Compare commits
2 Commits
5e9029196e
...
b83b70cb23
| Author | SHA1 | Date | |
|---|---|---|---|
|
b83b70cb23 | ||
|
|
7aa42a7ae8 |
@ -1,59 +0,0 @@
|
||||
{
|
||||
"system_login_user_vyos_authentication_encryptedpassword": "ENC[AES256_GCM,data:LMItDzOvWkn8KJZNPtRx+HBeZ346TWsFW4HRayqBBFVoyGX8aA0TvqjkC+6TLg+YhGNRL/Y4cnXAtePh7sE/NMJ5ihaG9wf+TCklrPmDDzjFXwuIGFhr7sEmgGsmYv0oqL0ztJvfb2buBtAc,iv:fhfMBfkO+UGsoiZr+5bsbYX9+cERGeECgo1oFe4MwGI=,tag:fJJsvZ4REqt3EjAAMvPakg==,type:str]",
|
||||
"system_login_user_vyos_authentication_otp_key": "ENC[AES256_GCM,data:dPzChtqcRrONEF4IjoosjBoUEi85CdAx5g2oQcU2KHgP8A==,iv:YdXnKZQH0tFzBsCFuLWFLHJ+UVkbak88GprjzHRLIyY=,tag:rs5/cwjkkPUWMHPpacsVWg==,type:str]",
|
||||
"sops": {
|
||||
"shamir_threshold": 2,
|
||||
"key_groups": [
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdysveFBRQUFtelI5YmVu\nakZmQmdaYmU2bG91K1F4RU51Q1BTMVFWb3dvClc2YitpcU1LK1FuajFrNG9TckRX\nUmE1RVliZmtNUFFjSnNwL3kwa0IzUGMKLS0tIDI4YitzWnNWWlRoU3ZGdXFkZzVn\nc3hoUk9LWEFmYmUwb2p5QWsxUXNPQ0UKGmYlumH9AXTX0kXN0zOOC+atXR7bDZHr\nf/d/qz9ynOJmK1jBhY4I9sxoeifkezWdl1mxkSee6RU0VekZn8GN8c0=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzKzBxU0NYTE9BVVZZaWc3\nNit2ZkZWMHRtMmxuL3JaTmQybWpQZTlvZFdzCkxmV0RkeWVxY2pyd0lMWUhtbVBF\nQ0pyMktoeXZYSkFRQ3FBYmI2akwwNlEKLS0tICsxcG9IR3dWc2hJVXI1REI1QU5H\nbnhZbHk4Nks0dGVPVVc5NDFiRkE5LzAKYxZNckU9X0WxSh/CFmAJg8qPc1RE4cH/\nTu/VC5n8AZLkBFWkXGNZH4IxU3drqd2rBBU9oo3bqNl8uqluE89sKxY=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWnRFRlNROVMxMFNtYWt3\nQkNMaVA2QWphaVVEd0sxc1Vtck5BVXFlZXhjClZjR2F6R0l0SGI1eGhtc3ZidWRU\nK3BGd0xIdXdGSjJia2ZzVFN4bmpRVzgKLS0tIHNPVE5kbUpXS0V4bTRXMHdZUjlH\nV0ZqbC9MbFZFYU9VTUhJU0M2WVc3MVkKAAeJHWVC1eygLtcTU0Bzh8ItfW7KgXJ8\npmpdOGVcdY6UvkTbia7mIIpyonCh4EuCzW+KMrbGcYRYItvwUmOkAm0=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbHRwbHVlQ1h3YThOSVZI\nWDlpN2hOTGVZcTluVkJpZU9UT1Y1VHc4Z2hvClAvblRaZCtOQU9DSEtWRnNYdlJU\nc3c5OFN0ZGtuNDhSS25EeC9KL0tyMzAKLS0tIEJvYTRpVjBqSS9PeVRpekIvVG5H\nMktvV0ZWdHgrSjY4RHVzVkt2WjM4TEUKj/UTs+CpHO1/dTOouz3XINlA4WlNERpa\nM0yF2wi5k1+VhrBF/svAulSXkpWH2rZKmY47hunf8r2r+GI30xg9eao=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGNOQUxQenpReWZ1R0dO\na2lBSmh3dXg4V1hvMzZoV3ZjU1pRS0VRbzBRClhNVU1ETUJsSkhEeFdOYU9kaGRI\naCtYc01KT2ZJWXFrK21nNlFEeUFzSUEKLS0tIHFQckN0eVlJZjJGTkFvNmFCMGlY\nWVJyRUY4aG9IUEZEOG5iMGR2aXNMTGcKMtL2iC5w4UXMv2bkjHgfgLRIX1IbcNao\nRu/rgYbRxYwj9pJVsGk6xslGh2SvWHsBQoAnu6U4LGscXQiT5KXy2BQ=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": null,
|
||||
"lastmodified": "2024-10-21T21:56:18Z",
|
||||
"mac": "ENC[AES256_GCM,data:NnBaJ92vq4QZws60NZQNIv7SSuFnMhFY2q2uIio3aIaW/KmMlUhHRS224obBvkqBWbn8zy28IE3AHeVEvKvD4/d17oRB8cafnPimqGaHh/jRmCWOCX1eS9/5cQuE9XLXR/maC6igo+G3mo5rcWrO6UISfUhY7I0qZGwotjfB38E=,iv:idx7KJgXrqUSbwNvvF82jJjpIF2hjyziqC6Op30HNKk=,tag:dH5S8rKtOEilIAxXaYPmwA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
}
|
||||
}
|
||||
@ -1,2 +0,0 @@
|
||||
#!/bin/bash
|
||||
PUBLIC_IP=$(curl ipinfo.io/ip)
|
||||
@ -1,787 +0,0 @@
|
||||
{
|
||||
"firewall": {
|
||||
"global-options": {
|
||||
"all-ping": "enable",
|
||||
"broadcast-ping": "disable",
|
||||
"ip-src-route": "disable",
|
||||
"ipv6-receive-redirects": "disable",
|
||||
"ipv6-src-route": "disable",
|
||||
"log-martians": "enable",
|
||||
"receive-redirects": "disable",
|
||||
"send-redirects": "enable",
|
||||
"source-validation": "disable",
|
||||
"syn-cookies": "enable",
|
||||
"timeout": {
|
||||
"tcp": {
|
||||
"time-wait": "15"
|
||||
}
|
||||
}
|
||||
},
|
||||
"group": {
|
||||
"interface-group": {
|
||||
"IG_LAN": {
|
||||
"interface": [
|
||||
"eth6"
|
||||
]
|
||||
},
|
||||
"IG_WAN": {
|
||||
"interface": [
|
||||
"eth5"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"ipv4": {
|
||||
"forward": {
|
||||
"filter": {
|
||||
"default-action": "accept",
|
||||
"rule": {
|
||||
"5": {
|
||||
"action": "jump",
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"jump-target": "WAN_IN"
|
||||
},
|
||||
"101": {
|
||||
"action": "accept",
|
||||
"inbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
},
|
||||
"outbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
}
|
||||
},
|
||||
"106": {
|
||||
"action": "jump",
|
||||
"inbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
},
|
||||
"jump-target": "WAN_IN",
|
||||
"outbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
}
|
||||
},
|
||||
"111": {
|
||||
"action": "drop",
|
||||
"description": "zone_LAN default-action",
|
||||
"outbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
}
|
||||
},
|
||||
"116": {
|
||||
"action": "accept",
|
||||
"inbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
},
|
||||
"outbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
}
|
||||
},
|
||||
"121": {
|
||||
"action": "jump",
|
||||
"inbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
},
|
||||
"jump-target": "IN_WAN",
|
||||
"outbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
}
|
||||
},
|
||||
"126": {
|
||||
"action": "drop",
|
||||
"description": "zone_WAN default-action",
|
||||
"outbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"input": {
|
||||
"filter": {
|
||||
"default-action": "accept",
|
||||
"rule": {
|
||||
"5": {
|
||||
"action": "jump",
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"jump-target": "WAN_LOCAL"
|
||||
},
|
||||
"101": {
|
||||
"action": "jump",
|
||||
"inbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
},
|
||||
"jump-target": "IN_LOCAL"
|
||||
},
|
||||
"106": {
|
||||
"action": "jump",
|
||||
"inbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
},
|
||||
"jump-target": "WAN_LOCAL"
|
||||
},
|
||||
"111": {
|
||||
"action": "drop"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"name": {
|
||||
"IN_LOCAL": {
|
||||
"default-action": "accept"
|
||||
},
|
||||
"IN_WAN": {
|
||||
"default-action": "accept"
|
||||
},
|
||||
"LOCAL_IN": {
|
||||
"default-action": "accept"
|
||||
},
|
||||
"LOCAL_WAN": {
|
||||
"default-action": "accept"
|
||||
},
|
||||
"WAN_IN": {
|
||||
"default-action": "drop",
|
||||
"description": "WAN to internal",
|
||||
"rule": {
|
||||
"10": {
|
||||
"action": "accept",
|
||||
"description": "Allow established/related"
|
||||
},
|
||||
"20": {
|
||||
"action": "drop",
|
||||
"description": "Drop invalid state"
|
||||
},
|
||||
"1000": {
|
||||
"action": "accept",
|
||||
"description": "Plex",
|
||||
"destination": {
|
||||
"port": "32400"
|
||||
},
|
||||
"protocol": "tcp_udp"
|
||||
},
|
||||
"1001": {
|
||||
"action": "accept",
|
||||
"description": "BitTorrent",
|
||||
"destination": {
|
||||
"port": "49500"
|
||||
},
|
||||
"protocol": "tcp_udp"
|
||||
},
|
||||
"1002": {
|
||||
"action": "accept",
|
||||
"description": "WireGuard",
|
||||
"destination": {
|
||||
"port": "53820-53829"
|
||||
},
|
||||
"protocol": "tcp_udp"
|
||||
},
|
||||
"1003": {
|
||||
"action": "accept",
|
||||
"description": "Minecraft",
|
||||
"destination": {
|
||||
"port": "25565"
|
||||
},
|
||||
"protocol": "tcp_udp"
|
||||
},
|
||||
"1005": {
|
||||
"action": "accept",
|
||||
"description": "Web",
|
||||
"destination": {
|
||||
"port": "443,80"
|
||||
},
|
||||
"protocol": "tcp_udp"
|
||||
}
|
||||
}
|
||||
},
|
||||
"WAN_LOCAL": {
|
||||
"default-action": "drop",
|
||||
"description": "WAN to router",
|
||||
"rule": {
|
||||
"10": {
|
||||
"action": "accept",
|
||||
"description": "Allow established/related"
|
||||
},
|
||||
"20": {
|
||||
"action": "accept",
|
||||
"protocol": "icmp"
|
||||
},
|
||||
"30": {
|
||||
"action": "drop",
|
||||
"description": "Drop invalid state"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"output": {
|
||||
"filter": {
|
||||
"default-action": "accept",
|
||||
"rule": {
|
||||
"101": {
|
||||
"action": "jump",
|
||||
"jump-target": "LOCAL_IN",
|
||||
"outbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
}
|
||||
},
|
||||
"106": {
|
||||
"action": "jump",
|
||||
"jump-target": "LOCAL_WAN",
|
||||
"outbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
}
|
||||
},
|
||||
"111": {
|
||||
"action": "drop"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"ipv6": {
|
||||
"forward": {
|
||||
"filter": {
|
||||
"default-action": "accept",
|
||||
"rule": {
|
||||
"101": {
|
||||
"action": "accept",
|
||||
"inbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
},
|
||||
"outbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
}
|
||||
},
|
||||
"106": {
|
||||
"action": "drop",
|
||||
"description": "zone_LAN default-action",
|
||||
"outbound-interface": {
|
||||
"group": "IG_LAN"
|
||||
}
|
||||
},
|
||||
"111": {
|
||||
"action": "accept",
|
||||
"inbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
},
|
||||
"outbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
}
|
||||
},
|
||||
"116": {
|
||||
"action": "drop",
|
||||
"description": "zone_WAN default-action",
|
||||
"outbound-interface": {
|
||||
"group": "IG_WAN"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"input": {
|
||||
"filter": {
|
||||
"default-action": "accept",
|
||||
"rule": {
|
||||
"101": {
|
||||
"action": "drop"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"output": {
|
||||
"filter": {
|
||||
"default-action": "accept",
|
||||
"rule": {
|
||||
"101": {
|
||||
"action": "drop"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"interfaces": {
|
||||
"ethernet": {
|
||||
"eth0": {
|
||||
"hw-id": "d4:3d:7e:94:6e:eb",
|
||||
"offload": {
|
||||
"gro": {}
|
||||
}
|
||||
},
|
||||
"eth5": {
|
||||
"address": [
|
||||
"dhcp"
|
||||
],
|
||||
"hw-id": "6c:b3:11:32:46:24",
