palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enabled retiolum on chungus

Browse source
This commit is contained in:
Ingolf Wagner 2023-10-20 08:46:57 +02:00
parent a20f9fe608
commit c495ba70b6
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 28 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -988,11 +988,11 @@
}, },
"retiolum": { "retiolum": {
"locked": { "locked": {
"lastModified": 1694786409, "lastModified": 1697359200,
"narHash": "sha256-aYpXy5XnTdF9PV6lEgyNnEsXI9s/ccADHxiV6EKrHH4=", "narHash": "sha256-oPSBM9PQzFmuvGxzVyxXIO+EtSmExvbty2GxR4aTsTE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "retiolum", "repo": "retiolum",
"rev": "43d5a6ae57ae4a9051724767df133da4064d3461", "rev": "93480e81f8067792937a2512f212447e77b7babc",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
nixos/machines/chungus/configuration.nix
View file

@ -12,7 +12,7 @@
./network-wireguard.nix ./network-wireguard.nix
./network-tinc.nix ./network-tinc.nix
# ./network-tinc-retiolum.nix # make sure no service is open for this vpn! ./network-tinc-retiolum.nix # make sure no service is open for this vpn!
./hass.nix ./hass.nix
./hass-zigbee2mqtt.nix ./hass-zigbee2mqtt.nix

3
nixos/machines/chungus/hass-mqtt.nix
View file

@ -10,6 +10,7 @@
}; };
# open for tasmota # open for tasmota
networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ];
networking.firewall.interfaces.wq0.allowedTCPPorts = [ 1883 ];
} }

3
nixos/machines/chungus/hass.nix
View file

@ -10,9 +10,6 @@
}; };
}; };
#networking.firewall.allowedTCPPorts = [ 8123 ];
#networking.firewall.allowedUDPPorts = [ 8123 ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];

7
nixos/machines/chungus/media-audiobookshelf.nix
View file

@ -10,8 +10,11 @@ in
group = group; group = group;
}; };
networking.firewall.allowedTCPPorts = [ port ]; networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
networking.firewall.allowedUDPPorts = [ port ]; networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
networking.firewall.interfaces.wq0.allowedTCPPorts = [ port ];
networking.firewall.interfaces.wq0.allowedUDPPorts = [ port ];
systemd.services.audiobookshelf = { systemd.services.audiobookshelf = {
enable = true; enable = true;

3
nixos/machines/chungus/media-share.nix
View file

@ -1,6 +1,9 @@
{ config, ... }: { config, ... }:
{ {
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 445 139 ];
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 137 138 ];
# To set password: # To set password:
# nix-shell -p samba --run "smbpasswd -a media" # nix-shell -p samba --run "smbpasswd -a media"
custom.samba-share.enable = true; custom.samba-share.enable = true;

7
nixos/machines/chungus/media-tdarr.nix
View file

@ -31,8 +31,11 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8266 ]; networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
networking.firewall.allowedUDPPorts = [ 8266 ]; networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
services.nginx.virtualHosts."tdarr.${config.networking.hostName}.private" = { services.nginx.virtualHosts."tdarr.${config.networking.hostName}.private" = {
serverAliases = [ "tdarr.${config.networking.hostName}" ]; serverAliases = [ "tdarr.${config.networking.hostName}" ];

2
nixos/machines/chungus/network-tinc-retiolum.nix
View file

@ -4,7 +4,7 @@
sops.secrets.tinc_retiolum_rsa_key = { }; sops.secrets.tinc_retiolum_rsa_key = { };
networking.retiolum.port = 720; networking.retiolum.port = 720;
networking.retiolum.nodename = "centari"; networking.retiolum.nodename = "centauri";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_retiolum_ed25519_key.path; ed25519PrivateKeyFile = config.sops.secrets.tinc_retiolum_ed25519_key.path;

2
nixos/machines/cream/tinc_retiolum.nix
View file

@ -7,9 +7,7 @@
networking.retiolum.nodename = "sol"; networking.retiolum.nodename = "sol";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_retiolum_ed25519_key.path; ed25519PrivateKeyFile = config.sops.secrets.tinc_retiolum_ed25519_key.path;
rsaPrivateKeyFile = config.sops.secrets.tinc_retiolum_rsa_key.path; rsaPrivateKeyFile = config.sops.secrets.tinc_retiolum_rsa_key.path;
}; };
} }

17
nixos/modules/services/samba-share.nix
View file

@ -8,6 +8,7 @@ in
{ {
options.custom.samba-share = { options.custom.samba-share = {
openPorts = mkEnableOption "open samba ports everywher";
enable = mkEnableOption "enable custom.samba-share"; enable = mkEnableOption "enable custom.samba-share";
enableWSDD = mkEnableOption "enable services.samba-wsdd.enable"; enableWSDD = mkEnableOption "enable services.samba-wsdd.enable";
guestUser = mkOption { guestUser = mkOption {
@ -49,11 +50,6 @@ in
(mkIf cfg.enable { (mkIf cfg.enable {
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
services.samba = { services.samba = {
enable = true; enable = true;
# services.samba.securityType = "share"; # services.samba.securityType = "share";
@ -106,17 +102,20 @@ in
#users.groups.smbguest = { }; #users.groups.smbguest = { };
}) })
# todo : maybe better to have a parameter for this # todo : maybe better to have a parameter for this
(mkIf config.services.syncthing.enable { (mkIf config.services.syncthing.enable {
users.groups."syncthing".members = [ "smbguest" ]; users.groups."syncthing".members = [ "smbguest" ];
}) })
(mkIf cfg.openPorts {
networking.firewall.allowedTCPPorts = [ 445 139 5357 ];
networking.firewall.allowedUDPPorts = [ 137 138 3702 ];
})
(mkIf cfg.enableWSDD { (mkIf cfg.enableWSDD {
services.samba-wsdd.enable = true; services.samba-wsdd.enable = true;
services.samba-wsdd.discovery = true; services.samba-wsdd.discovery = true;
networking.firewall.allowedTCPPorts = [ 5357 ]; })
networking.firewall.allowedUDPPorts = [ 3702 ];
}
)
]; ];
} }