sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

remove hetzner dns api. disable intranet
All checks were successful
Build hosts / build-hosts (pull_request) Successful in 19s
Details
Flake check / flake-check (pull_request) Successful in 18s
Details

Browse source
This commit is contained in:
sid 2026-04-16 00:26:20 +02:00
parent 7ac1decd2e
commit 4ac4ef15ca
2 changed files with 20 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/sid/secrets/secrets.yaml
View file

@ -32,7 +32,6 @@ mailserver:
vaultwarden: ENC[AES256_GCM,data:nSiiyurI0pNGlJiHpgu5jUQIq688IbPKlJCvx4jrFN9TwIY+kfVOaO4KWKkavBYfMZqMuEBr7EAdRULS,iv:OpgfXl1uYLgjOGDTkXFj/wPFUoE6uK89gtXLsB2x6gE=,tag:knJkNQnRCNcc/2nKBYdVCw==,type:str] vaultwarden: ENC[AES256_GCM,data:nSiiyurI0pNGlJiHpgu5jUQIq688IbPKlJCvx4jrFN9TwIY+kfVOaO4KWKkavBYfMZqMuEBr7EAdRULS,iv:OpgfXl1uYLgjOGDTkXFj/wPFUoE6uK89gtXLsB2x6gE=,tag:knJkNQnRCNcc/2nKBYdVCw==,type:str]
radicale: radicale:
sid: ENC[AES256_GCM,data:/OgIrXnGttIymGw98feiUjKPOIlrgRIC0TNCdBnuJOiA0RzbF0b9SMVzwEZiTEmS82g2lSvxQkE4kZjeOgOC0RLvCyZAmtWojq+g1pN0qhEkhwH0Qtu9wNnSYHuRqh2E5nWzHNGl/eF6zQ==,iv:5XtlyXjpB+XrVvJ7IoM7Gu63xA8vYrcJjUjLPmOMAIU=,tag:SAuYl/wzxnINyVWn9nI5yA==,type:str] sid: ENC[AES256_GCM,data:/OgIrXnGttIymGw98feiUjKPOIlrgRIC0TNCdBnuJOiA0RzbF0b9SMVzwEZiTEmS82g2lSvxQkE4kZjeOgOC0RLvCyZAmtWojq+g1pN0qhEkhwH0Qtu9wNnSYHuRqh2E5nWzHNGl/eF6zQ==,iv:5XtlyXjpB+XrVvJ7IoM7Gu63xA8vYrcJjUjLPmOMAIU=,tag:SAuYl/wzxnINyVWn9nI5yA==,type:str]
hetzner-dns-api-key: ENC[AES256_GCM,data:KQooOZjQMtCSVqMI8yKVEk0xebTEuNs5WsxTDC9kcXdGZIgq8ZIEk5ku94EV95i0ad9y5Zx0ozt7aWcNHiMMfQ==,iv:jssQ7PejT5awmeMowdSIEFKDfLW7PWvsd++lh9/MlXs=,tag:UoNRz9neDzDxDjmGmBNPjA==,type:str]
sops: sops:
age: age:
- recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
@ -53,7 +52,7 @@ sops:
RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB
UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg== UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-15T19:31:40Z" lastmodified: "2026-04-15T22:25:00Z"
mac: ENC[AES256_GCM,data:Xq+oQUiAr/YCYXlUT+qYtY279R9MrXs6Iehyi3zt7V7mJyWO8LKEQlM36R4WwkMb719arfso1LOu14XRhhMuF7dZcB+pn0nY8aVqNU1mq2RvSnXYJioXJBV8uRcq8xMviubown4Cz3XfFrSkeNSXSnh//op5Rk7Eoq8hv49t13o=,iv:aT4yXx8dPoyfIC9ZPnVl0LL3kygsAN+KSIiwjtpfvxg=,tag:lYdL7Rj/kl/NLEXZMu1Hwg==,type:str] mac: ENC[AES256_GCM,data:/Y68+WlI/BykmwajvluW1EiCfzdfIJe+nDwstqusqhwhc7h5exD5xuuU9CB0lcUGwODwrIfWECWLLhJfn86/Wc2WDT2yinIj89mik/rRB0klMx75v0w1v6vxiYuQU0WHPtajDuuaMTo1QxJFczZt0RVPtDPwmVip5EEQpNsqzig=,iv:gWqFTUP7PAk5QzRfKFpTD5iCdneciih0HM8am8+TS/8=,tag:E1QY6PnM3oFZm/qfrL/8dg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.12.1