|
||||
"offload": {
|
||||
"gro": {},
|
||||
"gso": {},
|
||||
"sg": {},
|
||||
"tso": {}
|
||||
}
|
||||
},
|
||||
"eth6": {
|
||||
"address": [
|
||||
"192.168.1.1/24"
|
||||
],
|
||||
"description": "Primary Switch",
|
||||
"duplex": "auto",
|
||||
"hw-id": "6c:b3:11:32:46:25",
|
||||
"offload": {
|
||||
"gro": {},
|
||||
"gso": {},
|
||||
"rps": {},
|
||||
"sg": {},
|
||||
"tso": {}
|
||||
},
|
||||
"speed": "auto"
|
||||
}
|
||||
},
|
||||
"loopback": {
|
||||
"lo": {}
|
||||
}
|
||||
},
|
||||
"nat": {
|
||||
"destination": {
|
||||
"rule": {
|
||||
"1000": {
|
||||
"description": "Plex",
|
||||
"destination": {
|
||||
"port": "32400"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1001": {
|
||||
"description": "BitTorrent",
|
||||
"destination": {
|
||||
"port": "49500"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1002": {
|
||||
"description": "WireGuard",
|
||||
"destination": {
|
||||
"port": "53820-53829"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1003": {
|
||||
"description": "Minecraft",
|
||||
"destination": {
|
||||
"port": "25565"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1005": {
|
||||
"description": "Web",
|
||||
"destination": {
|
||||
"port": "443,80"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1100": {
|
||||
"description": "Plex (Hairpin NAT)",
|
||||
"destination": {
|
||||
"address": "$PUBLIC_IP",
|
||||
"port": "32400"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth6"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1102": {
|
||||
"description": "Wireguard (Hairpin NAT)",
|
||||
"destination": {
|
||||
"address": "$PUBLIC_IP",
|
||||
"port": "53820-53829"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth6"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1103": {
|
||||
"description": "Minecraft (Hairpin NAT)",
|
||||
"destination": {
|
||||
"address": "$PUBLIC_IP",
|
||||
"port": "25565"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth6"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
},
|
||||
"1105": {
|
||||
"description": "Web (Hairpin NAT)",
|
||||
"destination": {
|
||||
"address": "$PUBLIC_IP",
|
||||
"port": "80,443"
|
||||
},
|
||||
"inbound-interface": {
|
||||
"name": "eth6"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"translation": {
|
||||
"address": "192.168.1.23"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"source": {
|
||||
"rule": {
|
||||
"99": {
|
||||
"description": "Masquerade as public IP on internet",
|
||||
"outbound-interface": {
|
||||
"name": "eth5"
|
||||
},
|
||||
"source": {
|
||||
"address": "192.168.1.0/24"
|
||||
},
|
||||
"translation": {
|
||||
"address": "masquerade"
|
||||
}
|
||||
},
|
||||
"100": {
|
||||
"description": "NAT Reflection",
|
||||
"destination": {
|
||||
"address": "192.168.1.0/24"
|
||||
},
|
||||
"outbound-interface": {
|
||||
"name": "eth6"
|
||||
},
|
||||
"protocol": "tcp_udp",
|
||||
"source": {
|
||||
"address": "192.168.1.0/24"
|
||||
},
|
||||
"translation": {
|
||||
"address": "masquerade"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"qos": {
|
||||
"interface": {
|
||||
"eth5": {
|
||||
"ingress": "LIMITER"
|
||||
},
|
||||
"eth6": {
|
||||
"ingress": "LIMITER"
|
||||
}
|
||||
},
|
||||
"policy": {
|
||||
"limiter": {
|
||||
"LIMITER": {
|
||||
"default": {
|
||||
"bandwidth": "750mbit",
|
||||
"burst": "750mbit"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"service": {
|
||||
"dhcp-server": {
|
||||
"shared-network-name": {
|
||||
"LAN": {
|
||||
"option": {
|
||||
"domain-name": "local",
|
||||
"domain-search": [
|
||||
"local"
|
||||
],
|
||||
"name-server": [
|
||||
"192.168.1.32"
|
||||
]
|
||||
},
|
||||
"subnet": {
|
||||
"192.168.1.0/24": {
|
||||
"lease": "86400",
|
||||
"option": {
|
||||
"default-router": "192.168.1.1"
|
||||
},
|
||||
"range": {
|
||||
"1": {
|
||||
"start": "192.168.1.100",
|
||||
"stop": "192.168.1.254"
|
||||
}
|
||||
},
|
||||
"static-mapping": {
|
||||
"U6-Lite": {
|
||||
"ip-address": "192.168.1.3",
|
||||
"mac": "78:45:58:67:87:14"
|
||||
},
|
||||
"UAP-AC-LR": {
|
||||
"ip-address": "192.168.1.2",
|
||||
"mac": "18:e8:29:50:f7:5b"
|
||||
},
|
||||
"barbarian": {
|
||||
"ip-address": "192.168.1.10",
|
||||
"mac": "40:8d:5c:52:41:89"
|
||||
},
|
||||
"joey-desktop": {
|
||||
"ip-address": "192.168.1.100",
|
||||
"mac": "04:92:26:DA:BA:C5"
|
||||
},
|
||||
"joey-server2": {
|
||||
"ip-address": "192.168.1.24",
|
||||
"mac": "24:4b:fe:57:bc:85"
|
||||
},
|
||||
"joey-server3": {
|
||||
"ip-address": "192.168.1.25",
|
||||
"mac": "78:45:c4:05:4f:21"
|
||||
},
|
||||
"joey-server4": {
|
||||
"ip-address": "192.168.1.26",
|
||||
"mac": "90:2b:34:37:ce:e8"
|
||||
},
|
||||
"monk": {
|
||||
"ip-address": "192.168.1.11",
|
||||
