From 6310a6e74eb7cb8433d773b04fc9e8a1ff750115 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sat, 8 Mar 2025 23:47:31 +0200
Subject: [PATCH] jakst.vpn
---
README.md | 2 +-
data.nix | 46 +++++++++++++++----------------
flake.nix | 10 +++----
hosts/fra1-b/configuration.nix | 10 +++----
hosts/fwminex/configuration.nix | 36 ++++++++++++------------
hosts/mtworx/configuration.nix | 6 ++--
hosts/vno1-gdrx/configuration.nix | 6 ++--
hosts/vno3-nk/configuration.nix | 10 +++----
modules/base/sshd/default.nix | 4 +--
secrets.nix | 10 +++----
10 files changed, 70 insertions(+), 70 deletions(-)
diff --git a/README.md b/README.md
index abefd65..2511be7 100644
--- a/README.md
+++ b/README.md
@@ -26,4 +26,4 @@ Decode a secret on host (to test things out):
Borg
----
- BORG_PASSCOMMAND="cat /run/agenix/borgbackup-fwminex" borg --remote-path=borg1 list zh2769@zh2769.rsync.net:fwminex.servers.jakst-home-motiejus-annex2
+ BORG_PASSCOMMAND="cat /run/agenix/borgbackup-fwminex" borg --remote-path=borg1 list zh2769@zh2769.rsync.net:fwminex.jakst.vpn-home-motiejus-annex2
diff --git a/data.nix b/data.nix
index aa7b72f..be1540a 100644
--- a/data.nix
+++ b/data.nix
@@ -49,7 +49,7 @@ rec {
};
hosts = {
- "vno4-rutx11.servers.jakst" = rec {
+ "vno4-rutx11.jakst.vpn" = rec {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh";
publicIP = "188.69.241.222";
jakstIP = "100.89.176.1";
@@ -61,7 +61,7 @@ rec {
vno4IP
];
};
- "vno3-nk.servers.jakst" = rec {
+ "vno3-nk.jakst.vpn" = rec {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp3QL8p4AbuijEQX/uVHj6nkJ2/8qNSciL+Glydw2yK";
system = "x86_64-linux";
jakstIP = "100.89.176.5";
@@ -69,7 +69,7 @@ rec {
jakstIP
];
};
- "fra1-b.servers.jakst" = rec {
+ "fra1-b.jakst.vpn" = rec {
extraHostNames = [
"fra1-b.jakstys.lt"
publicIP
@@ -87,7 +87,7 @@ rec {
"gccarch-armv8-a"
];
};
- "vno1-gdrx.motiejus.jakst" = rec {
+ "vno1-gdrx.jakst.vpn" = rec {
extraHostNames = [
vno1IP
jakstIP
@@ -96,7 +96,7 @@ rec {
vno1IP = "192.168.189.12";
jakstIP = "100.89.176.21";
};
- "fwminex.servers.jakst" = rec {
+ "fwminex.jakst.vpn" = rec {
extraHostNames = [
"jakstys.lt"
"git.jakstys.lt"
@@ -113,17 +113,17 @@ rec {
jakstIP = "100.89.176.6";
vno1IP = "192.168.189.10";
};
- "mtworx.motiejus.jakst" = rec {
+ "mtworx.jakst.vpn" = rec {
extraHostNames = [ jakstIP ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b";
jakstIP = "100.89.176.3";
};
- "vno1-vinc.vincentas.jakst" = rec {
+ "vno1-vinc.jakst.vpn" = rec {
extraHostNames = [ jakstIP ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL";
jakstIP = "100.89.176.7";
};
- "mxp1.motiejus.jakst" = {
+ "mxp1.jakst.vpn" = {
jakstIP = "100.89.176.22";
};
"zh2769.rsync.net" = {
@@ -149,10 +149,10 @@ rec {
motiejus.cidrs =
let
mHosts = attrVals [
- "mxp1.motiejus.jakst"
- "vno1-gdrx.motiejus.jakst"
- "mtworx.motiejus.jakst"
- "fwminex.servers.jakst"
+ "mxp1.jakst.vpn"
+ "vno1-gdrx.jakst.vpn"
+ "mtworx.jakst.vpn"
+ "fwminex.jakst.vpn"
] hosts;
in
builtins.catAttrs "jakstIP" mHosts;
@@ -166,9 +166,9 @@ rec {
jakstysLTZone =
let
- fra1b = hosts."fra1-b.servers.jakst".publicIP;
- vno1 = hosts."fwminex.servers.jakst".publicIP;
- vno4 = hosts."vno4-rutx11.servers.jakst".publicIP;
+ fra1b = hosts."fra1-b.jakst.vpn".publicIP;
+ vno1 = hosts."fwminex.jakst.vpn".publicIP;
+ vno4 = hosts."vno4-rutx11.jakst.vpn".publicIP;
in
''
$ORIGIN jakstys.lt.
