almost rm jakstIP
This commit is contained in:
22
data.nix
22
data.nix
@@ -53,12 +53,10 @@ rec {
|
|||||||
"vno4-rutx11.jakst.vpn" = rec {
|
"vno4-rutx11.jakst.vpn" = rec {
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh";
|
||||||
publicIP = "188.69.241.222";
|
publicIP = "188.69.241.222";
|
||||||
jakstIP = "100.89.176.1";
|
|
||||||
vno4IP = "192.168.188.1";
|
vno4IP = "192.168.188.1";
|
||||||
extraHostNames = [
|
extraHostNames = [
|
||||||
"vno4.jakstys.lt"
|
"vno4.jakstys.lt"
|
||||||
publicIP
|
publicIP
|
||||||
jakstIP
|
|
||||||
vno4IP
|
vno4IP
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
@@ -74,11 +72,9 @@ rec {
|
|||||||
extraHostNames = [
|
extraHostNames = [
|
||||||
"fra1-b.jakstys.lt"
|
"fra1-b.jakstys.lt"
|
||||||
publicIP
|
publicIP
|
||||||
jakstIP
|
|
||||||
];
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1tL1FQeKE+28ATuD4USa4oAdPkONfk4uF/McMm+2sy";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1tL1FQeKE+28ATuD4USa4oAdPkONfk4uF/McMm+2sy";
|
||||||
publicIP = "188.245.84.21";
|
publicIP = "188.245.84.21";
|
||||||
jakstIP = "100.89.176.18";
|
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
supportedFeatures = [
|
supportedFeatures = [
|
||||||
"nixos-test"
|
"nixos-test"
|
||||||
@@ -92,11 +88,9 @@ rec {
|
|||||||
syncthingID = "XOZO6GL-MEH55QR-PTNRVHE-45PD3L2-SHP7XW6-VXKROQ5-F47U3AX-QQACLQP";
|
syncthingID = "XOZO6GL-MEH55QR-PTNRVHE-45PD3L2-SHP7XW6-VXKROQ5-F47U3AX-QQACLQP";
|
||||||
extraHostNames = [
|
extraHostNames = [
|
||||||
vno1IP
|
vno1IP
|
||||||
jakstIP
|
|
||||||
];
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW7k8wMOIWKERGiMlz5kX/PXJ/EbzUnJK6jVgPtAbNF";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW7k8wMOIWKERGiMlz5kX/PXJ/EbzUnJK6jVgPtAbNF";
|
||||||
vno1IP = "192.168.189.12";
|
vno1IP = "192.168.189.12";
|
||||||
jakstIP = "100.89.176.21";
|
|
||||||
};
|
};
|
||||||
"fwminex.jakst.vpn" = rec {
|
"fwminex.jakst.vpn" = rec {
|
||||||
extraHostNames = [
|
extraHostNames = [
|
||||||
@@ -118,17 +112,12 @@ rec {
|
|||||||
};
|
};
|
||||||
"mtworx.jakst.vpn" = rec {
|
"mtworx.jakst.vpn" = rec {
|
||||||
syncthingID = "C72YA2S-PE5IGDZ-DCNFV7Y-I72BGZM-5L2OO7Y-4K5OTGZ-NILAS2V-BGSAUQW";
|
syncthingID = "C72YA2S-PE5IGDZ-DCNFV7Y-I72BGZM-5L2OO7Y-4K5OTGZ-NILAS2V-BGSAUQW";
|
||||||
extraHostNames = [ jakstIP ];
|
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b";
|
||||||
jakstIP = "100.89.176.3";
|
|
||||||
};
|
};
|
||||||
"vno1-vinc.jakst.vpn" = rec {
|
"vno1-vinc.jakst.vpn" = rec {
|
||||||
extraHostNames = [ jakstIP ];
|
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL";
|
||||||
jakstIP = "100.89.176.7";
|
|
||||||
};
|
};
|
||||||
"mxp1.jakst.vpn" = {
|
"mxp1.jakst.vpn" = {
|
||||||
jakstIP = "100.89.176.22";
|
|
||||||
};
|
};
|
||||||
"zh2769.rsync.net" = {
|
"zh2769.rsync.net" = {
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd";
|
||||||
@@ -150,17 +139,6 @@ rec {
|
|||||||
range = "100.89.176.0-100.89.191.255";
|
range = "100.89.176.0-100.89.191.255";
|
||||||
sshPattern = "100.89.176.*"; # until we have more hosts
|
sshPattern = "100.89.176.*"; # until we have more hosts
|
||||||
};
|
};
|
||||||
motiejus.cidrs =
|
|
||||||
let
|
|
||||||
mHosts = attrVals [
|
|
||||||
"mxp1.jakst.vpn"
|
|
||||||
"vno1-gdrx.jakst.vpn"
|
|
||||||
"mtworx.jakst.vpn"
|
|
||||||
"fwminex.jakst.vpn"
|
|
||||||
] hosts;
|
|
||||||
in
|
|
||||||
builtins.catAttrs "jakstIP" mHosts;
|
|
||||||
|
|
||||||
vno1 = {
|
vno1 = {
|
||||||
cidr = "192.168.189.0/24";
|
cidr = "192.168.189.0/24";
|
||||||
sshPattern = "192.168.189.*";
|
sshPattern = "192.168.189.*";
