Update all to mycelium ips

2025-05-29 23:29:05 -04:00 · 2025-05-29 23:29:05 -04:00 · 48b55af695
commit 48b55af695
parent 200bf7e711
10 changed files with 40 additions and 29 deletions
--- a/hosts/kitty/filesystems/default.nix
+++ b/hosts/kitty/filesystems/default.nix
@ -1,6 +1,6 @@
 { config, ... }:
 {
-  fileSystems = {
+  fileSystems = with config.services.mycelium.ips; {
    "/persist/storage" = {
      device = "/dev/disk/by-uuid/edd3e293-1aff-4fc0-96fa-4e17d6cccfca";
      fsType = "btrfs";
@ -12,7 +12,7 @@
    # Network mounts
    "/home/${config.sysusers.main}/Network/Midas" = {
-      device = "11.0.0.1:/storage";
+      device = "[${midas}]:/storage";
      fsType = "nfs4";
      options = [
        "x-systemd.automount"
@ -21,7 +21,7 @@
      ];
    };
    "/home/${config.sysusers.main}/Network/Prophet" = {
-      device = "mx.nixfox.ca:/storage";
+      device = "[${prophet}]:/storage";;
      fsType = "nfs4";
      options = [
        "noauto"
--- a/hosts/midas/filesystems/default.nix
+++ b/hosts/midas/filesystems/default.nix
@ -1,6 +1,6 @@
-{ ... }:
+{ config, ... }:
 {
-  fileSystems = {
+  fileSystems = with config.services.mycelium.ips; {
    "/persist" = {
      device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325";
      fsType = "btrfs";
@ -11,7 +11,7 @@
      ];
    };
    "/kitty" = {
-      device = "11.0.0.2:/storage/bun";
+      device = "[${kitty}]:/storage/bun";
      fsType = "nfs4";
      options = [
        "noauto"
--- a/hosts/tower/filesystems/default.nix
+++ b/hosts/tower/filesystems/default.nix
@ -1,6 +1,6 @@
 { config, ... }:
 {
-  fileSystems = {
+  fileSystems = with config.services.mycelium.ips; {
    # Games and such
    "/mnt/Linux1" = {
      device = "/dev/disk/by-uuid/b2901f8c-ffda-4b88-bb63-a9ea0c96ccb4";
@ -40,7 +40,7 @@
    # Network mounts
    "/home/${config.sysusers.main}/Network/Midas" = {
-      device = "11.0.0.1:/storage";
+      device = "[${midas}]:/storage";
      fsType = "nfs4";
      options = [
        "noauto"
@ -49,7 +49,7 @@
      ];
    };
    "/home/${config.sysusers.main}/Network/Kitty" = {
-      device = "11.0.0.2:/storage/bun";
+      device = "[${kitty}]:/storage/bun";
      fsType = "nfs4";
      options = [
        "noauto"
@ -58,7 +58,7 @@
      ];
    };
    "/home/${config.sysusers.main}/Network/Prophet" = {
-      device = "mx.nixfox.ca:/storage";
+      device = "[${prophet}]:/storage";
      fsType = "nfs4";
      options = [
        "noauto"
--- a/modules/home/programs/terminal/ssh/default.nix
+++ b/modules/home/programs/terminal/ssh/default.nix
@ -4,22 +4,12 @@
    enable = true;
    addKeysToAgent = "yes";
    compression = true;
-    matchBlocks = with lib.hm.dag; {
+    matchBlocks = {
      # Personal servers
-      nixfox = {
+      tower.hostname = "577:84d1:b682:9ac3:b987:b78e:33d9:2060";
-        match = ''canonical host "*.nixfox.ca"'';
+      midas.hostname = "538:e163:87ba:f847:3646:18b6:6b01:d8f8";
-        user = config.home.username;
+      kitty.hostname = "2607:fea8:431d:cba5:37b6:92f8:5be:7c56";
-      };
+      prophet.hostname = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b";
      midas = {
        hostname = "sv.nixfox.ca";
      };
      kitty = {
        hostname = "sv.nixfox.ca";
        port = 2222;
      };
      prophet = {
        hostname = "mx.nixfox.ca";
      };
      # Misc
      seneca = {
--- a/modules/system/devices/networking/mycelium/default.nix
+++ b/modules/system/devices/networking/mycelium/default.nix
@ -1,5 +1,7 @@
 { ... }:
 {
  imports = [ ./ips ];
  services.mycelium = {
    enable = true;
    openFirewall = true;
--- a/modules/system/devices/networking/mycelium/ips/default.nix
+++ b/modules/system/devices/networking/mycelium/ips/default.nix
@ -0,0 +1,13 @@
 { config, lib, ... }:
 {
  options.services.mycelium.ips = lib.mkOption {
    type = lib.types.attrs;
  };
  config.services.mycelium.ips = {
    tower = "577:84d1:b682:9ac3:b987:b78e:33d9:2060";
    midas = "538:e163:87ba:f847:3646:18b6:6b01:d8f8";
    kitty = "2607:fea8:431d:cba5:37b6:92f8:5be:7c56";
    prophet = "42f:2737:2aed:4dee:cbe4:3c73:1918:ad9b";
  };
 }
--- a/modules/system/services/general/ssh/fail2ban/default.nix
+++ b/modules/system/services/general/ssh/fail2ban/default.nix
@ -4,7 +4,6 @@
    enable = true;
    maxretry = 5;
    bantime = "10m";
    ignoreIP = [ "11.0.0.0/8" ];
  };
  environment.persistence."/persist".directories = [ "/var/lib/fail2ban" ];
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@ -4,6 +4,8 @@
  config = lib.mkIf config.services.nfs.server.enable {
    services.nfs.server.exports = "/storage *(rw)";
-    networking.firewall.extraInputRules = "ip saddr { 10.0.0.0/8, 11.0.0.0/8, ${config.secrets.ips.bun} } tcp dport 2049 accept";
+    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
      ip6 saddr { ${tower}, ${midas}, ${kitty}, ${prophet} } tcp dport 2049 accept
    '';
  };
 }
--- a/modules/system/services/server/nginx/rtmp/default.nix
+++ b/modules/system/services/server/nginx/rtmp/default.nix
@ -23,7 +23,10 @@
        }
      '';
    };
-    networking.firewall.extraInputRules = "ip saddr { 11.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept";
+    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
      ip6 saddr ${tower} tcp dport 1935 accept
      ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept
    '';
    systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
  };
 }
--- a/modules/system/services/server/owncast/default.nix
+++ b/modules/system/services/server/owncast/default.nix
@ -7,7 +7,9 @@
      port = 8060;
      rtmp-port = 1945;
    };
-    networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 1945 accept";
+    networking.firewall.extraInputRules = ''
      ip6 saddr ${tower} tcp dport 1935 accept
    '';
    environment.persistence."/persist".directories = [ "/var/lib/owncast" ];
  };
 }