@@ -179,7 +179,7 @@ rec {
@ HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}"
@ A ${vno1}
www A ${vno1}
- photos A ${hosts."fwminex.servers.jakst".jakstIP}
+ photos A ${hosts."fwminex.jakst.vpn".jakstIP}
ns1 86400 A ${vno1}
ns2 86400 A ${fra1b}
vpn A ${vno1}
@@ -201,35 +201,35 @@ rec {
_dmarc TXT "v=DMARC1; p=none;"
google._domainkey TXT "v=DKIM1; k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqOyONnWKk7lgAVB1UcVu/I02gTDjROpQGDNUJHS34faQ9DnM/8uSOaIwCe4oV1GrI8N2ET+f96WPCCs1LzlEA0QwuUoXRLGojjQoXxCntLfMCnRWtehzmZq6Yv8nVva7N0gz/n/LThpPvGfEoKzYjmhjzM5d8y60DGsKxS8r4Lc9TzwtzuYkxKDhcSzVBQQiMvKMi6m6mUsxFya7" "ZTurd5i7iiZXpA3SFBYLAsjhQd6vS7K13vwAZTKjGNijfM40i7KXC5XA5WtojiSY0lZzAMqaHGLDaMUFkWRJJntRheQ+AU9RvOGAufphRAjdQTCMy0BLzC0rilT2JaTGe4MdQIDAQAB"
- grafana A ${hosts."fwminex.servers.jakst".jakstIP}
+ grafana A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.grafana CNAME _acme-endpoint.grafana
_acme-endpoint.grafana NS ns._acme-endpoint.grafana
ns._acme-endpoint.grafana A ${vno1}
- hass A ${hosts."fwminex.servers.jakst".jakstIP}
+ hass A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.hass CNAME _acme-endpoint.hass
_acme-endpoint.hass NS ns._acme-endpoint.hass
ns._acme-endpoint.hass A ${vno1}
- irc A ${hosts."fwminex.servers.jakst".jakstIP}
+ irc A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.irc CNAME _acme-endpoint.irc
_acme-endpoint.irc NS ns._acme-endpoint.irc
ns._acme-endpoint.irc A ${vno1}
- hass A ${hosts."fwminex.servers.jakst".jakstIP}
+ hass A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.hass CNAME _acme-endpoint.hass
_acme-endpoint.hass NS ns._acme-endpoint.hass
ns._acme-endpoint.hass A ${vno1}
bitwarden HTTPS 1 . alpn="h3,h2" ipv4hint="${
- hosts."fwminex.servers.jakst".jakstIP
+ hosts."fwminex.jakst.vpn".jakstIP
}"
- bitwarden A ${hosts."fwminex.servers.jakst".jakstIP}
+ bitwarden A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.bitwarden CNAME _acme-endpoint.bitwarden
_acme-endpoint.bitwarden NS ns._acme-endpoint.bitwarden
ns._acme-endpoint.bitwarden A ${vno1}
- hdd A ${hosts."vno3-nk.servers.jakst".jakstIP}
+ hdd A ${hosts."vno3-nk.jakst.vpn".jakstIP}
_acme-challenge.hdd CNAME _acme-endpoint.hdd
_acme-endpoint.hdd NS ns._acme-endpoint.hdd
ns._acme-endpoint.hdd A ${vno1}
diff --git a/flake.nix b/flake.nix
index ef3fa74..5535d80 100644
--- a/flake.nix
+++ b/flake.nix
@@ -216,7 +216,7 @@
deploy.nodes = {
fwminex = {
- hostname = myData.hosts."fwminex.servers.jakst".jakstIP;
+ hostname = myData.hosts."fwminex.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@@ -227,7 +227,7 @@
};
mtworx = {
- hostname = myData.hosts."mtworx.motiejus.jakst".jakstIP;
+ hostname = myData.hosts."mtworx.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@@ -238,7 +238,7 @@
};
vno1-gdrx = {
- hostname = myData.hosts."vno1-gdrx.motiejus.jakst".jakstIP;
+ hostname = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@@ -249,7 +249,7 @@
};
vno3-nk = {
- hostname = myData.hosts."vno3-nk.servers.jakst".jakstIP;
+ hostname = myData.hosts."vno3-nk.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@@ -260,7 +260,7 @@
};
fra1-b = {
- hostname = myData.hosts."fra1-b.servers.jakst".jakstIP;
+ hostname = myData.hosts."fra1-b.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix
index 2d56593..6260ee4 100644
--- a/hosts/fra1-b/configuration.nix
+++ b/hosts/fra1-b/configuration.nix
@@ -90,9 +90,9 @@ in
uidgid = myData.uidgid.remote-builder;