|
||||||
|
|||||||
10
flake.nix
10
flake.nix
@@ -216,7 +216,7 @@
|
|||||||
|
|
||||||
deploy.nodes = {
|
deploy.nodes = {
|
||||||
fwminex = {
|
fwminex = {
|
||||||
hostname = myData.hosts."fwminex.jakst.vpn".jakstIP;
|
hostname = "fwminex.jakst.vpn";
|
||||||
profiles = {
|
profiles = {
|
||||||
system = {
|
system = {
|
||||||
sshUser = "motiejus";
|
sshUser = "motiejus";
|
||||||
@@ -227,7 +227,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
mtworx = {
|
mtworx = {
|
||||||
hostname = myData.hosts."mtworx.jakst.vpn".jakstIP;
|
hostname = "mtworx.jakst.vpn";
|
||||||
profiles = {
|
profiles = {
|
||||||
system = {
|
system = {
|
||||||
sshUser = "motiejus";
|
sshUser = "motiejus";
|
||||||
@@ -238,7 +238,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
vno1-gdrx = {
|
vno1-gdrx = {
|
||||||
hostname = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
|
hostname = "vno1-gdrx.jakst.vpn";
|
||||||
profiles = {
|
profiles = {
|
||||||
system = {
|
system = {
|
||||||
sshUser = "motiejus";
|
sshUser = "motiejus";
|
||||||
@@ -249,7 +249,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
vno3-nk = {
|
vno3-nk = {
|
||||||
hostname = myData.hosts."vno3-nk.jakst.vpn".jakstIP;
|
hostname = "vno3-nk.jakst.vpn";
|
||||||
profiles = {
|
profiles = {
|
||||||
system = {
|
system = {
|
||||||
sshUser = "motiejus";
|
sshUser = "motiejus";
|
||||||
@@ -260,7 +260,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
fra1-b = {
|
fra1-b = {
|
||||||
hostname = myData.hosts."fra1-b.jakst.vpn".jakstIP;
|
hostname = "fra1-b.jakst.vpn";
|
||||||
profiles = {
|
profiles = {
|
||||||
system = {
|
system = {
|
||||||
sshUser = "motiejus";
|
sshUser = "motiejus";
|
||||||
|
|||||||
@@ -442,13 +442,7 @@ in
|
|||||||
|
|
||||||
{
|
{
|
||||||
job_name = "ping";
|
job_name = "ping";
|
||||||
relabel_configs = map (hostname: {
|
static_configs = [ { targets = map (host: "${host}:${port}") hosts; } ];
|
||||||
source_labels = [ "__address__" ];
|
|
||||||
regex = "${myData.hosts.${hostname}.jakstIP}:${port}";
|
|
||||||
replacement = "${hostname}:${port}";
|
|
||||||
target_label = "instance";
|
|
||||||
}) hosts;
|
|
||||||
static_configs = [ { targets = map (host: "${myData.hosts.${host}.jakstIP}:${port}") hosts; } ];
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
@@ -472,7 +466,7 @@ in
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "vno1-vinc.jakst.vpn";
|
job_name = "vno1-vinc.jakst.vpn";
|
||||||
static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.jakst.vpn".jakstIP}:9100" ]; } ];
|
static_configs = [ { targets = [ "vno1-vinc.jakst.vpn:9100" ]; } ];
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
++ map
|
++ map
|
||||||
@@ -480,9 +474,9 @@ in
|
|||||||
let
|
let
|
||||||
port = builtins.toString myData.ports.exporters.node;
|
port = builtins.toString myData.ports.exporters.node;
|
||||||
in
|
in
|
||||||
s: {
|
host: {
|
||||||
job_name = s;
|
job_name = host;
|
||||||
static_configs = [ { targets = [ "${myData.hosts.${s}.jakstIP}:${port}" ]; } ];
|
static_configs = [ { targets = [ "${host}:${port}" ]; } ];
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
[
|
[
|
||||||
@@ -603,7 +597,7 @@ in
|
|||||||
btrfsborg =
|
btrfsborg =
|
||||||
let
|
let
|
||||||
this = "${config.networking.hostName}.${config.networking.domain}";
|
this = "${config.networking.hostName}.${config.networking.domain}";
|
||||||
vno3-nk = "borgstor@${myData.hosts."vno3-nk.jakst.vpn".jakstIP}";
|
vno3-nk = "borgstor@$vno3-nk.jakst.vpn";
|
||||||
rsync-net = "zh2769@zh2769.rsync.net";
|
rsync-net = "zh2769@zh2769.rsync.net";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
