From 504be3141296f11fe2f0844913fe39801a27dd84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sun, 20 Oct 2024 22:09:23 +0200 Subject: [PATCH] Add http-proxy host --- flake.nix | 125 ++++++++++++++++++++++---- hosts/http-proxy/configuration.nix | 62 +++++++++++++ hosts/http-proxy/default.nix | 7 ++ services/http-proxy/default.nix | 3 + services/ns/zones-home-2rjus-net.conf | 1 + 5 files changed, 179 insertions(+), 19 deletions(-) create mode 100644 hosts/http-proxy/configuration.nix create mode 100644 hosts/http-proxy/default.nix create mode 100644 services/http-proxy/default.nix diff --git a/flake.nix b/flake.nix index ccdee44..22b33cc 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,15 @@ backup-helper.url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, backup-helper, ... }@inputs: + outputs = + { + self, + nixpkgs, + nixpkgs-unstable, + sops-nix, + backup-helper, + ... + }@inputs: let system = "x86_64-linux"; overlay-unstable = final: prev: { @@ -22,45 +30,80 @@ nixosConfigurations = { ns1 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/ns1 sops-nix.nixosModules.sops ]; }; ns2 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/ns2 sops-nix.nixosModules.sops ]; }; ns3 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/ns3 sops-nix.nixosModules.sops ]; }; ns4 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/ns4 sops-nix.nixosModules.sops ]; }; nixos-test1 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/nixos-test1 sops-nix.nixosModules.sops backup-helper.nixosModules.backup-helper @@ -68,9 +111,16 @@ }; ha1 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/ha1 sops-nix.nixosModules.sops backup-helper.nixosModules.backup-helper @@ -78,9 +128,16 @@ }; inc1 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/inc1 sops-nix.nixosModules.sops # backup-helper.nixosModules.backup-helper @@ -88,9 +145,16 @@ }; inc2 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/inc2 sops-nix.nixosModules.sops # backup-helper.nixosModules.backup-helper @@ -98,13 +162,36 @@ }; template1 = nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs self sops-nix; }; + specialArgs = { + inherit inputs self sops-nix; + }; modules = [ - ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) ./hosts/template sops-nix.nixosModules.sops ]; }; + http-proxy = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self sops-nix; + }; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) + ./hosts/http-proxy + sops-nix.nixosModules.sops + ]; + }; }; }; } diff --git a/hosts/http-proxy/configuration.nix b/hosts/http-proxy/configuration.nix new file mode 100644 index 0000000..ac4e155 --- /dev/null +++ b/hosts/http-proxy/configuration.nix @@ -0,0 +1,62 @@ +{ + pkgs, + ... +}: + +{ + imports = [ + ../template/hardware-configuration.nix + + ../../system + ]; + + nixpkgs.config.allowUnfree = true; + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 3; + }; + + networking.hostName = "http-proxy"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + systemd.network.networks."ens18" = { + matchConfig.Name = "ens18"; + address = [ + "10.69.13.11/24" + ]; + routes = [ + { routeConfig.Gateway = "10.69.13.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + vim + wget + git + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/http-proxy/default.nix b/hosts/http-proxy/default.nix new file mode 100644 index 0000000..5dc568d --- /dev/null +++ b/hosts/http-proxy/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ../../services/home-assistant + ]; +} diff --git a/services/http-proxy/default.nix b/services/http-proxy/default.nix new file mode 100644 index 0000000..b5b2cec --- /dev/null +++ b/services/http-proxy/default.nix @@ -0,0 +1,3 @@ +{ pkgs, config, ... }: +{ +} diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index 7bfeec1..afc1adc 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -55,6 +55,7 @@ ns3 IN A 10.69.13.7 ns4 IN A 10.69.13.8 ha1 IN A 10.69.13.9 nixos-test1 IN A 10.69.13.10 +http-proxy IN A 10.69.13.11 ; 22_WLAN unifi-ctrl IN A 10.69.22.5