diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2024-12-15 15:43:11 -0500 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2024-12-15 15:43:11 -0500 |
| commit | 230ee8c37f09ac32cabf199704184c099f48ee2c (patch) | |
| tree | 5de4d80679ea295a0a05d92fda4d2ce0732504b0 /modules | |
| parent | fa7b6642979b015f4b551b7a4a7e44a5e5988608 (diff) | |
Update dragon
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/common.nix | 2 | ||||
| -rw-r--r-- | modules/fcgiwrap.nix | 23 | ||||
| -rw-r--r-- | modules/nextcloud.nix | 2 | ||||
| -rw-r--r-- | modules/router.nix | 69 |
4 files changed, 37 insertions, 59 deletions
diff --git a/modules/common.nix b/modules/common.nix index 13ef076..cc60640 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -103,7 +103,7 @@ services = { emacs.install = true; emacs.startWithGraphical = true; - postgresql = { package = pkgs.postgresql_12; }; + postgresql = { package = pkgs.postgresql_16; }; openssh.settings.PasswordAuthentication = false; openssh.settings.KbdInteractiveAuthentication = false; fwupd.enable = true; diff --git a/modules/fcgiwrap.nix b/modules/fcgiwrap.nix deleted file mode 100644 index a3666a6..0000000 --- a/modules/fcgiwrap.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.orbekk.fcgiwrap; - aliases = import ../data/aliases.nix; -in { - options = { - orbekk.fcgiwrap = { - enable = lib.mkEnableOption "Enable monitoring server"; - }; - }; - - config = lib.mkIf cfg.enable { - services.fcgiwrap = { - enable = true; - socketType = "unix"; - # socketType = "tcp"; - # socketAddress = "0.0.0.0:${toString fcgiPort}"; - user = "fcgi"; - group = "fcgi"; - }; - }; -} diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 6004fdc..f9d71ca 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -12,7 +12,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; hostName = "nextcloud.orbekk.com"; home = "/storage/nextcloud"; config = { diff --git a/modules/router.nix b/modules/router.nix index 3bc7dab..e6cbacb 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -145,7 +145,7 @@ let requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.iproute ]; + path = [ pkgs.iproute2 ]; script = '' ip -6 rule add from 2001:470:1f06:1194::2 table main priority 19000 suppress_prefixlength 0 || true ip -6 rule add from 2001:470:1f06:1194::2 table he priority 20000 || true @@ -188,37 +188,38 @@ let settings.server = [ "1.1.1.1" "8.8.8.8" "8.8.4.4" ]; resolveLocalQueries = false; - extraConfig = '' - no-resolv - no-hosts - log-debug - - dhcp-authoritative - enable-ra - - address=/localhost/::1 - address=/localhost/127.0.0.1 - - dhcp-range=tag:servers-vport,172.20.20.10,172.20.20.254,5m - dhcp-option=tag:servers-vport,option:router,172.20.20.1 - dhcp-option=tag:servers-vport,option:dns-server,172.20.20.1 - dhcp-range=tag:servers-vport,::,static,constructor:servers-vport,5m - dhcp-host=id:*,tag:servers-vport,172.20.20.2 - dhcp-host=id:00:01:00:01:2e:a3:07:37:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d] - #dhcp-host=tag:servers-vport,id:dragon,::d - - dhcp-range=tag:lan-vport,172.20.100.10,172.20.100.254,5m - dhcp-option=tag:lan-vport,option:router,172.20.100.1 - dhcp-option=tag:lan-vport,option:dns-server,172.20.100.1 - dhcp-range=tag:lan-vport,::2,::1000,constructor:lan-vport,ra-only - - dhcp-range=tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m - dhcp-option=tag:vpnlan-vport,option:router,172.20.30.1 - dhcp-option=tag:vpnlan-vport,option:dns-server,193.138.218.74 - dhcp-range=tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m - dhcp-host=id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2] - dhcp-host=id:vpn,tag:vpnlan-vport,172.20.30.2 - ''; + settings = { + no-resolv = true; + no-hosts = true; + log-debug = true; + + dhcp-authoritative = true; + enable-ra = true; + + "address" = ["/localhost/::1" "/localhost/127.0.0.1"]; + + dhcp-range = [ + "tag:servers-vport,172.20.20.10,172.20.20.254,5m" + "tag:lan-vport,172.20.100.10,172.20.100.254,5m" + "tag:servers-vport,::,static,constructor:servers-vport,5m" + "tag:lan-vport,::2,::1000,constructor:lan-vport,ra-only" + "tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m" + "tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m"]; + + dhcp-option = [ + "tag:servers-vport,option:router,172.20.20.1" + "tag:servers-vport,option:dns-server,172.20.20.1" + "tag:lan-vport,option:router,172.20.100.1" + "tag:lan-vport,option:dns-server,172.20.100.1" + "tag:vpnlan-vport,option:router,172.20.30.1" + "tag:vpnlan-vport,option:dns-server,193.138.218.74"]; + + + dhcp-host = [ + "id:00:01:00:01:2e:a3:07:37:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d]" + "id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2]" + "id:vpn,tag:vpnlan-vport,172.20.30.2"]; + }; }; networking.dhcpcd = { @@ -350,7 +351,7 @@ in { description = "router network namespace"; after = ["network-pre.target"]; before = ["network.target" "wireguard-muddvad.service"]; - path = with pkgs; [bash iproute]; + path = with pkgs; [bash iproute2]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; @@ -441,7 +442,7 @@ in { systemd.services.update-dynamic-dns = { description = "Update dynamic dns records"; after = ["container@router.target"]; - path = with pkgs; [ bash dnsutils nettools gawk iproute curl ]; + path = with pkgs; [ bash dnsutils nettools gawk iproute2 curl ]; startLimitIntervalSec = 5; script = toString ../tools/update-dns.sh; }; |