torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: torjus:e39e3cf0cbf6bef52b86d64b309aaae4a610fa6f
Branches Tags
torjus:master
..
compare: torjus:6aa5cf727f8da7c19c9b023a2558d0a08b1bd574
Branches Tags
torjus:master

No commits in common. "e39e3cf0cbf6bef52b86d64b309aaae4a610fa6f" and "6aa5cf727f8da7c19c9b023a2558d0a08b1bd574" have entirely different histories.
e39e3cf0cb ... 6aa5cf727f

12 changed files with 37 additions and 359 deletions
Show Stats Expand all files Collapse all files

2
.sops.yaml
View File

@ -6,7 +6,6 @@ keys:
- &server_ns4 age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q - &server_ns4 age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
- &server_ha1 age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l - &server_ha1 age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
- &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju - &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
- &server_inc1 age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini) - path_regex: secrets/[^/]+\.(yaml|json|env|ini)
key_groups: key_groups:
@ -18,7 +17,6 @@ creation_rules:
- *server_ns4 - *server_ns4
- *server_ha1 - *server_ha1
- *server_nixos-test1 - *server_nixos-test1
- *server_inc1
- path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini)
key_groups: key_groups:
- age: - age:

20
flake.nix
View File

@ -76,26 +76,6 @@
backup-helper.nixosModules.backup-helper backup-helper.nixosModules.backup-helper
]; ];
}; };
inc1 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs self sops-nix; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/inc1
sops-nix.nixosModules.sops
# backup-helper.nixosModules.backup-helper
];
};
inc2 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs self sops-nix; };
modules = [
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/inc2
sops-nix.nixosModules.sops
# backup-helper.nixosModules.backup-helper
];
};
template1 = nixpkgs.lib.nixosSystem { template1 = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
specialArgs = { inherit inputs self sops-nix; }; specialArgs = { inherit inputs self sops-nix; };

96
hosts/inc1/configuration.nix
View File

@ -1,96 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system
../../services/incus
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};
networking.hostName = "inc1";
networking.domain = "home.2rjus.net";
networking.useNetworkd = true;
networking.useDHCP = false;
networking.nftables.enable = true;
networking.firewall.trustedInterfaces = [ "vlan13" ];
services.resolved.enable = true;
networking.nameservers = [
"10.69.13.5"
"10.69.13.6"
];
systemd.network.enable = true;
# Primary interface
systemd.network.networks."enp2s0" = {
matchConfig.Name = "enp2s0";
address = [
"10.69.12.80/24"
];
networkConfig = {
VLAN = [ "enp2s0.13" ];
};
routes = [
{ routeConfig.Gateway = "10.69.12.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
# VLAN 13 netdev
systemd.network.netdevs."enp2s0.13" = {
enable = true;
netdevConfig = {
Kind = "vlan";
Name = "enp2s0.13";
};
vlanConfig = {
Id = 13;
};
};
# # Bridge netdev
# systemd.network.netdevs."br13" = {
# netdevConfig = {
# Name = "br13";
# Kind = "bridge";
# };
# };
# # Bridge network
# systemd.network.networks."br13" = {
# matchConfig.Name = "enp2s0.13";
# networkConfig.Bridge = "br13";
# };
time.timeZone = "Europe/Oslo";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.tarball-ttl = 0;
environment.systemPackages = with pkgs; [
tcpdump
vim
wget
git
];
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh.settings.PermitRootLogin = "yes";
system.stateVersion = "24.05"; # Did you read the comment?
}

5
hosts/inc1/default.nix
View File

@ -1,5 +0,0 @@
{ ... }: {
imports = [
./configuration.nix
];
}

41
hosts/inc1/hardware-configuration.nix
View File

@ -1,41 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/faa60038-b3a4-448a-8909-49857818c955";
fsType = "xfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7A94-A91C";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f7a4f85e-0b4b-492d-a611-f50d2b915c2c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

