Commit 8b700ffedfc6b53a46fb39b2cf4ff674c70e115c - nixrc

profiles(wireguard): unshadow ipv6 Tony Olagbaiye a month ago

2 changed file(s) with 23 addition(s) and 278 deletion(s). Raw diff Collapse all Expand all

-3

flake.lock less more

1419	1419	},
1420	1420	"priv": {
1421	1421	"locked": {
1422		"narHash": "sha256-BAez5PId3CorMwhafpWwaWSK4lHeXNmSB4OlDSQ3Ji0=",
	1422	"narHash": "sha256-x7ut0W7wIJB7aTMnh0E78FYkZaK3R6u8BltAwohEFRw=",
1423	1423	"ref": "default",
1424		"rev": "1ef050868075d113189e0d50fb9c0e508be50569",
1425		"revCount": 14,
	1424	"rev": "270e9e3e37b2c0ad14ed60a305edfe2db641fb24",
	1425	"revCount": 16,
1426	1426	"type": "hg",
1427	1427	"url": "ssh://bao@delta/../../srv/hg/nixpriv"
1428	1428	},

+20

-275

profiles/networking/traefik/default.nix less more

24	24	entryPoints = [ "http" "https" ];
25	25	rule = "Host(`traefik.${domains.home}`)";
26	26	service = "api@internal";
27		#middlewares = [ "auth" ];
28		#tls = {
29		# domains = [
30		# {
31		# main = "foobar";
32		# sans = [ "foobar" "foobar" ];
33		# }
34		# {
35		# main = "foobar";
36		# sans = [ "foobar" "foobar" ];
37		# }
38		# ];
39		# options = "foobar";
40		#};
41	27	};
42	28	auth-request = {
43	29	entryPoints = [ "http" "https" ];

115	101	dendrite-http-wellknown = dendrite-http // {
116	102	rule = "(Host(`matrix.${domains.srvc}`) \|\| Host(`m.${domains.srvc}`) \|\| Host(`${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
117	103	service = "dendrite-wellknown";
118		middlewares = [ "matrix-wellknown" ];
	104	middlewares = [ "matrix-wellknown" "no-cors" ];
119	105	};
120	106	dendrite-https-wellknown = dendrite-https // {
121	107	rule = "(Host(`matrix.${domains.srvc}`) \|\| Host(`m.${domains.srvc}`) \|\| Host(`${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
122	108	service = "dendrite-wellknown";
123		middlewares = [ "matrix-wellknown" ];
	109	middlewares = [ "matrix-wellknown" "no-cors" ];
124	110	};
125	111	certauth = {
126	112	entryPoints = [ "http" "https" ];

235	221	{ main = "media.${domains.home}"; }
236	222	];
237	223	};
238		#Router1 = {
239		# entryPoints = [ "foobar" "foobar" ];
240		# middlewares = [ "foobar" "foobar" ];
241		# priority = 42;
242		# rule = "foobar";
243		# service = "foobar";
244		# tls = {
245		# certResolver = "foobar";
246		# domains = [
247		# {
248		# main = "foobar";
249		# sans = [ "foobar" "foobar" ];
250		# }
251		# {
252		# main = "foobar";
253		# sans = [ "foobar" "foobar" ];
254		# }
255		# ];
256		# options = "foobar";
257		# };
258		#};
259	224	};
260	225
261	226	middlewares = {

271	236	matrix-wellknown = {
272	237	stripPrefix.prefixes = [ "/.well-known/matrix" ];
273	238	};
274		#Middleware00 = { addPrefix = { prefix = "foobar"; }; };
275		#Middleware01 = {
276		# basicAuth = {
277		# headerField = "foobar";
278		# realm = "foobar";
279		# removeHeader = true;
280		# users = [ "foobar" "foobar" ];
281		# usersFile = "foobar";
282		# };
283		#};
284		#Middleware02 = {
285		# buffering = {
286		# maxRequestBodyBytes = 42;
287		# maxResponseBodyBytes = 42;
288		# memRequestBodyBytes = 42;
289		# memResponseBodyBytes = 42;
290		# retryExpression = "foobar";
291		# };
292		#};
293		#Middleware03 = {
294		# chain = { middlewares = [ "foobar" "foobar" ]; };
295		#};
296		#Middleware04 = { circuitBreaker = { expression = "foobar"; }; };
297		#Middleware05 = {
298		# compress = { excludedContentTypes = [ "foobar" "foobar" ]; };
299		#};
300		#Middleware06 = { contentType = { autoDetect = true; }; };
301		#Middleware07 = {
302		# digestAuth = {
303		# headerField = "foobar";
304		# realm = "foobar";
305		# removeHeader = true;
306		# users = [ "foobar" "foobar" ];
307		# usersFile = "foobar";
308		# };
309		#};
310		#Middleware08 = {
311		# errors = {
312		# query = "foobar";
313		# service = "foobar";
314		# status = [ "foobar" "foobar" ];
315		# };
316		#};
317		#Middleware09 = {
318		# forwardAuth = {
319		# address = "foobar";
320		# authResponseHeaders = [ "foobar" "foobar" ];
321		# tls = {
322		# ca = "foobar";
323		# caOptional = true;
324		# cert = "foobar";
325		# insecureSkipVerify = true;
326		# key = "foobar";
327		# };
328		# trustForwardHeader = true;
329		# };
330		#};
331		#Middleware10 = {
332		# headers = {
333		# accessControlAllowCredentials = true;
334		# accessControlAllowHeaders = [ "foobar" "foobar" ];
335		# accessControlAllowMethods = [ "foobar" "foobar" ];
336		# accessControlAllowOrigin = "foobar";
337		# accessControlAllowOriginList = [ "foobar" "foobar" ];
338		# accessControlExposeHeaders = [ "foobar" "foobar" ];
339		# accessControlMaxAge = 42;
340		# addVaryHeader = true;
341		# allowedHosts = [ "foobar" "foobar" ];
342		# browserXssFilter = true;
343		# contentSecurityPolicy = "foobar";
344		# contentTypeNosniff = true;
345		# customBrowserXSSValue = "foobar";
346		# customFrameOptionsValue = "foobar";
347		# customRequestHeaders = {
348		# name0 = "foobar";
349		# name1 = "foobar";
350		# };
351		# customResponseHeaders = {
352		# name0 = "foobar";
353		# name1 = "foobar";
354		# };
355		# featurePolicy = "foobar";
356		# forceSTSHeader = true;
357		# frameDeny = true;
358		# hostsProxyHeaders = [ "foobar" "foobar" ];
359		# isDevelopment = true;
360		# publicKey = "foobar";
361		# referrerPolicy = "foobar";
362		# sslForceHost = true;
363		# sslHost = "foobar";
364		# sslProxyHeaders = {
365		# name0 = "foobar";
366		# name1 = "foobar";
367		# };
368		# sslRedirect = true;
369		# sslTemporaryRedirect = true;
370		# stsIncludeSubdomains = true;
371		# stsPreload = true;
372		# stsSeconds = 42;
373		# };
374		#};
375		#Middleware11 = {
376		# ipWhiteList = {
377		# ipStrategy = {
378		# depth = 42;
379		# excludedIPs = [ "foobar" "foobar" ];
380		# };
381		# sourceRange = [ "foobar" "foobar" ];
382		# };
383		#};
384		#Middleware12 = {
385		# inFlightReq = {
386		# amount = 42;
387		# sourceCriterion = {
388		# ipstrategy = {
389		# depth = 42;
390		# excludedIPs = [ "foobar" "foobar" ];
391		# };
392		# requestHeaderName = "foobar";
393		# requestHost = true;
394		# };
395		# };
396		#};
397		#Middleware13 = {
398		# passTLSClientCert = {
399		# info = {
400		# issuer = {
401		# commonName = true;
402		# country = true;
403		# domainComponent = true;
404		# locality = true;
405		# organization = true;
406		# province = true;
407		# serialNumber = true;
408		# };
409		# notAfter = true;
410		# notBefore = true;
411		# sans = true;
412		# serialNumber = true;
413		# subject = {
414		# commonName = true;
415		# country = true;
416		# domainComponent = true;
417		# locality = true;
418		# organization = true;
419		# province = true;
420		# serialNumber = true;
421		# };
422		# };
423		# pem = true;
424		# };
425		#};
426		#Middleware14 = {
427		# rateLimit = {
428		# average = 42;
429		# burst = 42;
430		# period = 42;
431		# sourceCriterion = {
432		# ipstrategy = {
433		# depth = 42;
434		# excludedIPs = [ "foobar" "foobar" ];
435		# };
436		# requestHeaderName = "foobar";
437		# requestHost = true;
438		# };
439		# };
440		#};
441		#Middleware16 = {
442		# redirectScheme = {
443		# permanent = true;
444		# port = "foobar";
445		# scheme = "foobar";
446		# };
447		#};
448		#Middleware17 = { replacePath = { path = "foobar"; }; };
449		#Middleware18 = {
450		# replacePathRegex = {
451		# regex = "foobar";
452		# replacement = "foobar";
453		# };
454		#};
455		#Middleware19 = { retry = { attempts = 42; }; };
456		#Middleware20 = {
457		# stripPrefix = {
458		# forceSlash = true;
459		# prefixes = [ "foobar" "foobar" ];
460		# };
461		#};
462		#Middleware21 = {
463		# stripPrefixRegex = { regex = [ "foobar" "foobar" ]; };
464		#};
	239	no-cors = {
	240	headers.accesscontrolalloworigin = "*";
	241	};
465	242	};
466	243
467	244	services = {
468	245	auth.loadBalancer = {
469		#healthCheck = {
470		# followRedirects = true;
471		# headers = {
472		# name0 = "foobar";
473		# name1 = "foobar";
474		# };
475		# hostname = "foobar";
476		# interval = "foobar";
477		# path = "foobar";
478		# port = 42;
479		# scheme = "foobar";
480		# timeout = "foobar";
481		#};
482	246	passHostHeader = true;
483	247	responseForwarding = { flushInterval = "100ms"; };
484	248	servers = [

