move authentik and headscale to home-hypervisor

2025-03-01 13:59:48 +03:00 · 2025-03-01 13:59:48 +03:00 · 42ee920ebc
commit 42ee920ebc
parent 92ff7bbdc2
3 changed files with 135 additions and 5 deletions
--- a/machines/Home-Hypervisor/default.nix
+++ b/machines/Home-Hypervisor/default.nix
@ -21,7 +21,7 @@
    customProfiles.acme
    # customProfiles.attic
    # customProfiles.atticd
-    # customProfiles.authentik
+    customProfiles.authentik
    # customProfiles.battery-historian
    customProfiles.coturn
    # customProfiles.fail2ban
@ -53,9 +53,9 @@
    #   inherit (import ./dns-mapping.nix) dnsmasq-list;
    # })

-    # (import customProfiles.headscale {
-    #   inherit (import ./dns-mapping.nix) headscale-list;
-    # })
+    (import customProfiles.headscale {
+      inherit (import ./dns-mapping.nix) headscale-list;
+    })
  ];
  security.lockKernelModules = lib.mkForce false;

--- a/machines/Home-Hypervisor/dns-mapping.nix
+++ b/machines/Home-Hypervisor/dns-mapping.nix
@ -0,0 +1,101 @@
+{
+  headscale-list = [
+    { name = "ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    # { name = "auth.ataraxiadev.com"; type = "A"; value = "100.64.0.100"; }
+    { name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "net.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "vault.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+
+    { name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    # { name = "auth.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::100"; }
+    { name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "net.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "vault.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+  ];
+  dnsmasq-list = [
+    "/api.ataraxiadev.com/10.10.10.10"
+    "/cache.ataraxiadev.com/10.10.10.10"
+    "/cal.ataraxiadev.com/10.10.10.10"
+    "/code.ataraxiadev.com/10.10.10.10"
+    "/docs.ataraxiadev.com/10.10.10.10"
+    "/element.ataraxiadev.com/10.10.10.10"
+    "/file.ataraxiadev.com/10.10.10.10"
+    "/home.ataraxiadev.com/10.10.10.10"
+    "/jackett.ataraxiadev.com/10.10.10.10"
+    "/jellyfin.ataraxiadev.com/10.10.10.10"
+    "/joplin.ataraxiadev.com/10.10.10.10"
+    "/kavita.ataraxiadev.com/10.10.10.10"
+    "/ldap.ataraxiadev.com/10.10.10.10"
+    "/lib.ataraxiadev.com/10.10.10.10"
+    "/matrix.ataraxiadev.com/10.10.10.10"
+    "/medusa.ataraxiadev.com/10.10.10.10"
+    "/net.ataraxiadev.com/10.10.10.10"
+    "/openbooks.ataraxiadev.com/10.10.10.10"
+    "/pdf.ataraxiadev.com/10.10.10.10"
+    "/qbit.ataraxiadev.com/10.10.10.10"
+    "/radarr.ataraxiadev.com/10.10.10.10"
+    "/restic.ataraxiadev.com/10.10.10.10"
+    "/s3.ataraxiadev.com/10.10.10.10"
+    "/sonarr.ataraxiadev.com/10.10.10.10"
+    "/stats.ataraxiadev.com/10.10.10.10"
+    "/tools.ataraxiadev.com/10.10.10.10"
+    "/turn.ataraxiadev.com/10.10.10.10"
+    "/vault.ataraxiadev.com/10.10.10.10"
+    "/vw.ataraxiadev.com/10.10.10.10"
+    "/wiki.ataraxiadev.com/10.10.10.10"
+  ];
+}
--- a/machines/Home-Hypervisor/nginx.nix
+++ b/machines/Home-Hypervisor/nginx.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
  services.nginx = {
    enable = true;
@ -88,6 +88,35 @@
          proxyPass = "http://127.0.0.1:9510/hooks";
        };
      } // default;
+      "auth.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9000";
+          proxyWebsockets = true;
+          extraConfig = proxySettings;
+        };
+      } // default;
+      "wg.ataraxiadev.com" = {
+        locations."/headscale." = {
+          extraConfig = ''
+            grpc_pass grpc://${config.services.headscale.settings.grpc_listen_addr};
+          '';
+          priority = 1;
+        };
+        locations."/metrics" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
+          extraConfig = ''
+            allow 100.64.0.0/16;
+            allow 10.10.10.0/24;
+            deny all;
+          '';
+          priority = 2;
+        };
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
+          proxyWebsockets = true;
+          priority = 3;
+        };
+      } // default;
      "cal.ataraxiadev.com" = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:5232";