Add reverse proxy for valetudo

Clean up
Fix VLANs
2024-10-06 19:16:05 -06:00 · 2024-10-06 17:15:25 -06:00 · 2024-10-06 17:11:58 -06:00 · 2024-10-06 17:07:53 -06:00 · 2024-10-06 17:06:28 -06:00 · 2024-07-17 21:42:43 -06:00
6 changed files with 29 additions and 22 deletions
--- a/common/pc/audio.nix
+++ b/common/pc/audio.nix
@ -19,6 +19,15 @@ in
      jack.enable = true;
    };
    services.pipewire.extraConfig.pipewire."92-fix-wine-audio" = {
      context.properties = {
        default.clock.rate = 48000;
        default.clock.quantum = 2048;
        default.clock.min-quantum = 512;
        default.clock.max-quantum = 2048;
      };
    };
    users.users.googlebot.extraGroups = [ "audio" ];
    # bt headset support
--- a/common/pc/chromium.nix
+++ b/common/pc/chromium.nix
@ -41,7 +41,7 @@ in
        "SpellcheckLanguage" = [ "en-US" ];
      };
      defaultSearchProviderSuggestURL = null;
-      defaultSearchProviderSearchURL = " https://duckduckgo.com/?q={searchTerms}&kp=-1&kl=us-en";
+      defaultSearchProviderSearchURL = "https://duckduckgo.com/?q={searchTerms}&kp=-1&kl=us-en";
    };
    # hardware accelerated video playback (on intel)
@ -52,7 +52,7 @@ in
        # ungoogled = true;
        # --enable-native-gpu-memory-buffers # fails on AMD APU
        # --enable-webrtc-vp9-support
-        commandLineArgs = "--use-vulkan --use-gl=desktop --enable-zero-copy --enable-hardware-overlays --enable-features=VaapiVideoDecoder,CanvasOopRasterization --ignore-gpu-blocklist --enable-accelerated-mjpeg-decode --enable-accelerated-video  --enable-gpu-rasterization";
+        commandLineArgs = "--use-vulkan";
      };
    };
    # todo vulkan in chrome
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
@ -89,5 +89,8 @@ in
    # for luks onlock over tor
    services.tor.enable = true;
    services.tor.client.enable = true;
    # Enable wayland support in various chromium based applications
    environment.sessionVariables.NIXOS_OZONE_WL = "1";
  };
 }
--- a/common/pc/vscodium.nix
+++ b/common/pc/vscodium.nix
@ -11,6 +11,8 @@ let
    golang.go
    jnoortheen.nix-ide
    ms-vscode.cpptools
    rust-lang.rust-analyzer
    vadimcn.vscode-lldb
  ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
    {
      name = "platformio-ide";
@ -18,6 +20,12 @@ let
      version = "3.1.1";
      sha256 = "g9yTG3DjVUS2w9eHGAai5LoIfEGus+FPhqDnCi4e90Q=";
    }
    {
      name = "wgsl-analyzer";
      publisher = "wgsl-analyzer";
      version = "0.8.1";
      sha256 = "ckclcxdUxhjWlPnDFVleLCWgWxUEENe0V328cjaZv+Y=";
    }
  ];
  vscodium-with-extensions = pkgs.vscode-with-extensions.override {
--- a/machines/storage/s0/default.nix
+++ b/machines/storage/s0/default.nix
@ -194,9 +194,6 @@
        (mkVirtualHost "music.s0.neet.dev" "http://localhost:4533")
        (mkVirtualHost "jellyfin.s0.neet.dev" "http://localhost:8096")
        (mkVirtualHost "s0.neet.dev" "http://localhost:56815")
        (mkVirtualHost "ha.s0.neet.dev" "http://localhost:8123") # home assistant
        (mkVirtualHost "esphome.s0.neet.dev" "http://localhost:6052")
        (mkVirtualHost "zigbee.s0.neet.dev" "http://localhost:55834")
        {
          # Landing page LAN redirect
          "s0" = {
@ -204,27 +201,20 @@
            redirectCode = 302;
            globalRedirect = "s0.neet.dev";
          };
        }
        (mkVirtualHost "ha.s0.neet.dev" "http://localhost:8123") # home assistant
        (mkVirtualHost "esphome.s0.neet.dev" "http://localhost:6052")
        (mkVirtualHost "zigbee.s0.neet.dev" "http://localhost:55834")
        {
          "frigate.s0.neet.dev" = {
            # Just configure SSL, frigate module configures the rest of nginx
            useACMEHost = "s0.neet.dev";
            forceSSL = true;
          };
        }
        (mkVirtualHost "vacuum.s0.neet.dev" "http://192.168.1.125") # valetudo
      ];
    # Problem #1: Keeping certain programs from being accessed from certain external networks/VLANs
    # Solution #1: Isolate that service in a container system that automatically fowards the ports to the right network interface(s)
    # Solution #2: Don't open the firewall for these services, manually open the ports instead for the specific network interface(s) (trickier and easy to miss ports or ports can change)
    # Untrusted network list:
    #  - VLANs [cameras]
    # Problem #2: Untrusted internal services. Prevent them from accessing certain internal services (usually key unauth'd services like frigate)
    # Solution #1: Isolate the untrusted services into their own container
    # Untrusted services list:
    #  - Unifi? (it already has access to the cameras anyway?)
    #  - torrenting, *arr (worried about vulns)
    tailscaleAuth = {
      enable = true;
      virtualHosts = [
@ -241,6 +231,7 @@
        # "ha.s0.neet.dev" # messes up home assistant
        "esphome.s0.neet.dev"
        "zigbee.s0.neet.dev"
        "vacuum.s0.neet.dev"
      ];
      expectedTailnet = "koi-bebop.ts.net";
    };
--- a/machines/storage/s0/hardware-configuration.nix
+++ b/machines/storage/s0/hardware-configuration.nix
@ -60,10 +60,6 @@
  swapDevices = [ ];
  networking.vlans = {
    default = {
      id = 1;
      interface = "eth1";
    };
    iot = {
      id = 2;
      interface = "eth1";
Author	SHA1	Message	Date
Zuckerberg	e56271b2c3	Add reverse proxy for valetudo All checks were successful Check Flake / check-flake (push) Successful in 1m6s Details	2024-10-06 19:16:05 -06:00
Zuckerberg	f9ef5e4b89	Clean up	2024-10-06 17:15:25 -06:00
Zuckerberg	e516bd87b5	Fix VLANs	2024-10-06 17:11:58 -06:00
Zuckerberg	7c9c657bd0	Fix audio stuttering in wine/proton See: https://old.reddit.com/r/linux_gaming/comments/11yp7ig/pipewire_audio_stuttering_when_playing_games_or/	2024-10-06 17:07:53 -06:00
Zuckerberg	dff7d65456	vscodium WGSL support	2024-10-06 17:06:28 -06:00
Zuckerberg	d269d2e5a0	Enable wayland support in chromium based apps	2024-07-17 21:42:43 -06:00
Zuckerberg	2527b614e9	vscodium rust dev support	2024-07-17 21:15:33 -06:00
Zuckerberg	528a53a606	Fix chromium acceleration and wayland support	2024-07-17 21:15:02 -06:00