palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

clanCore -> clan.core

Browse source
This commit is contained in:
Ingolf Wagner 2024-06-19 13:19:55 +02:00
parent 5d9d4cfd23
commit 441b7e062f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
22 changed files with 62 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
components/network/syncthing.nix
View file

@ -13,13 +13,13 @@ with lib; {
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ]; # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
clanCore.facts.services.syncthing = factsGenerator.syncthing { }; clan.core.facts.services.syncthing = factsGenerator.syncthing { };
services.syncthing = { services.syncthing = {
guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384"; guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
overrideDevices = lib.mkDefault true; overrideDevices = lib.mkDefault true;
key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path; key = config.clan.core.facts.services.syncthing.secret."syncthing.key".path;
cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path; cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
settings.devices = settings.devices =
let let
device = machine: id: { device = machine: id: {

4
components/network/tinc/private.nix
View file

@ -61,11 +61,11 @@ in
{ {
networking.firewall.trustedInterfaces = [ "tinc.${network}" ]; networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
clanCore.facts.services.tinc_private = factsGenerator.tinc { name = "private"; }; clan.core.facts.services.tinc_private = factsGenerator.tinc { name = "private"; };
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path; ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap"; interfaceType = "tap";
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes

4
components/network/tinc/secret.nix
View file

@ -19,11 +19,11 @@ let
network = "secret"; network = "secret";
in in
{ {
clanCore.facts.services.tinc_secret = factsGenerator.tinc { name = "secret"; }; clan.core.facts.services.tinc_secret = factsGenerator.tinc { name = "secret"; };
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path; ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
Port = ${toString port} Port = ${toString port}

6
components/nixos/tor-ssh.nix
View file

@ -64,11 +64,11 @@ with types;
#}; #};
# tor setup # tor setup
clanCore.facts.services.initrd_tor = factsGenerator.tor { name = "initrd"; }; clan.core.facts.services.initrd_tor = factsGenerator.tor { name = "initrd"; };
boot.initrd.secrets = { boot.initrd.secrets = {
"/etc/tor/onion/bootup/tor.priv" = config.clanCore.facts.services.initrd_tor.secret."tor.initrd.priv".path; "/etc/tor/onion/bootup/tor.priv" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.priv".path;
"/etc/tor/onion/bootup/hostname" = config.clanCore.facts.services.initrd_tor.secret."tor.initrd.hostname".path; "/etc/tor/onion/bootup/hostname" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.hostname".path;
}; };
#boot.initrd.extraUtilsCommands = '' #boot.initrd.extraUtilsCommands = ''

2
machines/cherry/configuration.nix
View file

@ -20,7 +20,7 @@
]; ];
#clanCore.facts.services = #clan.core.facts.services =
# let # let
# promptKey = key: # promptKey = key:
# { # {

4
machines/cherry/hardware-configuration/default.nix
View file

@ -12,8 +12,8 @@
# ZFS stuff # ZFS stuff
# --------- # ---------
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
clanCore.facts.services.zfs = factsGenerator.zfs { }; clan.core.facts.services.zfs = factsGenerator.zfs { };
networking.hostId = config.clanCore.facts.services.zfs.public."zfs.hostId".value; networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;
# todo not needed anymore if srvos is used # todo not needed anymore if srvos is used

6
machines/cherry/network-tinc_retiolum.nix
View file

@ -1,14 +1,14 @@
{ config, factsGenerator, ... }: { config, factsGenerator, ... }:
{ {
clanCore.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; }; clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
networking.retiolum.port = 720; networking.retiolum.port = 720;
networking.retiolum.nodename = "cherry"; networking.retiolum.nodename = "cherry";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
}; };
#fileSystems."/retiolum/sicily" = { #fileSystems."/retiolum/sicily" = {

8
machines/cherry/network-wireguard.nix
View file

@ -1,8 +1,8 @@
{ config, factsGenerator, clanLib, ... }: { config, factsGenerator, clanLib, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clanCore.facts.services.wireguard_ip = factsGenerator.public { clan.core.facts.services.wireguard_ip = factsGenerator.public {
"wireguard.wg0.cidr" = "10.100.0.7/32"; "wireguard.wg0.cidr" = "10.100.0.7/32";
"wireguard.wg0.ip" = "10.100.0.7"; "wireguard.wg0.ip" = "10.100.0.7";
}; };
@ -13,10 +13,10 @@
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/ # https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = { wg0 = {
address = [ address = [
config.clanCore.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value
]; ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280; mtu = 1280;
peers = [ peers = [

