jakst.vpn
This commit is contained in:
parent
5b0d71dc2a
commit
6310a6e74e
@ -26,4 +26,4 @@ Decode a secret on host (to test things out):
|
||||
Borg
|
||||
----
|
||||
|
||||
BORG_PASSCOMMAND="cat /run/agenix/borgbackup-fwminex" borg --remote-path=borg1 list zh2769@zh2769.rsync.net:fwminex.servers.jakst-home-motiejus-annex2
|
||||
BORG_PASSCOMMAND="cat /run/agenix/borgbackup-fwminex" borg --remote-path=borg1 list zh2769@zh2769.rsync.net:fwminex.jakst.vpn-home-motiejus-annex2
|
||||
|
46
data.nix
46
data.nix
@ -49,7 +49,7 @@ rec {
|
||||
};
|
||||
|
||||
hosts = {
|
||||
"vno4-rutx11.servers.jakst" = rec {
|
||||
"vno4-rutx11.jakst.vpn" = rec {
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEehmFvEBVngwxk1nuEWMlE4UU69gC4wxytGX5DAFbh";
|
||||
publicIP = "188.69.241.222";
|
||||
jakstIP = "100.89.176.1";
|
||||
@ -61,7 +61,7 @@ rec {
|
||||
vno4IP
|
||||
];
|
||||
};
|
||||
"vno3-nk.servers.jakst" = rec {
|
||||
"vno3-nk.jakst.vpn" = rec {
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBp3QL8p4AbuijEQX/uVHj6nkJ2/8qNSciL+Glydw2yK";
|
||||
system = "x86_64-linux";
|
||||
jakstIP = "100.89.176.5";
|
||||
@ -69,7 +69,7 @@ rec {
|
||||
jakstIP
|
||||
];
|
||||
};
|
||||
"fra1-b.servers.jakst" = rec {
|
||||
"fra1-b.jakst.vpn" = rec {
|
||||
extraHostNames = [
|
||||
"fra1-b.jakstys.lt"
|
||||
publicIP
|
||||
@ -87,7 +87,7 @@ rec {
|
||||
"gccarch-armv8-a"
|
||||
];
|
||||
};
|
||||
"vno1-gdrx.motiejus.jakst" = rec {
|
||||
"vno1-gdrx.jakst.vpn" = rec {
|
||||
extraHostNames = [
|
||||
vno1IP
|
||||
jakstIP
|
||||
@ -96,7 +96,7 @@ rec {
|
||||
vno1IP = "192.168.189.12";
|
||||
jakstIP = "100.89.176.21";
|
||||
};
|
||||
"fwminex.servers.jakst" = rec {
|
||||
"fwminex.jakst.vpn" = rec {
|
||||
extraHostNames = [
|
||||
"jakstys.lt"
|
||||
"git.jakstys.lt"
|
||||
@ -113,17 +113,17 @@ rec {
|
||||
jakstIP = "100.89.176.6";
|
||||
vno1IP = "192.168.189.10";
|
||||
};
|
||||
"mtworx.motiejus.jakst" = rec {
|
||||
"mtworx.jakst.vpn" = rec {
|
||||
extraHostNames = [ jakstIP ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/2oa3/NDV7GQNAKEQdJ+LZMwK0TUr1wChJMkZM1I3b";
|
||||
jakstIP = "100.89.176.3";
|
||||
};
|
||||
"vno1-vinc.vincentas.jakst" = rec {
|
||||
"vno1-vinc.jakst.vpn" = rec {
|
||||
extraHostNames = [ jakstIP ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIwK7et5NBM+vaffiwpKLSAJwKfwMhCZwl1JyXo79uL";
|
||||
jakstIP = "100.89.176.7";
|
||||
};
|
||||
"mxp1.motiejus.jakst" = {
|
||||
"mxp1.jakst.vpn" = {
|
||||
jakstIP = "100.89.176.22";
|
||||
};
|
||||
"zh2769.rsync.net" = {
|
||||
@ -149,10 +149,10 @@ rec {
|
||||
motiejus.cidrs =
|
||||
let
|
||||
mHosts = attrVals [
|
||||
"mxp1.motiejus.jakst"
|
||||
"vno1-gdrx.motiejus.jakst"
|
||||
"mtworx.motiejus.jakst"
|
||||
"fwminex.servers.jakst"
|
||||
"mxp1.jakst.vpn"
|
||||
"vno1-gdrx.jakst.vpn"
|
||||
"mtworx.jakst.vpn"
|
||||
"fwminex.jakst.vpn"
|
||||
] hosts;
|
||||
in
|
||||
builtins.catAttrs "jakstIP" mHosts;
|
||||
@ -166,9 +166,9 @@ rec {
|
||||
|
||||
jakstysLTZone =
|
||||
let
|
||||
fra1b = hosts."fra1-b.servers.jakst".publicIP;
|
||||
vno1 = hosts."fwminex.servers.jakst".publicIP;
|
||||
vno4 = hosts."vno4-rutx11.servers.jakst".publicIP;
|
||||
fra1b = hosts."fra1-b.jakst.vpn".publicIP;
|
||||
vno1 = hosts."fwminex.jakst.vpn".publicIP;
|
||||
vno4 = hosts."vno4-rutx11.jakst.vpn".publicIP;
|
||||
in
|
||||
''
|
||||
$ORIGIN jakstys.lt.