"mac": "90:2b:34:37:ce:ea"
|
||||
},
|
||||
"paladin": {
|
||||
"ip-address": "192.168.1.12",
|
||||
"mac": "00:02:c9:50:d6:9a"
|
||||
},
|
||||
"pihole1": {
|
||||
"ip-address": "192.168.1.21",
|
||||
"mac": "b8:27:eb:3c:8e:bb"
|
||||
},
|
||||
"pihole2": {
|
||||
"ip-address": "192.168.1.22",
|
||||
"mac": "b8:27:eb:ff:76:6e"
|
||||
},
|
||||
"tasmota-1": {
|
||||
"ip-address": "192.168.1.50",
|
||||
"mac": "3C:61:05:F6:44:1E"
|
||||
},
|
||||
"tasmota-2": {
|
||||
"ip-address": "192.168.1.51",
|
||||
"mac": "3c:61:05:f6:d7:d3"
|
||||
},
|
||||
"tasmota-3": {
|
||||
"ip-address": "192.168.1.52",
|
||||
"mac": "3c:61:05:f6:f0:62"
|
||||
},
|
||||
"tasmota-55": {
|
||||
"ip-address": "192.168.1.55",
|
||||
"mac": "3C:61:05:F7:1F:C4"
|
||||
},
|
||||
"tasmota-cowboy-day": {
|
||||
"disable": {},
|
||||
"ip-address": "192.168.1.52",
|
||||
"mac": "3C:61:05:F6:F0:62"
|
||||
},
|
||||
"tasmota-figment-day": {
|
||||
"ip-address": "192.168.1.53",
|
||||
"mac": "3C:61:05:F6:60:A1"
|
||||
},
|
||||
"tasmota-figment-night": {
|
||||
"ip-address": "192.168.1.54",
|
||||
"mac": "3C:61:05:F7:34:CD"
|
||||
},
|
||||
"tasmota-lab-rack": {
|
||||
"disable": {},
|
||||
"ip-address": "192.168.1.51",
|
||||
"mac": "3C:61:05:F6:D7:D3"
|
||||
},
|
||||
"tasmota-sprout-day": {
|
||||
"ip-address": "192.168.1.57",
|
||||
"mac": "3C:61:05:F7:52:DB"
|
||||
},
|
||||
"tasmota-toes-day": {
|
||||
"disable": {},
|
||||
"ip-address": "192.168.1.50",
|
||||
"mac": "3C:61:05:F6:44:1E"
|
||||
},
|
||||
"tasmota-toes-night": {
|
||||
"ip-address": "192.168.1.56",
|
||||
"mac": "3C:61:05:F7:33:29"
|
||||
},
|
||||
"wyse1": {
|
||||
"ip-address": "192.168.1.31",
|
||||
"mac": "6c:2b:59:37:89:40"
|
||||
},
|
||||
"wyse2": {
|
||||
"ip-address": "192.168.1.32",
|
||||
"mac": "6c:2b:59:37:9e:91"
|
||||
},
|
||||
"wyse3": {
|
||||
"ip-address": "192.168.1.33",
|
||||
"mac": "6c:2b:59:37:9e:00"
|
||||
}
|
||||
},
|
||||
"subnet-id": "1"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"dns": {
|
||||
"forwarding": {
|
||||
"allow-from": [
|
||||
"192.168.1.0/24"
|
||||
],
|
||||
"cache-size": "1000000",
|
||||
"listen-address": [
|
||||
"192.168.1.1"
|
||||
],
|
||||
"name-server": {
|
||||
"192.168.1.32": {}
|
||||
}
|
||||
}
|
||||
},
|
||||
"monitoring": {
|
||||
"telegraf": {
|
||||
"prometheus-client": {}
|
||||
}
|
||||
},
|
||||
"ntp": {
|
||||
"allow-client": {
|
||||
"address": [
|
||||
"0.0.0.0/0",
|
||||
"::/0"
|
||||
]
|
||||
},
|
||||
"server": {
|
||||
"time-a-wwv.nist.gov": {},
|
||||
"time-b-wwv.nist.gov": {},
|
||||
"time-c-wwv.nist.gov": {},
|
||||
"time-d-wwv.nist.gov": {},
|
||||
"time-e-wwv.nist.gov": {}
|
||||
}
|
||||
},
|
||||
"ssh": {
|
||||
"disable-password-authentication": {},
|
||||
"port": [
|
||||
"22"
|
||||
]
|
||||
}
|
||||
},
|
||||
"system": {
|
||||
"config-management": {
|
||||
"commit-revisions": "200"
|
||||
},
|
||||
"conntrack": {
|
||||
"expect-table-size": "8192",
|
||||
"hash-size": "32768",
|
||||
"modules": {
|
||||
"ftp": {},
|
||||
"h323": {},
|
||||
"nfs": {},
|
||||
"pptp": {},
|
||||
"sip": {},
|
||||
"sqlnet": {},
|
||||
"tftp": {}
|
||||
},
|
||||
"table-size": "262144",
|
||||
"timeout": {}
|
||||
},
|
||||
"console": {
|
||||
"device": {
|
||||
"ttyS0": {
|
||||
"speed": "115200"
|
||||
}
|
||||
}
|
||||
},
|
||||
"host-name": "vyos",
|
||||
"login": {
|
||||
"banner": {},
|
||||
"user": {
|
||||
"vyos": {
|
||||
"authentication": {
|
||||
"encrypted-password": "$system_login_user_vyos_authentication_encryptedpassword",
|
||||
"otp": {
|
||||
"key": "$system_login_user_vyos_authentication_otp_key",
|
||||
"rate-limit": "3",
|
||||
"rate-time": "30",
|
||||
"window-size": "3"
|
||||
},
|
||||
"public-keys": {
|
||||
"deploy@gitea.jafner.tools": {
|
||||
"key": "AAAAC3NzaC1lZDI1NTE5AAAAIBzQU/ZbpLXgAXUImNKNfkyEkggRfgVDCozOVby/CLMR",
|
||||
"type": "ssh-ed25519"
|
||||
},
|
||||
"jafner425@gmail.com": {
|
||||
"key": "AAAAC3NzaC1lZDI1NTE5AAAAIMbzncsWNWxoDSqeva/ZoGHv32A0ggUMWfzx2Gz6Kmkk",
|
||||
"type": "ssh-ed25519"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"name-server": [
|
||||
"192.168.1.32",
|
||||
"eth5"
|
||||
],
|
||||
"option": {
|
||||
"performance": "latency"
|
||||
},
|
||||
"syslog": {
|
||||
"global": {
|
||||
"facility": {
|
||||
"all": {
|
||||
"level": "info"
|
||||
},
|
||||
"local7": {
|
||||
"level": "debug"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"task-scheduler": {
|
||||
"task": {
|
||||
"cfddns-jafner-net": {
|
||||
"executable": {
|
||||
"arguments": "jafner.net $(cat /config/scripts/cloudflare.token)",
|
||||
"path": "/config/scripts/cfddns.sh"
|
||||
},
|
||||
"interval": "1d"
|
||||
}
|
||||
}
|
||||
},
|
||||
"time-zone": "America/Los_Angeles"
|
||||
}
|
||||
}
|
||||
