diff --git a/configs/sterni/tinc.nix b/configs/sterni/tinc.nix index 6f8c828..e484fd4 100644 --- a/configs/sterni/tinc.nix +++ b/configs/sterni/tinc.nix @@ -3,13 +3,22 @@ with lib; { + + imports = [ + + ]; + module.cluster.services.tinc = { "private" = { - enable = true; + enable = false; openPort = true; connectTo = [ "sputnik" ]; }; "retiolum" = { + enable = false; + openPort = true; + }; + "test" = { enable = true; openPort = true; }; diff --git a/shell.nix b/shell.nix index 2c45f35..5b7fcd3 100644 --- a/shell.nix +++ b/shell.nix @@ -71,6 +71,11 @@ let pkgs.file = toString ./pkgs; assets.file = toString ./assets; + # test-tinc + test-assets.file = toString ./terranix/tinc-test/02-build/assets; + test-config.file = toString ./terranix/tinc-test/02-build/configs; + test-generated.file = toString ./terranix/tinc-test/02-build/generated; + nix-writers.git = { url = "https://cgit.krebsco.de/nix-writers/"; ref = (ops.importJson ./.nix-writers.json).rev; @@ -117,7 +122,7 @@ let }; - hostPattern = name: "${name}.private"; + hostPattern = name: "localhost"; serverDeployment = name: { host ? (hostPattern name), user ? "root" }: diff --git a/system/desktop/remote-install.nix b/system/desktop/remote-install.nix index 98f5e3e..c8e16b2 100644 --- a/system/desktop/remote-install.nix +++ b/system/desktop/remote-install.nix @@ -1,7 +1,8 @@ { pkgs, ... }: { + services.tor = { - enable = true; - client.enable = true; + enable = false; + client.enable = false; hiddenServices.liveos.map = [{ port = 1337; }]; }; diff --git a/terranix/tinc-test/01-terranix/config.nix b/terranix/tinc-test/01-terranix/config.nix index 072e609..4eeac75 100644 --- a/terranix/tinc-test/01-terranix/config.nix +++ b/terranix/tinc-test/01-terranix/config.nix @@ -1,25 +1,20 @@ { config, lib, pkgs, ... }: let - hcloud-modules = pkgs.fetchgit { - #url = "https://github.com/mrVanDalo/terranix-hcloud.git"; - url = "https://git.ingolf-wagner.de/terranix/hcloud.git"; - rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b"; - sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85"; - }; + #hcloud-modules = pkgs.fetchgit { + # #url = "https://github.com/mrVanDalo/terranix-hcloud.git"; + # url = "https://git.ingolf-wagner.de/terranix/hcloud.git"; + # rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b"; + # sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85"; + #}; - #hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11; + hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11; in { - imports = [ - (toString hcloud-modules) + imports = [ (toString hcloud-modules) ./config/ssh-setup.nix ]; - ./config/file-generation.nix - ./config/ssh-setup.nix - ]; - - #hcloud.export.nix = "${toString ../02-build/generated}/test.nix"; + hcloud.export.nix = "${toString ../02-build/generated}/nixos-machines.nix"; hcloud.nixserver.server = { configurationFile = pkgs.writeText "configuration.nix" '' diff --git a/terranix/tinc-test/01-terranix/shell.nix b/terranix/tinc-test/01-terranix/shell.nix index 51fb7fc..8b2efd4 100644 --- a/terranix/tinc-test/01-terranix/shell.nix +++ b/terranix/tinc-test/01-terranix/shell.nix @@ -21,7 +21,7 @@ let && ${terraform}/bin/terraform apply ''; - clean = pkgs.writers.writeBashBin "clean" '' + destroy = pkgs.writers.writeBashBin "destroy" '' ${terraform}/bin/terraform destroy rm ${toString ./.