|
||||
@ -179,7 +179,7 @@ rec {
|
||||
@ HTTPS 1 . alpn="h3,h2" ipv4hint="${vno1}"
|
||||
@ A ${vno1}
|
||||
www A ${vno1}
|
||||
photos A ${hosts."fwminex.servers.jakst".jakstIP}
|
||||
photos A ${hosts."fwminex.jakst.vpn".jakstIP}
|
||||
ns1 86400 A ${vno1}
|
||||
ns2 86400 A ${fra1b}
|
||||
vpn A ${vno1}
|
||||
@ -201,35 +201,35 @@ rec {
|
||||
_dmarc TXT "v=DMARC1; p=none;"
|
||||
google._domainkey TXT "v=DKIM1; k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqOyONnWKk7lgAVB1UcVu/I02gTDjROpQGDNUJHS34faQ9DnM/8uSOaIwCe4oV1GrI8N2ET+f96WPCCs1LzlEA0QwuUoXRLGojjQoXxCntLfMCnRWtehzmZq6Yv8nVva7N0gz/n/LThpPvGfEoKzYjmhjzM5d8y60DGsKxS8r4Lc9TzwtzuYkxKDhcSzVBQQiMvKMi6m6mUsxFya7" "ZTurd5i7iiZXpA3SFBYLAsjhQd6vS7K13vwAZTKjGNijfM40i7KXC5XA5WtojiSY0lZzAMqaHGLDaMUFkWRJJntRheQ+AU9RvOGAufphRAjdQTCMy0BLzC0rilT2JaTGe4MdQIDAQAB"
|
||||
|
||||
grafana A ${hosts."fwminex.servers.jakst".jakstIP}
|
||||
grafana A ${hosts."fwminex.jakst.vpn".jakstIP}
|
||||
_acme-challenge.grafana CNAME _acme-endpoint.grafana
|
||||
_acme-endpoint.grafana NS ns._acme-endpoint.grafana
|
||||
ns._acme-endpoint.grafana A ${vno1}
|
||||
|
||||
hass A ${hosts."fwminex.servers.jakst".jakstIP}
|
||||
hass A ${hosts."fwminex.jakst.vpn".jakstIP}
|
||||
_acme-challenge.hass CNAME _acme-endpoint.hass
|
||||
_acme-endpoint.hass NS ns._acme-endpoint.hass
|
||||
ns._acme-endpoint.hass A ${vno1}
|
||||
|
||||
irc A ${hosts."fwminex.servers.jakst".jakstIP}
|
||||
irc A ${hosts."fwminex.jakst.vpn".jakstIP}
|
||||
_acme-challenge.irc CNAME _acme-endpoint.irc
|
||||
_acme-endpoint.irc NS ns._acme-endpoint.irc
|
||||
ns._acme-endpoint.irc A ${vno1}
|
||||
|
||||
hass A ${hosts."fwminex.servers.jakst".jakstIP}
|
||||
hass A ${hosts."fwminex.jakst.vpn".jakstIP}
|
||||
_acme-challenge.hass CNAME _acme-endpoint.hass
|
||||
_acme-endpoint.hass NS ns._acme-endpoint.hass
|
||||
ns._acme-endpoint.hass A ${vno1}
|
||||
|
||||
bitwarden HTTPS 1 . alpn="h3,h2" ipv4hint="${
|
||||
hosts."fwminex.servers.jakst".jakstIP
|
||||
hosts."fwminex.jakst.vpn".jakstIP
|
||||
}"
|
||||
bitwarden A ${hosts."fwminex.servers.jakst".jakstIP}
|
||||
bitwarden A ${hosts."fwminex.jakst.vpn".jakstIP}
|
||||
_acme-challenge.bitwarden CNAME _acme-endpoint.bitwarden
|
||||
_acme-endpoint.bitwarden NS ns._acme-endpoint.bitwarden
|
||||
ns._acme-endpoint.bitwarden A ${vno1}
|
||||
|
||||
hdd A ${hosts."vno3-nk.servers.jakst".jakstIP}
|
||||
hdd A ${hosts."vno3-nk.jakst.vpn".jakstIP}
|
||||
_acme-challenge.hdd CNAME _acme-endpoint.hdd
|
||||
_acme-endpoint.hdd NS ns._acme-endpoint.hdd
|
||||
ns._acme-endpoint.hdd A ${vno1}
|
||||
|
10
flake.nix
10
flake.nix
@ -216,7 +216,7 @@
|
||||
|
||||
deploy.nodes = {
|
||||
fwminex = {
|
||||
hostname = myData.hosts."fwminex.servers.jakst".jakstIP;
|
||||
hostname = myData.hosts."fwminex.jakst.vpn".jakstIP;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "motiejus";
|
||||
@ -227,7 +227,7 @@
|
||||
};
|
||||
|
||||
mtworx = {
|
||||
hostname = myData.hosts."mtworx.motiejus.jakst".jakstIP;
