WIP: router: add configuration for second test router

WIP: router: add configuration for test router
WIP: router: mega modularization
2025-06-06 22:13:01 -07:00 · 2025-06-06 15:40:10 -07:00 · 2025-06-06 15:40:08 -07:00 · 2025-06-06 01:00:33 -07:00
11 changed files with 27 additions and 47 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752062782,
-        "narHash": "sha256-Dod77HcIByOyfGLEJOgRxg2Fmk2Y5lVgMEcN/xVEt/8=",
+        "lastModified": 1749178927,
+        "narHash": "sha256-bXcEx1aZUNm5hMLVJeuofcOrZyOiapzvQ7K36HYK3YQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "bec8ff39811568eb7c8c8d1e2a1a476326748f51",
+        "rev": "91287a0e9d42570754487b7e38c6697e15a9aab2",
        "type": "github"
      },
      "original": {
@ -43,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751903740,
-        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
+        "lastModified": 1747663185,
+        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
+        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
        "type": "github"
      },
      "original": {
@ -58,11 +58,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1751984180,
-        "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
+        "lastModified": 1748929857,
+        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
+        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -43,7 +43,6 @@
      modules = [
        secrix.nixosModules.default
        ./modules
-        ./modules/router
        ./hosts/common.nix
        hostFile
        ./users/cazzzer
--- a/hosts/Yura-PC/hardware-configuration.nix
+++ b/hosts/Yura-PC/hardware-configuration.nix
@ -18,11 +18,6 @@
      fsType = "zfs";
    };

-  fileSystems."/nix" =
-    { device = "zroot/data/nix";
-      fsType = "zfs";
-    };
-
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/970C-6A15";
      fsType = "vfat";
--- a/hosts/common-desktop.nix
+++ b/hosts/common-desktop.nix
@ -7,7 +7,7 @@
    "sysrq_always_enabled=1"
  ];

-  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_15;
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_14;
  boot.loader = {
    efi.canTouchEfiVariables = true;
    timeout = 3;
@ -24,9 +24,6 @@

  # Enable networking
  networking.networkmanager.enable = true;
-  networking.networkmanager.plugins = [
-    pkgs.networkmanager-openvpn
-  ];

  # Enable the X11 windowing system.
  # You can disable this if you're only using the Wayland session.
@ -110,7 +107,6 @@
    jq
    ldns
    mediainfo
-    powertop
    rbw
    restic
    resticprofile
--- a/hosts/router-1/default.nix
+++ b/hosts/router-1/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
+    ../../modules/router
    ../hw-vm.nix
  ];

--- a/hosts/router-2/default.nix
+++ b/hosts/router-2/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
+    ../../modules/router
    ../hw-vm.nix
  ];

--- a/hosts/router/default.nix
+++ b/hosts/router/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
+    ../../modules/router
    ./hardware-configuration.nix
    ./private.nix
  ];
--- a/modules/router/default.nix
+++ b/modules/router/default.nix
@ -76,7 +76,6 @@ in
    starship
    tealdeer
    transcrypt
-    wakeonlan
    waypipe
    whois
    wireguard-tools
--- a/modules/router/dns.nix
+++ b/modules/router/dns.nix
@ -80,14 +80,11 @@ in
      "|etappi.${sysdomain}^$dnsrewrite=${ifs.lan.p4}.12"
      "|etappi.${sysdomain}^$dnsrewrite=${ifs.lan.ulaPrefix}::12:1"

-      "|hass.${domain}^$dnsrewrite=${ifs.lan.ulaAddr}"
-
      # Lab DNS rewrites
      "||lab.${domain}^$dnsrewrite=etappi.${sysdomain}"

      # Allowed exceptions
      "@@||googleads.g.doubleclick.net"
-      "@@||stats.grafana.org"
    ]
      # Alpina DNS rewrites
      ++ map (host: "${host}${domain}^$dnsrewrite=debbi.${sysdomain}") alpinaDomains;
--- a/modules/router/services.nix
+++ b/modules/router/services.nix
@ -58,36 +58,27 @@ in
    enable = true;
    package = pkgs.caddy.withPlugins {
      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
-      hash = "sha256-2D7dnG50CwtCho+U+iHmSj2w14zllQXPjmTHr6lJZ/A=";
+      hash = "sha256-Gsuo+ripJSgKSYOM9/yl6Kt/6BFCA6BuTDvPdteinAI=";
    };
-    virtualHosts."*.${domain}".extraConfig = ''
+    virtualHosts."grouter.${domain}".extraConfig = ''
      encode
      tls {
          dns cloudflare {env.CF_API_KEY}
          resolvers 1.1.1.1
      }
-
-      @grouter host grouter.${domain}
-      handle @grouter {
-          @grafana path /grafana /grafana/*
-          handle @grafana {
-              reverse_proxy localhost:${toString config.services.grafana.settings.server.http_port}
-          }
-          redir /adghome /adghome/
-          handle_path /adghome/* {
-              reverse_proxy localhost:${toString config.services.adguardhome.port}
-              basic_auth {
-                  Bob $2a$14$HsWmmzQTN68K3vwiRAfiUuqIjKoXEXaj9TOLUtG2mO1vFpdovmyBy
-              }
-          }
-          handle /* {
-              reverse_proxy localhost:${toString config.services.glance.settings.server.port}
+      @grafana path /grafana /grafana/*
+      handle @grafana {
+          reverse_proxy localhost:${toString config.services.grafana.settings.server.http_port}
+      }
+      redir /adghome /adghome/
+      handle_path /adghome/* {
+          reverse_proxy localhost:${toString config.services.adguardhome.port}
+          basic_auth {
+              Bob $2a$14$HsWmmzQTN68K3vwiRAfiUuqIjKoXEXaj9TOLUtG2mO1vFpdovmyBy
          }
      }
-
-      @hass host hass.${domain}
-      handle @hass {
-          reverse_proxy homeassistant.4.lab.l.cazzzer.com:8123
+      handle /* {
+          reverse_proxy localhost:${toString config.services.glance.settings.server.port}
      }
    '';
  };
--- a/users/cazzzer/default.nix
+++ b/users/cazzzer/default.nix
@ -5,7 +5,7 @@
    isNormalUser = true;
    description = "Yura";
    group = "cazzzer";
-    extraGroups = [ "wheel" "dialout" ]
+    extraGroups = [ "wheel" ]
      ++ lib.optionals config.networking.networkmanager.enable [ "networkmanager" ]
      ++ lib.optionals config.virtualisation.docker.enable [ "docker" ]
      ++ lib.optionals config.programs.wireshark.enable [ "wireshark" ]
Author	SHA1	Message	Date
Yuri Tatishchev	e8942db826	WIP: router: add configuration for second test router	2025-06-06 22:13:01 -07:00
Yuri Tatishchev	5e30a440e7	WIP: router: add configuration for test router	2025-06-06 15:40:10 -07:00
Yuri Tatishchev	67292bbbc1	WIP: router: mega modularization	2025-06-06 15:40:08 -07:00
Yuri Tatishchev	94a8d00b28	router: enable xfce desktop for debugging	2025-06-06 01:00:33 -07:00