96
hosts/inc2/configuration.nix
View File

@ -1,96 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system
../../services/incus
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};
networking.hostName = "inc2";
networking.domain = "home.2rjus.net";
networking.useNetworkd = true;
networking.useDHCP = false;
networking.nftables.enable = true;
networking.firewall.trustedInterfaces = [ "vlan13" ];
services.resolved.enable = true;
networking.nameservers = [
"10.69.13.5"
"10.69.13.6"
];
systemd.network.enable = true;
# Primary interface
systemd.network.networks."enp2s0" = {
matchConfig.Name = "enp2s0";
address = [
"10.69.12.81/24"
];
networkConfig = {
VLAN = [ "enp2s0.13" ];
};
routes = [
{ routeConfig.Gateway = "10.69.12.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
# VLAN 13 netdev
systemd.network.netdevs."enp2s0.13" = {
enable = true;
netdevConfig = {
Kind = "vlan";
Name = "enp2s0.13";
};
vlanConfig = {
Id = 13;
};
};
# # Bridge netdev
# systemd.network.netdevs."br13" = {
# netdevConfig = {
# Name = "br13";
# Kind = "bridge";
# };
# };
# # Bridge network
# systemd.network.networks."br13" = {
# matchConfig.Name = "enp2s0.13";
# networkConfig.Bridge = "br13";
# };
time.timeZone = "Europe/Oslo";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.tarball-ttl = 0;
environment.systemPackages = with pkgs; [
tcpdump
vim
wget
git
];
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh.settings.PermitRootLogin = "yes";
system.stateVersion = "24.05"; # Did you read the comment?
}

5
hosts/inc2/default.nix
View File

@ -1,5 +0,0 @@
{ ... }: {
imports = [
./configuration.nix
];
}

33
hosts/inc2/hardware-configuration.nix
View File

@ -1,33 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/3e7c311c-b1a3-4be7-b8bf-e497cba64302";
fsType = "btrfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/F0D7-E5C1";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/1a06a36f-da61-4d36-b94e-b852836c328a"; }];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

