zfsunlock between fra1-a and vno1-oh2

2023-08-26 23:45:03 +03:00
parent 1db9253ae6
commit de4b47b929
7 changed files with 66 additions and 15 deletions
--- a/hosts/fra1-a/configuration.nix
+++ b/hosts/fra1-a/configuration.nix
@@ -58,19 +58,40 @@
          publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
        };
      };
+
+      zfsunlock = {
+        enable = true;
+        targets."vno1-oh2.servers.jakst" = let
+          host = myData.hosts."vno1-oh2.servers.jakst";
+        in {
+          sshEndpoint = host.publicIP;
+          pingEndpoint = host.jakstIP;
+          remotePubkey = host.initrdPubKey;
+          pwFile = config.age.secrets.zfs-passphrase-vno1-oh2.path;
+          startAt = "*-*-* *:00/5:00";
+        };
+      };
    };
  };

  services.tailscale.enable = true;

+  services.nsd = {
+    enable = true;
+    interfaces = ["0.0.0.0" "::"];
+    zones = {
+      "jakstys.lt.".data = myData.jakstysLTZone;
+    };
+  };
+
  networking = {
    hostId = "bed6fa0b";
    hostName = "fra1-a";
    domain = "servers.jakst";
    useDHCP = true;
    firewall = {
-      allowedUDPPorts = [];
-      allowedTCPPorts = [22];
+      allowedUDPPorts = [53];
+      allowedTCPPorts = [22 53];
      checkReversePath = "loose"; # for tailscale
    };
  };
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -163,6 +163,15 @@
          pwFile = config.age.secrets.zfs-passphrase-hel1-a.path;
          startAt = "*-*-* *:00/5:00";
        };
+        targets."fra1-a.servers.jakst" = let
+          host = myData.hosts."fra1-a.servers.jakst";
+        in {
+          sshEndpoint = host.publicIP;
+          pingEndpoint = host.jakstIP;
+          remotePubkey = host.initrdPubKey;
+          pwFile = config.age.secrets.zfs-passphrase-fra1-a.path;
+          startAt = "*-*-* *:00/5:00";
+        };
      };
    };
  };