From 77ac1db6980902ce57ae5ec80d12337d3eebc5b6 Mon Sep 17 00:00:00 2001 From: ElnuDev Date: Fri, 4 Aug 2023 21:46:44 -0700 Subject: [PATCH] Working proxy implementation for jichan.org --- hosts/desktop.nix | 2 + hosts/desktop/default.nix | 9 +++- hosts/desktop/modules/tailscale.nix | 10 +++++ hosts/elnudrop/default.nix | 43 +++++++------------ .../hosts/jichan.org/{ => 502}/502.html | 0 .../hosts/jichan.org/{ => 502}/logo.svg | 0 .../jichan.org/{ => 502}/missing.min.css | 0 hosts/elnudrop/hosts/jichan.org/default.nix | 18 ++++++++ hosts/elnudrop/modules/headscale.nix | 25 +++++++++++ hosts/elnudrop/modules/ssh.nix | 10 +++++ hosts/elnudrop/modules/tailscale.nix | 10 +++++ modules/tailscale/default.nix | 8 ++++ 12 files changed, 107 insertions(+), 28 deletions(-) create mode 100644 hosts/desktop/modules/tailscale.nix rename hosts/elnudrop/hosts/jichan.org/{ => 502}/502.html (100%) rename hosts/elnudrop/hosts/jichan.org/{ => 502}/logo.svg (100%) rename hosts/elnudrop/hosts/jichan.org/{ => 502}/missing.min.css (100%) create mode 100644 hosts/elnudrop/hosts/jichan.org/default.nix create mode 100644 hosts/elnudrop/modules/headscale.nix create mode 100644 hosts/elnudrop/modules/ssh.nix create mode 100644 hosts/elnudrop/modules/tailscale.nix create mode 100644 modules/tailscale/default.nix diff --git a/hosts/desktop.nix b/hosts/desktop.nix index 134c429..25233e0 100644 --- a/hosts/desktop.nix +++ b/hosts/desktop.nix @@ -2,6 +2,7 @@ let theme = import ../modules/theme; + tailscale = import ../modules/tailscale; in { services = { @@ -59,6 +60,7 @@ in networking.extraHosts = '' 192.168.0.26 elnuhub 24.199.72.8 elnudrop + ${tailscale.hosts} ''; #sound.enable = true; diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index ee97a05..810905a 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { imports = [ (import ./hardware-configuration.nix) ]; @@ -15,6 +15,13 @@ services.blueman.enable = true; + services.tailscale.enable = true; + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + hardware.opengl = { enable = true; driSupport32Bit = true; # Required for Touhou diff --git a/hosts/desktop/modules/tailscale.nix b/hosts/desktop/modules/tailscale.nix new file mode 100644 index 0000000..8ef6967 --- /dev/null +++ b/hosts/desktop/modules/tailscale.nix @@ -0,0 +1,10 @@ +{ config, ... }: + +{ + services.tailscale.enable = true; + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; +} \ No newline at end of file diff --git a/hosts/elnudrop/default.nix b/hosts/elnudrop/default.nix index c514b77..d29a299 100644 --- a/hosts/elnudrop/default.nix +++ b/hosts/elnudrop/default.nix @@ -1,48 +1,37 @@ { lib, user, ... }: -let keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQNlGt62dBMojVCX7EUIia+wfSDfLzV4YCPi8SZ2xrp elnu@elnu.com" -]; in + { imports = [ ./hardware-configuration.nix # Remember to update for new instances ./networking.nix # generated at runtime by nixos-infect + + ./modules/ssh.nix + ./modules/headscale.nix + ./modules/tailscale.nix + + ./hosts/jichan.org ]; + networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; }; + security.acme = { acceptTerms = true; defaults.email = "elnu@elnu.com"; }; + services.nginx = { enable = true; - virtualHosts = { - "default" = { - default = true; - serverName = null; - # https://stackoverflow.com/a/42802777 - locations."/".return = "444"; - }; - "jichan.org" = { - extraConfig = '' - error_page 502 /502.html; - ''; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8000"; - proxyWebsockets = true; - }; - "/502.html".root = "${./hosts/jichan.org}"; - "/logo.svg".root = "${./hosts/jichan.org}"; - "/missing.min.css".root = "${./hosts/jichan.org}"; - }; - }; + virtualHosts."default" = { + default = true; + serverName = null; + # https://stackoverflow.com/a/42802777 + locations."