diff --git a/nixos/components/network/default.nix b/nixos/components/network/default.nix index 5e73817..fd452b9 100644 --- a/nixos/components/network/default.nix +++ b/nixos/components/network/default.nix @@ -10,13 +10,14 @@ with types; }; imports = [ - ./sshd - ./tinc - ./hosts.nix - ./wifi.nix #./avahi.nix - ./syncthing.nix + ./hosts.nix ./nginx.nix + ./sshd + ./syncthing.nix + ./tinc + ./wifi.nix + ./wireguard.nix ]; config = mkIf config.components.network.enable { }; diff --git a/nixos/components/network/wireguard.nix b/nixos/components/network/wireguard.nix new file mode 100644 index 0000000..b43e81e --- /dev/null +++ b/nixos/components/network/wireguard.nix @@ -0,0 +1,16 @@ +{ lib, config, ... }: +with lib; +{ + + options.wireguard = { + wg0 = { + #ipv4 = mkOption { type = types.str; }; + subnet = mkOption { + type = types.str; + default = "10.100.0.1/24"; + }; + }; + }; + +} + diff --git a/nixos/machines/chungus/rbackup.nix b/nixos/machines/chungus/rbackup.nix index da2aaca..cb7c542 100644 --- a/nixos/machines/chungus/rbackup.nix +++ b/nixos/machines/chungus/rbackup.nix @@ -29,18 +29,18 @@ dst = "/mirror/matrix-terranix"; }; - radarr = { - sshKeyPath = config.sops.secrets.rsync_private_key.path; - src = "root@robi:/media/arr/radarr"; - dst = "/media/arr/radarr"; - delete = false; - }; - sonarr = { - sshKeyPath = config.sops.secrets.rsync_private_key.path; - src = "root@robi:/media/arr/sonarr"; - dst = "/media/arr/sonarr"; - delete = false; - }; + #radarr = { + # sshKeyPath = config.sops.secrets.rsync_private_key.path; + # src = "root@robi:/media/arr/radarr"; + # dst = "/media/arr/radarr"; + # delete = false; + #}; + #sonarr = { + # sshKeyPath = config.sops.secrets.rsync_private_key.path; + # src = "root@robi:/media/arr/sonarr"; + # dst = "/media/arr/sonarr"; + # delete = false; + #}; }; diff --git a/nixos/machines/orbi/media-arr.nix b/nixos/machines/orbi/media-arr.nix index 4fd1632..1925a57 100644 --- a/nixos/machines/orbi/media-arr.nix +++ b/nixos/machines/orbi/media-arr.nix @@ -36,8 +36,10 @@ services.nginx.virtualHosts = { "radarr.${config.networking.hostName}.private" = { + serverAliases = [ "radarr.ingolf-wagner.de" ]; extraConfig = '' allow ${config.tinc.private.subnet}; + allow ${config.wireguard.wg0.subnet}; deny all; ''; locations."/" = { @@ -46,8 +48,10 @@ }; }; "sonarr.${config.networking.hostName}.private" = { + serverAliases = [ "sonarr.ingolf-wagner.de" ]; extraConfig = '' allow ${config.tinc.private.subnet}; + allow ${config.wireguard.wg0.subnet}; deny all; ''; locations."/" = {