diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index b1a72ed..8894431 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -106,6 +106,12 @@ services = { tailscale.enable = true; + #grafana = { + # enable = true; + # domain = "vno1-oh2.servers.jakst"; # TODO tailscale service? + # addr = myData.hosts."vno1-oh2.servers.jakst".jakstIP; + #}; + nsd = { enable = true; interfaces = ["0.0.0.0" "::"]; diff --git a/modules/services/default.nix b/modules/services/default.nix index 8d8819e..173d515 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -6,6 +6,7 @@ }: { imports = [ ./deployerbot + ./friendlyport ./postfix ./syncthing ./zfsunlock diff --git a/modules/services/friendlyport/default.nix b/modules/services/friendlyport/default.nix new file mode 100644 index 0000000..f7cb51c --- /dev/null +++ b/modules/services/friendlyport/default.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + myData, + ... +}: { + options.mj.services.friendlyport = with lib.types; { + ports = lib.mkOption { + type = listOf int; + default = []; + }; + }; + + config = let + ports = builtins.concatStringsSep "," (map builtins.toString config.mj.services.friendlyport.ports); + hosts = lib.attrVals ["mxp10.motiejus.jakst" "fwmine.motiejus.jakst"] myData.hosts; + ips = lib.catAttrs "jakstIP" hosts; + startLines = map (ip: "iptables -A INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT") ips; + stopLines = map (ip: "iptables -D INPUT -p tcp --match multiport --dports ${ports} --source ${ip} -j ACCEPT") ips; + in { + networking.firewall.extraCommands = lib.concatLines startLines; + networking.firewall.extraStopCommands = lib.concatLines stopLines; + }; +} diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix index ed53677..702cb86 100644 --- a/modules/services/syncthing/default.nix +++ b/modules/services/syncthing/default.nix @@ -13,97 +13,90 @@ in { dataDir = lib.mkOption {type = path;}; }; - config = let - hosts = lib.attrVals ["mxp10.motiejus.jakst" "fwmine.motiejus.jakst"] myData.hosts; - ips = lib.catAttrs "jakstIP" hosts; - startLines = map (ip: "iptables -A INPUT -p tcp --dport 8384 -s ${ip} -j ACCEPT") ips; - stopLines = map (ip: "iptables -D INPUT -p tcp --dport 8384 -s ${ip} -j ACCEPT") ips; - in - lib.mkIf config.mj.services.syncthing.enable { - networking.firewall.extraCommands = lib.concatLines startLines; - networking.firewall.extraStopCommands = lib.concatLines stopLines; + config = lib.mkIf config.mj.services.syncthing.enable { + mj.services.friendlyport.ports = [8384]; - services.syncthing = { - enable = config.mj.services.syncthing.enable; - openDefaultPorts = true; - guiAddress = let - fqdn = with config.networking; "${hostName}.${domain}"; - jakstIP = lib.getAttrFromPath [fqdn "jakstIP"] myData.hosts; - guiPortStr = builtins.toString guiPort; - in "${jakstIP}:${guiPortStr}"; - user = config.mj.services.syncthing.user; - group = config.mj.services.syncthing.group; - dataDir = config.mj.services.syncthing.dataDir; + services.syncthing = { + enable = config.mj.services.syncthing.enable; + openDefaultPorts = true; + guiAddress = let + fqdn = with config.networking; "${hostName}.${domain}"; + jakstIP = lib.getAttrFromPath [fqdn "jakstIP"] myData.hosts; + guiPortStr = builtins.toString guiPort; + in "${jakstIP}:${guiPortStr}"; + user = config.mj.services.syncthing.user; + group = config.mj.services.syncthing.group; + dataDir = config.mj.services.syncthing.dataDir; - extraOptions.gui.insecureAdminAccess = true; + extraOptions.gui.insecureAdminAccess = true; - devices = - {} - // (lib.optionalAttrs (config.networking.hostName == "vno1-oh2") { - "fwmine".id = "GKSUKZE-AOBQOWY-CNLZ2ZI-WNKATYE-MV4Y452-J3VCJ5C-EAANXRX-2P6EHA6"; - "mxp10".id = "LO54QZZ-5J3G62P-WUVM3MW-7J3VWHD-BG76TOQ-5S7PZSY-JU45K3I-X3ZL4AN"; - "rzj-744P2PE".id = "UW6ISH2-NW6X6AW-BJR76TV-TV3BIGZ-PA5QH2M-YEF567T-IWMHKD5-P3XHHAH"; - "KrekenavosNamai".id = "CYZDYL6-YMW7SZ3-K6IJO4Q-6NOULSG-OVZ3BGN-6LN3CLR-P3BJFKW-2PMHJQT"; - }) - // {}; + devices = + {} + // (lib.optionalAttrs (config.networking.hostName == "vno1-oh2") { + "fwmine".id = "GKSUKZE-AOBQOWY-CNLZ2ZI-WNKATYE-MV4Y452-J3VCJ5C-EAANXRX-2P6EHA6"; + "mxp10".id = "LO54QZZ-5J3G62P-WUVM3MW-7J3VWHD-BG76TOQ-5S7PZSY-JU45K3I-X3ZL4AN"; + "rzj-744P2PE".id = "UW6ISH2-NW6X6AW-BJR76TV-TV3BIGZ-PA5QH2M-YEF567T-IWMHKD5-P3XHHAH"; + "KrekenavosNamai".id = "CYZDYL6-YMW7SZ3-K6IJO4Q-6NOULSG-OVZ3BGN-6LN3CLR-P3BJFKW-2PMHJQT"; + }) + // {}; - folders = { - "${config.services.syncthing.dataDir}/annex2/Books" = { - devices = ["mxp10" "fwmine"]; - id = "8lk0n-mm63y"; - label = "Books"; - }; - "${config.services.syncthing.dataDir}/annex2/M-Active" = { - devices = ["mxp10" "fwmine"]; - id = "f6fma-unkxq"; - label = "M-Active"; - }; - "${config.services.syncthing.dataDir}/annex2/M-Camera" = { - devices = ["mxp10" "fwmine"]; - id = "pixel_xl_dtm3-photos"; - label = "M-Active"; - }; - "${config.services.syncthing.dataDir}/annex2/M-Documents" = { - devices = ["fwmine"]; - id = "4fu7z-z6es2"; - label = "M-Documents"; - }; - "${config.services.syncthing.dataDir}/annex2/R-Documents" = { - devices = ["rzj-744P2PE"]; - id = "nm23h-aog6k"; - label = "R-Documents"; - }; - "${config.services.syncthing.dataDir}/annex2/Pictures" = { - devices = ["fwmine"]; - id = "d3hur-cbzyw"; - label = "Pictures"; - }; - "${config.services.syncthing.dataDir}/annex2/M-R" = { - devices = ["fwmine" "rzj-744P2PE" "mxp10"]; - id = "evgn9-ahngz"; - label = "M-R"; - }; - "${config.services.syncthing.dataDir}/stud-cache" = { - devices = ["fwmine"]; - id = "2kq7n-jqzxj"; - label = "stud-cache"; - }; - "${config.services.syncthing.dataDir}/video/shared" = { - devices = ["mxp10" "fwmine"]; - id = "byzmw-f6zhg"; - label = "video-shared"; - }; - "${config.services.syncthing.dataDir}/music" = { - devices = ["fwmine" "mxp10"]; - id = "tg94v-cqcwr"; - label = "music"; - }; - "${config.services.syncthing.dataDir}/irenos" = { - devices = ["KrekenavosNamai"]; - id = "wuwai-qkcqj"; - label = "Irenos"; - }; + folders = { + "${config.services.syncthing.dataDir}/annex2/Books" = { + devices = ["mxp10" "fwmine"]; + id = "8lk0n-mm63y"; + label = "Books"; + }; + "${config.services.syncthing.dataDir}/annex2/M-Active" = { + devices = ["mxp10" "fwmine"]; + id = "f6fma-unkxq"; + label = "M-Active"; + }; + "${config.services.syncthing.dataDir}/annex2/M-Camera" = { + devices = ["mxp10" "fwmine"]; + id = "pixel_xl_dtm3-photos"; + label = "M-Active"; + }; + "${config.services.syncthing.dataDir}/annex2/M-Documents" = { + devices = ["fwmine"]; + id = "4fu7z-z6es2"; + label = "M-Documents"; + }; + "${config.services.syncthing.dataDir}/annex2/R-Documents" = { + devices = ["rzj-744P2PE"]; + id = "nm23h-aog6k"; + label = "R-Documents"; + }; + "${config.services.syncthing.dataDir}/annex2/Pictures" = { + devices = ["fwmine"]; + id = "d3hur-cbzyw"; + label = "Pictures"; + }; + "${config.services.syncthing.dataDir}/annex2/M-R" = { + devices = ["fwmine" "rzj-744P2PE" "mxp10"]; + id = "evgn9-ahngz"; + label = "M-R"; + }; + "${config.services.syncthing.dataDir}/stud-cache" = { + devices = ["fwmine"]; + id = "2kq7n-jqzxj"; + label = "stud-cache"; + }; + "${config.services.syncthing.dataDir}/video/shared" = { + devices = ["mxp10" "fwmine"]; + id = "byzmw-f6zhg"; + label = "video-shared"; + }; + "${config.services.syncthing.dataDir}/music" = { + devices = ["fwmine" "mxp10"]; + id = "tg94v-cqcwr"; + label = "music"; + }; + "${config.services.syncthing.dataDir}/irenos" = { + devices = ["KrekenavosNamai"]; + id = "wuwai-qkcqj"; + label = "Irenos"; }; }; }; + }; }