|
||||
hostname = myData.hosts."mtworx.jakst.vpn".jakstIP;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "motiejus";
|
||||
@ -238,7 +238,7 @@
|
||||
};
|
||||
|
||||
vno1-gdrx = {
|
||||
hostname = myData.hosts."vno1-gdrx.motiejus.jakst".jakstIP;
|
||||
hostname = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "motiejus";
|
||||
@ -249,7 +249,7 @@
|
||||
};
|
||||
|
||||
vno3-nk = {
|
||||
hostname = myData.hosts."vno3-nk.servers.jakst".jakstIP;
|
||||
hostname = myData.hosts."vno3-nk.jakst.vpn".jakstIP;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "motiejus";
|
||||
@ -260,7 +260,7 @@
|
||||
};
|
||||
|
||||
fra1-b = {
|
||||
hostname = myData.hosts."fra1-b.servers.jakst".jakstIP;
|
||||
hostname = myData.hosts."fra1-b.jakst.vpn".jakstIP;
|
||||
profiles = {
|
||||
system = {
|
||||
sshUser = "motiejus";
|
||||
|
@ -90,9 +90,9 @@ in
|
||||
uidgid = myData.uidgid.remote-builder;
|
||||
sshAllowSubnet = myData.subnets.tailscale.sshPattern;
|
||||
publicKeys = map (h: myData.hosts.${h}.publicKey) [
|
||||
"vno1-gdrx.motiejus.jakst"
|
||||
"fwminex.servers.jakst"
|
||||
"mtworx.motiejus.jakst"
|
||||
"vno1-gdrx.jakst.vpn"
|
||||
"fwminex.jakst.vpn"
|
||||
"mtworx.jakst.vpn"
|
||||
];
|
||||
};
|
||||
|
||||
@ -103,7 +103,7 @@ in
|
||||
|
||||
deployerbot = {
|
||||
follower = {
|
||||
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
|
||||
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
|
||||
|
||||
enable = true;
|
||||
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
|
||||
@ -131,7 +131,7 @@ in
|
||||
|
||||
networking = {
|
||||
hostName = "fra1-b";
|
||||
domain = "servers.jakst";
|
||||
domain = "jakst.vpn";
|
||||
useDHCP = true;
|
||||
interfaces.enp1s0.ipv6.addresses = [
|
||||
{
|
||||
|
@ -405,10 +405,10 @@ in
|
||||
let
|
||||
port = toString config.services.prometheus.exporters.ping.port;
|
||||
hosts = [
|
||||
"fwminex.servers.jakst"
|
||||
"vno3-nk.servers.jakst"
|
||||
"fra1-b.servers.jakst"
|
||||
"vno1-gdrx.motiejus.jakst"
|
||||
"fwminex.jakst.vpn"
|
||||
"vno3-nk.jakst.vpn"
|
||||
"fra1-b.jakst.vpn"
|
||||
"vno1-gdrx.jakst.vpn"
|
||||
];
|
||||
in
|
||||
|
||||
@ -443,8 +443,8 @@ in
|
||||
static_configs = [ { targets = [ "127.0.0.1:${toString myData.ports.exporters.weather}" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "vno1-vinc.vincentas.jakst";
|
||||
static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.vincentas.jakst".jakstIP}:9100" ]; } ];
|
||||
job_name = "vno1-vinc.jakst.vpn";
|
||||
static_configs = [ { targets = [ "${myData.hosts."vno1-vinc.jakst.vpn".jakstIP}:9100" ]; } ];
|
||||
}
|
||||
]
|
||||
++ map
|
||||
@ -458,11 +458,11 @@ in
|
||||
}
|
||||
)
|
||||
[
|
||||
"fra1-b.servers.jakst"
|
||||
"vno3-nk.servers.jakst"
|
||||
"fwminex.servers.jakst"
|
||||
"mtworx.motiejus.jakst"
|
||||
"vno1-gdrx.motiejus.jakst"
|
||||
"fra1-b.jakst.vpn"
|
||||
"vno3-nk.jakst.vpn"
|
||||
"fwminex.jakst.vpn"
|
||||
"mtworx.jakst.vpn"
|
||||
