dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/estuary: Add john-valorant
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 6m15s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2026-03-01 22:57:03 +00:00
parent 21c24216b4
commit c9c788e261
5 changed files with 72 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -188,6 +188,25 @@ in
];
};
}
{
"30-john-valorant" = {
netdevConfig = {
Name = "john-valorant";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."estuary/john-valorant-wg.key".path;
ListenPort = lib.my.c.john-valorant.vpn.port;
};
wireguardPeers = [
{
PublicKey = "xyqKF0yOAv1bObN1paL2vATFh77pdFfvN+JmuAxaTCk=";
AllowedIPs = [ (net.cidr.host 2 prefixes.john-valorant.v4) ];
PersistentKeepalive = 25;
}
];
};
}
];
links = {
@@ -365,7 +384,7 @@ in
};
"95-hillcrest" = {
matchConfig.Name = "hillcrest";
address = [ (net.cidr.host 1 prefixes.hillcrest.v4) ];
address = [ "${net.cidr.host 1 prefixes.hillcrest.v4}/32" ];
routes = [
{
Destination = net.cidr.host 2 prefixes.hillcrest.v4;
@@ -373,6 +392,16 @@ in
}
];
};
"95-john-valorant" = {
matchConfig.Name = "john-valorant";
address = [ "${net.cidr.host 1 prefixes.john-valorant.v4}/32" ];
routes = [
{
Destination = net.cidr.host 2 prefixes.john-valorant.v4;
Scope = "link";
}
];
};
} ];
};
@@ -386,6 +415,9 @@ in
"estuary/hillcrest-wg.key" = {
owner = "systemd-network";
};
"estuary/john-valorant-wg.key" = {
owner = "systemd-network";
};
"l2mesh/as211024.key" = {};
};
};
@@ -397,7 +429,13 @@ in
};
};
firewall = {
udp.allowed = [ 5353 lib.my.c.kelder.vpn.port lib.my.c.hillcrest.vpn.port ];
udp.allowed = [
5353
lib.my.c.kelder.vpn.port
lib.my.c.hillcrest.vpn.port
lib.my.c.john-valorant.vpn.port
];
tcp.allowed = [ 5353 "bgp" ];
nat = {
enable = true;
@@ -466,7 +504,7 @@ in
iifname { wan, as211024, $ixps } oifname base jump filter-routing
oifname $ixps jump ixp
iifname base oifname { base, wan, $ixps } accept
oifname { as211024, kelder, hillcrest } accept
oifname { as211024, kelder, hillcrest, john-valorant } accept
}
chain output {
oifname ifog ether type != vlan reject
@@ -479,6 +517,7 @@ in
}
chain postrouting {
oifname hillcrest snat ip to ${net.cidr.host 1 prefixes.hillcrest.v4}
oifname john-valorant snat ip to ${net.cidr.host 1 prefixes.john-valorant.v4}
ip saddr ${prefixes.all.v4} oifname != as211024 snat to ${assignments.internal.ipv4.address}
}
}

3
nixos/boxes/colony/vms/estuary/dns.nix
View File

@@ -185,6 +185,9 @@ in
jam-fwd IN A ${allAssignments.shill.internal.ipv4.address}
jam-cust IN AAAA ${net.cidr.host 1 prefixes.jam.v6}
hillcrest-tun IN A ${net.cidr.host 2 prefixes.hillcrest.v4}
john-valorant-tun IN A ${net.cidr.host 2 prefixes.john-valorant.v4}
$TTL 3
_acme-challenge IN LUA TXT @@FILE@@

8
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -437,6 +437,14 @@ in
};
useACMEHost = pubDomain;
};
"hass-john.${pubDomain}" = {
locations."/" = {
proxyPass = "http://john-valorant-tun.${domain}:8123";
proxyWebsockets = true;
extraConfig = proxyHeaders;
};
useACMEHost = pubDomain;
};
};
minio =