jakst.vpn

This commit is contained in:
Motiejus Jakštys 2025-03-08 23:47:31 +02:00
parent 5b0d71dc2a
commit 6310a6e74e
10 changed files with 70 additions and 70 deletions

View File

@ -26,4 +26,4 @@ Decode a secret on host (to test things out):
Borg
----
BORG_PASSCOMMAND="cat /run/agenix/borgbackup-fwminex" borg --remote-path=borg1 list zh2769@zh2769.rsync.net:fwminex.servers.jakst-home-motiejus-annex2
BORG_PASSCOMMAND="cat /run/agenix/borgbackup-fwminex" borg --remote-path=borg1 list zh2769@zh2769.rsync.net:fwminex.jakst.vpn-home-motiejus-annex2

View File

@ -49,7 +49,7 @@ rec {
};
hosts = {
"vno4-rutx11.servers.jakst" = rec {
"vno4-rutx11.jakst.vpn" = rec {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh";
publicIP = "188.69.241.222";
jakstIP = "100.89.176.1";
@ -61,7 +61,7 @@ rec {
vno4IP
];
};
"vno3-nk.servers.jakst" = rec {
"vno3-nk.jakst.vpn" = rec {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp3QL8p4AbuijEQX/uVHj6nkJ2/8qNSciL+Glydw2yK";
system = "x86_64-linux";
jakstIP = "100.89.176.5";
@ -69,7 +69,7 @@ rec {
jakstIP
];
};
"fra1-b.servers.jakst" = rec {
"fra1-b.jakst.vpn" = rec {
extraHostNames = [
"fra1-b.jakstys.lt"
publicIP
@ -87,7 +87,7 @@ rec {
"gccarch-armv8-a"
];
};
"vno1-gdrx.motiejus.jakst" = rec {
"vno1-gdrx.jakst.vpn" = rec {
extraHostNames = [
vno1IP
jakstIP
@ -96,7 +96,7 @@ rec {
vno1IP = "192.168.189.12";
jakstIP = "100.89.176.21";
};
"fwminex.servers.jakst" = rec {
"fwminex.jakst.vpn" = rec {
extraHostNames = [
"jakstys.lt"
"git.jakstys.lt"
@ -113,17 +113,17 @@ rec {
jakstIP = "100.89.176.6";
vno1IP = "192.168.189.10";
};
"mtworx.motiejus.jakst" = rec {
"mtworx.jakst.vpn" = rec {
extraHostNames = [ jakstIP ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b";
jakstIP = "100.89.176.3";
};
"vno1-vinc.vincentas.jakst" = rec {
"vno1-vinc.jakst.vpn" = rec {
extraHostNames = [ jakstIP ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL";
jakstIP = "100.89.176.7";
};
"mxp1.motiejus.jakst" = {
"mxp1.jakst.vpn" = {
jakstIP = "100.89.176.22";
};
"zh2769.rsync.net" = {
@ -149,10 +149,10 @@ rec {
motiejus.cidrs =
let
mHosts = attrVals [
"mxp1.motiejus.jakst"
"vno1-gdrx.motiejus.jakst"
"mtworx.motiejus.jakst"
"fwminex.servers.jakst"
"mxp1.jakst.vpn"
"vno1-gdrx.jakst.vpn"
"mtworx.jakst.vpn"
"fwminex.jakst.vpn"
] hosts;
in
builtins.catAttrs "jakstIP" mHosts;
@ -166,9 +166,9 @@ rec {
jakstysLTZone =
let
fra1b = hosts."fra1-b.servers.jakst".publicIP;
vno1 = hosts."fwminex.servers.jakst".publicIP;
