diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index 213dd15..ee456fc 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@v4 name: Checkout repository - name: Attic login - run: attic login nixfleet http://10.100.0.1:8081 ${{secrets.ATTIC_NIXFLEET_TOKEN}} + run: attic login nixfleet http://sisko.wg.aciceri.dev:8081 ${{secrets.ATTIC_NIXFLEET_TOKEN}} - name: Build with nix run: nix-fast-build --no-nom --systems "x86_64-linux aarch64-linux" --attic-cache "nixfleet" --skip-cached --result-file result.json || true - name: Report checks diff --git a/flake.lock b/flake.lock index d261e83..fe760a5 100644 --- a/flake.lock +++ b/flake.lock @@ -26,11 +26,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1741914590, - "narHash": "sha256-R8Bxh/AMD6nvmQrC43DkUkuwDmTWlyvNAzJ0Riq5w5U=", + "lastModified": 1742098205, + "narHash": "sha256-gCkVTohFTyq/Pi3dlUhv1uA5Kqbalf45nLmUDRluULE=", "owner": "catppuccin", "repo": "nix", - "rev": "1e3fe44bc13809f62c2ef0aa864a304a6c8ebea4", + "rev": "d84df59c7aa29cebaff9f190d19c24e7ddacd773", "type": "github" }, "original": { @@ -122,11 +122,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1741945480, - "narHash": "sha256-D80QGijmeVxm/4fJVd53dP8MHCLcn+JjtgniaGKIXvg=", + "lastModified": 1742113225, + "narHash": "sha256-tUor57FbLwwy+duUbjq8Ff0TyayK1i50rUbXBfdgfuM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "5d6c484290f0754ce745ea6f7e2b7d037bdc7b76", + "rev": "7e13aa507d714371e6ff70a91d76dcb339311773", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1741379162, - "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", + "lastModified": 1742058297, + "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", + "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", "type": "github" }, "original": { @@ -464,11 +464,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1741957871, - "narHash": "sha256-BSim3favVai9y7eMaFWNNDbIJ0mdRp5TMcJvHWdjC1s=", + "lastModified": 1742087036, + "narHash": "sha256-oiVgpmK9bZe7lvf7JRc7jAW4fotEuW9d/3e9LJMk8mU=", "ref": "refs/heads/main", - "rev": "af15a446ea88a2244e3c5a50eab776c33ab3bd80", - "revCount": 17649, + "rev": "29732f19a2a9e0d9e7a5bad953c4fad6f719c50e", + "revCount": 17654, "type": "git", "url": "https://git@git.lix.systems/lix-project/lix" }, @@ -663,11 +663,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1741246872, - "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", + "lastModified": 1741851582, + "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", + "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", "type": "github" }, "original": { diff --git a/hmModules/niri/default.nix b/hmModules/niri/default.nix index 8e0baf1..528f7e1 100644 --- a/hmModules/niri/default.nix +++ b/hmModules/niri/default.nix @@ -14,8 +14,8 @@ let cols = "150"; }; floating-btop = { - rows = "210"; - cols = "60"; + rows = "60"; + cols = "210"; }; }; kirk = { @@ -38,7 +38,7 @@ let run-floating-btop = with niriVars.floating-btop; pkgs.writeScriptBin "run-floating-btop" '' - foot --title='bTop' -W ${rows}x${cols} btop + foot --title='bTop' -W ${cols}x${rows} btop ''; in { diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix index 1d68741..17ac2bb 100644 --- a/hmModules/shell/default.nix +++ b/hmModules/shell/default.nix @@ -64,7 +64,7 @@ }; auto_sync = true; sync_frequency = "5m"; - sync_address = "http://sisko.fleet:8889"; + sync_address = "http://sisko.wg.aciceri.dev:8889"; search_mode = "fuzzy"; style = "compact"; }; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 3d5293b..9b9df03 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -32,6 +32,7 @@ "matrix" "radarr" "zerotier" + "mosh" ] ++ [ ./disko.nix diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index 5538150..c0f7bff 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -11,6 +11,7 @@ "photos.aciceri.dev" "jelly.aciceri.dev" "matrix.aciceri.dev" + "vpn.