"vno1-gdrx.jakst.vpn"
|
||||
];
|
||||
};
|
||||
|
||||
@ -520,7 +520,7 @@ in
|
||||
enable = true;
|
||||
dataDir = "/var/lib/borgstor";
|
||||
sshKeys = with myData; [
|
||||
hosts."vno3-nk.servers.jakst".publicKey
|
||||
hosts."vno3-nk.jakst.vpn".publicKey
|
||||
people_pubkeys.motiejus
|
||||
];
|
||||
};
|
||||
@ -611,7 +611,7 @@ in
|
||||
)
|
||||
[
|
||||
"zh2769@zh2769.rsync.net"
|
||||
"borgstor@${myData.hosts."vno3-nk.servers.jakst".jakstIP}"
|
||||
"borgstor@${myData.hosts."vno3-nk.jakst.vpn".jakstIP}"
|
||||
];
|
||||
};
|
||||
|
||||
@ -655,7 +655,7 @@ in
|
||||
|
||||
remote-builder.client =
|
||||
let
|
||||
host = myData.hosts."fra1-b.servers.jakst";
|
||||
host = myData.hosts."fra1-b.jakst.vpn";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
@ -677,17 +677,17 @@ in
|
||||
deployIfPresent = [
|
||||
{
|
||||
derivationTarget = ".#mtworx";
|
||||
pingTarget = myData.hosts."mtworx.motiejus.jakst".jakstIP;
|
||||
pingTarget = myData.hosts."mtworx.jakst.vpn".jakstIP;
|
||||
}
|
||||
{
|
||||
derivationTarget = ".#vno1-gdrx";
|
||||
pingTarget = myData.hosts."vno1-gdrx.motiejus.jakst".jakstIP;
|
||||
pingTarget = myData.hosts."vno1-gdrx.jakst.vpn".jakstIP;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
follower = {
|
||||
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
|
||||
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
|
||||
|
||||
enable = true;
|
||||
uidgid = myData.uidgid.updaterbot-deployee;
|
||||
@ -739,7 +739,7 @@ in
|
||||
networking = {
|
||||
hostId = "a6b19da0";
|
||||
hostName = "fwminex";
|
||||
domain = "servers.jakst";
|
||||
domain = "jakst.vpn";
|
||||
firewall = {
|
||||
rejectPackets = true;
|
||||
allowedUDPPorts = [
|
||||
|
@ -133,7 +133,7 @@ in
|
||||
|
||||
remote-builder.client =
|
||||
let
|
||||
host = myData.hosts."fra1-b.servers.jakst";
|
||||
host = myData.hosts."fra1-b.jakst.vpn";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
@ -150,7 +150,7 @@ in
|
||||
|
||||
deployerbot = {
|
||||
follower = {
|
||||
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
|
||||
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
|
||||
|
||||
enable = true;
|
||||
uidgid = myData.uidgid.updaterbot-deployee;
|
||||
@ -199,7 +199,7 @@ in
|
||||
networking = {
|
||||
hostId = "b14a02aa";
|
||||
hostName = "mtworx";
|
||||
domain = "motiejus.jakst";
|
||||
domain = "jakst.vpn";
|
||||
firewall.rejectPackets = true;
|
||||
};
|
||||
}
|
||||
|
@ -140,7 +140,7 @@ in
|
||||
|
||||
remote-builder.client =
|
||||
let
|
||||
host = myData.hosts."fra1-b.servers.jakst";
|
||||
host = myData.hosts."fra1-b.jakst.vpn";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
@ -152,7 +152,7 @@ in
|
||||
|
||||
deployerbot = {
|
||||
follower = {
|
||||
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
|
||||
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
|
||||
|
||||
enable = true;
|
||||
uidgid = myData.uidgid.updaterbot-deployee;
|
||||
@ -181,7 +181,7 @@ in
|
||||
|
