almost rm jakstIP

2025-05-24 16:02:40 +00:00
parent 7252ba1582
commit 0e882bf94d
8 changed files with 24 additions and 64 deletions
--- a/data.nix
+++ b/data.nix
@@ -53,12 +53,10 @@ rec {
    "vno4-rutx11.jakst.vpn" = rec {
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh";
      publicIP = "188.69.241.222";
-      jakstIP = "100.89.176.1";
      vno4IP = "192.168.188.1";
      extraHostNames = [
        "vno4.jakstys.lt"
        publicIP
-        jakstIP
        vno4IP
      ];
    };
@@ -74,11 +72,9 @@ rec {
      extraHostNames = [
        "fra1-b.jakstys.lt"
        publicIP
-        jakstIP
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1tL1FQeKE+28ATuD4USa4oAdPkONfk4uF/McMm+2sy";
      publicIP = "188.245.84.21";
-      jakstIP = "100.89.176.18";
      system = "aarch64-linux";
      supportedFeatures = [
        "nixos-test"
@@ -92,11 +88,9 @@ rec {
      syncthingID = "XOZO6GL-MEH55QR-PTNRVHE-45PD3L2-SHP7XW6-VXKROQ5-F47U3AX-QQACLQP";
      extraHostNames = [
        vno1IP
-        jakstIP
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW7k8wMOIWKERGiMlz5kX/PXJ/EbzUnJK6jVgPtAbNF";
      vno1IP = "192.168.189.12";
-      jakstIP = "100.89.176.21";
    };
    "fwminex.jakst.vpn" = rec {
      extraHostNames = [
@@ -118,17 +112,12 @@ rec {
    };
    "mtworx.jakst.vpn" = rec {
      syncthingID = "C72YA2S-PE5IGDZ-DCNFV7Y-I72BGZM-5L2OO7Y-4K5OTGZ-NILAS2V-BGSAUQW";
-      extraHostNames = [ jakstIP ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b";
-      jakstIP = "100.89.176.3";
    };
    "vno1-vinc.jakst.vpn" = rec {
-      extraHostNames = [ jakstIP ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL";
-      jakstIP = "100.89.176.7";
    };
    "mxp1.jakst.vpn" = {
-      jakstIP = "100.89.176.22";
    };
    "zh2769.rsync.net" = {
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd";
@@ -150,17 +139,6 @@ rec {
      range = "100.89.176.0-100.89.191.255";
      sshPattern = "100.89.176.*"; # until we have more hosts
    };
-    motiejus.cidrs =
-      let
-        mHosts = attrVals [
-          "mxp1.jakst.vpn"
-          "vno1-gdrx.jakst.vpn"
-          "mtworx.jakst.vpn"
-          "fwminex.jakst.vpn"
-        ] hosts;
-      in
-      builtins.catAttrs "jakstIP" mHosts;
-
    vno1 = {
      cidr = "192.168.189.0/24";
      sshPattern = "192.168.189.*";
--- a/flake.nix
+++ b/flake.nix
@@ -216,7 +216,7 @@

      deploy.nodes = {
        fwminex = {
-          hostname = myData.hosts."fwminex.jakst.vpn".jakstIP;
+          hostname = "fwminex.jakst.vpn";
          profiles = {
            system = {
              sshUser = "motiejus";
@@ -227,7 +227,7 @@
        };

        mtworx = {
-          hostname = myData.hosts."mtworx.jakst.vpn".jakstIP;
+          hostname = "mtworx.jakst.vpn";
          profiles = {
            system = {
              sshUser = "motiejus";
@@ -238,7 +238,7 @@
        };

        vno1-gdrx = {
-          hostname = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
+          hostname = "vno1-gdrx.jakst.vpn";
          profiles = {
            system = {
              sshUser = "motiejus";
@@ -249,7 +249,7 @@
        };

        vno3-nk = {
-          hostname = myData.hosts."vno3-nk.jakst.vpn".jakstIP;
+          hostname = "vno3-nk.jakst.vpn";
          profiles = {
            system = {
              sshUser = "motiejus";
@@ -260,7 +260,7 @@
        };

        fra1-b = {
-          hostname = myData.hosts."fra1-b.jakst.vpn".jakstIP;
+          hostname = "fra1-b.jakst.vpn";
          profiles = {
            system = {
              sshUser = "motiejus";
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -442,13 +442,7 @@ in

