zines.malobeo.org" = { - forceSSL = true; - enableACME= true; - locations."/" = { - proxyPass = "http://10.0.0.10"; - extraConfig = '' - client_body_in_file_only clean; - client_body_buffer_size 32K; - - client_max_body_size 500M; - - sendfile on; - send_timeout 300s; - ''; - }; - }; - services.nginx.virtualHosts."status.malobeo.org" = { forceSSL = true; enableACME= true; diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index ff4814e..f472355 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -2,11 +2,13 @@ let sshKeys = import ../ssh_keys.nix; peers = import ../modules/malobeo/peers.nix; + hosts = import ../hosts.nix {}; in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets.wg_private = {}; sops.secrets.shop_auth = {}; + sops.secrets.njala_api_key = {}; imports = [ # Include the results of the hardware scan. @@ -35,7 +37,7 @@ in enable = true; enablePromtail = true; logNginx = true; - lokiHost = "10.0.0.14"; + lokiHost = hosts.malobeo.hosts.overwatch.network.address; }; malobeo.autoUpdate = { @@ -129,7 +131,12 @@ in privateKeyFile = config.sops.secrets.wg_private.path; }; - services.malobeo.microvm.enableHostBridge = true; + services.malobeo.microvm = { + enableHostBridge = true; + interface = "enp1s0"; + gateway = "192.168.1.1"; + address = "192.168.1.2/24"; + }; services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" @@ -151,20 +158,48 @@ in }; }; + security.acme = { + acceptTerms = true; + defaults.email = "malobeo@systemli.org"; + defaults = { + dnsProvider = "njalla"; + credentialsFile = config.sops.secrets.njala_api_key.path; + dnsPropagationCheck = false; + }; + }; + services.nginx = { enable = true; virtualHosts."docs.malobeo.org" = { locations."/" = { - proxyPass = "http://10.0.0.11:9000"; + proxyPass = "http://${hosts.malobeo.hosts.infradocs.network.address}:9000"; extraConfig = '' proxy_set_header Host $host; ''; }; }; - virtualHosts."cloud.malobeo.org" = { + virtualHosts."cloud.hq.malobeo.org" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; locations."/" = { - proxyPass = "http://10.0.0.13"; + proxyPass = "http://${hosts.malobeo.hosts.nextcloud.network.address}"; + extraConfig = '' + proxy_set_header Host $host; + client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize}; + client_body_timeout 3600s; + send_timeout 3600s; + fastcgi_buffers 64 4K; + ''; + }; + }; + + virtualHosts."cloud.malobeo.org" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${hosts.malobeo.hosts.nextcloud.network.address}"; extraConfig = '' proxy_set_header Host $host; client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize}; @@ -186,7 +221,7 @@ in virtualHosts."grafana.malobeo.org" = { locations."/" = { - proxyPass = "http://10.0.0.14"; + proxyPass = "http://${hosts.malobeo.hosts.overwatch.network.address}"; extraConfig = '' proxy_set_header Host $host; ''; @@ -195,19 +230,38 @@ in virtualHosts."tasklist.malobeo.org" = { locations."/" = { - proxyPass = "http://10.0.0.5:8080"; + proxyPass = "http://${hosts.malobeo.hosts.durruti.network.address}:8080"; extraConfig = '' proxy_set_header Host $host; ''; }; }; - virtualHosts."zines.malobeo.org" = { - # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo' - # then content of foo.txt put into sops - # basicAuthFile = config.sops.secrets.shop_auth.path; + virtualHosts."zines.hq.malobeo.org" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; locations."