vno4 = hosts."vno4-rutx11.servers.jakst".publicIP;
fra1b = hosts."fra1-b.jakst.vpn".publicIP;
vno1 = hosts."fwminex.jakst.vpn".publicIP;
vno4 = hosts."vno4-rutx11.jakst.vpn".publicIP;
in
''
$ORIGIN jakstys.lt.
@ -179,7 +179,7 @@ rec {
@ HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}"
@ A ${vno1}
www A ${vno1}
photos A ${hosts."fwminex.servers.jakst".jakstIP}
photos A ${hosts."fwminex.jakst.vpn".jakstIP}
ns1 86400 A ${vno1}
ns2 86400 A ${fra1b}
vpn A ${vno1}
@ -201,35 +201,35 @@ rec {
_dmarc TXT "v=DMARC1; p=none;"
google._domainkey TXT "v=DKIM1; k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqOyONnWKk7lgAVB1UcVu/I02gTDjROpQGDNUJHS34faQ9DnM/8uSOaIwCe4oV1GrI8N2ET+f96WPCCs1LzlEA0QwuUoXRLGojjQoXxCntLfMCnRWtehzmZq6Yv8nVva7N0gz/n/LThpPvGfEoKzYjmhjzM5d8y60DGsKxS8r4Lc9TzwtzuYkxKDhcSzVBQQiMvKMi6m6mUsxFya7" "ZTurd5i7iiZXpA3SFBYLAsjhQd6vS7K13vwAZTKjGNijfM40i7KXC5XA5WtojiSY0lZzAMqaHGLDaMUFkWRJJntRheQ+AU9RvOGAufphRAjdQTCMy0BLzC0rilT2JaTGe4MdQIDAQAB"
grafana A ${hosts."fwminex.servers.jakst".jakstIP}
grafana A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.grafana CNAME _acme-endpoint.grafana
_acme-endpoint.grafana NS ns._acme-endpoint.grafana
ns._acme-endpoint.grafana A ${vno1}
hass A ${hosts."fwminex.servers.jakst".jakstIP}
hass A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.hass CNAME _acme-endpoint.hass
_acme-endpoint.hass NS ns._acme-endpoint.hass
ns._acme-endpoint.hass A ${vno1}
irc A ${hosts."fwminex.servers.jakst".jakstIP}
irc A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.irc CNAME _acme-endpoint.irc
_acme-endpoint.irc NS ns._acme-endpoint.irc
ns._acme-endpoint.irc A ${vno1}
hass A ${hosts."fwminex.servers.jakst".jakstIP}
hass A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.hass CNAME _acme-endpoint.hass
_acme-endpoint.hass NS ns._acme-endpoint.hass
ns._acme-endpoint.hass A ${vno1}
bitwarden HTTPS 1 . alpn="h3,h2" ipv4hint="${
hosts."fwminex.servers.jakst".jakstIP
hosts."fwminex.jakst.vpn".jakstIP
}"
bitwarden A ${hosts."fwminex.servers.jakst".jakstIP}
bitwarden A ${hosts."fwminex.jakst.vpn".jakstIP}
_acme-challenge.bitwarden CNAME _acme-endpoint.bitwarden
_acme-endpoint.bitwarden NS ns._acme-endpoint.bitwarden
ns._acme-endpoint.bitwarden A ${vno1}
hdd A ${hosts."vno3-nk.servers.jakst".jakstIP}
hdd A ${hosts."vno3-nk.jakst.vpn".jakstIP}
_acme-challenge.hdd CNAME _acme-endpoint.hdd
_acme-endpoint.hdd NS ns._acme-endpoint.hdd
ns._acme-endpoint.hdd A ${vno1}

