From fb0d7fed9d8b7b6c1ffc798376c9a963137eb627 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 21 Nov 2024 11:13:13 -0600 Subject: [PATCH] isolate internal services to internal networks --- flake.lock | 189 ++++++++++-------- .../configuration/homebox/default.nix | 5 +- .../services/containers/traefik/default.nix | 2 +- 3 files changed, 114 insertions(+), 82 deletions(-) diff --git a/flake.lock b/flake.lock index 2dfe198..d71ebbf 100644 --- a/flake.lock +++ b/flake.lock @@ -158,11 +158,11 @@ ] }, "locked": { - "lastModified": 1722113426, - "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -191,11 +191,11 @@ ] }, "locked": { - "lastModified": 1732030699, - "narHash": "sha256-SBosboLvLqDv+7mNgRTIYDQbHE61rDDkXTJWiRX3PPo=", + "lastModified": 1732109232, + "narHash": "sha256-iYh6h8yueU8IyOfNclbiBG2+fBFcjjUfXm90ZBzk0c0=", "owner": "nix-community", "repo": "disko", - "rev": "da52cf40206d7d1a419d07640eb47b2fb9ac2c21", + "rev": "a0c384e0a3b8bcaed30a6bcf3783f8a7c8b35be4", "type": "github" }, "original": { @@ -229,11 +229,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732024923, - "narHash": "sha256-cLPsA9gUOWa2R3GI3JTS79JWjuczsEVONhECQXSq2Kw=", + "lastModified": 1732161788, + "narHash": "sha256-ilkOtBbv5onnMOYnLWVpBd6bZHP3xwzagccBk1mW/z4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e8342147922133c13bab28940e558a778add6539", + "rev": "3071fc96bc39e58df1c6d48e8008c96f09a00b42", "type": "gitlab" }, "original": { @@ -350,11 +350,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -372,11 +372,11 @@ ] }, "locked": { - "lastModified": 1727826117, - "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", "type": "github" }, "original": { @@ -423,11 +423,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -495,11 +495,11 @@ ] }, "locked": { - "lastModified": 1727805723, - "narHash": "sha256-b8flytpuc4Ey/g3mcvpS/ICORcD4h56QDZeP5LogevY=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "2f5ae3fc91db865eff2c5a418da85a0fbe6238a3", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -682,11 +682,11 @@ ] }, "locked": { - "lastModified": 1727383923, - "narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=", + "lastModified": 1731887066, + "narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffe2d07e771580a005e675108212597e5b367d2d", + "rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a", "type": "github" }, "original": { @@ -862,11 +862,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1731978971, - "narHash": "sha256-P9DXCxDvjFt4aMc2x67hvSpNvSqX18X840w6cEVZXoo=", + "lastModified": 1732100541, + "narHash": "sha256-vFeNbKUstvSZbe9TD4bDYozZd+A/bKD+fxCye+p/Mp8=", "ref": "refs/heads/main", - "rev": "67cee430061626ccd73dc6d30eed9db289053608", - "revCount": 5480, + "rev": "940f7aa990dbc99815bab8d355999d8277534b17", + "revCount": 5484, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -906,11 +906,11 @@ "xdph": "xdph_2" }, "locked": { - "lastModified": 1731978971, - "narHash": "sha256-P9DXCxDvjFt4aMc2x67hvSpNvSqX18X840w6cEVZXoo=", + "lastModified": 1732100541, + "narHash": "sha256-vFeNbKUstvSZbe9TD4bDYozZd+A/bKD+fxCye+p/Mp8=", "ref": "refs/heads/main", - "rev": "67cee430061626ccd73dc6d30eed9db289053608", - "revCount": 5480, + "rev": "940f7aa990dbc99815bab8d355999d8277534b17", + "revCount": 5484, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -1170,6 +1170,36 @@ "type": "github" } }, + "ixx_2": { + "inputs": { + "flake-utils": [ + "nixvim", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "nathan": { "inputs": { "home-manager": "home-manager_2", @@ -1180,11 +1210,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-Hripi5dnBGegbRPwCt1+a3oH6b1AQxEoJXodiLE8KKw=", - "path": "/nix/store/qvzx3zcff8jsbnqqwrzh62j3ay1lc06q-source/home-manager", + "path": "/nix/store/32h16ywb0xb37hvimz74apw471i7c7jq-source/home-manager", "type": "path" }, "original": { - "path": "/nix/store/qvzx3zcff8jsbnqqwrzh62j3ay1lc06q-source/home-manager", + "path": "/nix/store/32h16ywb0xb37hvimz74apw471i7c7jq-source/home-manager", "type": "path" } }, @@ -1221,11 +1251,11 @@ ] }, "locked": { - "lastModified": 1727707210, - "narHash": "sha256-8XZp5XO2FC6INZEZ2WlwErtvFVpl45ACn8CJ2hfTA0Y=", + "lastModified": 1731885500, + "narHash": "sha256-ZrztYfSOS33J+ewq5alBOSdnIyZ0/sr1iy7FyBe9zIg=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "f61d5f2051a387a15817007220e9fb3bbead57b3", + "rev": "c60b5c924c6188a0b3ca2e139ead3d0f92ae5db5", "type": "github" }, "original": { @@ -1264,14 +1294,14 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1727825735, - "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" } }, "nixpkgs-stable": { @@ -1308,11 +1338,11 @@ }, "nixpkgs-us": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -1324,11 +1354,11 @@ }, "nixpkgs-us_2": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -1340,11 +1370,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1727634051, - "narHash": "sha256-S5kVU7U82LfpEukbn/ihcyNt2+EvG7Z5unsKW9H/yFA=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "06cf0e1da4208d3766d898b7fdab6513366d45b9", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -1388,11 +1418,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -1484,11 +1514,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1727802920, - "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -1505,11 +1535,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1732051016, - "narHash": "sha256-hr03iyn0v1d84BrrOtaRyHXsK2/e2Hn43CNSF19Iy30=", + "lastModified": 1732083712, + "narHash": "sha256-z2dKLuUHnJ8tlsZf6l+z+vbnpnb8nYBVFgwjxu609+U=", "ref": "refs/heads/master", - "rev": "88d1c2b2565a9e571c99b24368afe6c3d7034758", - "revCount": 3, + "rev": "ee443227054f76f7d5177f7fe82bc58e3566760e", + "revCount": 4, "type": "git", "url": "file:///home/nathan/Projects/Nixvim" }, @@ -1577,11 +1607,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1727871072, - "narHash": "sha256-t+YLQwBB1soQnVjT6d7nQq4Tidaw7tpB8i6Zvpc+Zbs=", + "lastModified": 1732035679, + "narHash": "sha256-J03v1XnxvsrrvHmzKVBZiwik8678IXfkH1/ZR954ujk=", "owner": "nix-community", "repo": "nixvim", - "rev": "0ca98d02104f7f0a703787a7a080a570b7f1bedd", + "rev": "929bb0cd1cffb9917ab14be9cdb3f27efd6f505f", "type": "github" }, "original": { @@ -1619,6 +1649,7 @@ "nuschtosSearch_2": { "inputs": { "flake-utils": "flake-utils_3", + "ixx": "ixx_2", "nixpkgs": [ "nixvim", "nixvim", @@ -1626,11 +1657,11 @@ ] }, "locked": { - "lastModified": 1727599661, - "narHash": "sha256-0R+1ih0Rfqrz/lcduvpNSnUw3uthUHiaGh0aWPyIqeQ=", + "lastModified": 1731936508, + "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", "owner": "NuschtOS", "repo": "search", - "rev": "c3c3928b8de7d300c34e9d90fdc19febd1a32062", + "rev": "fe07070f811b717a4626d01fab714a87d422a9e1", "type": "github" }, "original": { @@ -1735,11 +1766,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-QahOuoQdXshu38W5uO7hLhG/yFkT7S2l8Dxicq0wdGk=", - "path": "/nix/store/4kp9n79sswz7mqh62clfn5hkgixw22b3-source/programs", + "path": "/nix/store/2k345pz1g04x3zhhqdh4pbn81zsaiijn-source/programs", "type": "path" }, "original": { - "path": "/nix/store/4kp9n79sswz7mqh62clfn5hkgixw22b3-source/programs", + "path": "/nix/store/2k345pz1g04x3zhhqdh4pbn81zsaiijn-source/programs", "type": "path" } }, @@ -1807,11 +1838,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", - "path": "/nix/store/4kp9n79sswz7mqh62clfn5hkgixw22b3-source/services/sddm", + "path": "/nix/store/2k345pz1g04x3zhhqdh4pbn81zsaiijn-source/services/sddm", "type": "path" }, "original": { - "path": "/nix/store/4kp9n79sswz7mqh62clfn5hkgixw22b3-source/services/sddm", + "path": "/nix/store/2k345pz1g04x3zhhqdh4pbn81zsaiijn-source/services/sddm", "type": "path" } }, @@ -1822,11 +1853,11 @@ ] }, "locked": { - "lastModified": 1731954233, - "narHash": "sha256-vvXx1m2Rsw7MkbKJdpcICzz4YPgZPApGKQGhNZfkhOI=", + "lastModified": 1732186149, + "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e39947d0ee8e341fa7108bd02a33cdfa24a1360e", + "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", "type": "github" }, "original": { @@ -1842,12 +1873,12 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-PNq6Er4IaETN1WUPJ9i7E/6qJnSdboETaLc9CqO0Pac=", - "path": "/nix/store/qvzx3zcff8jsbnqqwrzh62j3ay1lc06q-source/system-config", + "narHash": "sha256-VI/PphvaiElKATCFaBzInEqU7WnoCmItIy8wfzcD9U8=", + "path": "/nix/store/32h16ywb0xb37hvimz74apw471i7c7jq-source/system-config", "type": "path" }, "original": { - "path": "/nix/store/qvzx3zcff8jsbnqqwrzh62j3ay1lc06q-source/system-config", + "path": "/nix/store/32h16ywb0xb37hvimz74apw471i7c7jq-source/system-config", "type": "path" } }, @@ -1992,11 +2023,11 @@ ] }, "locked": { - "lastModified": 1727431250, - "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", + "lastModified": 1731944360, + "narHash": "sha256-sJxPh+V0vUkBhlA58ok/y0o96AtfqiEF0O8qsdolI6o=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", + "rev": "579b9a2fd0020cd9cd81a4ef4eab2dca4d20c94c", "type": "github" }, "original": { diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix index 8de995c..46a1909 100644 --- a/system-config/configuration/homebox/default.nix +++ b/system-config/configuration/homebox/default.nix @@ -90,7 +90,8 @@ hostName = "homebox"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; networkmanager.enable = true; - firewall.allowedTCPPorts = [ 22 80 443 9000 8080 6080 ]; + firewall.allowedTCPPorts = [ 22 80 443 ]; + firewall.interfaces."ve-traefik".allowedTCPPorts = [ 9000 8080 6080 ]; hosts = { "192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ]; }; @@ -254,7 +255,7 @@ "blunkall.us".enable = true; - pihole.enable = true; + pihole.enable = false; nextcloud.enable = true; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index f6753a4..9701312 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -229,7 +229,7 @@ pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ]; - novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080/vnc.html"; } ]; + novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ]; nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ]; };