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index 9da252d..086e8e7 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -80,7 +80,6 @@ in time_zone = "Europe/Rome"; temperature_unit = "C"; external_url = "https://home.aciceri.dev"; - internal_url = "http://rock5b.fleet:8123"; }; logger.default = "WARNING"; wake_on_lan = { }; @@ -89,7 +88,7 @@ in name = "Picard"; platform = "wake_on_lan"; mac = "74:56:3c:37:17:bd"; # this shouldn't be public - host = "picard.fleet"; + host = "picard.wg.aciceri.dev"; turn_off.service = "shell_command.turn_off_picard"; } ]; diff --git a/modules/mount-sisko/default.nix b/modules/mount-sisko/default.nix index cd9d1d0..5233772 100644 --- a/modules/mount-sisko/default.nix +++ b/modules/mount-sisko/default.nix @@ -16,7 +16,7 @@ }; fileSystems."/mnt/nas" = { - device = "sisko.fleet:/hd"; + device = "sisko.wg.aciceri.dev:/hd"; fsType = "nfs"; options = [ "x-systemd.automount" diff --git a/modules/nginx-base/default.nix b/modules/nginx-base/default.nix index f201630..5068162 100644 --- a/modules/nginx-base/default.nix +++ b/modules/nginx-base/default.nix @@ -12,7 +12,6 @@ "*.sisko.wg.aciceri.dev" ]; dnsProvider = "cloudflare"; - # dnsResolver = "1.1.1.1:53"; dnsPropagationCheck = true; group = config.services.nginx.group; environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path; diff --git a/modules/nix/default.nix b/modules/nix/default.nix index c6edb78..1b2258d 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -81,7 +81,7 @@ distributedBuilds = true; buildMachines = lib.lists.optional (config.networking.hostName == "picard") { - hostName = "sisko.fleet"; + hostName = "sisko.wg.aciceri.dev"; system = "aarch64-linux"; maxJobs = 7; supportedFeatures = [ diff --git a/modules/prometheus/default.nix b/modules/prometheus/default.nix index 382d4e8..5636fe6 100644 --- a/modules/prometheus/default.nix +++ b/modules/prometheus/default.nix @@ -8,11 +8,11 @@ in pushgateway = { enable = true; web = { - listen-address = "sisko.fleet:9094"; + listen-address = "sisko.wg.aciceri.dev:9094"; }; }; checkConfig = false; # Otherwise it will fail because it cannot access bearer_token_file - webExternalUrl = "https://status.aciceri.dev"; + webExternalUrl = "https://status.wg.aciceri.dev"; globalConfig.scrape_interval = "10s"; scrapeConfigs = [ { @@ -22,7 +22,7 @@ in static_configs = [ { targets = [ - "sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}" + "sisko.wg.aciceri.dev:${builtins.toString config.services.home-assistant.config.http.server_port}" ]; } ]; @@ -39,7 +39,7 @@ in job_name = "node"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9100") [ + targets = builtins.map (host: "${host}.wg.aciceri.dev:9100") [ "sisko" "picard" "kirk" @@ -51,7 +51,7 @@ in job_name = "wireguard"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9586") [ + targets = builtins.map (host: "${host}.wg.aciceri.dev:9586") [ "picard" "kirk" ]; @@ -62,7 +62,7 @@ in job_name = "zfs"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9134") [ + targets = builtins.map (host: "${host}.wg.aciceri.dev:9134") [ "picard" "kirk" ]; @@ -73,7 +73,7 @@ in job_name = "restic"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9753") [ "sisko" ]; + targets = builtins.map (host: "${host}.wg.aciceri.dev:9753") [ "sisko" ]; } ]; } @@ -81,7 +81,7 @@ in job_name = "postgres"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9187") [ "sisko" ]; + targets = builtins.map (host: "${host}.wg.aciceri.dev:9187") [ "sisko" ]; } ]; } @@ -89,7 +89,7 @@ in job_name = "nginx"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9117") [ "sisko" ]; + targets = builtins.map (host: "${host}.wg.aciceri.dev:9117") [ "sisko" ]; } ]; } @@ -97,7 +97,7 @@ in job_name = "smartctl"; static_configs = [ { - targets = builtins.map (host: "${host}.fleet:9633") [ + targets = builtins.map (host: "${host}.wg.aciceri.dev:9633") [ "sisko" "kirk" "picard" diff --git a/modules/promtail/default.nix b/modules/promtail/default.nix index f2ab2ef..e86afeb 100644 --- a/modules/promtail/default.nix +++ b/modules/promtail/default.nix @@ -12,7 +12,7 @@ let }; clients = [ { - url = "http://sisko.fleet:${ + url = "http://sisko.wg.aciceri.dev:${ builtins.toString config.services.loki.configuration.server.http_listen_port or 3100 }/loki/api/v1/push"; } diff --git a/modules/syncthing/default.nix b/modules/syncthing/default.nix index 2b2d607..4dacf98 100644 --- a/modules/syncthing/default.nix +++ b/modules/syncthing/default.nix @@ -3,7 +3,7 @@ services = { syncthing = { enable = true; - guiAddress = "${config.networking.hostName}.fleet:8434"; + guiAddress = "${config.networking.hostName}.wg.aciceri.dev:8434"; # TODO Use the home-manager module instead of the following conditions user = if config.networking.hostName == "sisko" then "syncthing" else "ccr"; dataDir = if config.networking.hostName == "sisko" then "/mnt/hd/syncthing" else "/home/ccr"; @@ -16,25 +16,25 @@ picard = { id = "XKSCJ46-EM6GIZ7-6ABQTZZ-ZRVWVFM-MJ3QNVG-F5EWHY5-ZUNYVSL-DA77YAG"; addresses = [ - "tcp://picard.fleet" + "tcp://picard.wg.aciceri.dev" ]; }; sisko = { id = "QE6V7PR-VHMAHHS-GHD4ZI3-IBB7FEM-M6EQZBX-YFCWDAK-YCYL6VO-NNRMXQK"; addresses = [ - "tcp://sisko.fleet" + "tcp://sisko.wg.aciceri.dev" ]; }; kirk = { id = "OVPXSCE-XFKCBJ2-A4SKJRI-DYBZ6CV-U2OFNA2-ALHOPW5-PPMHOIQ-5TG2HAJ"; addresses = [ - "tcp://kirk.fleet" + "tcp://kirk.wg.aciceri.dev" ]; }; oneplus8t = { id = "KMB2YRF-DGTWU24-SLITU23-5TN7BMQ-6PFAQQZ-CZ7J2QL-PIGVBTU-VRFRMQV"; addresses = [ - "tcp://oneplus8t.fleet" + "tcp://oneplus8t.wg.aciceri.dev" ]; }; }; diff --git a/modules/wireguard-common/default.nix b/modules/wireguard-common/default.nix index ad50ad8..e67cf81 100644 --- a/modules/wireguard-common/default.nix +++ b/modules/wireguard-common/default.nix @@ -24,9 +24,4 @@ privateKeyFile = config.age.secrets."${config.networking.hostName}-wireguard-private-key".path; listenPort = 51820; }; - - networking.hosts = lib.mapAttrs' (hostname: vpnConfig: { - name = vpnConfig.ip; - value = [ "${hostname}.fleet" ]; - }) vpn; } diff --git a/modules/zerotier/default.nix b/modules/zerotier/default.nix index febcee3..0b5a552 100644 --- a/modules/zerotier/default.nix +++ b/modules/zerotier/default.nix @@ -1,6 +1,16 @@ +{ config, lib, ... }: { services.zerotierone = { enable = true; joinNetworks = [ "632ea29085af0cb4" ]; }; + environment = + if (config.networking.hostName == "sisko") then + { + persistence."/persist".directories = [ + "/var/lib/zerotier-one" + ]; + } + else + { }; } diff --git a/packages/deploy/deploy.sh b/packages/deploy/deploy.sh index 9e9715b..8823453 100644 --- a/packages/deploy/deploy.sh +++ b/packages/deploy/deploy.sh @@ -2,8 +2,8 @@ host=${1-picard} nixos-rebuild switch \ --flake ".#${host}" \ - --target-host "root@${host}.fleet" \ - --build-host "root@${host}.fleet" \ + --target-host "root@${host}.wg.aciceri.dev" \ + --build-host "root@${host}.wg.aciceri.dev" \ --option warn-dirty false \ --fast \ "${@:2}"