View File

@ -216,7 +216,7 @@
deploy.nodes = {
fwminex = {
hostname = myData.hosts."fwminex.servers.jakst".jakstIP;
hostname = myData.hosts."fwminex.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@ -227,7 +227,7 @@
};
mtworx = {
hostname = myData.hosts."mtworx.motiejus.jakst".jakstIP;
hostname = myData.hosts."mtworx.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@ -238,7 +238,7 @@
};
vno1-gdrx = {
hostname = myData.hosts."vno1-gdrx.motiejus.jakst".jakstIP;
hostname = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@ -249,7 +249,7 @@
};
vno3-nk = {
hostname = myData.hosts."vno3-nk.servers.jakst".jakstIP;
hostname = myData.hosts."vno3-nk.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";
@ -260,7 +260,7 @@
};
fra1-b = {
hostname = myData.hosts."fra1-b.servers.jakst".jakstIP;
hostname = myData.hosts."fra1-b.jakst.vpn".jakstIP;
profiles = {
system = {
sshUser = "motiejus";

View File

@ -90,9 +90,9 @@ in
uidgid = myData.uidgid.remote-builder;
sshAllowSubnet = myData.subnets.tailscale.sshPattern;
publicKeys = map (h: myData.hosts.${h}.publicKey) [
"vno1-gdrx.motiejus.jakst"
"fwminex.servers.jakst"
"mtworx.motiejus.jakst"
"vno1-gdrx.jakst.vpn"
"fwminex.jakst.vpn"
"mtworx.jakst.vpn"
];
};
@ -103,7 +103,7 @@ in
deployerbot = {
follower = {
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
@ -131,7 +131,7 @@ in
networking = {
hostName = "fra1-b";
domain = "servers.jakst";
domain = "jakst.vpn";
useDHCP = true;
interfaces.enp1s0.ipv6.addresses = [
{

View File

@ -405,10 +405,10 @@ in
let
port = toString config.services.prometheus.exporters.ping.port;
hosts = [
"fwminex.servers.jakst"
"vno3-nk.servers.jakst"
"fra1-b.servers.jakst"
"vno1-gdrx.motiejus.jakst"
"fwminex.jakst.vpn"
"vno3-nk.jakst.vpn"
"fra1-b.jakst.vpn"
"vno1-gdrx.jakst.vpn"
];
in
@ -443,8 +443,8 @@ in
static_configs = [ { targets = [ "127.0.0.1:${toString myData.ports.exporters.weather}" ]; } ];
}
{
job_name = "vno1-vinc.vincentas.jakst";
static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.vincentas.jakst".jakstIP}:9100" ]; } ];
job_name = "vno1-vinc.jakst.vpn";
static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.jakst.vpn".jakstIP}:9100" ]; } ];
}
]
++ map
@ -458,11 +458,11 @@ in
}
)
[
"fra1-b.servers.jakst"
"vno3-nk.servers.jakst"
"fwminex.servers.jakst"
"mtworx.motiejus.jakst"
"vno1-gdrx.motiejus.jakst"
"fra1-b.jakst.vpn"
"vno3-nk.jakst.vpn"
"fwminex.jakst.vpn"
"mtworx.jakst.vpn"
"vno1-gdrx.jakst.vpn"
];
};
@ -520,7 +520,7 @@ in
enable = true;
dataDir = "/var/lib/borgstor";
sshKeys = with myData; [
hosts."vno3-nk.servers.jakst".publicKey
hosts."vno3-nk.jakst.vpn".publicKey
people_pubkeys.motiejus
];
};
@ -611,7 +611,7 @@ in
)
[
"zh2769@zh2769.rsync.net"
"borgstor@${myData.hosts."vno3-nk.servers.jakst".jakstIP}"
"borgstor@${myData.hosts."vno3-nk.jakst.vpn".jakstIP}"
];
};
@ -655,7 +655,7 @@ in
remote-builder.client =
let
host = myData.hosts."fra1-b.servers.jakst";
host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@ -677,17 +677,17 @@ in
deployIfPresent = [
{
derivationTarget = ".#mtworx";
pingTarget = myData.hosts."mtworx.motiejus.jakst".jakstIP;
pingTarget = myData.hosts."mtworx.jakst.vpn".jakstIP;
}
{
derivationTarget = ".#vno1-gdrx";
pingTarget = myData.hosts."vno1-gdrx.motiejus.jakst".jakstIP;
pingTarget = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
}
];
};
follower = {
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
@ -739,7 +739,7 @@ in
networking = {
hostId = "a6b19da0";
hostName = "fwminex";
domain = "servers.jakst";
domain = "jakst.vpn";
firewall = {
rejectPackets = true;
allowedUDPPorts = [