59
hosts/sid/services/nginx.nix
View file

@ -25,12 +25,12 @@ in
enable = true; enable = true;
config = with constants; '' config = with constants; ''
.:53 { .:53 {
bind ${hosts.sid.ip} bind 127.0.0.1 ${hosts.sid.ip}
hosts { hosts {
${hosts.rx4.ip} ${services.vaultwarden.fqdn} # ${hosts.rx4.ip} ${services.vaultwarden.fqdn}
${hosts.rx4.ip} ${services.webdav.fqdn} # ${hosts.rx4.ip} ${services.webdav.fqdn}
${hosts.rx4.ip} rx4.tail ${hosts.rx4.ip} rx4.tail
${hosts.sid.ip} ${services.netdata.fqdn} # ${hosts.sid.ip} ${services.netdata.fqdn}
${hosts.sid.ip} sid.tail ${hosts.sid.ip} sid.tail
${hosts.vde.ip} vde.tail ${hosts.vde.ip} vde.tail
fallthrough fallthrough
@ -43,15 +43,6 @@ in
''; '';
}; };
security.acme = {
certs."${constants.intranet}" = {
domain = "*.${constants.intranet}";
webroot = null;
dnsProvider = "hetzner";
credentialsFile = config.sops.templates.hetzner-dns-api-key.path;
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -71,10 +62,10 @@ in
address = constants.hosts.rx4.ip; address = constants.hosts.rx4.ip;
port = constants.services.miniflux.port; port = constants.services.miniflux.port;
}; };
virtualHosts."${constants.services.netdata.fqdn}" = mkVirtualHost { # virtualHosts."${constants.services.netdata.fqdn}" = mkVirtualHost {
inherit ssl; # inherit ssl;
port = constants.services.netdata.port; # port = constants.services.netdata.port;
}; # };
virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost { virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost {
inherit ssl; inherit ssl;
address = constants.hosts.rx4.ip; address = constants.hosts.rx4.ip;
@ -92,16 +83,16 @@ in
address = constants.hosts.rx4.ip; address = constants.hosts.rx4.ip;
port = constants.services.rsshub-oci.port; port = constants.services.rsshub-oci.port;
}; };
virtualHosts."${constants.services.vaultwarden.fqdn}" = mkVirtualHost { # virtualHosts."${constants.services.vaultwarden.fqdn}" = mkVirtualHost {
inherit ssl; # inherit ssl;
address = constants.hosts.rx4.ip; # address = constants.hosts.rx4.ip;
port = constants.services.vaultwarden.port; # port = constants.services.vaultwarden.port;
}; # };
virtualHosts."${constants.services.webdav.fqdn}" = mkVirtualHost { # virtualHosts."${constants.services.webdav.fqdn}" = mkVirtualHost {
inherit ssl; # inherit ssl;
address = constants.hosts.rx4.ip; # address = constants.hosts.rx4.ip;
port = constants.services.webdav.port; # port = constants.services.webdav.port;
}; # };
# FIXME # FIXME
# virtualHosts."print.sid.ovh" = { # virtualHosts."print.sid.ovh" = {
# enableACME = true; # enableACME = true;
@ -112,18 +103,4 @@ in
# }; # };
# }; # };
}; };
sops =
let
owner = "acme";
group = "acme";
mode = "0400";
in
{
secrets.hetzner-dns-api-key = { inherit owner group mode; };
templates.hetzner-dns-api-key = {
inherit owner group mode;
content = "HETZNER_API_TOKEN=${config.sops.placeholder.hetzner-dns-api-key}";
};
};
} }