toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revise networking, proxy, and DNS configs for *ryot.foo zone

Browse source 
- Remove static host mappings from networking config
- Add reverse proxy settings for multiple subdomains
- Introduce DNSMASQ configuration with custom DNS records and firewall rules
- Update firewall UDP port settings and system stateVersion
This commit is contained in:
Chris Toph 2025-06-11 02:52:33 -04:00
parent 67195fcfb6
commit 8999806111
4 changed files with 119 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
hosts/global/core/networking.nix
View file

@ -12,16 +12,5 @@
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
useHostResolvConf = false; useHostResolvConf = false;
usePredictableInterfaceNames = true; usePredictableInterfaceNames = true;
hosts = {
"104.40.3.1" = [ "opn" ];
"104.40.3.3" = [ "pve" ];
"104.40.3.24" = [ "cloud" ];
"104.40.3.34" = [ "proxy" ];
"104.40.3.44" = [ "komodo" ];
"104.40.3.54" = [ "nix" ];
"104.40.4.1" = [ "opn" ];
"104.40.4.7" = [ "rune" ];
};
}; };
} }

52
hosts/nixos/proxy/config/caddy.nix
View file

@ -8,6 +8,58 @@
reverse_proxy localhost:14333 reverse_proxy localhost:14333
''; '';
}; };
## openWRT ##
"wrt.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.3.1 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
## PROXMOX NODES ##
"ochre.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy https://104.40.3.2:8006 {
transport http {
tls_insecure_skip_verify
# optional: tls_server_name 104.40.3.2
}
# ensure Proxmox sees the right Host
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"pve.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy https://104.40.3.3:8006 {
transport http {
tls_insecure_skip_verify
# optional: tls_server_name 104.40.3.3
}
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
}; };
}; };
} }

65
hosts/nixos/proxy/config/dnsmasq.nix Normal file
View file

@ -0,0 +1,65 @@
{
services.dnsmasq = {
enable = true;
settings = {
# Listen on eth0 for external clients and lo for local host
interface = [
"eth0"
"lo"
];
no-hosts = true;
no-resolv = true;
server = [
"104.40.3.1" # Query openWRT first for non-ryot.foo domains
"1.1.1.1" # Fallback public DNS
"1.0.0.1" # Fallback public DNS
"8.8.8.8" # Fallback public DNS
];
address = [
## CLOUD ##
"/drive.ryot.foo/104.40.3.24"
## PROXY ##
"/cloudflared.ryot.foo/104.40.3.34"
"/ochre.ryot.foo/104.40.3.34"
"/pve.ryot.foo/104.40.3.34"
"/wrt.ryot.foo/104.40.3.34"
## KOMO ##
"/auth.ryot.foo/104.40.3.44"
"/frp.ryot.foo/104.40.3.44"
"/git.ryot.foo/104.40.3.44"
"/grafana.ryot.foo/104.40.3.44"
"/home.ryot.foo/104.40.3.44"
"/influx.ryot.foo/104.40.3.44"
"/komodo.ryot.foo/104.40.3.44"
"/mail.ryot.foo/104.40.3.44"
"/map.ryot.foo/104.40.3.44"
"/outline.ryot.foo/104.40.3.44"
"/plane.ryot.foo/104.40.3.44"
## SOCK ##
"/upsnap.ryot.foo/104.40.3.54"
"/sock.ryot.foo/104.40.3.54"
];
cache-size = 1000;
# Log queries for debugging (optional)'
# log-queries = true;
};
};
networking = {
# Open DNS port in firewall
firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
};
}

3
hosts/nixos/proxy/default.nix
View file

@ -52,6 +52,7 @@ in
networking = { networking = {
enableIPv6 = false; enableIPv6 = false;
firewall.allowedTCPPorts = firewall.allowedTCPPorts; firewall.allowedTCPPorts = firewall.allowedTCPPorts;
firewall.allowedUDPPorts = firewall.allowedUDPPorts;
}; };
## System-wide packages ## ## System-wide packages ##
@ -67,5 +68,5 @@ in
}; };
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11"; system.stateVersion = "25.05";
} }