@ -1,50 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Takes two positional arguments:
|
||||
# $1 is the name of the zone to update
|
||||
# E.g. jafner.net
|
||||
# $2 is an auth token for Cloudflare;
|
||||
# Must have the following permissions
|
||||
# for the given zone:
|
||||
# - Zone: Read
|
||||
# - DNS: Read
|
||||
# - DNS: Edit
|
||||
function cfddns () {
|
||||
ZONE=$1
|
||||
TOKEN=$2
|
||||
|
||||
# 1. Get the zone ID from the zone name
|
||||
ZONE_ID=$(
|
||||
curl -s \
|
||||
-X GET "https://api.cloudflare.com/client/v4/zones" \
|
||||
--header "Authorization: Bearer $TOKEN" \
|
||||
--header "Content-Type:application/json" |\
|
||||
jq -r --arg NAME "$ZONE" '.[] | .[]? | select(.name?==$NAME) | .id' 2>/dev/null |\
|
||||
xargs
|
||||
); echo $ZONE_ID
|
||||
|
||||
# 2. Get the record ID of the root A record
|
||||
RECORD_ID=$(
|
||||
curl -s \
|
||||
-X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
|
||||
--header "Authorization: Bearer $TOKEN" \
|
||||
--header 'Content-Type:application/json' |\
|
||||
jq -r --arg NAME "$ZONE" '.[] | .[]? | select(.type=="A") | select(.name?==$NAME) | .id' 2>/dev/null |\
|
||||
xargs
|
||||
); echo $RECORD_ID
|
||||
|
||||
# 3. Compose the json payload for the record to push
|
||||
DATA=$(jq --null-input \
|
||||
--arg CONTENT "$(curl -s ipinfo.io/ip)" \
|
||||
--arg NAME "$ZONE" \
|
||||
'{"content": $CONTENT, "name": $NAME, "type": "A"}'
|
||||
); echo $DATA
|
||||
|
||||
# 4. Finally submit the updated record to Cloudflare
|
||||
curl --request PUT \
|
||||
--url https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID \
|
||||
--header "Authorization: Bearer $TOKEN" \
|
||||
--header 'Content-Type:application/json' \
|
||||
--data "$DATA" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
cfddns $1 $2
|
||||
@ -1,58 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:WW3tLEQ5gpskDW0sbRuEoUPrtEq5CURCIQyF0/g5CrUJNzKCYZdoOQ==,iv:m2zxDMWh2EQSGesLOMoF33nM2k2VMfDxSLHHr1dHk98=,tag:+dmidHt4ZLNg7RJZZili6g==,type:str]",
|
||||
"sops": {
|
||||
"shamir_threshold": 2,
|
||||
"key_groups": [
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibVM4VEJxazRwZ21KQVk1\nc1hTU0tncDIvdHFTN2FDM0dpWCsva24zZFdzCm1lV3NlZmQ3TFV5RmVaOUY4Ungw\neE82OHFUVTdjRmw5OGgvc1lvMUNpTUEKLS0tIEpoS1FiTmxXazk5TmQwZER6dUZN\nMzlRUlN4RkV3R1dDQi9XMWdpc3NCbFUKTOJKhnNxIzKtqJzXyp5MWFgzEsahvL/c\nP+bhXBXDFqr8BF/kvgGlW8JqvBOWFZrF25LKTIx2W6ikCn2b2iGc3ZE=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0R3Y4c1dNTGhtRmNMV201\nS0VnYWJWL0J3ZG92cTZ6anROT1pyVFlidGpNCm1zQmZoanFHRnpCUHZiTFpXbGRP\nNmxha2pQZ2czcEhwV3krK09IaTl5UFEKLS0tIE12QUxyclM1YW0rQVJSRjBCOHU0\nZmVRVERHamRtSGhaT1d6dW80ZGo1bnMKk6tWBHMkOZcoE2dZ7Wp9ots0AVxgrjhM\nB3Rlmt3qxB01cmTJoPEuVnm9PtvWsMEApjphzsGH7Ko7aJLEmfXXK7w=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc1QrNEFwaG1JZFNUQXR3\nckNTbk9jNGx4Q1hBNkUvUmlNMHFXWnRtNVcwCkUzVHVFOWEzcXBTUVd5UW9sNEpu\nQ05XQXhiS3c2NWdCaVptQ2ZGZWF4Qk0KLS0tIFJEWVhTME5kOVdRWnRUZTJkb2hL\nNjMxRXB0VjByRVA5Z2NFeGowVktZeVEK6N2RPbcogdBOc3lmulptkwhsYm6wzm6O\nWU5yIVmArIfo0fozlUl3DbsFOims2HxeD9Kx8CrlqJZ7lnbomPkKsjI=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMDZPZ1ZiNnFJcWFsUm1j\nOUp0YmI3MmFuWjJEUWkyYmd0bUNkRVF0WlIwCm9hUHVrbHV1ajkrVXlna0xzU2Jy\nclFDMkhMd0t4L0hlczRETHVOTllXYW8KLS0tIHAyenBTZ2VFTHFZRCtVQ1ZtV0Qx\nZUtNNzgyNktlUHgvU0xZRm1HUlpoTjAKZ0qN1YN4hUBgQfcs26/BI+PjtfheNwUP\noD6yd1B8VIyOuWJnw1b5x4n3r+bVsWnYfN43wVR4zvaoNSA1gCk1Q+w=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S1JJeW1NUm5EUCtuNmRn\nYjliNkh6VzFVRCtza3pVdmJYalZ0VUdRUXpjCkl1UUdmTTRxR0ZMZWgzZHVmTmla\neDdVUzE3TUtMdUFFVEtvNkFTUzZvS00KLS0tIE9qSm9NL21xc1l0NlhIdmxtMlJm\nSENLdEJxK0VGWUdlT3NYWCt4QXJrYWMKf2kz7iWe7ggIxsXi9EKWVh2N0FhlNjv6\n/fH0Cg6o7lNS6CF2/cgQBnLnyjfH0iRlO5B/8p3x9TrQJ59FS7/58d8=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": null,
|
||||
"lastmodified": "2024-10-21T21:56:18Z",
|
||||
"mac": "ENC[AES256_GCM,data:rZ8mJQpBH9H+dAoeUnItgfjaK1fA9HMh5DHidcplbQNQOmKpnLeuHEVMnGoAlAdGUIzvvvpd65bONLbNWBrACIcWOjuJ7pETCcb1zB8pUBvkzTTkONuv+mhtYsLoV+uxStf43zZ1++gtiYeWhx3Jx8Nad3OK5TqsWcc7aXi2tN4=,iv:5TxYIHV9coFG+A/uYjqw+EiR1F+2n3W4Fjfr1qgEwYs=,tag:UNo+oeS4zNVGiteEZpPfVw==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
}
|
||||
}
|
||||
@ -1,30 +0,0 @@
|
||||
#!/bin/vbash
|
||||
source /opt/vyatta/etc/functions/script-template
|
||||
|
||||
SCRIPT_PATH="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
|
||||
WEBHOOK_URL="$(cat $SCRIPT_PATH/webhook.token)"
|
||||
NAT_COMMANDS="$(run show configuration commands | grep 'set nat destination' | grep 'destination address')"
|
||||
|
||||
# Assert all destination nat rules use the same IP
|
||||
if [[ "$(echo "$NAT_COMMANDS" | cut -d' ' -f8 | sort -u | wc -l)" != "1" ]]; then
|
||||
curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Error: Existing NAT rules are not consistent\"}" $WEBHOOK_URL
|
||||
fi
|
||||
|
||||
# Get new and old public IPs
|
||||
PUBLIC_IP="$(curl -s ipinfo.io/ip)"
|
||||
|
||||
echo "$NAT_COMMANDS" | cut -d' ' -f-7 | while read line; do echo $line "$PUBLIC_IP"; done > /tmp/commands
|
||||
|
||||
configure; source /tmp/commands > /dev/null; rm /tmp/commands
|
||||
compare |\
|
||||
if [[ "$(cat -)" != *"No changes between working and active configurations."* ]]; then
|
||||
curl -s -o /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Info: Attempting to update hairpin NAT rules. New public IP: $PUBLIC_IP\"}" $WEBHOOK_URL
|
||||
{ # try commit, save, exit
|
||||
commit && save && exit
|
||||
} || { # catch, exit discard and create a very basic error file
|
||||
exit discard
|
||||
curl -s -o /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"$SCRIPT_PATH/ipupdate.sh: Error: Failed during commit, save, exit.\"}" $WEBHOOK_URL
|
||||
}
|
||||
else
|
||||
exit
|
||||
fi
|
||||
@ -1,58 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:ACj5JKudyqsk+L4+JnoGtbsIrHcH+DFk77TSGIT92mssquBIc0gKmGbhc9BTMnI4CoaBrg1Mu/uagTcWqVR+rHaMAVYCL8LsExKgXAwd4+cjhOAOe6s/CSM7kbEKwi0VPFJ2MuU3PPsyhFnO0xJ82Q/gBYUoTE4QXA==,iv:hgv0UkuJnNAY+1KLyMUzGNT7oMZAjy8tHJgTjKFAvMo=,tag:pc5kmIqByzZiCmvMFxLXzw==,type:str]",
|
||||
"sops": {
|
||||
"shamir_threshold": 2,
|
||||
"key_groups": [
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Nml2OEF4cjVVTDN4Zklu\nVDkycmQ3TG5jSjM5TzY3ZnZrakkrOEM3VHkwCjBVbXhQV2dJNXNsd3B0L1JJZ00z\neFJpbHZQSVJKSWhSSmxlZUh6V0xnUjAKLS0tIHN2c01DQ1JCek84RzFqL1FBMkJK\nZUNPdlNxSS9YUmg5OG9vVzZBUnJMaFUKfw79TYGNLFAo6xx9vr2w/5vnOLs0uURe\nVnmqFrVW6XAOHjgjtcaD/eD1P5cVlgnx1PU9bObcWSosehn26TgBovQ=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaek4xTko0dllvM2FsY3pu\nNXVxbGFlUlRVOTNJZWJjWWVrczJ1bjE1T0JFCjNkR21iTGNvTXFpT3pOdkQ1dW1D\naVBXZWxQTWxKUmt2ZmVLZ3RQU0lDUzgKLS0tIE94M3dkUXVrV3paR1NSOWpBdEJP\nYkxxdFVTYzZFd1NGMWZkcVhXRmgzcjAKBKW2qcLAPboA4vx+UZdqcbRurU6mIz3i\nWbNbDGuZkVdEIuZEMtNQKEIcatsG7QrOhdVVdRxqA08qFj/jTKfBQxY=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cW9yOUI3aExZdTJodzlO\nKzdkbFdINkNQeS90aFBpOGlST1F3NHp6a1FrCm1yNkI0K2c3S2I1YXMxbHh1bVFj\nVy8yWVhhaVNhZ2JlMFBILzA5aUVVVzgKLS0tIHIvSHdLb3ZUYlVHL2pxQnFKQktT\nMDlYeWxrWG1DS2JHb2J0NVRQYXk1a2MKBB6hlGFXQZJqASgOnstueoKu8FqD3YBq\nHtXBVZrDo3M8rcapXwewyvO1eRIy0mToCDZEj189htWYtoqxUW6UnfQ=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbEFxWXNlWjgwSEY4dlpm\nTFh3b1BZNHNGbTN6RjVHNlRpaGtVMlo3NUgwCjA5WHlHM0NtNXdVWG5EQlBUMWVZ\nTTNUYmgrNDU3NGVDaFN5WnFSZC8zUFUKLS0tIFpLZncxbnJkRHloSHZkNDN3Q0do\naGJReXVhL1QwN25zL0FpV1JTd2F1TWMKLXSL0lvzyfEkXMGbWR13Xldidzj4GgTQ\n/USb8PVJCou8YwAjdy28sp99gm6DzPEGVd/PImO3dBvomuC088c8EVg=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcHJYTUR0eU8vbkxNM09N\nbExuNG5tamZmN3pPNm9FdkdzamEvaUUzL3dnCnRwd2t0aHRmYS83SEMvVkg3R2pn\nT2Q1QXhaa3BlVDFtUG94SWw0ODFybnMKLS0tIHFiVzcvMEt1VDBzR0xTTE1NeCsv\nM2NZYnYxeXJldm0yNXpPVU9iL3RsUjQKzVoWU4H6X4479rhWrwcjrxEz6X5N//+Y\nbvqcBe2Ype/IW8gFo4hFQsHG7acDKQmYu86mg1TKxlnviLM6mn16wv0=\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": null,
|
||||
"lastmodified": "2024-10-21T21:56:18Z",
|
||||
"mac": "ENC[AES256_GCM,data:ujHnenWKEwVR7xWUoO+sl9I+LMPYfPzNVK7pSsTF+YbEQwJcBbochogjzRoDfAQbybv4iWKQA7iIpaUqa0/UlyjaUgXcJryLfGuGn2Gu0k0c3y93gn2fpzgW9LEfRYbMfm5le5WMfd6GeyAejFMc5Ku8/brOuQqFlhBRNZRLBPo=,iv:5ER4xgf3o8rzvstz/RuTS05S+obpzUqozk2ydyOY+lg=,tag:B3i98bLzr78ufGkMyMwwtA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
}
|
||||
}
|
||||
@ -1,3 +1,23 @@
|
||||
# Working With VyOS
|
||||
We have a helper script, [`vyos.sh`](./vyos.sh) that provides useful utilities for interacting with our VyOS host.
|
||||
|
||||
Run `alias vy="$(realpath ./vyos.sh)"` for faster usage.
|
||||
|
||||
- The host to interact with is configured via the `VYOS_TARGET` near the top of the script.
|
||||
- `get_config_saved` Prints the contents of `/config/config.boot` to stdout.
|
||||
- `get_config_active` Prints the active config (like `show` in config mode) to stdout.
|
||||
- `post_config` Copies the local `config.boot` to the remote `/home/vyos/config.boot`.
|
||||
- `load_config` Enters config mode and runs `load /home/vyos/config.boot`, then attempts to `commit; exit` (note: does not save config).
|
||||
- `save_config` Enters config mode and runs `save; exit`.
|
||||
- `op` Runs the proceding commands in op mode on the target.
|
||||
|
||||
## Workflow Examples
|
||||
1. Pull the latest config with `vy get_config_saved > config.boot`
|
||||
2. Edit the config file with the desired changes.
|
||||
3. Push the changes to the remote with `vy post_config && vy load_config && vy save_config`
|
||||
|
||||
This workflow is provided with a compound function from the helper script; `vy edit`.