79
secrets/secrets.yaml
View File

@ -10,74 +10,65 @@ sops:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5eHNpQ2NkV0Z2QldSVDBW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubWtoVGhXYXRlSlFRN1R1
dTN5dk1KN2tOUUZVREpzdVhPVGlERkI3TjBjCmhCMFU3WElMZGhCek5ocGlRM2hu Zk9ER3d6ZExUeW0yV1grQkFzMks3akhuaHlVCk4rRmVTaUd6RG9NRldmNFZ0ZXMr
YVBPdkcxU0FKNk9QeXA0bDNRYU0xZEUKLS0tIDdtMjNyNkY1d21OZVdacnR0L09B aUh5QTJLSkpISXRkVXJFWDZkdlVnSHMKLS0tIGRVcXRQRTVDK09JSThidTdsOHBo
c3ZRYzBva1ZiV0xucWw3WEcxM01JbFUK3AmQJ3tVbYr8vmNFvssh/TGJcFM2O+hb NGpxMjFhVmg2cHdNS2dTQitEQWlLYUUKgKAgXN4Bwl2A+MRcLsGFl+BDAj8Jqkg1
BXO2VYZqNmRLKEClgRUPR8lykt1j+P1hXfxlpUEsudyyd1iV6r/7vg== 42aUJbVMVhQLVMSFw23AIsAiSkm0l05JVedUayr6EdL0AsZRmArRrw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcGM3UTVhMlV0TTNsMVp4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVFFxK0RMU3pYVkpTeFQ3
RERtRmlObHovUVdONDRWTnB6SWxxU09YKzF3Ck5qVFpiWVFUZVZYT3JwUHRBSXU0 M1VzVkZnR2RWazdUSEo5dGExMDR6RXlTYlZJCk14OVFIQjF1aEh6NGRseEkyUjdG
VkFmVFZ1Nm51YlA4VDR6WVBwRnlBVncKLS0tIE9MVFBzUlpZOXRIalJtSkM0Uk52 SUNIK0N2eEVWRW9mM1E4YzExS3g4QU0KLS0tIDJ2by9wYUlEWlh5Y2cxZzZBUW9w
MUJtREo5UlFnTDlicmZUOVB0aTNDNEUK9FHHmJs63JEucmxjlAr5GmkQ/8NUJkay N3BkNlBEVGl1L09nbjZXZm9seTY1NTAKtVmJ9bh/cN/q+FmZ7AhmdledAL3SKWvm
9+8V+BxGtqIYAn+U++GOa0hjJYQb8FrHL1SpKB8qOwkWYM7mbENH2g== 69+sx3etiIrZ8tx9hB+shULNkBWI4scopFZdoeRu75Q+Mc86s+wf4A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRVdzemZ4UVBySytWeHZw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRGtVZk9nL2EwaVlDcUlM
ekU1emdUU1FlZGFWK2NjUHdDS3B0ZGF5a0dvClVhVjZvZVE1dFlPak1QY0pYUU1Q VUZuUHNXNnZEajdzL1RkeFFvNVFEaXVpWVRZCmpQMGoyOGNqemN4VHRzV2QxdWMv
V2ttcFBLalNWQWlMVnZDOTE0YWpSUDQKLS0tIENvSGVZZ2hJS1hQZWpzT1hZWXFI c2V0T1FiMWw1ZzR2bFZmSzVsbFphWjAKLS0tIFF3TE9OcXUzUVI1UC9LU1FJVjhM
SXhkM2pFVmE5djRlMGhaSU9rRlcwaXMKg65Sop34XWfYiQvZGquB2U2Oh0/afz2i NzRoTGt6V3gyQStVbWxITUUrU0k0M1UKTGQ+9FFpFkzYYhvu4SoBYhQNh3IfErVT
PRAozkriSM+vY4n3WJlqK/rCmlOniARaci6mzfqRLhazEbmKBOYM7g== orD+RecwMaZqkCh0gjs6pPG675fiWaESo/SUqG5+w38Jh/Q3fHiBnQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUllOVVVyTVEyYkVvYXhL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q2tBYUVuNzNONk5Kbzho
RUx4RE5ZaENxY1FRT1lhN1Nva3orb2RGMzIwCndZSkcyTGYxaTZnMzJCMWt5NWRK SHhVUWs0MFNyblVGNDRUTStLa0NpYXdXeWxRCm0zcTlaMUZqQ0dNVXZpak1YSUZZ
YTVHcEtndm5KbXJDNjBTdDlkTDlVODQKLS0tIEFGU3JPT295KzUwRTk2QVJ6eTNv VmNvelJiQXJlZXJIa0dncE91TU5sNTAKLS0tIFQ2Z1lSSFhiK3dZSVlxeEt2VXlU
MmJRaTM1WWdwVjRrNk16dzU0ZFdBL1kK8Dp3M942e+6sLIYhV8MlkIbLh9se7IbC bk0rNjMrbWx4WVdnd0VLSWRUNGI5cVkKUIf+ilyc8N/T8jXk9X643DiASH0Yc8MU
iN+1N/6N5JUvg3FFz+V1tFlT7R0y3BJFBmemaMLJWsRelshjj26NcA== eWw6vttNrIHu69s1jku59JiGGzxaSJOvRwHqu2toIpR0aFm9X87PPQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZi9UaGM3L1BsQTRpbFZi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZmJiek14ZUdnRkJUNDR1
OUdwam5JWXNDa1VWcEhCdkx4YXppV1NRem13CjBBTk9PRDVkNjBaY1dOU2txNkpK dkN2blJ6Ykx0TlEvVlA2UGlaT0N5WHp4eGdNCldRL0gwVmlSQ3JBaXhDZ0RHWTVZ
ZXVUVTZVRUtmWjlvUEd3UDA0LzdhTlEKLS0tIEtwTUlESXdwQ1ZkTUVtWVJzK1p0 K3BVZmczYis1cHNFbmRLK0t3MlVhQ0kKLS0tIFFMRUFXMWJIRjRWeHFsUEpDTjI0
ZnlHNGk4bGVndUJZb1VrUWpxUHJucWsKULgyNAkFMRFgOQYIG/NC6jQxCvCrAVqS czhoVlg3NVBGK2hkK1F1cElwK3ZpZDQKVYL7UmZpDwUUCELJ85dkh4aQgiFuiP4b
WYS54btyjqiUYYx/nv6Ce6EZwMYEvKGRl1IVrFlNXVfjoE14GhuL7g== ljk7WwMCr2KPOwlqDNSSOZgoh8RmFlKaMsNB5EQMd4loNWgMra7URA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZFpFNjJIeXRxandtY24z YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MVEwVy94VXd2U1pCd3cv
WXBjMmhTRmdFVzFJU3MwT3BCSnBBUDJnTHdRCjluT3B2Y1pBNjBtODlRUXVvZlZu TFpwNDYrU01Md3pQZXlwbWFNd2xocnMrN3pJCi94alVKajk5eExhbWkwd1ZFNEQ0
dnZleUJQRHIvYkVlVjlFNDRwM1FCWXMKLS0tIGRUdzlrL1Q4d3NhMFlaVlF5alFx VnN0VExzTEdQNGplS05nVWsxZnNYdW8KLS0tIFVTdWYzbDA0R3FpbjhjVTU3ZnRw
T0RKZ0JRUzRQMUJ0bDFKVEhNV1cvSEkKEorAEa2nQqp1BtVfa4bj3dsKuhHAMPif ZHJTUXJQOUFmWEVjQ0ZHellVS2swVmsK4vyeriPn+OcSFQoaIjtErQBwDdOOBxdc
RsI8t6f3UhBrC59DklJbhqD4zmxzCNtqhwHxklh3ofRThqsAs8fuSg== sgYKQOuqjcbDC6T8AgeR1fKz6XY2aBf4NwRje4iqFLDEW/L3WQEiYQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZejZxUUNPVnFJeWpoWU1Q YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalA0a0tNQWNHVUlNVTVP
RVgySXoxTmtRQnhKRUh6K1E0dnhteTdxTlVBClBxOFlUby9pWG1vdWpjeUxYaUhn b1JONEpVSzhkK25qRE4zeFlnQmlCdzBPaFVJCnVHNklyNlVNc3lnN04yKzVWdHNy
VXdCTnl2Smt4K2VQOUlRYjhLcTlsVEEKLS0tIGZZb29iNlVmaStrdDVrelhsUDJK OG51Y2pEelVjN0pYSEg0Sk9iM3RtaVUKLS0tIGlXNnZBdGxCcGZDVGNJMGJiOXBB
R1dJcjF3TWM0R0NCVGhYN2ZNVWR1Uk0KGKPtGaT6MomJav2gyU7VbvFMxvVfEqJZ V1FQQ0o4UVhEbWtFMEtFcWpQR0c2aDQKduenww5ggqovBUmU1u3xGNABx4MevBk7
B8DhVtjfm3DpL/KjdljuGh74PBdiX7xPUTiD6e0KnboGU96/OzESgg== 939Mp8UtDPblCDBFi2SmxrrsFiQDOWVkz7llHTmLHYDPEejkVc8/sQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQSWs2TTV1RWR0Q0pVYW5X
ZGwxUVZqOVd5R1NnWlY3ODFyUWtGVE5jN1NFCmNMMUhUTXp1Z1dheHNFRExQbzQw
cW50MWFZay9RYkVSTytDeUgzMi9KSEEKLS0tIG9oZDdFM0EyaVd5RmZTenY3N1Ax
dlM4L0tCZWh5Ti9EUHNFWGJ0SVhodVEKfwBmqlondg8oulzrEg+AkgeDQ6CvkoS3
L+GWzo98ccpt/uE95vIuiywdTmpt7hjkJNrDh2euOvJXBdwexFW3tA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-02T22:09:06Z" lastmodified: "2024-06-02T22:09:06Z"
mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str]