sshAllowSubnet = myData.subnets.tailscale.sshPattern;
publicKeys = map (h: myData.hosts.${h}.publicKey) [
- "vno1-gdrx.motiejus.jakst"
- "fwminex.servers.jakst"
- "mtworx.motiejus.jakst"
+ "vno1-gdrx.jakst.vpn"
+ "fwminex.jakst.vpn"
+ "mtworx.jakst.vpn"
];
};
@@ -103,7 +103,7 @@ in
deployerbot = {
follower = {
- publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
+ publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
@@ -131,7 +131,7 @@ in
networking = {
hostName = "fra1-b";
- domain = "servers.jakst";
+ domain = "jakst.vpn";
useDHCP = true;
interfaces.enp1s0.ipv6.addresses = [
{
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 40eadaa..e05ef94 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -405,10 +405,10 @@ in
let
port = toString config.services.prometheus.exporters.ping.port;
hosts = [
- "fwminex.servers.jakst"
- "vno3-nk.servers.jakst"
- "fra1-b.servers.jakst"
- "vno1-gdrx.motiejus.jakst"
+ "fwminex.jakst.vpn"
+ "vno3-nk.jakst.vpn"
+ "fra1-b.jakst.vpn"
+ "vno1-gdrx.jakst.vpn"
];
in
@@ -443,8 +443,8 @@ in
static_configs = [ { targets = [ "127.0.0.1:${toString myData.ports.exporters.weather}" ]; } ];
}
{
- job_name = "vno1-vinc.vincentas.jakst";
- static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.vincentas.jakst".jakstIP}:9100" ]; } ];
+ job_name = "vno1-vinc.jakst.vpn";
+ static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.jakst.vpn".jakstIP}:9100" ]; } ];
}
]
++ map
@@ -458,11 +458,11 @@ in
}
)
[
- "fra1-b.servers.jakst"
- "vno3-nk.servers.jakst"
- "fwminex.servers.jakst"
- "mtworx.motiejus.jakst"
- "vno1-gdrx.motiejus.jakst"
+ "fra1-b.jakst.vpn"
+ "vno3-nk.jakst.vpn"
+ "fwminex.jakst.vpn"
+ "mtworx.jakst.vpn"
+ "vno1-gdrx.jakst.vpn"
];
};
@@ -520,7 +520,7 @@ in
enable = true;
dataDir = "/var/lib/borgstor";
sshKeys = with myData; [
- hosts."vno3-nk.servers.jakst".publicKey
+ hosts."vno3-nk.jakst.vpn".publicKey
people_pubkeys.motiejus
];
};
@@ -611,7 +611,7 @@ in
)
[
"zh2769@zh2769.rsync.net"
- "borgstor@${myData.hosts."vno3-nk.servers.jakst".jakstIP}"
+ "borgstor@${myData.hosts."vno3-nk.jakst.vpn".jakstIP}"
];
};
@@ -655,7 +655,7 @@ in
remote-builder.client =
let
- host = myData.hosts."fra1-b.servers.jakst";
+ host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@@ -677,17 +677,17 @@ in
deployIfPresent = [
{
derivationTarget = ".#mtworx";
- pingTarget = myData.hosts."mtworx.motiejus.jakst".jakstIP;
+ pingTarget = myData.hosts."mtworx.jakst.vpn".jakstIP;
}
{
derivationTarget = ".#vno1-gdrx";
- pingTarget = myData.hosts."vno1-gdrx.motiejus.jakst".jakstIP;
+ pingTarget = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
}
];
};
follower = {
- publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
+ publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
@@ -739,7 +739,7 @@ in
networking = {
hostId = "a6b19da0";
hostName = "fwminex";
- domain = "servers.jakst";
+ domain = "jakst.vpn";
firewall = {
rejectPackets = true;
allowedUDPPorts = [
diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index 0ae1f1f..b0d31d3 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -133,7 +133,7 @@ in
remote-builder.client =
let
- host = myData.hosts."fra1-b.servers.jakst";
+ host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@@ -150,7 +150,7 @@ in
deployerbot = {
follower = {
- publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
+ publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
@@ -199,7 +199,7 @@ in