4
machines/chungus/hardware-configuration/default.nix
View file

@ -10,8 +10,8 @@
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
clanCore.facts.services.zfs = factsGenerator.zfs { }; clan.core.facts.services.zfs = factsGenerator.zfs { };
networking.hostId = toString config.clanCore.facts.services.zfs.public."zfs.hostId".value; networking.hostId = toString config.clan.core.facts.services.zfs.public."zfs.hostId".value;
services.zfs = { services.zfs = {
autoSnapshot.enable = true; autoSnapshot.enable = true;
autoScrub.enable = true; autoScrub.enable = true;

6
machines/chungus/network-tinc-retiolum.nix
View file

@ -1,12 +1,12 @@
{ config, factsGenerator, ... }: { config, factsGenerator, ... }:
{ {
clanCore.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; }; clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
networking.retiolum.port = 720; networking.retiolum.port = 720;
networking.retiolum.nodename = "centauri"; networking.retiolum.nodename = "centauri";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
}; };
} }

8
machines/chungus/network-wireguard.nix
View file

@ -1,8 +1,8 @@
{ config, factsGenerator, clanLib, ... }: { config, factsGenerator, clanLib, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clanCore.facts.services.wireguard_ip = factsGenerator.public { clan.core.facts.services.wireguard_ip = factsGenerator.public {
"wireguard.wg0.cidr" = "10.100.0.2/32"; "wireguard.wg0.cidr" = "10.100.0.2/32";
"wireguard.wg0.ip" = "10.100.0.2"; "wireguard.wg0.ip" = "10.100.0.2";
}; };
@ -13,10 +13,10 @@
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/ # https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = { wg0 = {
address = [ address = [
config.clanCore.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value
]; ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280; mtu = 1280;
peers = [ peers = [

4
machines/chungus/services-s3.nix
View file

@ -1,12 +1,12 @@
{ config, factsGenerator, ... }: { config, factsGenerator, ... }:
{ {
clanCore.facts.services.s3 = factsGenerator.password { name = "root"; service = "s3"; }; clan.core.facts.services.s3 = factsGenerator.password { name = "root"; service = "s3"; };
services.minio = { services.minio = {
enable = true; enable = true;
region = "home"; region = "home";
rootCredentialsFile = config.clanCore.facts.services.s3.secret."s3.root".path; rootCredentialsFile = config.clan.core.facts.services.s3.secret."s3.root".path;
}; };
services.nginx = { services.nginx = {

12
machines/chungus/sync-rbackup.nix
View file

@ -3,33 +3,33 @@ let
tld = config.clan.static-hosts.topLevelDomain; tld = config.clan.static-hosts.topLevelDomain;
in in
{ {
clanCore.facts.services.rbackup = factsGenerator.ssh { name = "rbackup"; }; clan.core.facts.services.rbackup = factsGenerator.ssh { name = "rbackup"; };
# todo : replace all of them with syncoid # todo : replace all of them with syncoid
rbackup.plans = { rbackup.plans = {
git = { git = {
sshKeyPath = config.clanCore.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path; sshKeyPath = config.clan.core.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path;
src = "root@orbi.${tld}:/var/lib/forgejo/"; src = "root@orbi.${tld}:/var/lib/forgejo/";
dst = "/mirror/git"; dst = "/mirror/git";
}; };
taskwarrior = { taskwarrior = {
sshKeyPath = config.clanCore.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path; sshKeyPath = config.clan.core.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path;
src = "root@orbi.${tld}:/var/lib/taskserver/"; src = "root@orbi.${tld}:/var/lib/taskserver/";
dst = "/mirror/taskwarrior"; dst = "/mirror/taskwarrior";
}; };
vaultwarden = { vaultwarden = {
sshKeyPath = config.clanCore.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path; sshKeyPath = config.clan.core.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path;
src = "root@orbi.${tld}:/var/lib/bitwarden_rs/"; src = "root@orbi.${tld}:/var/lib/bitwarden_rs/";
dst = "/mirror/vaultwarden"; dst = "/mirror/vaultwarden";
}; };
radarr = { radarr = {
sshKeyPath = config.clanCore.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path; sshKeyPath = config.clan.core.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path;
src = "root@orbi.${tld}:/media/arr/radarr"; src = "root@orbi.${tld}:/media/arr/radarr";
dst = "/media/arr/radarr"; dst = "/media/arr/radarr";
delete = false; delete = false;
}; };
sonarr = { sonarr = {
sshKeyPath = config.clanCore.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path; sshKeyPath = config.clan.core.facts.services.rbackup.secret."ssh.rbackup.id_ed25519".path;
src = "root@orbi.${tld}:/media/arr/sonarr"; src = "root@orbi.${tld}:/media/arr/sonarr";
dst = "/media/arr/sonarr"; dst = "/media/arr/sonarr";
delete = false; delete = false;

