diff --git a/hosts/hades/lab/default.nix b/hosts/hades/lab/default.nix index 9fb16be..a785f6e 100644 --- a/hosts/hades/lab/default.nix +++ b/hosts/hades/lab/default.nix @@ -55,13 +55,6 @@ in description = "Dell Remote Management"; }; } - { - "Access Point" = { - icon = "omada.png"; - href = "https://eap610-9c-53-22-97-36-b6.${config.personal.lab.base-domain}"; - description = "TPLink Omada AP"; - }; - } ]; }; @@ -76,4 +69,4 @@ in ./grocy.nix ./homepage.nix ]; -} \ No newline at end of file +} diff --git a/hosts/hades/lab/infra/default.nix b/hosts/hades/lab/infra/default.nix index 76202da..93d7177 100644 --- a/hosts/hades/lab/infra/default.nix +++ b/hosts/hades/lab/infra/default.nix @@ -1,7 +1,8 @@ { ... }: { imports = [ + ./omada-controller.nix ./traefik.nix ./watchtower.nix ]; -} \ No newline at end of file +} diff --git a/hosts/hades/lab/infra/omada-controller.nix b/hosts/hades/lab/infra/omada-controller.nix new file mode 100644 index 0000000..5954536 --- /dev/null +++ b/hosts/hades/lab/infra/omada-controller.nix @@ -0,0 +1,93 @@ +{ config, ... }: +let + MANAGE_HTTP_PORT = 8088; + MANAGE_HTTPS_PORT = 8043; + PORTAL_HTTP_PORT = 8088; + PORTAL_HTTPS_PORT = 8843; + PORT_APP_DISCOVERY = 27001; + PORT_ADOPT_V1 = 29812; + PORT_UPGRADE_V1 = 29813; + PORT_MANAGER_V1 = 29811; + PORT_MANAGER_V2 = 29814; + PORT_DISCOVERY = 29810; + PORT_TRANSFER_V2 = 29815; + PORT_RTTY = 29816; + + name = "omada-controller"; + subdomain = "omada"; + fqdn = "${config.lib.lab.mkServiceSubdomain subdomain}"; +in +{ + virtualisation.arion.projects.lab.settings.services.omada-controller = { + service = { + container_name = name; + image = "mbentley/omada-controller:5.12"; + environment = { + TZ = "America/New_York"; + PUID = "1000"; + PGID = "1000"; + MANAGE_HTTP_PORT = builtins.toString MANAGE_HTTP_PORT; + MANAGE_HTTPS_PORT = builtins.toString MANAGE_HTTPS_PORT; + PORTAL_HTTP_PORT = builtins.toString PORTAL_HTTP_PORT; + PORTAL_HTTPS_PORT = builtins.toString PORTAL_HTTPS_PORT; + PORT_APP_DISCOVERY = builtins.toString PORT_APP_DISCOVERY; + PORT_ADOPT_V1 = builtins.toString PORT_ADOPT_V1; + PORT_UPGRADE_V1 = builtins.toString PORT_UPGRADE_V1; + PORT_MANAGER_V1 = builtins.toString PORT_MANAGER_V1; + PORT_MANAGER_V2 = builtins.toString PORT_MANAGER_V2; + PORT_DISCOVERY = builtins.toString PORT_DISCOVERY; + PORT_TRANSFER_V2 = builtins.toString PORT_TRANSFER_V2; + PORT_RTTY = builtins.toString PORT_RTTY; + SHOW_SERVER_LOGS = "true"; + }; + ports = [ + "${builtins.toString MANAGE_HTTP_PORT}:${builtins.toString MANAGE_HTTP_PORT}" + "${builtins.toString MANAGE_HTTPS_PORT}:${builtins.toString MANAGE_HTTPS_PORT}" + "${builtins.toString PORTAL_HTTPS_PORT}:${builtins.toString PORTAL_HTTPS_PORT}" + "${builtins.toString PORT_APP_DISCOVERY}:${builtins.toString PORT_APP_DISCOVERY}/udp" + "${builtins.toString PORT_DISCOVERY}:${builtins.toString PORT_DISCOVERY}/udp" + "${builtins.toString PORT_MANAGER_V1}-${builtins.toString PORT_RTTY}:${builtins.toString PORT_MANAGER_V1}-${builtins.toString PORT_RTTY}" + ]; + volumes = [ + "${config.lib.lab.mkConfigDir name}/:/opt/tplink/EAPController/data" + ]; + labels = config.lib.lab.mkTraefikLabels { + inherit name subdomain; + port = builtins.toString MANAGE_HTTPS_PORT; + scheme = "https"; + middleware = "mid-omada-headers,mid-omada-redirectRegex"; + } // { + "traefik.http.middlewares.mid-omada-headers.headers.customRequestHeaders.host" = "${fqdn}:${builtins.toString MANAGE_HTTPS_PORT}"; + "traefik.http.middlewares.mid-omada-headers.headers.customResponseHeaders.host" = fqdn; + "traefik.http.middlewares.mid-omada-redirectRegex.redirectRegex.regex" = "^https:\\/\\/([^\\/]+)\\/?$"; + "traefik.http.middlewares.mid-omada-redirectRegex.redirectRegex.replacement" = "https://$1/controller_id/login"; + "traefik.http.services.omada-controller.loadbalancer.passhostheader" = "true"; + } // config.lib.lab.mkHomepageLabels { + name = "Omada Controller"; + description = "TPLink SDN Controller"; + group = "Infrastructure"; + inherit subdomain; + icon = "omada.png"; + }; + restart = "unless-stopped"; + }; + }; + + # TPLink Omada Controller requires a myriad of ports + networking.firewall = { + allowedTCPPorts = [ + PORT_ADOPT_V1 + PORTAL_HTTPS_PORT + ]; + allowedTCPPortRanges = [ + { + from = PORT_MANAGER_V1; + to = PORT_RTTY; + } + ]; + allowedUDPPorts = [ + PORT_APP_DISCOVERY + PORT_DISCOVERY + ]; + }; +} diff --git a/hosts/hades/lab/infra/traefik.nix b/hosts/hades/lab/infra/traefik.nix index eb3b94b..6033e7d 100644 --- a/hosts/hades/lab/infra/traefik.nix +++ b/hosts/hades/lab/infra/traefik.nix @@ -91,6 +91,9 @@ in } // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) { "traefik.http.routers.${name}.service" = service; "traefik.http.services.${service}.loadbalancer.server.port" = "${options.port}"; + } // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) { + "traefik.http.routers.${name}.service" = service; + "traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}"; } // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) { "traefik.http.routers.${name}.service" = service; } // lib.attrsets.optionalAttrs (builtins.hasAttr "middleware" options) { @@ -149,4 +152,4 @@ in 80 # web entrypoint 443 # websecure entrypoint ]; -} \ No newline at end of file +} diff --git a/hosts/voyager/default.nix b/hosts/voyager/default.nix index 9b0d8ee..e459434 100644 --- a/hosts/voyager/default.nix +++ b/hosts/voyager/default.nix @@ -1,4 +1,4 @@ -{ self, nixos-hardware, ... }: +{ pkgs, self, nixos-hardware, ... }: { imports = [ ./hardware-configuration.nix @@ -21,6 +21,10 @@ personal.flatpak.enable = true; personal.zsa.enable = true; + environment.systemPackages = with pkgs; [ + google-chrome + ]; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true;