diff --git a/data.nix b/data.nix index 41f0706..f026576 100644 --- a/data.nix +++ b/data.nix @@ -53,12 +53,10 @@ rec { "vno4-rutx11.jakst.vpn" = rec { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh"; publicIP = "188.69.241.222"; - jakstIP = "100.89.176.1"; vno4IP = "192.168.188.1"; extraHostNames = [ "vno4.jakstys.lt" publicIP - jakstIP vno4IP ]; }; @@ -74,11 +72,9 @@ rec { extraHostNames = [ "fra1-b.jakstys.lt" publicIP - jakstIP ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1tL1FQeKE+28ATuD4USa4oAdPkONfk4uF/McMm+2sy"; publicIP = "188.245.84.21"; - jakstIP = "100.89.176.18"; system = "aarch64-linux"; supportedFeatures = [ "nixos-test" @@ -92,11 +88,9 @@ rec { syncthingID = "XOZO6GL-MEH55QR-PTNRVHE-45PD3L2-SHP7XW6-VXKROQ5-F47U3AX-QQACLQP"; extraHostNames = [ vno1IP - jakstIP ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW7k8wMOIWKERGiMlz5kX/PXJ/EbzUnJK6jVgPtAbNF"; vno1IP = "192.168.189.12"; - jakstIP = "100.89.176.21"; }; "fwminex.jakst.vpn" = rec { extraHostNames = [ @@ -118,17 +112,12 @@ rec { }; "mtworx.jakst.vpn" = rec { syncthingID = "C72YA2S-PE5IGDZ-DCNFV7Y-I72BGZM-5L2OO7Y-4K5OTGZ-NILAS2V-BGSAUQW"; - extraHostNames = [ jakstIP ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b"; - jakstIP = "100.89.176.3"; }; "vno1-vinc.jakst.vpn" = rec { - extraHostNames = [ jakstIP ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL"; - jakstIP = "100.89.176.7"; }; "mxp1.jakst.vpn" = { - jakstIP = "100.89.176.22"; }; "zh2769.rsync.net" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd"; @@ -150,17 +139,6 @@ rec { range = "100.89.176.0-100.89.191.255"; sshPattern = "100.89.176.*"; # until we have more hosts }; - motiejus.cidrs = - let - mHosts = attrVals [ - "mxp1.jakst.vpn" - "vno1-gdrx.jakst.vpn" - "mtworx.jakst.vpn" - "fwminex.jakst.vpn" - ] hosts; - in - builtins.catAttrs "jakstIP" mHosts; - vno1 = { cidr = "192.168.189.0/24"; sshPattern = "192.168.189.*"; diff --git a/flake.nix b/flake.nix index 5535d80..145d6bd 100644 --- a/flake.nix +++ b/flake.nix @@ -216,7 +216,7 @@ deploy.nodes = { fwminex = { - hostname = myData.hosts."fwminex.jakst.vpn".jakstIP; + hostname = "fwminex.jakst.vpn"; profiles = { system = { sshUser = "motiejus"; @@ -227,7 +227,7 @@ }; mtworx = { - hostname = myData.hosts."mtworx.jakst.vpn".jakstIP; + hostname = "mtworx.jakst.vpn"; profiles = { system = { sshUser = "motiejus"; @@ -238,7 +238,7 @@ }; vno1-gdrx = { - hostname = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP; + hostname = "vno1-gdrx.jakst.vpn"; profiles = { system = { sshUser = "motiejus"; @@ -249,7 +249,7 @@ }; vno3-nk = { - hostname = myData.hosts."vno3-nk.jakst.vpn".jakstIP; + hostname = "vno3-nk.jakst.vpn"; profiles = { system = { sshUser = "motiejus"; @@ -260,7 +260,7 @@ }; fra1-b = { - hostname = myData.hosts."fra1-b.jakst.vpn".jakstIP; + hostname = "fra1-b.jakst.vpn"; profiles = { system = { sshUser = "motiejus"; diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 6d6726c..625428f 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -442,13 +442,7 @@ in { job_name = "ping"; - relabel_configs = map (hostname: { - source_labels = [ "__address__" ]; - regex = "${myData.hosts.${hostname}.jakstIP}:${port}"; - replacement = "${hostname}:${port}"; - target_label = "instance"; - }) hosts; - static_configs = [ { targets = map (host: "${myData.hosts.${host}.jakstIP}:${port}") hosts; } ]; + static_configs = [ { targets = map (host: "${host}:${port}") hosts; } ]; } ) { @@ -472,7 +466,7 @@ in } { job_name = "vno1-vinc.jakst.vpn"; - static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.jakst.vpn".jakstIP}:9100" ]; } ]; + static_configs = [ { targets = [ "vno1-vinc.jakst.vpn:9100" ]; } ]; } ] ++ map @@ -480,9 +474,9 @@ in let port = builtins.toString myData.ports.exporters.node; in - s: { - job_name = s; - static_configs = [ { targets = [ "${myData.hosts.