/" = { - proxyPass = "http://10.0.0.15:8080"; + proxyPass = "http://${hosts.malobeo.hosts.zineshop.network.address}:8080"; + extraConfig = '' + proxy_set_header Host $host; + + client_body_in_file_only clean; + client_body_buffer_size 32K; + + client_max_body_size 50M; + + sendfile on; + send_timeout 300s; + ''; + }; + }; + + virtualHosts."zines.malobeo.org" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${hosts.malobeo.hosts.zineshop.network.address}:8080"; extraConfig = '' proxy_set_header Host $host; diff --git a/machines/fanny/dummy.yaml b/machines/fanny/dummy.yaml index 1edbe77..c38ce53 100644 --- a/machines/fanny/dummy.yaml +++ b/machines/fanny/dummy.yaml @@ -1,9 +1,6 @@ wg_private: ENC[AES256_GCM,data:YEmIfgtyHE9msYijva0Ye2w7shVmYBPZ3mcKRF7Cy20xa6yHEUQ0kC2OWnM=,iv:ouK6fHcrxrEtsmiPmtCz9Ca8Ec1algOifrgZSBNHi74=,tag:524e/SQt++hwVyeWruCsLg==,type:str] +njala_api_key: ENC[AES256_GCM,data:uEzx7KeI7ZZP63Igu5vHmuvASVxJai8bezM40UZVobQMr7r6opjnVTc0BPyIGfnG2mx/6Bo=,iv:lch04oGn6bkqtBGVzYlz6B97FGXlGOoxkiT1IplSxm4=,tag:bzXx2jSqFBv1hgJO1r5i+w==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng enc: | @@ -23,8 +20,8 @@ sops: NjJ5cFdTVS9NZmVWMjcrcHo2WDZEZDgKiDwkuUn90cDmidwYGZBb5qp+4R1HafV0 vMQfjT9GrwB5K/O1GumOmvbzLNhvO2vRZJhfVHzyHLzQK64abQgF5Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-19T22:46:09Z" - mac: ENC[AES256_GCM,data:eU3SIqAGrgbO2tz4zH1tgYcif7oe5j+/wmdYl2xXXI+D6IhiKrTJGvzE3rd3ElEpb+Bg0UQId952U2Ut0yPTfxGLtdlbJA66CmhLAksByoJ8lOXUcp/qDyA4yMRSuwYG2v7uF2crvue9fyRfZ7hl7abE/Q7Z2UjOKqhSZC5cO3U=,iv:NmCVvtBWZRzhpr5nMLy+98VuQZWoUms7xFSxq8PMvBA=,tag:UWjA7oqoNWh4wb0myNg7FA==,type:str] + lastmodified: "2026-02-20T18:33:50Z" + mac: ENC[AES256_GCM,data:YlsQVjfgtlcSObjLiZif/sOJNx2PqH9q0kguPgBSwAoNiX2/eJhNH2WwtQ8uXQfdPiX7kwfFrl2E0xevqwLv+4AICr+9v6oCfcUHJYPRdkLfCs0jXyvnZr52LzfyV3GOPah/j8Uye9d9sspUMqqaXewoeWtrXHgo277pQVdrKxM=,iv:Xb5ckc/cvpGqkZoViTrw8rUniO2OWy0/rNfhF+Qb/iM=,tag:ZhI4jS2Iyig9juVGAeii+w==,type:str] pgp: - created_at: "2025-01-19T22:45:26Z" enc: |- @@ -65,4 +62,4 @@ sops: -----END PGP MESSAGE----- fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.11.0 diff --git a/machines/hosts.nix b/machines/hosts.nix index 666d14b..624de8d 100644 --- a/machines/hosts.nix +++ b/machines/hosts.nix @@ -1,90 +1,107 @@ { ... }: +let + createMaloNet = hostId: mac: { + local = true; + hostId = hostId; + address = "192.168.1.${hostId}"; + gateway = "192.168.1.1"; + nameservers = [ "192.168.1.17" "1.1.1.1" ]; #setting ns1 as nameserver + mac = mac; + }; + + createOffsiteNet = hostId: mac: { + local = false; + hostId = hostId; + address = "10.0.0.${hostId}"; + gateway = "10.0.0.1"; + nameservers = [ "1.1.1.1" ]; + mac = mac; + }; +in { + #TODO: fix local 192.168.1.0/24 addresses they are just palceholders! malobeo = { hosts = { louise = { type = "host"; + network = { + local = true; + hostId = "11"; + address = "192.168.1.101"; + }; }; bakunin = { type = "host"; + network = { + local = true; + hostId = "12"; + address = "192.168.1.12"; + }; }; - + fanny = { type = "host"; + network = { + local = true; + hostId = "13"; + address = "192.168.1.13"; + }; }; - + lucia = { type = "rpi"; + network = { + local = true; + hostId = "15"; + address = "192.168.1.15"; + }; }; - + durruti = { type = "microvm"; - network = { - address = "10.0.0.5"; - mac = "52:DA:0D:F9:EF:F9"; - }; + network = createMaloNet "5" "52:DA:0D:F9:EF:F9"; }; - + vpn = { type = "microvm"; - network = { - address = "10.0.0.10"; - mac = "D0:E5:CA:F0:D7:E6"; - }; + network = createOffsiteNet "10" "52:DA:0D:F9:EF:E6"; }; - + infradocs = { type = "microvm"; - network = { - address = "10.0.0.11"; - mac = "D0:E5:CA:F0:D7:E7"; - }; + network = createMaloNet "11" "52:DA:0D:F9:EF:E7"; }; - + uptimekuma = { type = "microvm"; - network = { - address = "10.0.0.12"; - mac = "D0:E5:CA:F0:D7:E8"; - }; + network = createOffsiteNet "12" "52:DA:0D:F9:EF:E8"; }; - + nextcloud = { type = "microvm"; - network = { - address = "10.0.0.13"; - mac = "D0:E5:CA:F0:D7:E9"; - }; + network = createMaloNet "13" "52:DA:0D:F9:EF:E9"; }; - + overwatch = { type = "microvm"; - network = { - address = "10.0.0.14"; - mac = "D0:E5:CA:F0:D7:E0"; - }; + network = createMaloNet "14" "52:DA:0D:F9:EF:E0"; }; - + zineshop = { type = "microvm"; - network = { - address = "10.0.0.15"; - mac = "D0:E5:CA:F0:D7:F1"; - }; + network = createMaloNet "15" "52:DA:0D:F9:EF:F1"; }; vaultwarden = { type = "microvm"; - network = { - address = "10.0.0.16"; - mac = "D0:E5:CA:F0:D7:F2"; - }; + network = createMaloNet "16" "D0:E5:CA:F0:D7:F2"; }; - testvm = { - type = "host"; + ns1 = { + type = "microvm"; + network = createMaloNet "17" "52:DA:0D:F9:EF:F3"; }; }; }; diff --git a/machines/infradocs/configuration.nix b/machines/infradocs/configuration.nix index d1cc2fa..7064a96 100644 --- a/machines/infradocs/configuration.nix +++ b/machines/infradocs/configuration.nix @@ -19,7 +19,6 @@ with lib; enable = true; enablePromtail = true; logNginx = true; - lokiHost = "10.0.0.14"; }; system.stateVersion = "22.11"; # Did you read the comment? diff --git a/machines/modules/host_builder.nix b/machines/modules/host_builder.nix index 14fac78..2460343 100644 --- a/machines/modules/host_builder.nix +++ b/machines/modules/host_builder.nix @@ -43,7 +43,7 @@ rec { ]; defaultModules = baseModules; - makeMicroVM = hostName: ipv4Addr: macAddr: modules: [ + makeMicroVM = hostName: network: modules: [ { microvm = { hypervisor = "cloud-hypervisor"; @@ -83,7 +83,7 @@ rec { { type = "tap"; id = "vm-${hostName}"; - mac = "${macAddr}"; + mac = "${network.mac}"; } ]; }; @@ -93,9 +93,9 @@ rec { systemd.network.networks."20-lan" = { matchConfig.Type = "ether"; networkConfig = { - Address = [ "${ipv4Addr}/24" ]; - Gateway = "10.0.0.1"; - DNS = ["1.1.1.1"]; + Address = [ "${network.address}/24" ]; + Gateway = "${network.gateway}"; + DNS = network.nameservers; DHCP = "no"; }; }; @@ -165,6 +165,16 @@ rec { }); }; + systemd.network.networks."20-lan" = pkgs.lib.mkForce { + matchConfig.Type = "ether"; + networkConfig = { + Address = [ "10.0.0.${hosts.malobeo.hosts.${hostname}.network.hostId}/24" ]; + Gateway = "10.0.0.1"; + DNS = [ "1.1.1.1" ]; + DHCP = "no"; + }; + }; + boot.isContainer = pkgs.lib.mkForce false; services.timesyncd.enable = false; users.users.root.password = ""; @@ -210,8 +220,7 @@ rec { specialArgs.self = self; config = { imports = (makeMicroVM "${name}" - "${hosts.malobeo.hosts.${name}.network.address}" - "${hosts.malobeo.hosts.${name}.network.mac}" [ + hosts.malobeo.hosts.${name}.network [ ../${name}/configuration.nix (vmMicroVMOverwrites name { withNetworking = true; @@ -250,7 +259,7 @@ rec { modules = (if (settings.type != "microvm") then defaultModules ++ [ ../${host}/configuration.nix ] else - makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [ + makeMicroVM "${host}" settings.network [ inputs.microvm.nixosModules.microvm ../${host}/configuration.nix ]); diff --git a/machines/modules/malobeo/metrics.nix b/machines/modules/malobeo/metrics.nix index c5f320b..9c74b10 100644 --- a/machines/modules/malobeo/metrics.nix +++ b/machines/modules/malobeo/metrics.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.malobeo.metrics; + hosts = import ../../hosts.nix {}; in { options.malobeo.metrics = { @@ -21,7 +22,7 @@ in }; lokiHost = lib.mkOption { type = lib.types.str; - default = "10.0.0.14"; + default = hosts.malobeo.hosts.overwatch.network.address; description = "Address of loki host"; }; }; diff --git a/machines/modules/malobeo/microvm_host.nix b/machines/modules/malobeo/microvm_host.nix index b11881a..745e18b 100644 --- a/machines/modules/malobeo/microvm_host.nix +++ b/machines/modules/malobeo/microvm_host.nix @@ -14,6 +14,26 @@ in description = lib.mdDoc "Setup bridge device for microvms."; }; + interface = mkOption { + default = "eno1"; + type = types.str; + }; + + gateway = mkOption { + default = "10.0.0.1"; + type = types.str; + }; + + address = mkOption { + default = "10.0.0.1/24"; + type = types.str; + }; + + dns = mkOption { + default = [ "1.1.1.1" ]; + type = types.listOf types.str; + }; + enableHostBridgeUnstable = mkOption { default = false; type = types.bool; @@ -47,29 +67,29 @@ in systemd.network = mkIf (cfg.enableHostBridge || cfg.enableHostBridgeUnstable) { enable = true; - # create a bride device that all the microvms will be connected to - netdevs."10-microvm".netdevConfig = { - Kind = "bridge"; - Name = "microvm"; - }; - - networks."10-microvm" = { - matchConfig.Name = "microvm"; + networks."10-lan" = { + matchConfig.Name = [ "${cfg.interface}" "vm-*"]; networkConfig = { - DHCPServer = true; - IPv6SendRA = true; + Bridge = "malobeo0"; }; - addresses = if cfg.enableHostBridgeUnstable then [ - { Address = "10.0.0.1/24"; } - ] else [ - { Address = "10.0.0.1/24"; } - ]; }; - - # connect the vms to the bridge - networks."11-microvm" = { - matchConfig.Name = "vm-*"; - networkConfig.Bridge = "microvm"; + + netdevs."malobeo0" = { + netdevConfig = { + Name = "malobeo0"; + Kind = "bridge"; + }; + }; + + networks."10-lan-bridge" = { + matchConfig.Name = "malobeo0"; + networkConfig = { + Address = [ "${cfg.address}" ]; + Gateway = "${cfg.gateway}"; + DNS = cfg.dns; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; }; }; diff --git a/machines/modules/malobeo/zones.nix b/machines/modules/malobeo/zones.nix new file mode 100644 index 0000000..218ae79 --- /dev/null +++ b/machines/modules/malobeo/zones.nix @@ -0,0 +1,41 @@ +{ inputs }: + +let + vpnNS = "vpn"; + localNS = "hq"; + peers = import ./peers.nix; + hosts = ((import ../../hosts.nix ) {}).malobeo.hosts; + +in +{ + SOA = { + nameServer = "ns1"; + adminEmail = "admin@malobeo.org"; + serial = 2019030801; + }; + useOrigin = false; + + NS = [ + "ns1.malobeo.org." + ]; + + subdomains = { + ns1 = { + A = [ hosts.ns1.network.address ]; + }; + + ${localNS} = { + A = [ hosts.fanny.network.address ]; + subdomains = builtins.mapAttrs (name: value: if value.network.local == true then { + A = [ value.network.address ]; + } else {}) hosts; + }; + + ${vpnNS} = { + A = [ peers.vpn.address ]; + subdomains = builtins.mapAttrs (name: value: if value.role != "server" then { + A = [ value.address ]; + } else {}) peers; + }; + }; +} diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index baccf2a..c63682f 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -2,6 +2,9 @@ with lib; +let + hosts = import ../hosts.nix {}; +in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { @@ -28,7 +31,6 @@ with lib; enable = true; enablePromtail = true; logNginx = true; - lokiHost = "10.0.0.14"; }; services.postgresqlBackup = { @@ -59,8 +61,8 @@ with lib; }; }; settings = { - trusted_domains = ["10.0.0.13"]; - trusted_proxies = [ "10.0.0.1" ]; + trusted_domains = [ "cloud.malobeo.org" ]; + trusted_proxies = [ hosts.malobeo.hosts.fanny.network.address ]; "maintenance_window_start" = "1"; "default_phone_region" = "DE"; }; diff --git a/machines/ns1/configuration.nix b/machines/ns1/configuration.nix new file mode 100644 index 0000000..7721eea --- /dev/null +++ b/machines/ns1/configuration.nix @@ -0,0 +1,52 @@ +{ config, self, lib, inputs, pkgs, ... }: + +with lib; +with inputs; + +let + dns = inputs.dns; +in +{ + networking = { + hostName = mkDefault "ns1"; + useDHCP = false; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + + services.bind = { + enable = true; + forwarders = [ + "1.1.1.1" + "1.0.0.1" + ]; + + cacheNetworks = [ + "127.0.0.0/24" + "10.0.0.0/24" + "192.168.1.0/24" + "10.100.0.0/24" + ]; + + zones = { + "malobeo.org" = { + master = true; + file = pkgs.writeText "zone-malobeo.org" (dns.lib.toString "malobeo.org" (import ../modules/malobeo/zones.nix { inherit inputs; })); + }; + }; + }; + + system.stateVersion = "22.11"; # Did you read the comment? +} + diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix index 62847ab..8fd70fd 100644 --- a/machines/overwatch/configuration.nix +++ b/machines/overwatch/configuration.nix @@ -2,6 +2,9 @@ with lib; +let + hosts = import ../hosts.nix {}; +in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { @@ -29,7 +32,6 @@ with lib; enable = true; enablePromtail = true; logNginx = false; - lokiHost = "10.0.0.14"; }; services.grafana = { @@ -121,31 +123,31 @@ with lib; { job_name = "durruti"; static_configs = [{ - targets = [ "10.0.0.5:9002" ]; + targets = [ "${hosts.malobeo.hosts.durruti.network.address}:9002" ]; }]; } { job_name = "infradocs"; static_configs = [{ - targets = [ "10.0.0.11:9002" ]; + targets = [ "${hosts.malobeo.hosts.infradocs.network.address}:9002" ]; }]; } { job_name = "nextcloud"; static_configs = [{ - targets = [ "10.0.0.13:9002" ]; + targets = [ "${hosts.malobeo.hosts.nextcloud.network.address}:9002" ]; }]; } { job_name = "zineshop"; static_configs = [{ - targets = [ "10.0.0.15:9002" ]; + targets = [ "${hosts.malobeo.hosts.zineshop.network.address}:9002" ]; }]; } { job_name = "fanny"; static_configs = [{ - targets = [ "10.0.0.1:9002" ]; + targets = [ "${hosts.malobeo.hosts.fanny.network.address}:9002" ]; }]; } # add vpn - check how to reach it first. most probably 10.100.0.1 diff --git a/machines/overwatch/dashboards/node_full.json b/machines/overwatch/dashboards/node_full.json index 7f19c9f..75776f6 100644 --- a/machines/overwatch/dashboards/node_full.json +++ b/machines/overwatch/dashboards/node_full.json @@ -23750,8 +23750,8 @@ }, { "current": { - "text": "10.0.0.13:9002", - "value": "10.0.0.13:9002" + "text": "192.168.1.13:9002", + "value": "192.168.1.13:9002" }, "datasource": { "type": "prometheus", diff --git a/machines/overwatch/promtail.yaml b/machines/overwatch/promtail.yaml index 8030572..2d42cbb 100644 --- a/machines/overwatch/promtail.yaml +++ b/machines/overwatch/promtail.yaml @@ -6,7 +6,7 @@ positions: filename: /tmp/positions.yaml clients: - - url: http://10.0.0.13:3100/loki/api/v1/push + - url: http://192.168.1.13:3100/loki/api/v1/push scrape_configs: diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix index f41fcf6..e2ebee3 100644 --- a/machines/vpn/configuration.nix +++ b/machines/vpn/configuration.nix @@ -40,19 +40,6 @@ with lib; }; }; - virtualHosts."cloud.malobeo.org" = { - locations."/" = { - proxyPass = "http://10.100.0.101"; - extraConfig = '' - proxy_set_header Host $host; - client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize}; - client_body_timeout 3600s; - send_timeout 3600s; - fastcgi_buffers 64 4K; - ''; - }; - }; - virtualHosts."keys.malobeo.org" = { locations."/" = { proxyPass = "http://10.100.0.101"; @@ -79,28 +66,6 @@ with lib; ''; }; }; - - virtualHosts."zines.malobeo.org" = { - locations."/" = { - proxyPass = "http://10.100.0.101"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Authorization $http_authorization; # Pass the Authorization header - proxy_pass_header Authorization; - - client_body_in_file_only clean; - client_body_buffer_size 32K; - - client_max_body_size 500M; - - sendfile on; - send_timeout 300s; - ''; - }; - }; }; system.stateVersion = "22.11"; # Did you read the comment? diff --git a/machines/zineshop/configuration.nix b/machines/zineshop/configuration.nix index aac419e..11bb260 100644 --- a/machines/zineshop/configuration.nix +++ b/machines/zineshop/configuration.nix @@ -20,7 +20,6 @@ with lib; enable = true; enablePromtail = true; logNginx = true; - lokiHost = "10.0.0.14"; }; services.printing.enable = true;