wiro.world / dotfiles
yep, more dotfiles
fork atom

weird-row-server: bind agnos on a different ip for a future BIND instance and check certs with gatus

wiro.world 1fcd1873 f35ce721

verified
+26 -16
+8 -3
globals.nix
··· 1 1 { 2 2 domains = rec { 3 + # wiro.world 3 4 wiro-world = "wiro.world"; 4 5 wiro-world-net = "net.${wiro-world}"; 5 - hypixel-bank-tracker = "hypixel-bank-tracker.xyz"; 6 6 7 - # wiro.world Public 7 + # wiro.world public 8 8 authelia = "auth.${wiro-world}"; 9 9 goatcounter = "stats.${wiro-world}"; 10 10 headscale = "headscale.${wiro-world}"; ··· 12 12 miniflux = "news.${wiro-world}"; 13 13 pds = "pds.${wiro-world}"; 14 14 status = "status.${wiro-world}"; 15 - status' = "status.status.${wiro-world}"; 16 15 tangled-knot = "knot.${wiro-world}"; 17 16 tangled-spindle = "spindle.${wiro-world}"; 18 17 vaultwarden = "vault.${wiro-world}"; 19 18 website = wiro-world; 20 19 20 + # wiro.world projects 21 + kaleic = "kaleic.${wiro-world}"; 22 + 21 23 # wiro.world private net 22 24 grafana = "console.${wiro-world-net}"; 23 25 lldap = "ldap.${wiro-world-net}"; 24 26 thelounge = "irc-lounge.${wiro-world-net}"; 25 27 warrior = "warrior.${wiro-world-net}"; 26 28 29 + # hypixel-bank-tracker.xyz 30 + hypixel-bank-tracker = "hypixel-bank-tracker.xyz"; 27 31 hbt-main = hypixel-bank-tracker; 28 32 hbt-banana = "banana.${hypixel-bank-tracker}"; 29 33 }; ··· 34 38 ip-prefix-length = 1; 35 39 ip6 = "2a01:4f8:c2c:76d2::1"; 36 40 ip6-prefix-length = 64; 41 + ip6-agnos = "2a01:4f8:c2c:76d2::2"; 37 42 }; 38 43 }; 39 44 }
+1 -1
hosts/weird-row-server/agnos.nix
··· 20 20 enable = true; 21 21 temporarilyOpenFirewall = true; 22 22 settings = { 23 - dns_listen_addr = "${globals.hosts.weird-row-server.ip}:53"; 23 + dns_listen_addr = "[${globals.hosts.weird-row-server.ip6-agnos}]:53"; 24 24 25 25 accounts = [ 26 26 {
+1 -1
hosts/weird-row-server/caddy.nix
··· 28 28 plugins = [ 29 29 "github.com/tailscale/caddy-tailscale@v0.0.0-20251016213337-01d084e119cb" 30 30 ]; 31 - hash = "sha256-qqbU0PYWIMDYnJ3M+7RgQ+d9wfFUcNShOv7x50YIEj4="; 31 + hash = "sha256-3R2upV1wYmLq4GbedMA7cxRIqLo8WIDnKvDSgUvvjAo="; 32 32 }; 33 33 34 34 environmentFile = config.age.secrets.caddy-env.path;
+12 -7
hosts/weird-row-server/default.nix
··· 53 53 "ext4" 54 54 ]; 55 55 56 - # Single network card is `eth0` 57 - networking.usePredictableInterfaceNames = false; 56 + networking = { 57 + # Single network card is `eth0` 58 + usePredictableInterfaceNames = false; 58 59 59 - networking.nameservers = [ 60 - "2001:4860:4860::8888" 61 - "2001:4860:4860::8844" 62 - ]; 60 + nameservers = [ 61 + "2001:4860:4860::8888" 62 + "2001:4860:4860::8844" 63 + ]; 63 64 64 - networking = { 65 65 interfaces.${ext-if} = { 66 66 ipv4.addresses = [ 67 67 { ··· 74 74 address = globals.hosts.weird-row-server.ip6; 75 75 prefixLength = globals.hosts.weird-row-server.ip6-prefix-length; 76 76 } 77 + { 78 + address = globals.hosts.weird-row-server.ip6-agnos; 79 + prefixLength = globals.hosts.weird-row-server.ip6-prefix-length; 80 + } 77 81 ]; 78 82 }; 79 83 defaultGateway = { ··· 84 88 interface = ext-if; 85 89 address = external-gateway6; 86 90 }; 91 + 87 92 }; 88 93 89 94 services.qemuGuest.enable = true;
+4 -4
hosts/weird-row-server/gatus.nix
··· 56 56 57 57 tests = { 58 58 status200 = "[STATUS] == 200"; 59 - time300 = "[RESPONSE_TIME] < 300"; 59 + time300 = "[RESPONSE_TIME] <= 500"; 60 + cert1w = "[CERTIFICATE_EXPIRATION] >= 168h"; 60 61 }; 61 62 62 63 mkHttp = ··· 66 67 conditions ? [ 67 68 tests.status200 68 69 tests.time300 70 + tests.cert1w 69 71 ], 70 72 alerts ? [ 71 73 { type = "email"; } ··· 87 89 (mkHttp "Hypixel Bank Tracker" groups.public "https://${globals.domains.hbt-main}/" { }) 88 90 (mkHttp "Hypixel Bank Tracker Banana" groups.public "https://${globals.domains.hbt-banana}/" { }) 89 91 (mkHttp "Status" groups.public "https://${globals.domains.status}/" { }) 90 - # ensure we are reachable ourselves 91 - (mkHttp "Status'" groups.public "https://${globals.domains.status'}/" { }) 92 92 93 93 (mkHttp "Miniflux" groups.auth "https://${globals.domains.miniflux}/" { }) 94 94 (mkHttp "Vaultwarden" groups.auth "https://${globals.domains.vaultwarden}/" { }) ··· 105 105 }; 106 106 }; 107 107 108 - services.caddy.virtualHosts.${globals.domains.status'}.extraConfig = '' 108 + services.caddy.virtualHosts.${globals.domains.status}.extraConfig = '' 109 109 reverse_proxy http://localhost:${toString config.services.gatus.settings.web.port} 110 110 ''; 111 111 };