diff --git a/hosts/sazed/machine.nix b/hosts/sazed/machine.nix index f5401ca..48ba292 100755 --- a/hosts/sazed/machine.nix +++ b/hosts/sazed/machine.nix @@ -38,7 +38,7 @@ in rg = { ip = "192.168.10.5"; - isLighthouse = true; + isLighthouse = false; #Local firewall doesn't allow world access to 4242. machineId = "4307a85c4d5e403fbd89fc34f27527e1"; machineType = "amd"; class = "workstation"; diff --git a/modules/attic.nix b/modules/attic.nix index df56072..f43dc9c 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -2,7 +2,7 @@ let port = toString 33763; dbUser = config.services.atticd.user; - host = "https://cache.${config.rg.domain}"; + host = "cache.${config.rg.domain}"; in { @@ -79,7 +79,7 @@ in # but since we're using the shorthand, it doesn't. systemd.services.atticd.after = [ "postgresql.service" "nss-lookup.target" ]; - services.caddy.virtualHosts."cache.${config.networking.fqdn}" = { + services.caddy.virtualHosts."${host}" = { useACMEHost = "rafael.ovh"; extraConfig = '' encode zstd gzip @@ -87,7 +87,7 @@ in header { Strict-Transport-Security "max-age=2592000; includeSubDomains" } - reverse_proxy http://127.0.0.1:${port} + reverse_proxy http://${config.rg.ip}:${port} ''; }; diff --git a/modules/core/nebula.nix b/modules/core/nebula.nix index 99004b9..81f1788 100644 --- a/modules/core/nebula.nix +++ b/modules/core/nebula.nix @@ -28,7 +28,7 @@ in key = config.age.secrets.RGNet-key.path; tun.device = "nebula0"; ca = config.age.secrets.RGNet-CA.path; - lighthouses = lib.optionals (!isLighthouse) [ "192.168.10.5" "192.168.10.9" ]; + lighthouses = lib.optionals (!isLighthouse) [ "192.168.10.9" ]; settings = { cipher = "aes"; pki = { @@ -55,8 +55,6 @@ in staticHostMap = { "192.168.10.9" = [ "128.140.110.89:4242" "[2a01:4f8:1c1e:aead::1]:4242" ]; - "192.168.10.5" = - [ "193.136.164.205:4242" "[2001:690:2100:82::205]:4242" ]; }; firewall.outbound = [{ host = "any";