@@ -706,7 +700,7 @@ in
|
|||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit (host) system supportedFeatures;
|
inherit (host) system supportedFeatures;
|
||||||
hostName = host.jakstIP;
|
hostName = "fra1-b.jakst.vpn";
|
||||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -723,11 +717,11 @@ in
|
|||||||
deployIfPresent = [
|
deployIfPresent = [
|
||||||
{
|
{
|
||||||
derivationTarget = ".#mtworx";
|
derivationTarget = ".#mtworx";
|
||||||
pingTarget = myData.hosts."mtworx.jakst.vpn".jakstIP;
|
pingTarget = "mtworx.jakst.vpn";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
derivationTarget = ".#vno1-gdrx";
|
derivationTarget = ".#vno1-gdrx";
|
||||||
pingTarget = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
|
pingTarget = "vno1-gdrx.jakst.vpn";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -138,7 +138,7 @@ in
|
|||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit (host) system supportedFeatures;
|
inherit (host) system supportedFeatures;
|
||||||
hostName = host.jakstIP;
|
hostName = "fra1-b.jakst.vpn";
|
||||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
maxJobs = 2;
|
maxJobs = 2;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -146,7 +146,7 @@ in
|
|||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit (host) system supportedFeatures;
|
inherit (host) system supportedFeatures;
|
||||||
hostName = host.jakstIP;
|
hostName = "fra1-b.jakst.vpn";
|
||||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
maxJobs = 2;
|
maxJobs = 2;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -130,7 +130,7 @@ in
|
|||||||
let
|
let
|
||||||
this = "${config.networking.hostName}.${config.networking.domain}";
|
this = "${config.networking.hostName}.${config.networking.domain}";
|
||||||
rsync-net = "zh2769@zh2769.rsync.net";
|
rsync-net = "zh2769@zh2769.rsync.net";
|
||||||
fwminex = "borgstor@${myData.hosts."fwminex.jakst.vpn".jakstIP}";
|
fwminex = "borgstor@$fwminex.jakst.vpn";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -196,7 +196,7 @@ in
|
|||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit (host) system supportedFeatures;
|
inherit (host) system supportedFeatures;
|
||||||
hostName = host.jakstIP;
|
hostName = "fra1-b.jakst.vpn";
|
||||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -24,23 +24,10 @@
|
|||||||
] (_: null);
|
] (_: null);
|
||||||
in
|
in
|
||||||
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) filtered;
|
lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) filtered;
|
||||||
extraConfig =
|
extraConfig = ''
|
||||||
''
|
Host git.jakstys.lt
|
||||||
Host git.jakstys.lt
|
HostName fwminex.jakst.vpn
|
||||||
HostName ${myData.hosts."fwminex.jakst.vpn".jakstIP}
|
'';
|
||||||
|
|
||||||
''
|
|
||||||
+ (lib.concatMapStringsSep "\n"
|
|
||||||
(host: ''
|
|
||||||
Host ${builtins.elemAt (lib.splitString "." host) 0}
|
|
||||||
HostName ${myData.hosts.${host}.jakstIP}
|
|
||||||
'')
|
|
||||||
(
|
|
||||||
builtins.attrNames (
|
|
||||||
lib.filterAttrs (name: props: name != "fra1-b.jakst.vpn" && props ? jakstIP) myData.hosts
|
|
||||||
)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -59,8 +59,9 @@ in
|
|||||||
auth_providers = [
|
auth_providers = [
|
||||||
{ type = "homeassistant"; }
|
{ type = "homeassistant"; }
|
||||||
{
|
{
|
||||||
|
# TODO trust a subset
|
||||||
type = "trusted_networks";
|
type = "trusted_networks";
|
||||||
trusted_networks = myData.subnets.motiejus.cidrs;
|
trusted_networks = myData.subnets.tailscale.cidr;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user