From 38bea3ca195094babf63c72560505a8a73ce6d34 Mon Sep 17 00:00:00 2001 From: albert Date: Mon, 26 Aug 2024 21:46:56 +0900 Subject: [PATCH] Full tunnel for Vintage Story --- nixos/hosts/frankfurt-linode-01/firewall.nix | 11 +++++-- nixos/hosts/frankfurt-linode-01/wireguard.nix | 6 ++++ nixos/hosts/osaka-linode-01/firewall.nix | 9 +++++- nixos/hosts/osaka-linode-01/wireguard.nix | 7 +++++ nixos/hosts/warsaw-ovh-01/cron.nix | 29 ------------------- 5 files changed, 30 insertions(+), 32 deletions(-) delete mode 100644 nixos/hosts/warsaw-ovh-01/cron.nix diff --git a/nixos/hosts/frankfurt-linode-01/firewall.nix b/nixos/hosts/frankfurt-linode-01/firewall.nix index df3e5938..6b0b00f3 100644 --- a/nixos/hosts/frankfurt-linode-01/firewall.nix +++ b/nixos/hosts/frankfurt-linode-01/firewall.nix @@ -73,10 +73,17 @@ option forwardfor option forwarded server warsaw-ovh-01 10.100.0.2:443 ssl verify required ca-file ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt sni req.hdr(Host) - + + frontend vintage-story + mode tcp + bind :42420 + default_backend backend_tcp + backend backend_tcp + mode tcp + server vintage-story-wg 10.100.1.5 + frontend tcp mode tcp - bind :42420 bind :25565 bind :4443 default_backend backend_tcp diff --git a/nixos/hosts/frankfurt-linode-01/wireguard.nix b/nixos/hosts/frankfurt-linode-01/wireguard.nix index 0e8ae6a5..e173a98b 100644 --- a/nixos/hosts/frankfurt-linode-01/wireguard.nix +++ b/nixos/hosts/frankfurt-linode-01/wireguard.nix @@ -65,6 +65,12 @@ allowedIPs = [ "10.100.1.3/32" ]; persistentKeepalive = 5; } + { # framework-server docker:wg-vintage-story + publicKey = "jv36MtY5XV18jirGm7nJTgePJEobhhVd1rf53EUxY1U="; + presharedKeyFile = "/run/secrets/preshared_key"; + allowedIPs = [ "10.100.1.5/32" ]; + persistentKeepalive = 5; + } ]; }; }; diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index 78a4a619..1ea1f360 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -76,7 +76,6 @@ frontend tcp mode tcp - bind :42420 bind :25565 bind :4443 default_backend backend_tcp @@ -96,6 +95,14 @@ backend backend_mail mode tcp server mailserver-wg 10.100.1.3 + + frontend vintage-story + mode tcp + bind :42420 + default_backend backend_tcp + backend backend_tcp + mode tcp + server vintage-story-wg 10.100.1.5 ''; }; } diff --git a/nixos/hosts/osaka-linode-01/wireguard.nix b/nixos/hosts/osaka-linode-01/wireguard.nix index 358d8bb6..525c426a 100644 --- a/nixos/hosts/osaka-linode-01/wireguard.nix +++ b/nixos/hosts/osaka-linode-01/wireguard.nix @@ -65,9 +65,16 @@ allowedIPs = [ "10.100.1.3/32" ]; persistentKeepalive = 5; } + { # framework-server docker:wg-vintage-story + publicKey = "jv36MtY5XV18jirGm7nJTgePJEobhhVd1rf53EUxY1U="; + presharedKeyFile = "/run/secrets/preshared_key"; + allowedIPs = [ "10.100.1.5/32" ]; + persistentKeepalive = 5; + } ]; }; }; }; } + diff --git a/nixos/hosts/warsaw-ovh-01/cron.nix b/nixos/hosts/warsaw-ovh-01/cron.nix deleted file mode 100644 index b201e216..00000000 --- a/nixos/hosts/warsaw-ovh-01/cron.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: { - services.cron = { - enable = false; - systemCronJobs = [ - # Backups to nuc-docker01 - ''0 0 * * * root rsync --delete -avr /Storage/Data/Docker/sysctl.io/ root@nuc-docker01:/Storage/Data/Docker/sysctl.io/'' - ''0 3 * * * root rsync -avr /Storage/Data/Docker/sysctl.io/nextcloud/html/data/albert/files/InstantUpload/ root@nuc-docker01:/Storage/Media/Pictures/InstantUpload/'' - ''0 5 * * * root rsync -avr /Storage/Data/Docker/sysctl.io/nextcloud/html/data/albert/files/Wallpapers/ root@nuc-docker01:/Storage/Media/Pictures/Wallpapers'' - # Back up the docker containers monthly: - ''@monthly root ssh nuc-docker01 "rm -rf /Storage/Backups/Docker/sysctl.io/*"; for i in $(docker ps --format '{{.Names}}'); do docker export $i | gzip -cf | ssh root@nuc-docker01 "cat > /Storage/Backups/Docker/sysctl.io/$i.tar.gz"; done'' - # Run the ClamAV scan - ''@monthly root /Storage/Data/docker-compose/sysctl.io/scripts/clamscan-cron.sh'' - # Archive Loki logs monthly - ''@monthly root /Storage/Data/docker-compose/sysctl.io/scripts/backup-logs.sh >> /Storage/Data/Temporary/log_backups.log'' - # Run the Nextcloud cronjobs hourly - ''@hourly root docker exec -uwww-data nextcloud php -f /var/www/html/cron.php'' - # Run the Pixelfed scheduler - ''* * * * * root docker exec pixelfed-app php artisan schedule:run'' - # Update / CLean Mastodon caches - ''@daily root docker exec mastodon-web tootctl preview_cards remove --days 7'' - ''@daily root docker exec mastodon-web tootctl media remove --days 7 --prune-profiles'' - ''@daily root docker exec mastodon-web tootctl accounts prune'' - ''@daily root docker exec mastodon-web tootctl statuses remove --days 7'' - ''@daily root docker exec mastodon-web tootctl media remove --remove-headers --include-follows --days 7'' - ''@daily root docker exec mastodon-web tootctl preview_cards remove --days 7'' - ''@daily root docker exec mastodon-web tootctl media remove-orphans'' - ]; - }; -}