From 4a1f06e020c2cc36ed4baa51c07cea7e92bd1266 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 11:02:42 +0200 Subject: [PATCH 1/6] update router config --- router.nix | 68 +++++++++--------------------------------------------- 1 file changed, 11 insertions(+), 57 deletions(-) diff --git a/router.nix b/router.nix index c676be2..d05493d 100644 --- a/router.nix +++ b/router.nix @@ -101,8 +101,10 @@ } ]; "/ip dns" = { - "allow-remote-requests" = "yes"; - servers = "1.1.1.1,1.0.0.1"; + no_label = { + allow-remote-requests = "yes"; + servers = "1.1.1.1,1.0.0.1"; + }; }; "/ip dns static" = [ { @@ -112,67 +114,19 @@ ]; "/ip firewall filter" = [ { - action = "accept"; - chain = "input"; - comment = "defconf: accept established,related,untracked"; - "connection-state" = "established,related,untracked"; - } - { - action = "drop"; - chain = "input"; - comment = "defconf: drop invalid"; - "connection-state" = "invalid"; + address = "10.10.10.10-10.10.10.10.254"; + list = "allowed_to_router"; + } + { + action = "accept"; + chain = "input"; + src-address-list = "allowed_to_router"; } { action = "accept"; chain = "input"; - comment = "defconf: accept ICMP"; protocol = "icmp"; } - { - action = "drop"; - chain = "input"; - comment = "defconf: drop all not coming from LAN"; - "in-interface-list" = "!LAN"; - } - { - action = "accept"; - chain = "forward"; - comment = "defconf: accept in ipsec policy"; - "ipsec-policy" = "in,ipsec"; - } - { - action = "accept"; - chain = "forward"; - comment = "defconf: accept out ipsec policy"; - "ipsec-policy" = "out,ipsec"; - } - { - action = "fasttrack-connection"; - chain = "forward"; - comment = "defconf: fasttrack"; - "connection-state" = "established,related"; - } - { - action = "accept"; - chain = "forward"; - comment = "defconf: accept established,related, untracked"; - "connection-state" = "established,related,untracked"; - } - { - action = "drop"; - chain = "forward"; - comment = "defconf: drop invalid"; - "connection-state" = "invalid"; - } - { - action = "drop"; - chain = "forward"; - comment = "defconf: drop all from WAN not DSTNATed"; - "connection-nat-state" = "!dstnat"; - "connection-state" = "new"; - "in-interface-list" = "WAN"; - } ]; "/ip firewall nat" = [ { From 9362c99b0118d76a279e69b65545f7904cee4bdb Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 11:09:54 +0200 Subject: [PATCH 2/6] fix for router --- router.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/router.nix b/router.nix index d05493d..732c54b 100644 --- a/router.nix +++ b/router.nix @@ -112,7 +112,7 @@ name = "router.lan"; } ]; - "/ip firewall filter" = [ + "/ip firewall address-list" = [ { address = "10.10.10.10-10.10.10.10.254"; list = "allowed_to_router"; From 5e5f0bcee313c29dbb791ee1acf57081d586079f Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 12:00:52 +0200 Subject: [PATCH 3/6] router fix error --- router.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/router.nix b/router.nix index 732c54b..ba266cb 100644 --- a/router.nix +++ b/router.nix @@ -1,4 +1,5 @@ { + # Resret router with /system reset-configuration keep-users no-defaults run-after-reset=router-config.rsc "/interface bridge" = [ { auto-mac = "no"; @@ -117,6 +118,8 @@ address = "10.10.10.10-10.10.10.10.254"; list = "allowed_to_router"; } + ]; + "/ip firewall filter" = [ { action = "accept"; chain = "input"; From b78fdc155998485c04e5a7f32550211f741da320 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 12:02:01 +0200 Subject: [PATCH 4/6] add some more web services --- systems/mio-mio-mate/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/systems/mio-mio-mate/default.nix b/systems/mio-mio-mate/default.nix index 0c51bc5..43e70a6 100644 --- a/systems/mio-mio-mate/default.nix +++ b/systems/mio-mio-mate/default.nix @@ -49,6 +49,13 @@ services.nginx = { enable = true; + virtualHosts = { + "manga.it3" = { + locations."/" = { + proxyPass = "http://localhost:8080/"; + }; + }; + }; }; services.dnsmasq = { @@ -72,4 +79,27 @@ nginx.hostName = "wiki.it3"; passwordFile = "${../../init/mediawiki}"; }; + + services.suwayomi-server = { + enable = true; + settings = { + server = { + systemTrayEnabled = true; + extensionRepos = [ + "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json" + ]; + webUIEnabled = true; + initialOpenInBrowserEnabled = true; + webUIInterface = "browser"; + webUIFlavor = "WebUI"; + }; + }; + }; + + services.freshrss = { + enable = true; + virtualHost = "rss.it3"; + authType = "none"; + baseUrl = "http://rss.it3"; + }; } From 5d64e0d03218870c54f536f6b7af967f4cf08960 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 12:09:13 +0200 Subject: [PATCH 5/6] auto generate hostnames for webserver --- common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.nix b/common.nix index d34e31e..a354948 100644 --- a/common.nix +++ b/common.nix @@ -87,7 +87,7 @@ }; networking.hosts = { - "192.168.88.251" = [ "wiki.it3" ]; + "192.168.88.251" = builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts; "192.168.88.1" = [ "router" ]; }; From 7e35ac6d436731920b35894e1935bea125a37897 Mon Sep 17 00:00:00 2001 From: jopejoe1 Date: Wed, 1 May 2024 12:10:46 +0200 Subject: [PATCH 6/6] enable autoupdates --- common.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common.nix b/common.nix index a354948..6bdd6ec 100644 --- a/common.nix +++ b/common.nix @@ -81,8 +81,8 @@ systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000; system.autoUpgrade = { - enable = false; - dates = "minutely"; + enable = true; + dates = "hourly"; flake = "git+https://git.missing.ninja/lf3/server-conf.git"; };