View File

@ -133,7 +133,7 @@ in
remote-builder.client =
let
host = myData.hosts."fra1-b.servers.jakst";
host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@ -150,7 +150,7 @@ in
deployerbot = {
follower = {
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
@ -199,7 +199,7 @@ in
networking = {
hostId = "b14a02aa";
hostName = "mtworx";
domain = "motiejus.jakst";
domain = "jakst.vpn";
firewall.rejectPackets = true;
};
}

View File

@ -140,7 +140,7 @@ in
remote-builder.client =
let
host = myData.hosts."fra1-b.servers.jakst";
host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@ -152,7 +152,7 @@ in
deployerbot = {
follower = {
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
@ -181,7 +181,7 @@ in
networking = {
hostName = "vno1-gdrx";
domain = "motiejus.jakst";
domain = "jakst.vpn";
firewall.rejectPackets = true;
};
}

View File

@ -108,7 +108,7 @@ in
enable = true;
dataDir = "/data/borg";
sshKeys = with myData; [
hosts."fwminex.servers.jakst".publicKey
hosts."fwminex.jakst.vpn".publicKey
people_pubkeys.motiejus
];
};
@ -140,7 +140,7 @@ in
)
[
"zh2769@zh2769.rsync.net"
"borgstor@${myData.hosts."fwminex.servers.jakst".jakstIP}"
"borgstor@${myData.hosts."fwminex.jakst.vpn".jakstIP}"
];
};
@ -164,7 +164,7 @@ in
remote-builder.client =
let
host = myData.hosts."fra1-b.servers.jakst";
host = myData.hosts."fra1-b.jakst.vpn";
in
{
enable = true;
@ -193,7 +193,7 @@ in
deployerbot = {
follower = {
enable = true;
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
uidgid = myData.uidgid.updaterbot-deployee;
};
@ -212,7 +212,7 @@ in
networking = {
hostId = "ab4af0bb";
hostName = "vno3-nk";
domain = "servers.jakst";
domain = "jakst.vpn";
firewall = {
rejectPackets = true;
allowedUDPPorts = [

View File

@ -27,7 +27,7 @@
extraConfig =
''
Host git.jakstys.lt
HostName ${myData.hosts."fwminex.servers.jakst".jakstIP}
HostName ${myData.hosts."fwminex.jakst.vpn".jakstIP}
''
+ (lib.concatMapStringsSep "\n"
@ -37,7 +37,7 @@
'')
(
builtins.attrNames (
lib.filterAttrs (name: props: name != "fra1-b.servers.jakst" && props ? jakstIP) myData.hosts
lib.filterAttrs (name: props: name != "fra1-b.jakst.vpn" && props ? jakstIP) myData.hosts
)
)
);

View File

@ -6,11 +6,11 @@ let
bk2 = "age14f39j0wx84n93lgqn6d9gcd3yhuwak6qwrxy8v83ydn7266uafts09ecva";
};
fwminex = (import ./data.nix).hosts."fwminex.servers.jakst".publicKey;
vno3-nk = (import ./data.nix).hosts."vno3-nk.servers.jakst".publicKey;
fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey;
fwminex = (import ./data.nix).hosts."fwminex.jakst.vpn".publicKey;
vno3-nk = (import ./data.nix).hosts."vno3-nk.jakst.vpn".publicKey;
fra1-b = (import ./data.nix).hosts."fra1-b.jakst.vpn".publicKey;
mtworx = (import ./data.nix).hosts."mtworx.jakst.vpn".publicKey;
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey;
systems = [
fwminex