|
||||
|
||||
# Update VyOS
|
||||
1. Navigate to [VyOS nightly builds](https://vyos.net/get/nightly-builds/) and copy the link for the most recent build.
|
||||
2. SSH into the VyOS host and run `add system image <link to build image>`
|
||||
@ -18,7 +18,7 @@ function get_config_active () {
|
||||
|
||||
# Push local ./config.boot to remote /home/vyos/config.boot
|
||||
function post_config () {
|
||||
scp -q ./config.boot :/home/vyos/config.boot
|
||||
scp -q ./config.boot $VYOS_TARGET:/home/vyos/config.boot
|
||||
}
|
||||
|
||||
function load_config () {
|
||||
|
||||
@ -194,11 +194,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727383923,
|
||||
"narHash": "sha256-4/vacp3CwdGoPf8U4e/N8OsGYtO09WTcQK5FqYfJbKs=",
|
||||
"lastModified": 1729551526,
|
||||
"narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "ffe2d07e771580a005e675108212597e5b367d2d",
|
||||
"rev": "5ec753a1fc4454df9285d8b3ec0809234defb975",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -230,11 +230,11 @@
|
||||
},
|
||||
"nix-flatpak": {
|
||||
"locked": {
|
||||
"lastModified": 1721549352,
|
||||
"narHash": "sha256-nlXJa8RSOX0kykrIYW33ukoHYq+FOSNztHLLgqKwOp8=",
|
||||
"lastModified": 1729453639,
|
||||
"narHash": "sha256-L19R5CXCfTU9IFs9FAaYhDiteegfhJQMiAHLfls4Pdw=",
|
||||
"owner": "gmodena",
|
||||
"repo": "nix-flatpak",
|
||||
"rev": "dbce39ea8664820ba9037caaf1e2fad365ed6b4b",
|
||||
"rev": "68bc646058386e2ffbd9d78d79d6558e684f6b8c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -280,11 +280,11 @@
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1725762081,
|
||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||
"lastModified": 1729357638,
|
||||
"narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||
"rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -296,11 +296,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1727348695,
|
||||
"narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
|
||||
"lastModified": 1729413321,
|
||||
"narHash": "sha256-I4tuhRpZFa6Fu6dcH9Dlo5LlH17peT79vx1y1SpeKt0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
|
||||
"rev": "1997e4aa514312c1af7e2bda7fad1644e778ff26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -327,11 +327,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1727264057,
|
||||
"narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=",
|
||||
"lastModified": 1729449015,
|
||||
"narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "759537f06e6999e141588ff1c9be7f3a5c060106",
|
||||
"rev": "89172919243df199fe237ba0f776c3e3e3d72367",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -351,11 +351,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727463368,
|
||||
"narHash": "sha256-5glMknkwQejUrKy28iy/kCFlSMwHcVyf/whmxqD0ggk=",
|
||||
"lastModified": 1729372184,
|
||||
"narHash": "sha256-Tb2/jJ74pt0nmfprkOW1g5zZphJTNbzLnyDENM+c5+I=",
|
||||
"owner": "nix-community",
|
||||
"repo": "plasma-manager",
|
||||
"rev": "29ad64f0ac4ae84710dfeb1d37572d95c94cbfd8",
|
||||
"rev": "9390dadadc58ffda8e494b31ef66a4ae041f6dd1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -385,11 +385,11 @@
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727734513,
|
||||
"narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=",
|
||||
"lastModified": 1729587807,
|
||||
"narHash": "sha256-YOc4033a/j1TbdLfkaSOSX2SrvlmuM+enIFoveNTCz4=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "3198a242e547939c5e659353551b0668ec150268",
|
||||
"rev": "26642e8f193f547e72d38cd4c0c4e45b49236d27",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -417,11 +417,11 @@
|
||||
"tinted-tmux": "tinted-tmux"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727362643,
|
||||
"narHash": "sha256-Ceiq/aYjRlRBU677lBaemn8ZU2Jpr08Iso6UlBc9nFc=",
|
||||
"lastModified": 1729380793,
|
||||
"narHash": "sha256-TV6NYBUqTHI9t5fqNu4Qyr4BZUD2yGxAn3E+d5/mqaI=",
|
||||
"owner": "danth",
|
||||
"repo": "stylix",
|
||||
"rev": "e3eb7fdf8d129ff3676dfbc84ee1262322ca6fb4",
|
||||
"rev": "fb9399b7e2c855f42dae76a363bab28d4f24aa8d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -479,16 +479,17 @@
|
||||
"tinted-kitty": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1665001328,
|
||||
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
|
||||
"lastModified": 1716423189,
|
||||
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
||||
@ -1,6 +1,10 @@
|
||||
{ config, pkgs, pkgs-unstable, inputs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./unstable.nix
|
||||
./python.nix
|
||||
./scripts.nix
|
||||
];
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/home/joey/.ssh/main_id_ed25519" ];
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
@ -51,14 +55,11 @@
|
||||
{ name = "fedora"; location = "oci+https://registry.fedoraproject.org"; }
|
||||
];
|
||||
packages = [
|
||||
"com.usebottles.bottles/x86_64/stable"
|
||||
"dev.vencord.Vesktop/x86_64/stable"
|
||||
"io.github.zen_browser.zen/x86_64/stable"
|
||||
"io.missioncenter.MissionCenter/x86_64/stable"
|
||||
"md.obsidian.Obsidian/x86_64/stable"
|
||||
"no.mifi.losslesscut/x86_64/stable"
|
||||
"org.chromium.Chromium/x86_64/stable"
|
||||
"org.chromium.Chromium.Codecs/x86_64/stable"
|
||||
"org.freedesktop.Platform/x86_64/22.08"
|
||||
"org.freedesktop.Platform/x86_64/23.08"
|
||||
"org.freedesktop.Platform/x86_64/24.08"
|
||||
@ -75,8 +76,6 @@
|
||||
"org.freedesktop.Platform.openh264/x86_64/2.2.0"
|
||||
"org.freedesktop.Platform.openh264/x86_64/2.4.1"
|
||||
"org.freedesktop.Sdk/x86_64/23.08"
|
||||
"org.gnome.Platform/x86_64/45"
|
||||
"org.gnome.Platform/x86_64/46"
|
||||
"org.gnome.Platform/x86_64/47"
|
||||
"org.gnome.Platform.Compat.i386/x86_64/46"
|
||||
"org.gtk.Gtk3theme.Breeze/x86_64/3.22"
|
||||
@ -97,12 +96,9 @@
|
||||
"org.winehq.Wine.DLLs.dxvk/x86_64/stable-23.08"
|
||||
"org.winehq.Wine.gecko/x86_64/stable-23.08"
|
||||
"org.winehq.Wine.mono/x86_64/stable-23.08"
|
||||
"us.zoom.Zoom/x86_64/stable"
|
||||
"xyz.z3ntu.razergenie/x86_64/stable"
|
||||
{ appId = "org.fedoraproject.Platform/x86_64/f40"; origin = "fedora"; }
|
||||
{ appId = "org.gimp.GIMP/x86_64/stable"; origin = "fedora"; }
|
||||
{ appId = "org.kde.kontact/x86_64/stable"; origin = "fedora"; }
|
||||
{ appId = "org.kde.neochat/x86_64/stable"; origin = "fedora"; }
|
||||
{ appId = "org.fedoraproject.KDE6Platform/x86_64/f40"; origin = "fedora"; }
|
||||
{ appId = "org.fedoraproject.Platform/x86_64/f40"; origin = "fedora"; }
|
||||
];
|
||||
@ -112,9 +108,10 @@
|
||||
package = pkgs.vscodium;
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
jnoortheen.nix-ide
|
||||
continue.continue
|
||||
#continue.continue
|
||||
];
|
||||
userSettings = {
|
||||
"editor.fontFamily" = "'DejaVu Sans Mono'";
|
||||
"nix.serverPath" = "nixd";
|
||||
"nix.enableLanguageServer" = true;
|
||||
"explorer.confirmDragAndDrop" = false;
|
||||
@ -133,7 +130,12 @@
|
||||
obs-vaapi
|
||||
obs-vkcapture
|
||||
input-overlay
|
||||
wlrobs
|
||||
];
|
||||
package = pkgs.writeShellScriptBin "obs" ''
|
||||
#!/bin/sh
|
||||
${pkgs-unstable.nixgl.nixVulkanIntel}/bin/nixVulkanIntel ${pkgs-unstable.obs-studio}/bin/obs "$@"
|
||||
'';
|
||||
};
|
||||
programs.git = {
|
||||
enable = true;
|
||||
@ -174,7 +176,7 @@
|
||||
fetch = "fastfetch";
|
||||
neofetch = "fetch";
|
||||
find = ''fzf --preview "bat --color=always --style=numbers --line-range=:500 {}"'';
|
||||
hmu = "home-manager switch ~/.config/home-manager";
|
||||
hmu = "home-manager switch -b backup --flake ~/Git/Jafner.net/nix/dungeon-master/home-manager/ --impure";
|
||||
kitty = "nixGL kitty";
|
||||
fzf-ssh = "ssh $(cat ~/.ssh/profiles | fzf --height 20%)";
|
||||
fsh = "fzf-ssh";
|
||||
@ -248,7 +250,23 @@
|
||||
programs.rofi = {
|
||||
enable = true;
|
||||
};
|
||||
systemd.user.services = {};
|
||||
programs.spotify-player = {
|
||||
enable = true;
|
||||
package = pkgs-unstable.spotify-player;
|
||||
};
|
||||
systemd.user.services = {
|
||||
librespot = {
|
||||
Unit = {
|
||||
Description = "Librespot (an open source Spotify client)";
|
||||
Documentation = [ "https://github.com/librespot-org/librespot" "https://github.com/librespot-org/librespot/wiki/Options" ];
|
||||
};
|
||||
Service = {
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
ExecStart = "${pkgs-unstable.librespot}/bin/librespot --backend pulseaudio --system-cache /home/joey/.spotify -j";
|
||||
};
|
||||
};
|
||||
};
|
||||
home.enableNixpkgsReleaseCheck = false;
|
||||
home.preferXdgDirectories = true;
|
||||
home.username = "joey";
|
||||
@ -268,8 +286,6 @@
|
||||
base16-schemes
|
||||
ollama
|
||||
protonup-ng
|
||||
pkgs-unstable.fzf
|
||||
inputs.deploy-rs.defaultPackage.x86_64-linux
|
||||
];
