data.nix (9643B) - Raw
1 rec { 2 uidgid = { 3 motiejus = 1000; 4 5 gitea = 20000; 6 updaterbot-deployer = 501; 7 updaterbot-deployee = 502; 8 9 # the underscore differentiates "our" user from the 10 # "upstream" user. We need a way to configure the uidgid, 11 # so creating users explicitly. 12 node_exporter = 503; 13 14 borgstor = 504; 15 16 jakstpub = 505; 17 }; 18 19 ports = { 20 grafana = 3000; 21 gitea = 3001; 22 immich-server = 3002; 23 immich-machine-learning = 3003; # as of writing, hardcoded in the immich module 24 25 frigate = 5000; 26 soju = 6697; 27 soju-ws = 6698; 28 matrix-synapse = 8008; 29 ssh8022 = 8022; 30 vaultwarden = 8222; 31 headscale = 8080; 32 plik = 8099; 33 hass = 8123; 34 prometheus = 9001; 35 tailscale = 41641; 36 exporters = { 37 38 node = 9002; 39 weather = 9011; 40 # non-configurable in caddy as of 2023-09-06 41 caddy = 2019; 42 anubis = 9003; 43 }; 44 }; 45 46 bot_pubkeys = { 47 nixbld_macworx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1fp61KUCMPBBRNciKgbxwvRphtO5GKmCUKPJrfWRXb nixbld@macworx"; 48 }; 49 50 people_pubkeys = { 51 motiejus = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+qpaaD+FCYPcUU1ONbw/ff5j0xXu5DNvp/4qZH/vOYwG13uDdfI5ISYPs8zNaVcFuEDgNxWorVPwDw4p6+1JwRLlhO4J/5tE1w8Gt6C7y76LRWnp0rCdva5vL3xMozxYIWVOAiN131eyirV2FdOaqTwPy4ouNMmBFbibLQwBna89tbFMG/jwR7Cxt1I6UiYOuCXIocI5YUbXlsXoK9gr5yBRoTjl2OfH2itGYHz9xQCswvatmqrnteubAbkb6IUFYz184rnlVntuZLwzM99ezcG4v8/485gWkotTkOgQIrGNKgOA7UNKpQNbrwdPAMugqfSTo6g8fEvy0Q+6OXdxw5X7en2TJE+BLVaXp4pVMdOAzKF0nnssn64sRhsrUtFIjNGmOWBOR2gGokaJcM6x9R72qxucuG5054pSibs32BkPEg6Qzp+Bh77C3vUmC94YLVg6pazHhLroYSP1xQjfOvXyLxXB1s9rwJcO+s4kqmInft2weyhfaFE0Bjcoc+1/dKuQYfPCPSB//4zvktxTXud80zwWzMy91Q4ucRrHTBz3PrhO8ys74aSGnKOiG3ccD3HbaT0Ff4qmtIwHcAjrnNlINAcH/A2mpi0/2xA7T8WpFnvgtkQbcMF0kEKGnNS5ULZXP/LC8BlLXxwPdqTzvKikkTb661j4PhJhinhVwnQ=="; 52 motiejus_work = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRQxp99COE6iLVOrIrpbSAefbdiHoy0luN5VSr4I2SP"; 53 motiejus_macworx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIn+TP17ocwY9IDCoyEe85F/G17rRIKOS9kR0Wlx3rm"; 54 }; 55 56 hosts = { 57 "vno4-rutx11.jakst.vpn" = rec { 58 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh"; 59 publicIP = "188.69.241.222"; 60 vno4IP = "192.168.188.1"; 61 extraHostNames = [ 62 "vno4.jakstys.lt" 63 publicIP 64 vno4IP 65 ]; 66 }; 67 "vno2-desk2.jakst.vpn" = rec { 68 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKJjc2V5meA4+4O3GXX+Pwh6Lwwu4cvBGIZ52tufB4X"; 69 system = "x86_64-linux"; 70 jakstIP = "100.89.176.8"; 71 publicIP = "193.216.240.146"; 72 extraHostNames = [ 73 "vno2-desk2" 74 jakstIP 75 ]; 76 }; 77 "vno3-nk.jakst.vpn" = rec { 78 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp3QL8p4AbuijEQX/uVHj6nkJ2/8qNSciL+Glydw2yK"; 79 system = "x86_64-linux"; 80 jakstIP = "100.89.176.5"; 81 extraHostNames = [ 82 "vno3-nk" 83 jakstIP 84 ]; 85 }; 86 "fra1-c.jakst.vpn" = rec { 87 extraHostNames = [ 88 "fra1-c.jakstys.lt" 89 "fra1-c" 90 publicIP 91 ]; 92 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3m71ZgEFZVqpYZPwf7N7IS9Jxa181dHDY9r6+INt9t"; 93 publicIP = "128.140.60.129"; 94 publicIP6 = "2a01:4f8:c17:804b::"; 95 system = "x86_64-linux"; 96 }; 97 "vno1-gdrx.jakst.vpn" = rec { 98 extraHostNames = [ 99 "vno1-gdrx" 100 vno1IP 101 ]; 102 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW7k8wMOIWKERGiMlz5kX/PXJ/EbzUnJK6jVgPtAbNF"; 103 vno1IP = "192.168.189.12"; 104 }; 105 "fwminex.jakst.vpn" = rec { 106 extraHostNames = [ 107 "fwminex" 108 "jakstys.lt" 109 "git.jakstys.lt" 110 "dl.jakstys.lt" 111 "up.jakstys.lt" 112 "irc.jakstys.lt" 113 "www.jakstys.lt" 114 "vpn.jakstys.lt" 115 jakstIP 116 vno1IP 117 publicIP 118 ]; 119 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlWSZ/H6DR5i5aCrlrEQLVF9MXNvls/pjlLPLaav3f+"; 120 publicIP = "185.104.176.238"; 121 jakstIP = "100.89.176.13"; 122 vno1IP = "192.168.189.10"; 123 }; 124 "macworx.jakst.vpn" = rec { 