7
services/incus/default.nix
View File

@ -1,7 +0,0 @@
{ pkgs, config, ... }:
{
virtualisation.incus = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ 8443 ];
}

8
services/ns/resolver.nix
View File

@ -31,13 +31,7 @@
forward-zone = { forward-zone = {
name = "."; name = ".";
forward-tls-upstream = "yes"; forward-tls-upstream = "yes";
# forward-addr = "1.1.1.1@853#cloudflare-dns.com"; forward-addr = "1.1.1.1@853#cloudflare-dns.com";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
];
}; };
}; };
}; };

4
services/ns/zones-home-2rjus-net.conf
View File

@ -1,7 +1,7 @@
$ORIGIN home.2rjus.net. $ORIGIN home.2rjus.net.
$TTL 1800 $TTL 1800
@ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. (
2037 ; serial number 2035 ; serial number
3600 ; refresh 3600 ; refresh
900 ; retry 900 ; retry
1209600 ; expire 1209600 ; expire
@ -45,8 +45,6 @@ sonarr IN A 10.69.12.54
bazarr IN A 10.69.12.55 bazarr IN A 10.69.12.55
mpnzb IN A 10.69.12.57 mpnzb IN A 10.69.12.57
pve1 IN A 10.69.12.75 pve1 IN A 10.69.12.75
inc1 IN A 10.69.12.80
inc2 IN A 10.69.12.81
; 13_SVC ; 13_SVC
ns1 IN A 10.69.13.5 ns1 IN A 10.69.13.5