diff --git a/machines/kat-manah/default.nix b/machines/kat-manah/default.nix index c48d553..244ea2e 100644 --- a/machines/kat-manah/default.nix +++ b/machines/kat-manah/default.nix @@ -1,5 +1,3 @@ -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, @@ -10,7 +8,6 @@ { imports = [ ./hardware-configuration.nix - ./router.nix ]; boot.loader.systemd-boot.enable = true; @@ -18,62 +15,18 @@ boot.supportedFilesystems = [ "bcachefs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. time.timeZone = "Europe/Paris"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # security.polkit.enable = true; - # programs.light.enable = true; services.dbus.packages = with pkgs; [ dconf ]; nixpkgs.config.allowUnfree = true; - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. programs.zsh.enable = true; - users.users.guest = { - isNormalUser = true; - # extraGroups = [ "wheel" ]; - packages = with pkgs; [ ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor" - - # maurice - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris" - - # raito - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU" - - # tomate - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" - ]; - }; environment.systemPackages = with pkgs; [ wget @@ -86,17 +39,11 @@ screen ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh.enable = true; services.netbird.enable = true; @@ -138,27 +85,66 @@ in { enable = true; - virtualHosts = builtins.mapAttrs ( - _: - { vm, ... }: + virtualHosts = + let + manah-webroot = pkgs.runCommand "manah" { } '' + mkdir -p $out/.kat-manah/ + ln -nsf ${./error} $out/.kat-manah/error + ''; + in { - enableACME = true; - addSSL = true; - acmeFallbackHost = vm; - acmeFallbackRecommendedProxySettings = true; - locations."/" = { - recommendedProxySettings = true; - proxyPass = "https://${vm}/"; - extraConfig = '' - proxy_set_header Connection '''; - proxy_http_version 1.1; - chunked_transfer_encoding off; - proxy_buffering off; - proxy_cache off; - ''; + "manah.katvayor.net" = { + default = true; + enableACME = true; + addSSL = true; + locations = { + "/.kat-manah" = { + extraConfig = '' + internal; + error_page 404 =418 /.kat-manah/error/418.html; + ''; + root = manah-webroot; + }; + "/" = { + extraConfig = '' + return 418; + error_page 418 =418 /.kat-manah/error/418.html; + ''; + }; + }; }; } - ) vhosts; + // builtins.mapAttrs ( + _: + { vm, ... }: + { + enableACME = true; + addSSL = true; + acmeFallbackHost = vm; + acmeFallbackRecommendedProxySettings = true; + locations = { + "/.kat-manah" = { + extraConfig = '' + internal; + error_page 404 =418 /.kat-manah/error/418.html; + ''; + root = manah-webroot; + }; + "/" = { + recommendedProxySettings = true; + proxyPass = "https://${vm}/"; + extraConfig = '' + proxy_set_header Connection '''; + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + error_page 502 =599 "/.kat-manah/error/599.html"; + ''; + }; + }; + } + ) vhosts; streamConfig = builtins.concatStringsSep "\n" ( lib.mapAttrsToList ( @@ -184,7 +170,6 @@ ''; }; - # Open ports in the firewall. networking.firewall = { allowedTCPPorts = [ 22 @@ -202,29 +187,5 @@ ]; allowedUDPPorts = [ 67 ]; }; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.11"; } diff --git a/machines/kat-manah/error/418.html b/machines/kat-manah/error/418.html new file mode 100644 index 0000000..aa4eb0c --- /dev/null +++ b/machines/kat-manah/error/418.html @@ -0,0 +1,20 @@ + + + + + + 418 I’m a teapot + + +
+

418 I’m a teapot

+ +
+
+
+ Crédit à http.cat pour l'image. +
+ Error in manah. +
+ + diff --git a/machines/kat-manah/error/599.html b/machines/kat-manah/error/599.html new file mode 100644 index 0000000..dbfe8d2 --- /dev/null +++ b/machines/kat-manah/error/599.html @@ -0,0 +1,21 @@ + + + + + + 599 Network Connect Timeout Error + + +
+

599 Network Connect Timeout Error

+ +

Le contact avec la vm n'a pas pu se faire.

+
+
+
+ Crédit à http.cat pour l'image. +
+ Error in manah. +
+ + diff --git a/machines/kat-manah/router.nix b/machines/kat-manah/router.nix deleted file mode 100644 index a1e3a56..0000000 --- a/machines/kat-manah/router.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - - # networking.nat = { - # enable = true; - # internalInterfaces = [ "vlan-thurne" ]; - # externalInterface = "enp1s0"; - # }; - # networking.interfaces.enp2s0 = { - # useDHCP = false; - # ipv4.addresses = [ - # { - # address = "192.168.42.1"; - # prefixLength = 24; - # } - # ]; - # }; - - # networking.useDHCP = false; - networking.interfaces.enp3s0.useDHCP = lib.mkForce false; - networking.interfaces.enp2s0.useDHCP = lib.mkForce false; - networking.interfaces.enp1s0.useDHCP = lib.mkForce true; - networking.useNetworkd = true; - - # services.dnsmasq = { - # enable = true; - # settings = { - # interface = [ "vlan-admin" ]; - # bind-dynamic = true; - # dhcp-option = "3,0.0.0.0"; - # dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite"; - # }; - # }; - - systemd.network = { - enable = true; - networks = { - "10-enp3s0" = { - name = "enp3s0"; - networkConfig = { - VLAN = [ - "vlan-admin" - "vlan-user-test" - ]; - - LinkLocalAddressing = false; - LLDP = false; - EmitLLDP = false; - IPv6AcceptRA = false; - IPv6SendRA = false; - }; - }; - "10-vlan-admin" = { - name = "vlan-admin"; - address = [ - "fd26:baf9:d250:8000::ffff/64" - "192.168.222.1/24" - ]; - }; - "10-vlan-user-test" = { - name = "vlan-user-test"; - networkConfig.DHCP = "ipv4"; - dhcpV4Config.RouteMetric = 10000; - }; - }; - netdevs = { - "10-vlan-admin" = { - netdevConfig = { - Name = "vlan-admin"; - Kind = "vlan"; - }; - vlanConfig.Id = 3000; - }; - "10-vlan-user-test" = { - netdevConfig = { - Name = "vlan-user-test"; - Kind = "vlan"; - }; - vlanConfig.Id = 4000; - }; - }; - }; -} diff --git a/machines/kat-watcher/default.nix b/machines/kat-watcher/default.nix index 2be67e2..2228059 100644 --- a/machines/kat-watcher/default.nix +++ b/machines/kat-watcher/default.nix @@ -62,6 +62,7 @@ let kat-r86s = "100.102.49.84"; vhosts = { + "manah.katvayor.net" = null; "degette.katvayor.net" = 22000; "traque.katvayor.net" = 22001; "betamail.katvayor.net" = 22002; @@ -80,8 +81,9 @@ in { "watcher.katvayor.net" = { + default = true; enableACME = true; - forceSSL = true; + addSSL = true; locations = { "/.kat-watcher" = { extraConfig = ''