125 extraHostNames = [ "macworx" ]; 126 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNSxpWerx0lz6sozvUD909WY1C+/SKdhlVbBhOq9Ls3"; 127 }; 128 "vno1-vinc.jakst.vpn" = rec { 129 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL"; 130 }; 131 "mxp1.jakst.vpn" = { 132 }; 133 "zh2769.rsync.net" = { 134 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd"; 135 }; 136 "github.com" = { 137 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; 138 }; 139 "git.sr.ht" = { 140 publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; 141 }; 142 }; 143 144 # copied from nixpkgs/lib/attrsets.nix 145 attrVals = nameList: set: map (x: set.${x}) nameList; 146 147 subnets = { 148 tailscale = { 149 cidr = "100.89.176.0/20"; 150 range = "100.89.176.0-100.89.191.255"; 151 sshPattern = "100.89.176.*"; # until we have more hosts 152 }; 153 vno1 = { 154 cidr = "192.168.189.0/24"; 155 sshPattern = "192.168.189.*"; 156 }; 157 vno3.cidr = "192.168.100.0/24"; 158 }; 159 160 jakstysLTZone = 161 let 162 fra1c = hosts."fra1-c.jakst.vpn".publicIP; 163 fra1cv6 = hosts."fra1-c.jakst.vpn".publicIP6; 164 vno1 = hosts."fwminex.jakst.vpn".publicIP; 165 vno2 = hosts."vno2-desk2.jakst.vpn".publicIP; 166 vno4 = hosts."vno4-rutx11.jakst.vpn".publicIP; 167 in 168 '' 169 $ORIGIN jakstys.lt. 170 $TTL 3600 171 @ 86400 SOA ns1.jakstys.lt. motiejus.jakstys.lt. (2026031700 86400 86400 86400 86400) 172 @ 86400 NS ns1.jakstys.lt. 173 @ 86400 NS ns2.jakstys.lt. 174 @ HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 175 @ A ${vno1} 176 www HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 177 www A ${vno1} 178 photos A ${hosts."fwminex.jakst.vpn".jakstIP} 179 ns1 86400 A ${vno1} 180 ns2 86400 A ${fra1c} 181 ns3 3600 A ${vno2} 182 vpn 3600 A ${fra1c} 183 rita HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 184 rita A ${vno1} 185 r HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 186 r A ${vno1} 187 git A ${vno1} 188 git HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 189 auth A ${vno1} 190 dl HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 191 dl A ${vno1} 192 up HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 193 up A ${vno1} 194 fra1-c A ${fra1c} 195 fra1-c AAAA ${fra1cv6} 196 vno4 A ${vno4} 197 vno2 A ${vno2} 198 r1 HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 199 r1 A ${vno1} 200 m HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 201 m A ${vno1} 202 jonas HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 203 jonas A ${vno1} 204 rolandas HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}" 205 rolandas A ${vno1} 206 207 @ TXT google-site-verification=sU99fmO8gEJF-0lbOY-IzkovC6MXsP3Gozqrs8BR5OM 208 @ TXT hosted-email-verify=rvyd6h64 209 @ MX 10 smtp.google.com. 210 _submission._tcp SRV 0 1 587 smtp.gmail.com. 211 _imaps._tcp SRV 0 1 993 imap.gmail.com. 212 _pop3s._tcp SRV 0 1 995 pop.gmail.com. 213 @ TXT "v=spf1 include:_spf.google.com ~all" 214 _dmarc TXT "v=DMARC1; p=none;" 215 google._domainkey TXT "v=DKIM1; k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqOyONnWKk7lgAVB1UcVu/I02gTDjROpQGDNUJHS34faQ9DnM/8uSOaIwCe4oV1GrI8N2ET+f96WPCCs1LzlEA0QwuUoXRLGojjQoXxCntLfMCnRWtehzmZq6Yv8nVva7N0gz/n/LThpPvGfEoKzYjmhjzM5d8y60DGsKxS8r4Lc9TzwtzuYkxKDhcSzVBQQiMvKMi6m6mUsxFya7" "ZTurd5i7iiZXpA3SFBYLAsjhQd6vS7K13vwAZTKjGNijfM40i7KXC5XA5WtojiSY0lZzAMqaHGLDaMUFkWRJJntRheQ+AU9RvOGAufphRAjdQTCMy0BLzC0rilT2JaTGe4MdQIDAQAB" 216 217 _acme-challenge CNAME _acme-endpoint 218 _acme-endpoint NS ns._acme-endpoint 219 ns._acme-endpoint A ${vno1} 220 221 grafana A ${hosts."fwminex.jakst.vpn".jakstIP} 222 hass A ${hosts."fwminex.jakst.vpn".jakstIP} 223 irc A ${hosts."fwminex.jakst.vpn".jakstIP} 224 225 bitwarden HTTPS 1 . alpn="h3,h2" ipv4hint="${ 226 hosts."fwminex.jakst.vpn".jakstIP 227 }" 228 bitwarden A ${hosts."fwminex.jakst.vpn".jakstIP} 229 230 hdd A ${hosts."vno3-nk.jakst.vpn".jakstIP} 231 ''; 232 }