605	369	{ url = "http://10.11.0.2:6767"; }
606	370	];
607	371	};
608		#mirror-sample.mirroring = {
609		# maxBodySize = 42;
610		# mirrors = [
611		# { name = "http://127.0.0.1:8384"; percent = 42; }
612		# ];
613		# service = "foobar";
614		#};
615		#weighted-sample.weighted = {
616		# services = [
617		# { name = "foobar"; weight = 42; }
618		# ];
619		# sticky.cookie = {
620		# httpOnly = true;
621		# name = "foobar";
622		# sameSite = "foobar";
623		# secure = true;
624		# };
625		#};
626	372	};
627	373	};
628	374

822	568	trustedIPs = [ "127.0.0.1" "${hosts.wireguard.ipv4.zeta}/8" ];
823	569	};
824	570	#http = {
825		# #middlewares = [ "auth@file" "strip@file" ];
826		# #tls = {
827		# # certResolver = "foobar";
828		# # domains = [
829		# # {
830		# # main = "foobar";
831		# # sans = [ "foobar" "foobar" ];
832		# # }
833		# # {
834		# # main = "foobar";
835		# # sans = [ "foobar" "foobar" ];
836		# # }
837		# # ];
838		# # options = "foobar";
839		# #};
	571	# middlewares = [ "auth@file" "strip@file" ];
	572	# tls = {
	573	# certResolver = "foobar";
	574	# domains = [
	575	# {
	576	# main = "foobar";
	577	# sans = [ "foobar" "foobar" ];
	578	# }
	579	# {
	580	# main = "foobar";
	581	# sans = [ "foobar" "foobar" ];
	582	# }
	583	# ];
	584	# options = "foobar";
	585	# };
840	586	#};
841	587	proxyProtocol = {
842	588	insecure = true;

907	653	providers = {
908	654	providersThrottleDuration = 10;
909	655
910		#docker.exposedByDefault = false;
911	656	file = {
912	657	debugLogGeneratedTemplate = true;
913	658	#directory = "foobar";