|
||||
home.file = {
|
||||
"continue-config.json" = {
|
||||
|
||||
64
nix/dungeon-master/home-manager/python.nix
Normal file
64
nix/dungeon-master/home-manager/python.nix
Normal file
@ -0,0 +1,64 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
home.packages = with pkgs; [
|
||||
### Python script that uses OBS-Studio's websocket to toggle recording when a hotkey is pressed.
|
||||
( writers.writePython3Bin "obs-toggle-recording" {
|
||||
libraries = [
|
||||
( python311Packages.buildPythonPackage {
|
||||
pname = "obsws_python";
|
||||
version = "1.7.0";
|
||||
src = fetchurl {
|
||||
url = "https://files.pythonhosted.org/packages/22/29/dcb5286c9301eee8b72aee1e997761fb2cca9bf963fcd373acdfca353af3/obsws_python-1.7.0-py3-none-any.whl";
|
||||
sha256 = "0jvqfvqgvqjsv0jsddj51m4wrinbrc2gbymmnmv9kfarfj7ly7g7";
|
||||
};
|
||||
format = "wheel";
|
||||
doCheck = false;
|
||||
buildInputs = [];
|
||||
checkInputs = [];
|
||||
nativeBuildInputs = [];
|
||||
propagatedBuildInputs = [
|
||||
( python311Packages.buildPythonPackage {
|
||||
pname = "tomli";
|
||||
version = "2.0.2";
|
||||
src = fetchurl {
|
||||
url = "https://files.pythonhosted.org/packages/cf/db/ce8eda256fa131af12e0a76d481711abe4681b6923c27efb9a255c9e4594/tomli-2.0.2-py3-none-any.whl";
|
||||
sha256 = "0f5ar8vfq7lkydj19am5ymxg11d00ql0kv5hj3v07lskbi429gif";
|
||||
};
|
||||
format = "wheel";
|
||||
doCheck = false;
|
||||
buildInputs = [];
|
||||
checkInputs = [];
|
||||
nativeBuildInputs = [];
|
||||
propagatedBuildInputs = [];
|
||||
} )
|
||||
( python311Packages.buildPythonPackage {
|
||||
pname = "websocket-client";
|
||||
version = "1.8.0";
|
||||
src = fetchurl {
|
||||
url = "https://files.pythonhosted.org/packages/5a/84/44687a29792a70e111c5c477230a72c4b957d88d16141199bf9acb7537a3/websocket_client-1.8.0-py3-none-any.whl";
|
||||
sha256 = "09m5pwwi4bbwdv2vdhlc5k0737kskhnxyb5j17l9ii7mjz4lrd0p";
|
||||
};
|
||||
format = "wheel";
|
||||
doCheck = false;
|
||||
buildInputs = [];
|
||||
checkInputs = [];
|
||||
nativeBuildInputs = [];
|
||||
propagatedBuildInputs = [];
|
||||
} )
|
||||
];
|
||||
} )
|
||||
];
|
||||
} ''
|
||||
import obsws_python as obs
|
||||
client = obs.ReqClient(host='localhost', port=4455)
|
||||
recording_status = client.get_record_status()
|
||||
active = recording_status.output_active
|
||||
paused = recording_status.output_paused
|
||||
|
||||
if not active:
|
||||
client.start_record()
|
||||
else:
|
||||
client.toggle_record_pause()
|
||||
'' )
|
||||
];
|
||||
}
|
||||
26
nix/dungeon-master/home-manager/scripts.nix
Normal file
26
nix/dungeon-master/home-manager/scripts.nix
Normal file
@ -0,0 +1,26 @@
|
||||
{ pkgs, ... }:{
|
||||
home.packages = with pkgs; [
|
||||
ffmpeg_7-full
|
||||
( writeShellApplication {
|
||||
name = "send-to-x264-mp4"; # { filePath }: { none } (side-effect: transcodes & remuxes file to x264/mp4)
|
||||
runtimeInputs = [
|
||||
libnotify
|
||||
];
|
||||
text = ''
|
||||
INPUT_FILE=$(realpath "$1")
|
||||
|
||||
FILE_PATH=$(dirname "$INPUT_FILE")
|
||||
FILE_NAME=$(basename "$INPUT_FILE")
|
||||
FILE_NAME="''${''\FILE_NAME%.*}"
|
||||
|
||||
OUTFILE="$FILE_PATH/$FILE_NAME.mp4"
|
||||
|
||||
notify-send -t 2000 "Transcode starting" "$FILE_NAME"
|
||||
|
||||
nixGL ffmpeg -hide_banner -vaapi_device /dev/dri/renderD128 -i "$INPUT_FILE" -map 0 -vf 'format=nv12,hwupload' -c:v h264_vaapi -b:v 8M -c:a copy "$OUTFILE"
|
||||
|
||||
notify-send -t 4000 "Transcode complete" "$FILE_NAME"
|
||||
'';
|
||||
} )
|
||||
];
|
||||
}
|
||||
8
nix/dungeon-master/home-manager/unstable.nix
Normal file
8
nix/dungeon-master/home-manager/unstable.nix
Normal file
@ -0,0 +1,8 @@
|
||||
{ pkgs-unstable, inputs, ... }:
|
||||
{
|
||||
home.packages = [
|
||||
pkgs-unstable.librespot
|
||||
pkgs-unstable.fzf
|
||||
inputs.deploy-rs.defaultPackage.x86_64-linux
|
||||
];
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user