Compare commits
10 commits
e37573d931
...
db1880f92a
| Author | SHA1 | Date | |
|---|---|---|---|
db1880f92a
|
|||
|
ce75fa7673
|
|||
|
af2418b16c
|
|||
|
47a274f72d
|
|||
|
4c3631c46e
|
|||
|
2bd4a29b1a
|
|||
|
f6087e49c3
|
|||
|
de54096f14
|
|||
|
7c79b16e22
|
|||
|
a62d16826e
|
10 changed files with 183 additions and 25 deletions
31
bin/addtovpn.sh
Executable file
31
bin/addtovpn.sh
Executable file
|
|
@ -0,0 +1,31 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
name=$1
|
||||
number=$2
|
||||
address="192.168.200.$number/32"
|
||||
|
||||
private=$(wg genkey)
|
||||
public=$(echo "$private" | wg pubkey)
|
||||
psk=$(wg genpsk)
|
||||
|
||||
cat << EOF > /tmp/$name.conf
|
||||
[Interface]
|
||||
Address = $address
|
||||
PrivateKey = $private
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = $(cat /etc/secrets/wireguard/public)
|
||||
PresharedKey = $psk
|
||||
Endpoint = vpn.inx.moe:51820
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
EOF
|
||||
|
||||
cat << EOF >> /tmp/wireguard-config.nix
|
||||
{
|
||||
name = "$name";
|
||||
publicKey = "$public";
|
||||
presharedKey = "$psk";
|
||||
allowedIPs = ip $number;
|
||||
}
|
||||
EOF
|
||||
38
flake.lock
generated
38
flake.lock
generated
|
|
@ -206,6 +206,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"copyparty": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1753651064,
|
||||
"narHash": "sha256-k405QhnJ0kpX2/EvBDX5SdWTbkhhQKHaRGwsLwiPPCk=",
|
||||
"owner": "9001",
|
||||
"repo": "copyparty",
|
||||
"rev": "d197e754b9691f9c4277278396b230c98c3bd228",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "9001",
|
||||
"repo": "copyparty",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"locked": {
|
||||
"lastModified": 1739936662,
|
||||
|
|
@ -710,11 +733,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1750906391,
|
||||
"narHash": "sha256-zLR0SM1oUewUpZL+WCF7IgtfxcXw7bRl+P285mkX9Ug=",
|
||||
"lastModified": 1752863484,
|
||||
"narHash": "sha256-0xUULcxlaxbqknWbGmMrTkvXizQqj2K+gJXEyRMh/dk=",
|
||||
"owner": "Infinidoge",
|
||||
"repo": "nix-minecraft",
|
||||
"rev": "e8575513ca4495e12073824ebd8bfc88c68ee011",
|
||||
"rev": "35ee5b4387265a0682eb0cd556c0345439c0145a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -854,11 +877,11 @@
|
|||
},
|
||||
"private": {
|
||||
"locked": {
|
||||
"lastModified": 1752168841,
|
||||
"narHash": "sha256-pgK70x5RQ7hD0s8j21TwdM7aNesdgqt0zbm6U1Ua098=",
|
||||
"lastModified": 1754018037,
|
||||
"narHash": "sha256-zG6wWTKBorCaFvD8X0jQV8R6JLuJ/NBEDTo2GAE7v1g=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "b8d3a313856a3eb41fdd4061f3d36f95168d123c",
|
||||
"revCount": 52,
|
||||
"rev": "31e2ac721e711ba2e8fe7af135beeaf3aac4ce23",
|
||||
"revCount": 60,
|
||||
"type": "git",
|
||||
"url": "ssh://git@github.com/Infinidoge/universe-private"
|
||||
},
|
||||
|
|
@ -961,6 +984,7 @@
|
|||
"authentik-nix": "authentik-nix",
|
||||
"blank": "blank",
|
||||
"conduwuit": "conduwuit",
|
||||
"copyparty": "copyparty",
|
||||
"devshell": "devshell",
|
||||
"disko": "disko",
|
||||
"drasl": "drasl",
|
||||
|
|
|
|||
|
|
@ -72,6 +72,9 @@
|
|||
## Authentik
|
||||
authentik-nix.url = "github:nix-community/authentik-nix";
|
||||
|
||||
# Misc
|
||||
copyparty.url = "github:9001/copyparty";
|
||||
|
||||
### Cleanup ###
|
||||
## Common
|
||||
blank.url = "github:divnix/blank";
|
||||
|
|
@ -100,6 +103,8 @@
|
|||
conduwuit.inputs.flake-compat.follows = "blank";
|
||||
conduwuit.inputs.flake-utils.follows = "flake-utils";
|
||||
conduwuit.inputs.nixpkgs.follows = "nixpkgs";
|
||||
copyparty.inputs.flake-utils.follows = "flake-utils";
|
||||
copyparty.inputs.nixpkgs.follows = "nixpkgs";
|
||||
devshell.inputs.nixpkgs.follows = "nixpkgs";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
drasl.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
@ -212,6 +217,7 @@
|
|||
|
||||
# --- Domain-Specific Overlays
|
||||
inputs.agenix.overlays.default
|
||||
inputs.copyparty.overlays.default
|
||||
inputs.nil.overlays.default
|
||||
inputs.nix-minecraft.overlay
|
||||
inputs.qtile.overlays.default
|
||||
|
|
@ -260,6 +266,7 @@
|
|||
inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
|
||||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||
inputs.drasl.nixosModules.drasl
|
||||
inputs.copyparty.nixosModules.default
|
||||
] ++ (self.lib.leaves ./modules);
|
||||
}) (self.lib.flattenLeaves ./hosts);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,20 +1,18 @@
|
|||
{
|
||||
config,
|
||||
common,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
domain = common.subdomain "matrix";
|
||||
cfg = config.services.conduwuit-vendor;
|
||||
cfg = config.services.matrix-continuwuity;
|
||||
host = "http://localhost:${toString cfg.settings.global.port}";
|
||||
in
|
||||
{
|
||||
persist.directories = [ "/var/lib/private/conduwuit" ];
|
||||
persist.directories = [ "/var/lib/private/continuwuity" ];
|
||||
|
||||
services.conduwuit-vendor = {
|
||||
services.matrix-continuwuity = {
|
||||
enable = true;
|
||||
package = inputs.conduwuit.packages.x86_64-linux.default;
|
||||
settings = {
|
||||
global = {
|
||||
allow_registration = false;
|
||||
78
hosts/Infini-DL360/copyparty.nix
Normal file
78
hosts/Infini-DL360/copyparty.nix
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
{
|
||||
common,
|
||||
config,
|
||||
private,
|
||||
...
