flake/hosts/vultr/sin0/default.nix

{ lib, ... }:
{
  imports = [
    ./anti-feature.nix

    ./services/telegram-bot/danbooru_img_bot.nix
    ./services/ip-checker.nix
    ./services/redlib.nix

    ../../../nixos/profiles/sing-box-server
  ];

  _module.args.ports = import ./ports.nix;

  system.stateVersion = "24.05";

  networking.firewall.allowedUDPPorts = [ 443 ];
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  sops.secrets = lib.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) {
    "tg/danbooru_img_bot" = { };
  };

  services.caddy.enable = true;
  services.caddy.settings.apps.http.servers.srv0 = {
    listen = [ ":443" ];
    trusted_proxies = {
      # https://www.cloudflare.com/ips/
      ranges = [
        "173.245.48.0/20"
        "103.21.244.0/22"
        "103.22.200.0/22"
        "103.31.4.0/22"
        "141.101.64.0/18"
        "108.162.192.0/18"
        "190.93.240.0/20"
        "188.114.96.0/20"
        "197.234.240.0/22"
        "198.41.128.0/17"
        "162.158.0.0/15"
        "104.16.0.0/13"
        "104.24.0.0/14"
        "172.64.0.0/13"
        "131.0.72.0/22"

        "2400:cb00::/32"
        "2606:4700::/32"
        "2803:f800::/32"
        "2405:b500::/32"
        "2405:8100::/32"
        "2a06:98c0::/29"
        "2c0f:f248::/32"
      ];
      source = "static";
    };
    trusted_proxies_strict = 1;
  };
}
sin0: add telegram danbooru_img_bot 2024-10-07 08:07:24 +00:00			`{ lib, ... }:`
infra: init opentofu 2024-09-21 16:21:30 +00:00			`{`
tyo0: move redlib to sin0 2024-09-21 20:35:35 +00:00			`imports = [`
fixup 2024-09-30 15:45:26 +00:00			`./anti-feature.nix`
tyo0: move redlib to sin0 2024-09-21 20:35:35 +00:00
sin0: add telegram danbooru_img_bot 2024-10-07 08:07:24 +00:00			`./services/telegram-bot/danbooru_img_bot.nix`
sin0: add ip-checker 2024-10-19 04:54:55 +00:00			`./services/ip-checker.nix`
tyo0: move redlib to sin0 2024-09-21 20:35:35 +00:00			`./services/redlib.nix`

			`../../../nixos/profiles/sing-box-server`
			`];`
sin0: add sing-box 2024-09-21 20:19:03 +00:00
nixos/ports: use _module.args 2024-10-19 05:00:06 +00:00			`_module.args.ports = import ./ports.nix;`

infra: init opentofu 2024-09-21 16:21:30 +00:00			`system.stateVersion = "24.05";`

			`networking.firewall.allowedUDPPorts = [ 443 ];`
			`networking.firewall.allowedTCPPorts = [`
			`80`
			`443`
			`];`

sin0: add telegram danbooru_img_bot 2024-10-07 08:07:24 +00:00			`sops.secrets = lib.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) {`
			`"tg/danbooru_img_bot" = { };`
			`};`

infra: init opentofu 2024-09-21 16:21:30 +00:00			`services.caddy.enable = true;`
			`services.caddy.settings.apps.http.servers.srv0 = {`
			`listen = [ ":443" ];`
flake: bump 2024-10-19 09:30:29 +00:00			`trusted_proxies = {`
			`# https://www.cloudflare.com/ips/`
			`ranges = [`
			`"173.245.48.0/20"`
			`"103.21.244.0/22"`
			`"103.22.200.0/22"`
			`"103.31.4.0/22"`
			`"141.101.64.0/18"`
			`"108.162.192.0/18"`
			`"190.93.240.0/20"`
			`"188.114.96.0/20"`
			`"197.234.240.0/22"`
			`"198.41.128.0/17"`
			`"162.158.0.0/15"`
			`"104.16.0.0/13"`
			`"104.24.0.0/14"`
			`"172.64.0.0/13"`
			`"131.0.72.0/22"`

			`"2400:cb00::/32"`
			`"2606:4700::/32"`
			`"2803:f800::/32"`
			`"2405:b500::/32"`
			`"2405:8100::/32"`
			`"2a06:98c0::/29"`
			`"2c0f:f248::/32"`
			`];`
			`source = "static";`
			`};`
			`trusted_proxies_strict = 1;`
infra: init opentofu 2024-09-21 16:21:30 +00:00			`};`
			`}`