4
machines/chungus/sync-syncoid.nix
View file

@ -4,13 +4,13 @@ let
in in
{ {
clanCore.facts.services.syncoid = factsGenerator.ssh { name = "syncoid"; }; clan.core.facts.services.syncoid = factsGenerator.ssh { name = "syncoid"; };
systemd.tmpfiles.settings.syncoid = { systemd.tmpfiles.settings.syncoid = {
"/run/facts/ssh.syncoid.id_ed25519"."C+" = { "/run/facts/ssh.syncoid.id_ed25519"."C+" = {
user = config.services.syncoid.user; user = config.services.syncoid.user;
group = config.services.syncoid.group; group = config.services.syncoid.group;
mode = "400"; mode = "400";
argument = config.clanCore.facts.services.syncoid.secret."ssh.syncoid.id_ed25519".path; argument = config.clan.core.facts.services.syncoid.secret."ssh.syncoid.id_ed25519".path;
}; };
}; };

8
machines/chungus/taskwarrior-autotag.nix
View file

@ -2,7 +2,7 @@
{ {
clanCore.facts.services.taskserver = { clan.core.facts.services.taskserver = {
secret."taskserver.ca" = { }; secret."taskserver.ca" = { };
secret."taskserver.cert" = { }; secret."taskserver.cert" = { };
secret."taskserver.key" = { }; secret."taskserver.key" = { };
@ -34,9 +34,9 @@
credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd"; credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd";
caFile = config.clanCore.facts.services.taskserver.secret."taskserver.ca".path; caFile = config.clan.core.facts.services.taskserver.secret."taskserver.ca".path;
certificateFile = config.clanCore.facts.services.taskserver.secret."taskserver.cert".path; certificateFile = config.clan.core.facts.services.taskserver.secret."taskserver.cert".path;
keyFile = config.clanCore.facts.services.taskserver.secret."taskserver.key".path; keyFile = config.clan.core.facts.services.taskserver.secret."taskserver.key".path;
}; };
} }

6
machines/cream/network-tinc_retiolum.nix
View file

@ -1,14 +1,14 @@
{ config, factsGenerator, ... }: { config, factsGenerator, ... }:
{ {
clanCore.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; }; clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
networking.retiolum.port = 720; networking.retiolum.port = 720;
networking.retiolum.nodename = "sol"; networking.retiolum.nodename = "sol";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
}; };
#fileSystems."/retiolum/sicily" = { #fileSystems."/retiolum/sicily" = {

8
machines/cream/network-wireguard.nix
View file

@ -1,8 +1,8 @@
{ config, factsGenerator, clanLib, ... }: { config, factsGenerator, clanLib, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clanCore.facts.services.wireguard_ip = factsGenerator.public { clan.core.facts.services.wireguard_ip = factsGenerator.public {
"wireguard.wg0.cidr" = "10.100.0.6/32"; "wireguard.wg0.cidr" = "10.100.0.6/32";
"wireguard.wg0.ip" = "10.100.0.6"; "wireguard.wg0.ip" = "10.100.0.6";
}; };
@ -13,10 +13,10 @@
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/ # https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = { wg0 = {
address = [ address = [
config.clanCore.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value
]; ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280; mtu = 1280;
peers = [ peers = [

4
machines/orbi/hardware-configuration/default.nix
View file

@ -51,8 +51,8 @@ in
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
clanCore.facts.services.zfs = factsGenerator.zfs { }; clan.core.facts.services.zfs = factsGenerator.zfs { };
networking.hostId = config.clanCore.facts.services.zfs.public."zfs.hostId".value; networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address; systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink"; boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";