|
||||
}:
|
||||
let
|
||||
authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass;
|
||||
in
|
||||
{
|
||||
services.copyparty = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
e2dsa = true;
|
||||
e2ts = true;
|
||||
ansi = true;
|
||||
|
||||
# OAuth2
|
||||
idp-h-usr = "X-authentik-username";
|
||||
idp-h-key = private.variables.copyparty-key;
|
||||
xff-src = "lan";
|
||||
|
||||
# BUG: These are not properly set in the copyparty module, as changing any settings removes them from default
|
||||
no-reload = true;
|
||||
hist = "/var/cache/copyparty";
|
||||
};
|
||||
|
||||
volumes = {
|
||||
"/" = {
|
||||
path = "/srv/web/files.inx.moe";
|
||||
access = {
|
||||
rh = "*";
|
||||
A = [ "infinidoge" ];
|
||||
};
|
||||
};
|
||||
"/p" = {
|
||||
path = "/srv/web/files.inx.moe/p";
|
||||
access = {
|
||||
h = "*";
|
||||
A = [ "infinidoge" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // {
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3923";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
auth_request /outpost.goauthentik.io/auth/nginx;
|
||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
|
||||
auth_request_set $authentik_username $upstream_http_x_authentik_username;
|
||||
proxy_set_header X-authentik-username $authentik_username;
|
||||
proxy_set_header ${private.variables.copyparty-key} "OK";
|
||||
'';
|
||||
};
|
||||
locations."/outpost.goauthentik.io" = {
|
||||
proxyPass = "${authentik_internal}/outpost.goauthentik.io";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
'';
|
||||
};
|
||||
locations."/oauth/authorize" = {
|
||||
extraConfig = ''
|
||||
add_header Set-Cookie $auth_cookie;
|
||||
return 302 /outpost.goauthentik.io/start?rd=/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -11,8 +11,10 @@
|
|||
./secrets
|
||||
|
||||
private.nixosModules.minecraft-servers
|
||||
private.nixosModules.wireguard
|
||||
./authentik.nix
|
||||
./conduwuit.nix
|
||||
./continuwuity.nix
|
||||
./copyparty.nix
|
||||
./drasl.nix
|
||||
./factorio.nix
|
||||
./forgejo.nix
|
||||
|
|
@ -35,6 +37,7 @@
|
|||
./torrenting.nix
|
||||
./vaultwarden.nix
|
||||
./web.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
|
|
|||
|
|
@ -23,6 +23,8 @@
|
|||
port = 9786;
|
||||
extraConfig = {
|
||||
reverseProxy = true;
|
||||
prefetch = true;
|
||||
fileUpload.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -91,15 +91,6 @@ in
|
|||
};
|
||||
locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
|
||||
};
|
||||
"files.inx.moe" = ssl-inx // {
|
||||
locations."/" = {
|
||||
root = "/srv/web/files.inx.moe";
|
||||
extraConfig = "autoindex on;";
|
||||
};
|
||||
locations."/p/" = {
|
||||
root = "/srv/web/files.inx.moe";
|
||||
};
|
||||
};
|
||||
"archive.inx.moe" = ssl-inx // {
|
||||
locations."/" = {
|
||||
root = "/srv/web/archive.inx.moe";
|
||||
|
|
|
|||
27
hosts/Infini-DL360/wireguard.nix
Normal file
27
hosts/Infini-DL360/wireguard.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
subnet = "192.168.200.0/24";
|
||||
in
|
||||
|
||||
{
|
||||
networking.wireguard.enable = true;
|
||||
|
||||
networking.nat.internalInterfaces = [ "wg0" ];
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg0 = {
|
||||
ips = [ "192.168.200.1/24" ];
|
||||
listenPort = 51820;
|
||||
|
||||
privateKeyFile = "/etc/secrets/wireguard/private";
|
||||
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
|
||||
'';
|
||||
postShutdown = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -51,9 +51,6 @@ in
|
|||
|
||||
services.xserver.displayManager = {
|
||||
lightdm.enable = true;
|
||||
setupCommands = ''
|
||||
${lib.getExe pkgs.autorandr} -c
|
||||
'';
|
||||
};
|
||||
|
||||
home-manager.sharedModules = [
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue