diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2024-12-15 15:43:11 -0500 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2024-12-15 15:43:11 -0500 |
| commit | 230ee8c37f09ac32cabf199704184c099f48ee2c (patch) | |
| tree | 5de4d80679ea295a0a05d92fda4d2ce0732504b0 | |
| parent | fa7b6642979b015f4b551b7a4a7e44a5e5988608 (diff) | |
Update dragon
| -rw-r--r-- | config/cgit.nix | 11 | ||||
| -rw-r--r-- | machines/dragon.nix | 64 | ||||
| -rw-r--r-- | modules/common.nix | 2 | ||||
| -rw-r--r-- | modules/fcgiwrap.nix | 23 | ||||
| -rw-r--r-- | modules/nextcloud.nix | 2 | ||||
| -rw-r--r-- | modules/router.nix | 69 |
6 files changed, 78 insertions, 93 deletions
diff --git a/config/cgit.nix b/config/cgit.nix index a8309c4..8dee9a8 100644 --- a/config/cgit.nix +++ b/config/cgit.nix @@ -19,9 +19,16 @@ let virtual-root=/ ''; in { - orbekk.fcgiwrap.enable = true; networking.firewall.allowedTCPPorts = [ gitPort ]; + services.fcgiwrap.instances.cgit = { + process.group = "fcgi"; + process.user = "fcgi"; + socket.user = "fcgi"; + socket.group = "nginx"; + socket.mode = "0660"; + }; + services.nginx = { enable = true; virtualHosts = { @@ -45,7 +52,7 @@ in { fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; }; }; diff --git a/machines/dragon.nix b/machines/dragon.nix index 4aea73b..9e61ac2 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -56,39 +56,39 @@ in { orbekk.hledger-web.journalFile = "/var/lib/hledger-web/hledger/anniekj.journal"; - services.samba = { - enable = true; - securityType = "user"; - extraConfig = '' - workgroup = WORKGROUP - server string = dragon - netbios name = dragon - security = user - guest account = readonly - map to guest = bad user - ''; - shares = { - annie = { - path = "/storage/annie"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0666"; - "directory mask" = "0777"; - "force user" = "annie"; - "force group" = "readonly"; - }; - public = { - path = "/storage/upload"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0666"; - "directory mask" = "0777"; - "force user" = "readonly"; - "force group" = "readonly"; - }; + services.samba = { + enable = true; + securityType = "user"; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "dragon"; + "netbios name" = "dragon"; + "security" = "user"; + "guest account" = "readonly"; + "map to guest" = "bad user"; }; + annie = { + path = "/storage/annie"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0666"; + "directory mask" = "0777"; + "force user" = "annie"; + "force group" = "readonly"; + }; + public = { + path = "/storage/upload"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0666"; + "directory mask" = "0777"; + "force user" = "readonly"; + "force group" = "readonly"; + }; + }; }; services.transmission = { diff --git a/modules/common.nix b/modules/common.nix index 13ef076..cc60640 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -103,7 +103,7 @@ services = { emacs.install = true; emacs.startWithGraphical = true; - postgresql = { package = pkgs.postgresql_12; }; + postgresql = { package = pkgs.postgresql_16; }; openssh.settings.PasswordAuthentication = false; openssh.settings.KbdInteractiveAuthentication = false; fwupd.enable = true; diff --git a/modules/fcgiwrap.nix b/modules/fcgiwrap.nix deleted file mode 100644 index a3666a6..0000000 --- a/modules/fcgiwrap.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.orbekk.fcgiwrap; - aliases = import ../data/aliases.nix; -in { - options = { - orbekk.fcgiwrap = { - enable = lib.mkEnableOption "Enable monitoring server"; - }; - }; - - config = lib.mkIf cfg.enable { - services.fcgiwrap = { - enable = true; - socketType = "unix"; - # socketType = "tcp"; - # socketAddress = "0.0.0.0:${toString fcgiPort}"; - user = "fcgi"; - group = "fcgi"; - }; - }; -} diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 6004fdc..f9d71ca 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -12,7 +12,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; hostName = "nextcloud.orbekk.com"; home = "/storage/nextcloud"; config = { diff --git a/modules/router.nix b/modules/router.nix index 3bc7dab..e6cbacb 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -145,7 +145,7 @@ let requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.iproute ]; + path = [ pkgs.iproute2 ]; script = '' ip -6 rule add from 2001:470:1f06:1194::2 table main priority 19000 suppress_prefixlength 0 || true ip -6 rule add from 2001:470:1f06:1194::2 table he priority 20000 || true @@ -188,37 +188,38 @@ let settings.server = [ "1.1.1.1" "8.8.8.8" "8.8.4.4" ]; resolveLocalQueries = false; - extraConfig = '' - no-resolv - no-hosts - log-debug - - dhcp-authoritative - enable-ra - - address=/localhost/::1 - address=/localhost/127.0.0.1 - - dhcp-range=tag:servers-vport,172.20.20.10,172.20.20.254,5m - dhcp-option=tag:servers-vport,option:router,172.20.20.1 - dhcp-option=tag:servers-vport,option:dns-server,172.20.20.1 - dhcp-range=tag:servers-vport,::,static,constructor:servers-vport,5m - dhcp-host=id:*,tag:servers-vport,172.20.20.2 - dhcp-host=id:00:01:00:01:2e:a3:07:37:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d] - #dhcp-host=tag:servers-vport,id:dragon,::d - - dhcp-range=tag:lan-vport,172.20.100.10,172.20.100.254,5m - dhcp-option=tag:lan-vport,option:router,172.20.100.1 - dhcp-option=tag:lan-vport,option:dns-server,172.20.100.1 - dhcp-range=tag:lan-vport,::2,::1000,constructor:lan-vport,ra-only - - dhcp-range=tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m - dhcp-option=tag:vpnlan-vport,option:router,172.20.30.1 - dhcp-option=tag:vpnlan-vport,option:dns-server,193.138.218.74 - dhcp-range=tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m - dhcp-host=id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2] - dhcp-host=id:vpn,tag:vpnlan-vport,172.20.30.2 - ''; + settings = { + no-resolv = true; + no-hosts = true; + log-debug = true; + + dhcp-authoritative = true; + enable-ra = true; + + "address" = ["/localhost/::1" "/localhost/127.0.0.1"]; + + dhcp-range = [ + "tag:servers-vport,172.20.20.10,172.20.20.254,5m" + "tag:lan-vport,172.20.100.10,172.20.100.254,5m" + "tag:servers-vport,::,static,constructor:servers-vport,5m" + "tag:lan-vport,::2,::1000,constructor:lan-vport,ra-only" + "tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m" + "tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m"]; + + dhcp-option = [ + "tag:servers-vport,option:router,172.20.20.1" + "tag:servers-vport,option:dns-server,172.20.20.1" + "tag:lan-vport,option:router,172.20.100.1" + "tag:lan-vport,option:dns-server,172.20.100.1" + "tag:vpnlan-vport,option:router,172.20.30.1" + "tag:vpnlan-vport,option:dns-server,193.138.218.74"]; + + + dhcp-host = [ + "id:00:01:00:01:2e:a3:07:37:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d]" + "id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2]" + "id:vpn,tag:vpnlan-vport,172.20.30.2"]; + }; }; networking.dhcpcd = { @@ -350,7 +351,7 @@ in { description = "router network namespace"; after = ["network-pre.target"]; before = ["network.target" "wireguard-muddvad.service"]; - path = with pkgs; [bash iproute]; + path = with pkgs; [bash iproute2]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; @@ -441,7 +442,7 @@ in { systemd.services.update-dynamic-dns = { description = "Update dynamic dns records"; after = ["container@router.target"]; - path = with pkgs; [ bash dnsutils nettools gawk iproute curl ]; + path = with pkgs; [ bash dnsutils nettools gawk iproute2 curl ]; startLimitIntervalSec = 5; script = toString ../tools/update-dns.sh; }; |