networking = {
hostId = "b14a02aa";
hostName = "mtworx";
- domain = "motiejus.jakst";
+ domain = "jakst.vpn";
firewall.rejectPackets = true;
};
}
diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix
index 39f6665..08c28c5 100644
--- a/hosts/vno1-gdrx/configuration.nix
+++ b/hosts/vno1-gdrx/configuration.nix
@@ -140,7 +140,7 @@ in
remote-builder.client =
let
- host = myData.hosts."fra1-b.servers.jakst";
+ host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@@ -152,7 +152,7 @@ in
deployerbot = {
follower = {
- publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
+ publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
@@ -181,7 +181,7 @@ in
networking = {
hostName = "vno1-gdrx";
- domain = "motiejus.jakst";
+ domain = "jakst.vpn";
firewall.rejectPackets = true;
};
}
diff --git a/hosts/vno3-nk/configuration.nix b/hosts/vno3-nk/configuration.nix
index 50026a3..9976b41 100644
--- a/hosts/vno3-nk/configuration.nix
+++ b/hosts/vno3-nk/configuration.nix
@@ -108,7 +108,7 @@ in
enable = true;
dataDir = "/data/borg";
sshKeys = with myData; [
- hosts."fwminex.servers.jakst".publicKey
+ hosts."fwminex.jakst.vpn".publicKey
people_pubkeys.motiejus
];
};
@@ -140,7 +140,7 @@ in
)
[
"zh2769@zh2769.rsync.net"
- "borgstor@${myData.hosts."fwminex.servers.jakst".jakstIP}"
+ "borgstor@${myData.hosts."fwminex.jakst.vpn".jakstIP}"
];
};
@@ -164,7 +164,7 @@ in
remote-builder.client =
let
- host = myData.hosts."fra1-b.servers.jakst";
+ host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@@ -193,7 +193,7 @@ in
deployerbot = {
follower = {
enable = true;
- publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
+ publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
uidgid = myData.uidgid.updaterbot-deployee;
};
@@ -212,7 +212,7 @@ in
networking = {
hostId = "ab4af0bb";
hostName = "vno3-nk";
- domain = "servers.jakst";
+ domain = "jakst.vpn";
firewall = {
rejectPackets = true;
allowedUDPPorts = [
diff --git a/modules/base/sshd/default.nix b/modules/base/sshd/default.nix
index c655efd..bd7fcbe 100644
--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@@ -27,7 +27,7 @@
extraConfig =
''
Host git.jakstys.lt
- HostName ${myData.hosts."fwminex.servers.jakst".jakstIP}
+ HostName ${myData.hosts."fwminex.jakst.vpn".jakstIP}
''
+ (lib.concatMapStringsSep "\n"
@@ -37,7 +37,7 @@
'')
(
builtins.attrNames (
- lib.filterAttrs (name: props: name != "fra1-b.servers.jakst" && props ? jakstIP) myData.hosts
+ lib.filterAttrs (name: props: name != "fra1-b.jakst.vpn" && props ? jakstIP) myData.hosts
)
)
);
diff --git a/secrets.nix b/secrets.nix
index 11ed1e1..56a44f3 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -6,11 +6,11 @@ let
bk2 = "age14f39j0wx84n93lgqn6d9gcd3yhuwak6qwrxy8v83ydn7266uafts09ecva";
};
- fwminex = (import ./data.nix).hosts."fwminex.servers.jakst".publicKey;
- vno3-nk = (import ./data.nix).hosts."vno3-nk.servers.jakst".publicKey;
- fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
- mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
- vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey;
+ fwminex = (import ./data.nix).hosts."fwminex.jakst.vpn".publicKey;
+ vno3-nk = (import ./data.nix).hosts."vno3-nk.jakst.vpn".publicKey;
+ fra1-b = (import ./data.nix).hosts."fra1-b.jakst.vpn".publicKey;
+ mtworx = (import ./data.nix).hosts."mtworx.jakst.vpn".publicKey;
+ vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey;
systems = [
fwminex