diff --git a/configurations/camelot/jellyfin.nix b/configurations/camelot/jellyfin.nix index a505a62..a7deadb 100644 --- a/configurations/camelot/jellyfin.nix +++ b/configurations/camelot/jellyfin.nix @@ -1,4 +1,4 @@ -{ extraInfo, ... }: +{ extraInfo, pkgs, ... }: { services.jellyfin.enable = true; services.nginx.virtualHosts.${extraInfo.jellyfinURI} = { @@ -36,5 +36,24 @@ systemd.services.deluged.bindsTo = [ "wireguard-wg1.service" ]; systemd.services.deluged.requires = [ "network-online.target" ]; systemd.services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/wg1ns"; - systemd.services.deluged.serviceConfig.PrivateNetwork = true; + systemd.services.deluged.serviceConfig.PrivateNetwork = false; + + systemd.sockets.deluged-proxy = { + description = "Socket for deluge-web to deluged in network namespace"; + listenStreams = [ "58846" ]; + wantedBy = [ "sockets.target" ]; + }; + + systemd.services.deluged-proxy = { + description = "Proxy for deluge-web to deluged in network namespace"; + requires = [ "deluged.service" "deluged-proxy.socket" ]; + after = [ "deluged.service" "deluged-proxy.socket" ]; + unitConfig.JoinsNamespaceOf = "deluged.service"; + serviceConfig = { + User = "deluge"; + Group = "deluge"; + ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd 127.0.0.1:58846"; + PrivateNetwork = true; + }; + }; } diff --git a/configurations/camelot/secrets/secrets.yaml b/configurations/camelot/secrets/secrets.yaml index af1feeb..e1d6a03 100644 --- a/configurations/camelot/secrets/secrets.yaml +++ b/configurations/camelot/secrets/secrets.yaml @@ -1,5 +1,5 @@ wg0_private: ENC[AES256_GCM,data:nuHHAwi+l9BQ8oJupm+i47EbfFc62QZXDeATeE+23RAEq/grJ/bN6sTn/o4=,iv:hZQAvvcCe2DOTvM1mABB26PsEqw8jpQUNhGbBaK/l0I=,tag:9VMaJys4IzelbBdCDuiy0Q==,type:str] -wg1_private: ENC[AES256_GCM,data:Ly3C3TQB2Aul40m/wk+mr5C2zviMhiNFfqTHknjJ4v4V09XA0XeyHtHo0ro=,iv:ph3vEIuI3F3B3eHLtu8Kfwv9Z7DdC2c+qphDn+Vn+CM=,tag:ntISjElZZB0PHtwC0mi+AA==,type:str] +wg1_private: ENC[AES256_GCM,data:tpetT5qyude2G1hRt4lPONhJMSSdHt6V92yY/NhgeZRQkZZg9WIdHAMI2JM=,iv:78Sn0Thki4LkHBM37x618Oc3FjztYoXEzMSoRQGmnFk=,tag:RV9cYT1A68gBrPpwS0npIg==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +15,8 @@ sops: b00xT3ZHWTJBNFlUbTUrRjlVV0FoM1UKtfWg4R4Y28r2w8MYp1B1yhFEOBT8rEkz P5qEP0p1i/zXlglaxxXTiQSuloG1Fwi2l5VGrhm6Hse07u3fEmS2VQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-10T17:25:27Z" - mac: ENC[AES256_GCM,data:JRk9QRRq0+UxenGSm2qwLZ+dJmCPG7QROCfmyByaOpdxOIi6CQQV03vHUPx50mTj4VeeAYAa/2LVWiot37kkQ/W8XzPJowG9f6iLcqriusU4BorAVEHwv0q4Pa9Wf8f+CbqALCwxdUAK9ehXl6TGzbiaqiENWXI4reMIovDKdnI=,iv:OWni9uRrAUFKeJAWMVbN6P4MFumoR13r75GZS7f+gE8=,tag:hAytWM5OvGa0Tg1vv+vqpA==,type:str] + lastmodified: "2024-01-23T20:36:26Z" + mac: ENC[AES256_GCM,data:eMjDz1U9qwSG1X08Ebng03vbQBUsQXrG5/NPrp6exNVVQ3+aHKLU7tTmWJjVVYGN90zxiZSr45ywfJmWi6SfWCtQL3oDsbnrdbwWtB4OXiIDsnXFIYtvSHXUZOazutSOaP8Xgc8jjjCht15QXZ4VWYz9Yh2rRvIBCG3sszlHFB4=,iv:qXt8kDHTSLda1IqAnzFHHdkGHiSESF0F1ZGjlO0GMMc=,tag:Bs4d7kQ3suzKVGJeYENHOA==,type:str] pgp: - created_at: "2023-12-10T17:24:42Z" enc: | diff --git