8
machines/orbi/media-nextcloud.nix
View file

@ -51,8 +51,8 @@ in
}; };
}; };
clanCore.facts.services.nextcloud_root = factsGenerator.password { service = "nextcloud"; name = "root"; }; clan.core.facts.services.nextcloud_root = factsGenerator.password { service = "nextcloud"; name = "root"; };
clanCore.facts.services.nextcloud_database = factsGenerator.password { service = "nextcloud"; name = "database"; }; clan.core.facts.services.nextcloud_database = factsGenerator.password { service = "nextcloud"; name = "database"; };
# Container Setup # Container Setup
# =============== # ===============
@ -64,12 +64,12 @@ in
bindMounts = { bindMounts = {
rootpassword = { rootpassword = {
hostPath = config.clanCore.facts.services.nextcloud_root.secret."nextcloud.root".path; hostPath = config.clan.core.facts.services.nextcloud_root.secret."nextcloud.root".path;
mountPoint = "/run/secrets/nextcloud.root.intput"; mountPoint = "/run/secrets/nextcloud.root.intput";
isReadOnly = true; isReadOnly = true;
}; };
databasepassword = { databasepassword = {
hostPath = config.clanCore.facts.services.nextcloud_database.secret."nextcloud.database".path; hostPath = config.clan.core.facts.services.nextcloud_database.secret."nextcloud.database".path;
mountPoint = "/run/secrets/nextcloud.database.input"; mountPoint = "/run/secrets/nextcloud.database.input";
isReadOnly = true; isReadOnly = true;
}; };

6
machines/orbi/network-wireguard.nix
View file

@ -13,8 +13,8 @@ let
in in
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clanCore.facts.services.wireguard_ip = factsGenerator.public { clan.core.facts.services.wireguard_ip = factsGenerator.public {
"wireguard.wg0.endpoint" = "95.216.66.212:51820"; "wireguard.wg0.endpoint" = "95.216.66.212:51820";
"wireguard.wg0.cidr" = "10.100.0.1/24"; "wireguard.wg0.cidr" = "10.100.0.1/24";
"wireguard.wg0.ip" = "10.100.0.1"; "wireguard.wg0.ip" = "10.100.0.1";
@ -29,7 +29,7 @@ in
wg0 = { wg0 = {
address = [ "10.100.0.1/32" ]; address = [ "10.100.0.1/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280; mtu = 1280;
postUp = '' postUp = ''

1
machines/orbi/service-photoprism.nix
View file

@ -23,6 +23,7 @@ in
services.photoprism = { services.photoprism = {
enable = true; enable = true;
port = photoprismPort; port = photoprismPort;
package = pkgs.unstable-small.photoprism;
originalsPath = "/var/lib/private/photoprism/originals"; originalsPath = "/var/lib/private/photoprism/originals";
address = "0.0.0.0"; address = "0.0.0.0";
settings = { settings = {

4
machines/orbi/social-matrix-terranix.nix
View file

@ -11,7 +11,7 @@ let
synapse_port = 8008; synapse_port = 8008;
federation_port = 8448; federation_port = 8448;
shared_secret = config.clanCore.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml"; shared_secret = config.clan.core.facts.services.matrix_terranix.secret."matrix-synapse.terranix.registration_shared_secret.yml";
matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" '' matrix_create_user = pkgs.writers.writeBashBin "matrix-create-user-${name}" ''
${pkgs.matrix-synapse}/bin/register_new_matrix_user \ ${pkgs.matrix-synapse}/bin/register_new_matrix_user \
@ -48,7 +48,7 @@ in
networking.firewall.allowedTCPPorts = [ 80 443 federation_port ]; networking.firewall.allowedTCPPorts = [ 80 443 federation_port ];
networking.firewall.allowedUDPPorts = [ 80 443 federation_port ]; networking.firewall.allowedUDPPorts = [ 80 443 federation_port ];
clanCore.facts.services.matrix_terranix = factsGenerator.matrix-synapse { name = "terranix"; }; clan.core.facts.services.matrix_terranix = factsGenerator.matrix-synapse { name = "terranix"; };
environment.systemPackages = [ matrix_create_user ]; environment.systemPackages = [ matrix_create_user ];