From 8878ce56c43549791a99f45266cf5324ce69c66c Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Fri, 21 Jun 2024 21:42:17 +0100 Subject: [PATCH] nixos/kelder: MTU fix + disable all local redirects --- lib/constants.nix | 1 + .../kelder/containers/acquisition/networking.nix | 2 ++ nixos/boxes/kelder/containers/spoder/nginx.nix | 11 ++++++----- nixos/boxes/kelder/default.nix | 7 ++++--- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/constants.nix b/lib/constants.nix index 7df7e2d..460e389 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -343,6 +343,7 @@ rec { }; domain = "hentai.engineer"; + ipv4MTU = 1460; vpn = { port = 51820; }; diff --git a/nixos/boxes/kelder/containers/acquisition/networking.nix b/nixos/boxes/kelder/containers/acquisition/networking.nix index b33c27f..ce62a50 100644 --- a/nixos/boxes/kelder/containers/acquisition/networking.nix +++ b/nixos/boxes/kelder/containers/acquisition/networking.nix @@ -2,6 +2,7 @@ let inherit (lib) mkMerge mkIf; inherit (lib.my) networkdAssignment; + inherit (lib.my.c.kelder) ipv4MTU; wg = { keyFile = "kelder/acquisition/airvpn-privkey"; @@ -89,6 +90,7 @@ in (networkdAssignment "host0" assignments.internal) { networkConfig.DNSDefaultRoute = false; + linkConfig.MTUBytes = toString ipv4MTU; } ]; "90-vpn" = with wg; { diff --git a/nixos/boxes/kelder/containers/spoder/nginx.nix b/nixos/boxes/kelder/containers/spoder/nginx.nix index 9c974f8..22e17a4 100644 --- a/nixos/boxes/kelder/containers/spoder/nginx.nix +++ b/nixos/boxes/kelder/containers/spoder/nginx.nix @@ -84,6 +84,7 @@ in c ]; acquisition = "http://${allAssignments.kelder-acquisition.internal.ipv4.address}"; + # This is kinda borked because Virgin Media filters DNS responses with local IPs... localRedirect = to: '' rewrite_by_lua_block { if ngx.var.remote_addr == pub_ip then @@ -103,7 +104,7 @@ in "monitor.${domain}" = withAuth { serverAliases = [ "monitor-local.${domain}" ]; - extraConfig = localRedirect "monitor-local.${domain}"; + # extraConfig = localRedirect "monitor-local.${domain}"; locations = { "/" = { proxyPass = "http://${allAssignments.kelder.ctrs.ipv4.address}:19999"; @@ -136,17 +137,17 @@ in }; "torrents.${domain}" = withAuth { serverAliases = [ "torrents-local.${domain}" ]; - extraConfig = localRedirect "torrents-local.${domain}"; + # extraConfig = localRedirect "torrents-local.${domain}"; locations."/".proxyPass = "${acquisition}:9091"; }; "jackett.${domain}" = withAuth { serverAliases = [ "jackett-local.${domain}" ]; - extraConfig = localRedirect "jackett-local.${domain}"; + # extraConfig = localRedirect "jackett-local.${domain}"; locations."/".proxyPass = "${acquisition}:9117"; }; "radarr.${domain}" = withAuth { serverAliases = [ "radarr-local.${domain}" ]; - extraConfig = localRedirect "radarr-local.${domain}"; + # extraConfig = localRedirect "radarr-local.${domain}"; locations."/" = { proxyPass = "${acquisition}:7878"; proxyWebsockets = true; @@ -155,7 +156,7 @@ in }; "sonarr.${domain}" = withAuth { serverAliases = [ "sonarr-local.${domain}" ]; - extraConfig = localRedirect "sonarr-local.${domain}"; + # extraConfig = localRedirect "sonarr-local.${domain}"; locations."/" = { proxyPass = "${acquisition}:8989"; proxyWebsockets = true; diff --git a/nixos/boxes/kelder/default.nix b/nixos/boxes/kelder/default.nix index 2e4c459..389e76f 100644 --- a/nixos/boxes/kelder/default.nix +++ b/nixos/boxes/kelder/default.nix @@ -1,7 +1,7 @@ { lib, ... }: let inherit (lib.my) net; - inherit (lib.my.c.kelder) domain prefixes; + inherit (lib.my.c.kelder) domain prefixes ipv4MTU; in { imports = [ ./containers ]; @@ -182,7 +182,7 @@ in { wireguardPeerConfig = { PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU="; - Endpoint = "estuary-vm.${lib.my.c.colony.domain}:${toString lib.my.c.kelder.vpn.port}"; + Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}"; AllowedIPs = [ "0.0.0.0/0" ]; PersistentKeepalive = 25; }; @@ -200,6 +200,7 @@ in "50-lan" = { matchConfig.Name = "et1g0"; DHCP = "yes"; + linkConfig.MTUBytes = toString ipv4MTU; }; "80-ctrs" = mkMerge [ (networkdAssignment "ctrs" assignments.ctrs) @@ -272,7 +273,7 @@ in config.name = "kontent"; }; - #deploy.node.hostname = "10.16.9.21"; + # deploy.node.hostname = "192.168.0.69"; secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFvUdJshXkqmchEgkZDn5rgtZ1NO9vbd6Px+S6YioWi"; files = {