flake: update

morn: add swapfile
leonard: add swapfile
2026-04-28 14:51:03 +02:00 · 2026-04-08 22:17:03 +02:00 · 2026-04-08 22:14:25 +02:00 · 2026-04-08 22:03:14 +02:00 · 2026-04-08 21:15:15 +02:00 · 2026-04-08 21:15:15 +02:00
6 changed files with 49 additions and 12 deletions
--- a/base.nix
+++ b/base.nix
@@ -6,7 +6,7 @@

  networking = {
    domain = lib.mkDefault "home.feal.no";
-    nameservers = lib.mkDefault [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ];
+    nameservers = lib.mkDefault [ "192.168.10.175" "192.168.10.1" ];
    useDHCP = lib.mkDefault false;
  };

--- a/flake.lock
+++ b/flake.lock
@@ -135,11 +135,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1775610697,
-        "narHash": "sha256-fw3+p16ZokENxpWPCLR7ngHUPz5lPvZZzKpQUwRgiXE=",
+        "lastModified": 1777339890,
+        "narHash": "sha256-/8cNnAn4FMZgIEEWf9chqo2ffH6bu/vDoJR8mnaNjtM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4f9024bce4025dc9a16d9fb27dd258d6cdf52862",
+        "rev": "fcf51609c44b7781822f4258feb16f15085ff47d",
        "type": "github"
      },
      "original": {
@@ -178,11 +178,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1775423009,
-        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
+        "lastModified": 1776877367,
+        "narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
+        "rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
        "type": "github"
      },
      "original": {
--- a/hosts/defiant/services/nginx.nix
+++ b/hosts/defiant/services/nginx.nix
@@ -35,7 +35,7 @@ in {
  #   dnsProvider = "domeneshop";
  #   environmentFile = config.sops.secrets."domeneshop/acme".path;
  #   webroot = null;
-  # }
+  # };
  sops.secrets."domeneshop/acme" = {
    group = "nginx";
  };
@@ -63,15 +63,40 @@ in {
      '';
    } // overrides;
  in {
-    "amalie.mansaker.no" = publicProxy "http://leonard.home.feal.no/" { };
    "cloud.feal.no" = publicProxy "" {
+      listen = [
+        { addr = "192.168.10.175"; port = 43443; ssl = true; }
+        { addr = "192.168.10.175"; port = 43080; ssl = false; }
+        # Note: cloud.feal.no is overriden in the local DNS, to allow use through Wireguard VPN
+        { addr = "192.168.10.175"; port =   443; ssl = true; }
+        { addr = "192.168.10.175"; port =    80; ssl = false; }
+      ];
      locations."/" = {
        proxyPass = "http://challenger.home.feal.no";
        extraConfig = ''
          client_max_body_size 8G;
        '';
      };
+      extraConfig = ''
+          # Direct local traffic and NAT Hairpin
+          allow 192.168.10.0/24;
+
+          # Wireguard
+          allow 10.100.0.0/24;
+
+          # AS16185
+          allow 82.146.64.0/19;
+          allow 217.31.96.0/20;
+          allow 185.166.44.0/22;
+
+          # NTNU
+          allow 129.241.0.0/16;
+
+          deny all;
+      '';
    };
+
+    "amalie.mansaker.no" = publicProxy "http://leonard.home.feal.no/" { };
    "feal.no" = publicProxy "http://leonard.home.feal.no/" { serverAliases = [ "www.feal.no" ]; };
    "git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" { default = true; };
    "iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { };
@@ -79,4 +104,10 @@ in {
    "kinealbrigtsen.no" = publicProxy "http://leonard.home.feal.no/" { serverAliases = [ "www.kinealbrigtsen.no" ]; };
    "wiki.wackattack.eu" = publicProxy "http://leonard.home.feal.no/" { };
  };
+
+  security.acme.certs."cloud.feal.no" = {
+    dnsProvider = "domeneshop";
+    environmentFile = config.sops.secrets."domeneshop/acme".path;
+    webroot = null;
+  };
 }
--- a/hosts/leonard/hardware-configuration.nix
+++ b/hosts/leonard/hardware-configuration.nix
@@ -15,7 +15,10 @@
      fsType = "ext4";
    };

-  swapDevices = [ ]; # TODO
+  swapDevices = [ {
+    device = "/swapfile";
+    size = 4*1024;
+  } ];

  networking.useDHCP = lib.mkDefault false;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
--- a/hosts/morn/hardware-configuration.nix
+++ b/hosts/morn/hardware-configuration.nix
@@ -24,7 +24,10 @@
      options = [ "fmask=0077" "dmask=0077" ];
    };

-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/swapfile";
+    size = 4*1024;
+  } ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/hosts/sisko/home.nix
+++ b/hosts/sisko/home.nix
@@ -37,7 +37,7 @@

    exiftool
    ghidra
-    pwndbg-gdb-alias
+    pwndbg
    snicat

    # Window Manager Extras
Author	SHA1	Message	Date
Felix Albrigtsen	39f73a21b2	flake: update	2026-04-28 14:51:03 +02:00
Felix Albrigtsen	92f7943221	morn: add swapfile	2026-04-08 22:17:03 +02:00
Felix Albrigtsen	41ed408c23	leonard: add swapfile	2026-04-08 22:14:25 +02:00
Felix Albrigtsen	7918ebd7ea	defiant/nginx: ip allowlist on nextcloud	2026-04-08 22:03:14 +02:00
Felix Albrigtsen	7401e3bb5e	sisko: replace pwndbg	2026-04-08 21:15:15 +02:00
Felix Albrigtsen	817b959d36	base: remove fallback dns resolver	2026-04-08 21:15:15 +02:00