a/configurations/camelot/wireguard.nix b/configurations/camelot/wireguard.nix index b97dc4b..702251f 100644 --- a/configurations/camelot/wireguard.nix +++ b/configurations/camelot/wireguard.nix @@ -9,7 +9,7 @@ ips = [ "10.100.0.6/8" ]; listenPort = 51820; - privateKeyFile = config.sops.secrets.wg0_private.path; + privateKeyFile = config.sops.secrets.wg0_private.path; peers = [ # Rock Pro 64 @@ -23,7 +23,7 @@ # london { publicKey = "AvW61c9iSO0NiMrXpPsdeWigTO3JTCadqY5Wq5xLPH8="; - allowedIPs = [ "10.100.0.4" ]; + allowedIPs = [ "10.100.0.4" ]; } # fuyuki @@ -41,24 +41,26 @@ }; networking.wireguard.interfaces.wg1 = { - ips = [ "10.100.0.7" ]; + ips = [ extraInfo.wireguard.VPNAddress ]; listenPort = 51821; privateKeyFile = config.sops.secrets.wg1_private.path; interfaceNamespace = "wg1ns"; - + preSetup = '' ip netns add wg1ns + ip netns exec wg1ns ip addr add 127.0.0.1/8 dev lo + ip netns exec wg1ns ip link set lo up ''; postShutdown = '' ip netns del wg1ns ''; - + peers = [ { - publicKey = "x45YsLDpMJw1pwKOvkyzdesen3lFcKpxCXACGz+xtDs="; - endpoint = "${extraInfo.wireguard.VPSEndpoint}:51820"; + publicKey = extraInfo.wireguard.VPNPublicKey; + endpoint = extraInfo.wireguard.VPNEndpoint; allowedIPs = [ "0.0.0.0/0" ]; persistentKeepalive = 25; } diff --git a/flake.lock b/flake.lock index f479c22..b7e26c1 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "extra-config": { "locked": { - "lastModified": 1700766928, - "narHash": "sha256-51CdrRn4GCgIasA12nhUCXeK2seLehVhqfNyxCkFg/g=", + "lastModified": 1706042896, + "narHash": "sha256-JdvXtSE8ZC9xq195DE1yB7Vld5eT6QA+zRn0DXtw5h4=", "ref": "refs/heads/main", - "rev": "d658774d4981a81dbcff24732bbd5d738ea541b8", - "revCount": 2, + "rev": "6043cbff89e39769a034512d936156f090c7e747", + "revCount": 3, "type": "git", "url": "ssh://git@git.sr.ht/~dala/extra-config" }, @@ -20,11 +20,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -40,11 +40,11 @@ ] }, "locked": { - "lastModified": 1704100519, - "narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=", + "lastModified": 1706001011, + "narHash": "sha256-J7Bs9LHdZubgNHZ6+eE/7C18lZ1P6S5/zdJSdXFItI4=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e91c5df192395753d8e6d55a0352109cb559790", + "rev": "3df2a80f3f85f91ea06e5e91071fa74ba92e5084", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1703992652, - "narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1703950681, - "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", + "lastModified": 1705033721, + "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0aad9113182747452dbfc68b93c86e168811fa6c", + "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1703637592, - "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -119,11 +119,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1703991717, - "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=", + "lastModified": 1705805983, + "narHash": "sha256-HluB9w7l75I4kK25uO4y6baY4fcDm2Rho0WI1DN2Hmc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6", + "rev": "ae171b54e76ced88d506245249609f8c87305752", "type": "github" }, "original": {