move authentik and headscale to home-hypervisor

machines/Home-Hypervisor/default.nix

@@ -21,7 +21,7 @@
     customProfiles.acme
     # customProfiles.attic
     # customProfiles.atticd
-    # customProfiles.authentik
+    customProfiles.authentik
     # customProfiles.battery-historian
     customProfiles.coturn
     # customProfiles.fail2ban
@@ -53,9 +53,9 @@
     #   inherit (import ./dns-mapping.nix) dnsmasq-list;
     # })
 
-    # (import customProfiles.headscale {
+    (import customProfiles.headscale {
-    #   inherit (import ./dns-mapping.nix) headscale-list;
+      inherit (import ./dns-mapping.nix) headscale-list;
-    # })
+    })
   ];
   security.lockKernelModules = lib.mkForce false;
 

machines/Home-Hypervisor/dns-mapping.nix

@@ -0,0 +1,101 @@
+{
+  headscale-list = [
+    { name = "ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    # { name = "auth.ataraxiadev.com"; type = "A"; value = "100.64.0.100"; }
+    { name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "net.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "vault.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+    { name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
+
+    { name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    # { name = "auth.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::100"; }
+    { name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "net.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "vault.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+    { name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
+  ];
+  dnsmasq-list = [
+    "/api.ataraxiadev.com/10.10.10.10"
+    "/cache.ataraxiadev.com/10.10.10.10"
+    "/cal.ataraxiadev.com/10.10.10.10"
+    "/code.ataraxiadev.com/10.10.10.10"
+    "/docs.ataraxiadev.com/10.10.10.10"
+    "/element.ataraxiadev.com/10.10.10.10"
+    "/file.ataraxiadev.com/10.10.10.10"
+    "/home.ataraxiadev.com/10.10.10.10"
+    "/jackett.ataraxiadev.com/10.10.10.10"
+    "/jellyfin.ataraxiadev.com/10.10.10.10"
+    "/joplin.ataraxiadev.com/10.10.10.10"
+    "/kavita.ataraxiadev.com/10.10.10.10"
+    "/ldap.ataraxiadev.com/10.10.10.10"
+    "/lib.ataraxiadev.com/10.10.10.10"
+    "/matrix.ataraxiadev.com/10.10.10.10"
+    "/medusa.ataraxiadev.com/10.10.10.10"
+    "/net.ataraxiadev.com/10.10.10.10"
+    "/openbooks.ataraxiadev.com/10.10.10.10"
+    "/pdf.ataraxiadev.com/10.10.10.10"
+    "/qbit.ataraxiadev.com/10.10.10.10"
+    "/radarr.ataraxiadev.com/10.10.10.10"
+    "/restic.ataraxiadev.com/10.10.10.10"
+    "/s3.ataraxiadev.com/10.10.10.10"
+    "/sonarr.ataraxiadev.com/10.10.10.10"
+    "/stats.ataraxiadev.com/10.10.10.10"
+    "/tools.ataraxiadev.com/10.10.10.10"
+    "/turn.ataraxiadev.com/10.10.10.10"
+    "/vault.ataraxiadev.com/10.10.10.10"
+    "/vw.ataraxiadev.com/10.10.10.10"
+    "/wiki.ataraxiadev.com/10.10.10.10"
+  ];
+}

machines/Home-Hypervisor/nginx.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   services.nginx = {
     enable = true;
@@ -88,6 +88,35 @@
           proxyPass = "http://127.0.0.1:9510/hooks";
         };
       } // default;
+      "auth.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:9000";
+          proxyWebsockets = true;
+          extraConfig = proxySettings;
+        };
+      } // default;
+      "wg.ataraxiadev.com" = {
+        locations."/headscale." = {
+          extraConfig = ''
+            grpc_pass grpc://${config.services.headscale.settings.grpc_listen_addr};
+          '';
+          priority = 1;
+        };
+        locations."/metrics" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
+          extraConfig = ''
+            allow 100.64.0.0/16;
+            allow 10.10.10.0/24;
+            deny all;
+          '';
+          priority = 2;
+        };
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
+          proxyWebsockets = true;
+          priority = 3;
+        };
+      } // default;
       "cal.ataraxiadev.com" = {
         locations."/" = {
           proxyPass = "http://127.0.0.1:5232";