            {
              job_name = "ping";
-              relabel_configs = map (hostname: {
-                source_labels = [ "__address__" ];
-                regex = "${myData.hosts.${hostname}.jakstIP}:${port}";
-                replacement = "${hostname}:${port}";
-                target_label = "instance";
-              }) hosts;
-              static_configs = [ { targets = map (host: "${myData.hosts.${host}.jakstIP}:${port}") hosts; } ];
+              static_configs = [ { targets = map (host: "${host}:${port}") hosts; } ];
            }
          )
          {
@@ -472,7 +466,7 @@ in
          }
          {
            job_name = "vno1-vinc.jakst.vpn";
-            static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.jakst.vpn".jakstIP}:9100" ]; } ];
+            static_configs = [ { targets = [ "vno1-vinc.jakst.vpn:9100" ]; } ];
          }
        ]
        ++ map
@@ -480,9 +474,9 @@ in
            let
              port = builtins.toString myData.ports.exporters.node;
            in
-            s: {
-              job_name = s;
-              static_configs = [ { targets = [ "${myData.hosts.${s}.jakstIP}:${port}" ]; } ];
+            host: {
+              job_name = host;
+              static_configs = [ { targets = [ "${host}:${port}" ]; } ];
            }
          )
          [
@@ -603,7 +597,7 @@ in
      btrfsborg =
        let
          this = "${config.networking.hostName}.${config.networking.domain}";
-          vno3-nk = "borgstor@${myData.hosts."vno3-nk.jakst.vpn".jakstIP}";
+          vno3-nk = "borgstor@$vno3-nk.jakst.vpn";
          rsync-net = "zh2769@zh2769.rsync.net";
        in
        {
@@ -706,7 +700,7 @@ in
        {
          enable = true;
          inherit (host) system supportedFeatures;
-          hostName = host.jakstIP;
+          hostName = "fra1-b.jakst.vpn";
          sshKey = "/etc/ssh/ssh_host_ed25519_key";
        };

@@ -723,11 +717,11 @@ in
          deployIfPresent = [
            {
              derivationTarget = ".#mtworx";
-              pingTarget = myData.hosts."mtworx.jakst.vpn".jakstIP;
+              pingTarget = "mtworx.jakst.vpn";
            }
            {
              derivationTarget = ".#vno1-gdrx";
-              pingTarget = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
+              pingTarget = "vno1-gdrx.jakst.vpn";
            }
          ];
        };
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -138,7 +138,7 @@ in
        {
          enable = true;
          inherit (host) system supportedFeatures;
-          hostName = host.jakstIP;
+          hostName = "fra1-b.jakst.vpn";
          sshKey = "/etc/ssh/ssh_host_ed25519_key";
          maxJobs = 2;
        };
--- a/hosts/vno1-gdrx/configuration.nix
+++ b/hosts/vno1-gdrx/configuration.nix
@@ -146,7 +146,7 @@ in
        {
          enable = true;
          inherit (host) system supportedFeatures;
-          hostName = host.jakstIP;
+          hostName = "fra1-b.jakst.vpn";
          sshKey = "/etc/ssh/ssh_host_ed25519_key";
          maxJobs = 2;
        };
--- a/hosts/vno3-nk/configuration.nix
+++ b/hosts/vno3-nk/configuration.nix
@@ -130,7 +130,7 @@ in
        let
          this = "${config.networking.hostName}.${config.networking.domain}";
          rsync-net = "zh2769@zh2769.rsync.net";
-          fwminex = "borgstor@${myData.hosts."fwminex.jakst.vpn".jakstIP}";
+          fwminex = "borgstor@$fwminex.jakst.vpn";
        in
        {
          enable = true;
@@ -196,7 +196,7 @@ in
        {
          enable = true;
          inherit (host) system supportedFeatures;
-          hostName = host.jakstIP;
+          hostName = "fra1-b.jakst.vpn";
          sshKey = "/etc/ssh/ssh_host_ed25519_key";
        };

--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@@ -24,23 +24,10 @@
          ] (_: null);
        in
        lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) filtered;
-      extraConfig =
-        ''
+      extraConfig = ''
        Host git.jakstys.lt
-            HostName ${myData.hosts."fwminex.jakst.vpn".jakstIP}
-
-        ''
-        + (lib.concatMapStringsSep "\n"
-          (host: ''
-            Host ${builtins.elemAt (lib.splitString "." host) 0}
-              HostName ${myData.hosts.${host}.jakstIP}
-          '')
-          (
-            builtins.attrNames (
-              lib.filterAttrs (name: props: name != "fra1-b.jakst.vpn" && props ? jakstIP) myData.hosts
-            )
-          )
-        );
+          HostName fwminex.jakst.vpn
+      '';
    };
  };
 }
--- a/modules/services/hass/default.nix
+++ b/modules/services/hass/default.nix
@@ -59,8 +59,9 @@ in
            auth_providers = [
              { type = "homeassistant"; }
              {
+                # TODO trust a subset
                type = "trusted_networks";
-                trusted_networks = myData.subnets.motiejus.cidrs;
+                trusted_networks = myData.subnets.tailscale.cidr;
              }
            ];
          };