||||
networking = {
|
||||
hostName = "vno1-gdrx";
|
||||
domain = "motiejus.jakst";
|
||||
domain = "jakst.vpn";
|
||||
firewall.rejectPackets = true;
|
||||
};
|
||||
}
|
||||
|
@ -108,7 +108,7 @@ in
|
||||
enable = true;
|
||||
dataDir = "/data/borg";
|
||||
sshKeys = with myData; [
|
||||
hosts."fwminex.servers.jakst".publicKey
|
||||
hosts."fwminex.jakst.vpn".publicKey
|
||||
people_pubkeys.motiejus
|
||||
];
|
||||
};
|
||||
@ -140,7 +140,7 @@ in
|
||||
)
|
||||
[
|
||||
"zh2769@zh2769.rsync.net"
|
||||
"borgstor@${myData.hosts."fwminex.servers.jakst".jakstIP}"
|
||||
"borgstor@${myData.hosts."fwminex.jakst.vpn".jakstIP}"
|
||||
];
|
||||
};
|
||||
|
||||
@ -164,7 +164,7 @@ in
|
||||
|
||||
remote-builder.client =
|
||||
let
|
||||
host = myData.hosts."fra1-b.servers.jakst";
|
||||
host = myData.hosts."fra1-b.jakst.vpn";
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
@ -193,7 +193,7 @@ in
|
||||
deployerbot = {
|
||||
follower = {
|
||||
enable = true;
|
||||
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
|
||||
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
|
||||
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
|
||||
uidgid = myData.uidgid.updaterbot-deployee;
|
||||
};
|
||||
@ -212,7 +212,7 @@ in
|
||||
networking = {
|
||||
hostId = "ab4af0bb";
|
||||
hostName = "vno3-nk";
|
||||
domain = "servers.jakst";
|
||||
domain = "jakst.vpn";
|
||||
firewall = {
|
||||
rejectPackets = true;
|
||||
allowedUDPPorts = [
|
||||
|
@ -27,7 +27,7 @@
|
||||
extraConfig =
|
||||
''
|
||||
Host git.jakstys.lt
|
||||
HostName ${myData.hosts."fwminex.servers.jakst".jakstIP}
|
||||
HostName ${myData.hosts."fwminex.jakst.vpn".jakstIP}
|
||||
|
||||
''
|
||||
+ (lib.concatMapStringsSep "\n"
|
||||
@ -37,7 +37,7 @@
|
||||
'')
|
||||
(
|
||||
builtins.attrNames (
|
||||
lib.filterAttrs (name: props: name != "fra1-b.servers.jakst" && props ? jakstIP) myData.hosts
|
||||
lib.filterAttrs (name: props: name != "fra1-b.jakst.vpn" && props ? jakstIP) myData.hosts
|
||||
)
|
||||
)
|
||||
);
|
||||
|
10
secrets.nix
10
secrets.nix
@ -6,11 +6,11 @@ let
|
||||
bk2 = "age14f39j0wx84n93lgqn6d9gcd3yhuwak6qwrxy8v83ydn7266uafts09ecva";
|
||||
};
|
||||
|
||||
fwminex = (import ./data.nix).hosts."fwminex.servers.jakst".publicKey;
|
||||
vno3-nk = (import ./data.nix).hosts."vno3-nk.servers.jakst".publicKey;
|
||||
fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
|
||||
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
|
||||
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey;
|
||||
fwminex = (import ./data.nix).hosts."fwminex.jakst.vpn".publicKey;
|
||||
vno3-nk = (import ./data.nix).hosts."vno3-nk.jakst.vpn".publicKey;
|
||||
fra1-b = (import ./data.nix).hosts."fra1-b.jakst.vpn".publicKey;
|
||||
mtworx = (import ./data.nix).hosts."mtworx.jakst.vpn".publicKey;
|
||||
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey;
|
||||
|
||||
systems = [
|
||||
fwminex
|
||||
|
Loading…
Reference in New Issue
Block a user