/".return = "444"; }; }; + services.do-agent.enable = true; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = keys; - users.users.${user}.openssh.authorizedKeys.keys = keys; } \ No newline at end of file diff --git a/hosts/elnudrop/hosts/jichan.org/502.html b/hosts/elnudrop/hosts/jichan.org/502/502.html similarity index 100% rename from hosts/elnudrop/hosts/jichan.org/502.html rename to hosts/elnudrop/hosts/jichan.org/502/502.html diff --git a/hosts/elnudrop/hosts/jichan.org/logo.svg b/hosts/elnudrop/hosts/jichan.org/502/logo.svg similarity index 100% rename from hosts/elnudrop/hosts/jichan.org/logo.svg rename to hosts/elnudrop/hosts/jichan.org/502/logo.svg diff --git a/hosts/elnudrop/hosts/jichan.org/missing.min.css b/hosts/elnudrop/hosts/jichan.org/502/missing.min.css similarity index 100% rename from hosts/elnudrop/hosts/jichan.org/missing.min.css rename to hosts/elnudrop/hosts/jichan.org/502/missing.min.css diff --git a/hosts/elnudrop/hosts/jichan.org/default.nix b/hosts/elnudrop/hosts/jichan.org/default.nix new file mode 100644 index 0000000..9cdf1b9 --- /dev/null +++ b/hosts/elnudrop/hosts/jichan.org/default.nix @@ -0,0 +1,18 @@ +{ + services.nginx.virtualHosts."jichan.org" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + error_page 502 /502.html; + ''; + locations = { + "/" = { + proxyPass = with import ../../../../modules/tailscale/default.nix; "http://${elnuhub}:3334"; + proxyWebsockets = true; + }; + "/502.html".root = "${./502}"; + "/logo.svg".root = "${./502}"; + "/missing.min.css".root = "${./502}"; + }; + }; +} \ No newline at end of file diff --git a/hosts/elnudrop/modules/headscale.nix b/hosts/elnudrop/modules/headscale.nix new file mode 100644 index 0000000..909f233 --- /dev/null +++ b/hosts/elnudrop/modules/headscale.nix @@ -0,0 +1,25 @@ +{ config, ... }: + +let + baseDomain = "elnu.com"; + domain = "headscale.${baseDomain}"; +in { + services.headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${domain}"; + dns_config.base_domain = baseDomain; + }; + }; + environment.systemPackages = [ config.services.headscale.package ]; + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${ toString config.services.headscale.port }"; + proxyWebsockets = true; + }; + }; +} \ No newline at end of file diff --git a/hosts/elnudrop/modules/ssh.nix b/hosts/elnudrop/modules/ssh.nix new file mode 100644 index 0000000..e21f15c --- /dev/null +++ b/hosts/elnudrop/modules/ssh.nix @@ -0,0 +1,10 @@ +{ user, ... }: + +let keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQNlGt62dBMojVCX7EUIia+wfSDfLzV4YCPi8SZ2xrp elnu@elnu.com" +]; in +{ + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = keys; + users.users.${user}.openssh.authorizedKeys.keys = keys; +} \ No newline at end of file diff --git a/hosts/elnudrop/modules/tailscale.nix b/hosts/elnudrop/modules/tailscale.nix new file mode 100644 index 0000000..8ef6967 --- /dev/null +++ b/hosts/elnudrop/modules/tailscale.nix @@ -0,0 +1,10 @@ +{ config, ... }: + +{ + services.tailscale.enable = true; + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; +} \ No newline at end of file diff --git a/modules/tailscale/default.nix b/modules/tailscale/default.nix new file mode 100644 index 0000000..870cf93 --- /dev/null +++ b/modules/tailscale/default.nix @@ -0,0 +1,8 @@ +rec { + elnu = "100.64.0.1"; + elnudrop = "100.64.0.2"; + elnuhub = "100.64.0.3"; + hosts = '' + elnu ${elnu} + ''; +} \ No newline at end of file