${s}.jakstIP}:${port}" ]; } ]; + host: { + job_name = host; + static_configs = [ { targets = [ "${host}:${port}" ]; } ]; } ) [ @@ -603,7 +597,7 @@ in btrfsborg = let this = "${config.networking.hostName}.${config.networking.domain}"; - vno3-nk = "borgstor@${myData.hosts."vno3-nk.jakst.vpn".jakstIP}"; + vno3-nk = "borgstor@$vno3-nk.jakst.vpn"; rsync-net = "zh2769@zh2769.rsync.net"; in { @@ -706,7 +700,7 @@ in { enable = true; inherit (host) system supportedFeatures; - hostName = host.jakstIP; + hostName = "fra1-b.jakst.vpn"; sshKey = "/etc/ssh/ssh_host_ed25519_key"; }; @@ -723,11 +717,11 @@ in deployIfPresent = [ { derivationTarget = ".#mtworx"; - pingTarget = myData.hosts."mtworx.jakst.vpn".jakstIP; + pingTarget = "mtworx.jakst.vpn"; } { derivationTarget = ".#vno1-gdrx"; - pingTarget = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP; + pingTarget = "vno1-gdrx.jakst.vpn"; } ]; }; diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix index 0596dae..1a75d16 100644 --- a/hosts/mtworx/configuration.nix +++ b/hosts/mtworx/configuration.nix @@ -138,7 +138,7 @@ in { enable = true; inherit (host) system supportedFeatures; - hostName = host.jakstIP; + hostName = "fra1-b.jakst.vpn"; sshKey = "/etc/ssh/ssh_host_ed25519_key"; maxJobs = 2; }; diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix index 4724b9a..5b753d4 100644 --- a/hosts/vno1-gdrx/configuration.nix +++ b/hosts/vno1-gdrx/configuration.nix @@ -146,7 +146,7 @@ in { enable = true; inherit (host) system supportedFeatures; - hostName = host.jakstIP; + hostName = "fra1-b.jakst.vpn"; sshKey = "/etc/ssh/ssh_host_ed25519_key"; maxJobs = 2; }; diff --git a/hosts/vno3-nk/configuration.nix b/hosts/vno3-nk/configuration.nix index 00b886b..afea37a 100644 --- a/hosts/vno3-nk/configuration.nix +++ b/hosts/vno3-nk/configuration.nix @@ -130,7 +130,7 @@ in let this = "${config.networking.hostName}.${config.networking.domain}"; rsync-net = "zh2769@zh2769.rsync.net"; - fwminex = "borgstor@${myData.hosts."fwminex.jakst.vpn".jakstIP}"; + fwminex = "borgstor@$fwminex.jakst.vpn"; in { enable = true; @@ -196,7 +196,7 @@ in { enable = true; inherit (host) system supportedFeatures; - hostName = host.jakstIP; + hostName = "fra1-b.jakst.vpn"; sshKey = "/etc/ssh/ssh_host_ed25519_key"; }; diff --git a/modules/base/sshd/default.nix b/modules/base/sshd/default.nix index bd7fcbe..270f014 100644 --- a/modules/base/sshd/default.nix +++ b/modules/base/sshd/default.nix @@ -24,23 +24,10 @@ ] (_: null); in lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) filtered; - extraConfig = - '' - Host git.jakstys.lt - HostName ${myData.hosts."fwminex.jakst.vpn".jakstIP} - - '' - + (lib.concatMapStringsSep "\n" - (host: '' - Host ${builtins.elemAt (lib.splitString "." host) 0} - HostName ${myData.hosts.${host}.jakstIP} - '') - ( - builtins.attrNames ( - lib.filterAttrs (name: props: name != "fra1-b.jakst.vpn" && props ? jakstIP) myData.hosts - ) - ) - ); + extraConfig = '' + Host git.jakstys.lt + HostName fwminex.jakst.vpn + ''; }; }; } diff --git a/modules/services/hass/default.nix b/modules/services/hass/default.nix index e0ca662..0b341e9 100644 --- a/modules/services/hass/default.nix +++ b/modules/services/hass/default.nix @@ -59,8 +59,9 @@ in auth_providers = [ { type = "homeassistant"; } { + # TODO trust a subset type = "trusted_networks"; - trusted_networks = myData.subnets.motiejus.cidrs; + trusted_networks = myData.subnets.tailscale.cidr; } ]; };