}/config.tf.json rm ${toString ./.}/terraform.tfstate* @@ -29,6 +29,6 @@ let in pkgs.mkShell { - buildInputs = with pkgs; [ terranix terraform create clean ]; + buildInputs = with pkgs; [ terranix terraform create destroy ]; } diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix b/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix index 90cc147..c116925 100644 --- a/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix +++ b/terranix/tinc-test/02-build/configs/nixserver-server/configuration.nix @@ -3,10 +3,16 @@ networking.hostName = "server"; - environment.systemPackages = with pkgs; [ htop git vim mosh ]; - networking.firewall.allowedUDPPorts = [ 60001 ]; - + # ssh + environment.systemPackages = with pkgs; [ htop git vim mosh tmux ]; + networking.firewall.allowedUDPPortRanges = [{ + from = 60000; + to = 60100; + }]; services.sshd.enable = true; - users.users.root.openssh.authorizedKeys.keyFiles = [ ]; + users.users.root.openssh.authorizedKeys.keyFiles = [ ]; + + # wireshark + programs.wireshark.enable = true; } diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix b/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix index 01892fa..4c5002f 100644 --- a/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix +++ b/terranix/tinc-test/02-build/configs/nixserver-server/tinc-server.nix @@ -3,6 +3,7 @@ module.cluster.services.tinc = { "test" = { + debugLevel = 5; enable = true; openPort = true; }; diff --git a/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix b/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix index 3becfb6..62f4d92 100644 --- a/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix +++ b/terranix/tinc-test/02-build/configs/nixserver-server/tinc.nix @@ -1,9 +1,12 @@ # shared tinc file between client and server { config, pkgs, lib, ... }: +let + nixosMachines = import ; +in { -{ - - imports = [ ]; + imports = [ + + ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; @@ -14,16 +17,19 @@ extraConfig = '' LocalDiscovery = yes ''; - privateEd25519KeyFile = toString ; - privateRsaKeyFile = toString ; + privateEd25519KeyFile = toString ; + privateRsaKeyFile = toString ; hosts = { server = { tincIp = "10.123.142.1"; - publicKey = lib.fileContents ; + realAddress = [ + nixosMachines.nixserver-server.host.ipv4 + ]; + publicKey = lib.fileContents ; }; - client = { + sterni = { tincIp = "10.123.142.100"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ; }; }; }; diff --git a/terranix/tinc-test/02-build/shell.nix b/terranix/tinc-test/02-build/shell.nix index 5f1bd9d..828eee7 100644 --- a/terranix/tinc-test/02-build/shell.nix +++ b/terranix/tinc-test/02-build/shell.nix @@ -32,8 +32,8 @@ let system = name: { configs.file = toString ./configs; - assets.file = toString ./assets; - generated.file = toString ./generated; + test-assets.file = toString ./assets; + test-generated.file = toString ./generated; nixos-config.symlink = "configs/${name}/configuration.nix"; }; @@ -47,9 +47,9 @@ let servers = import ./generated/nixos-machines.nix; deployServer = name: - { user, host, ... }: + { user ? "root", host, ... }: with ops; - jobs "deploy-${name}" "${user}@${host}" [ + jobs "deploy-${name}" "${user}@${host.ipv4}" [ (populate (source.system name)) (populate source.nixPkgs) (populate source.modules) @@ -57,13 +57,13 @@ let ]; moshServer = name: - { user, host, ... }: + { user ? "root", host, ... }: pkgs.writers.writeDashBin "mosh-${name}" '' ${pkgs.mosh}/bin/mosh \ --ssh="${pkgs.openssh}/bin/ssh -F ${ toString ./generated/ssh-configuration }" \ - "${user}@${host}" + "${user}@${host.ipv4}" ''; in pkgs.mkShell { diff --git a/terranix/tinc-test/README.md b/terranix/tinc-test/README.md index 4db3ebb..4e800d9 100644 --- a/terranix/tinc-test/README.md +++ b/terranix/tinc-test/README.md @@ -31,6 +31,41 @@ cd ./02-build nix-shell --run deploy-server ``` +## tracking and collecting + +``` +dumpcap \ + -i ens3 \ + -w /root/hardware-device_working.dcap +dumpcap \ + -i tinc.test \ + -w /root/tinc-device_working.dcap +``` + +and for the not working experiment + +``` +dumpcap \ + -i ens3 \ + -w /root/hardware-device_not-working.dcap +dumpcap \ + -i tinc.test \ + -w /root/tinc-device_not-working.dcap +``` + +logs + +``` +systemctl --from "2020-01-04 15:00" --until "2020-01-04 16:00" -o json > working-logs.json +systemctl --from "2020-01-04 17:00" --until "2020-01-04 18:00" -o json > nog-working-logs.json +``` + +and setup + +``` +tar cvzf etc.tgz /etc/tinc +``` + ## cleanup ```sh diff --git a/terranix/tinc-test/sshkey b/terranix/tinc-test/sshkey index a892557..245d3cf 100755 --- a/terranix/tinc-test/sshkey +++ b/terranix/tinc-test/sshkey @@ -1,49 +1,27 @@ -----BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nITFj8/O6cOpUcsgsg1/5Y -bPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZXAATnHega63qAJwW+BDmy -wjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/16N/Y66loUJH7wb41XSl -uo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5OftJohzF2N7uxeArd31I -5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArvqvzzn4hzn02jsf6w/Me1 -0Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6LZPA2J3INvhVl8W+vqsl -/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlWCS6IQandjuaDoeqLyu1M -Az8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfVZa50m7TzpCVqjgdB7PUp -kcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhcZg5ACoYYg5svgZUazo0B -c1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y4vQx496uLj7E0UMzPCIB -cAAAdAgoAp4IKAKeAAAAAHc3NoLXJzYQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nI -TFj8/O6cOpUcsgsg1/5YbPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZX -AATnHega63qAJwW+BDmywjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/ -16N/Y66loUJH7wb41XSluo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5 -OftJohzF2N7uxeArd31I5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArv -qvzzn4hzn02jsf6w/Me10Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6 -LZPA2J3INvhVl8W+vqsl/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlW -CS6IQandjuaDoeqLyu1MAz8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfV -Za50m7TzpCVqjgdB7PUpkcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhc -Zg5ACoYYg5svgZUazo0Bc1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y -4vQx496uLj7E0UMzPCIBcAAAADAQABAAACAFUT1q+tiidIv47kKcRvGhiKKFKrOzC3dyrS -1RxiSjdd8A7pK78zOaYcML5ZDzSnTJoCx6zdg24K8kmV9aiygWbI9C/K53kqiTlGkvd4K3 -KjiT1Tzz2MNyysMbiYWagDUOE4Af6JamfFCkY6yrnW/RyzpKRwQxpB1n+FZm/bAPOh1+wh -eP8464IY3ZB/SYOS6G3p2t+4F5++yUiUkliHf9awwp7lA2dKkNXSIJOMANk/yLqDMUTzlo -/EHPWdiDr+Gj95R5djHa6QSuzGG99tRxSRtn8bsZZewszoa9WOkiuZe78FsSgly9vEjA3P -hFNm71Hb2Jzl1Efd5EYAXAjutv5ouKDxLHjCSuFmB0j7b+ZXMulVvF9Ka7RK0GxTZnpv50 -AwzeBHdadHdtciHytTV+aggTLt5fj/1zYFw8FutUGXI4XrmC3KlDQ1etqmX0dwCS64GdpC -BCA/Fsw5G/iYqZApkKb4d71ftULObmEQy3G8VhLSpNUzDuDgHfP2wWniX6pFZokUu6GHws -t3NStX3SgReG+yuZ/vqFgDmijW/QtreL6HcjA2dysav07BkXEroaP+fA7fltK8MybKNAN4 -uHt8I4kZrPwwV2w1EllyZEdvwIa6oe0gTjHgmN0ijYshcTFS1RNnvtauxZ02LkpZVyEPDW -VFQKTB+HICqXyZ+pshAAABAHleerfKzAyvr383dCNjYpVCvRHZaqpm63gARf5vkh4599Gp -CuvMYxwq3z/Q9avtAJn92Libp1aWBOtGwhh7v8py42agNj52ytk8DeQRwKngmHQoyVJ3DG -y5azutxF/JV0/bZwFvgeFhNrhG6ilOmCvMcMiaHidffXKdeo1f4nCbv9aj4S18ehEcV/zp -uvHfgpz7K4I4eqBKQTqlCa1/Zle0tvZuk/PVnJUu8Qd3e/ZVWBVa/OG54MElbpYS76kGPw -A1FTy9CAUujYqtEW1OSoSjQB3DIRkhExowtuaeNu+UrT4sqA713/SVODUPRciOCyoQvfXm -vJA+HEWZwhh5JNgAAAEBAM1wwERBlJ7y9C1PARp35LHM3e2iBnROdQ45g4nzyLR6Z8k39z -8AoToiJhnO7fkuobY+b2Pvs9ncWSRtapNzXBz7tanMGIZoLAt1+2f1s8TM5dKTHNdhZpgQ -vxy5TwkxqII4d9CNyfIxyyQkGSTl6QRVFGP5mvengfEpSL9n7S5RFjr0X1Lf2Pjrjkdwud -DCiD/OtyTkfYL0zl0c1ezuc6rN6AX+3lhK88v9xQQcSYcd2s9qQjjccL5Onaio6e9VgSiM -gSehvmLn7FPYOEajEQ7bLblqoSItz5r9EcfeE4eUBzaZHJDZ5qF96+cneIr+26H1UEfsTw -/GGxJzlfW2b2UAAAEBAMJFhE16Ek4iLKy0gQRJArVvbathgKJBz+CJLSKpX8N++34Vs/tZ -oF7t4FF59OK/wghAPDTDv1q2MyUpIlpvIzdNE7mZzChM6aVXkKHKJfOxEFCnP2c52e4Lm1 -0LRyL2JSUB9e9s728ORCAW3LEm58UsPVkEV1DwvQ45xHf7jOhiHfLTA7sDt6ram/cXdP49 -WgCAR03bd2vvQlvMWnKnwkLQd8CpR6FGe0CfvWrobHaPs0jKxPKij0gi3GY27EvXH11h01 -fEAc4ag4iC1NEhyzQbWDrP6evoremWchYhNKmXyw+P5vEAPgr/OxmYJflu6f4FhVQzW9d9 -E5rOblFvb8sAAAAJcGFsb0BwZXBlAQI= +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEAqD70wK7MGSV6uBaP/IWxgr/eWm/LXsVu0rLOF8/VQdcPZgVw8eo6 +ZyDnfJpSvaYMknP9JlaiawMTpwrON8A5y8i2prQDhdO8Uz1pK+VXfZgY6hEOcs1UJmacsV +82oyaYAHg8gYUsRp8FOYQUCyZPrVlQMJN4F854sCugVr9Zfgc8B3Q+zoLX13jO+QLCTefI +BRkKwBDHK3lGrNYyJ6qSTV/gA6LruwglPlK5BQsyB7djoLRgi7eNmJRyFqH7SotY40TzZR +w3BF7ssW4DFfqCXw/OtuOKls7+uivQgfUkAKvhGVbFbGRdEzRKTmgMzUNVXILZ5CYoTjEJ +FGzrB6APwQAAA8A3cOj/N3Do/wAAAAdzc2gtcnNhAAABAQCoPvTArswZJXq4Fo/8hbGCv9 +5ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF +07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6 +BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIH +t2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVs +VsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/BAAAAAwEAAQAAAQBwNZTNEYeD2fBP6JRd +adkrB8ZHcLolWe4AzkoPrYhgogteEpDydzI+Z76b5tz6KU3HO16B/FPUpTetN9KzchvZ4u +KWqgaTcdTve0yyfwHr/M3ZBkkpnfHarqMg1Qy+oVXNMmPASk5uR06XvpQTn5iSV7fYvfHh +hs4NSPtl/7azCxFK6PnQSKoUz1FSSdV/JT1Iptw5pSASMv6qCPWK04tIpfV9kVnxJMDRuD +f8DZqxhruien6YjIKaP2UOvVIj2cog5siELmkRN56naPEXdEKs2heSnQ1NtjexmKkzEJM7 +vAbZJ1EBT2c4UbmLlCJ/M+3wgjTdDIzjUK7WHVRD1Mh1AAAAgBfcHhwEwStAZ2DUgrOFYE +kBUWZzBUmnFIK/HB0SX7CGk7V1I3PhpG8TF2PhC85dcC44i/wYdrEC/R+zA/iOf/94tO3l +T0pksYewfk+1uUPWxJtBLzDpYJk/RfskA+K5aLw1UI+4kGdtaoia/Y1qbHmwrBfNUYUZx6 +NDo7X5teQKAAAAgQDTBDReUialFX046Qq6CXinMpvprgwKNaWgdUfnZ6ihKye3IoLkVqYk +IkIJDcDzyPiekJc2Xwi2uFVo//2T02aeisYgkOmFYYNXM4eHQfsEQyt6SqtpvlsoZ6BF7z +sB4QQsYnuwxsO6vbQSKItlX5qrodbnldNqjqwU9Eiz6S+5XwAAAIEAzByjPznLIcsYAk/u +bZ8TyX2Iigd8WAmuauvhfHJ9o65AQM1D5kYytD8c3Zn64iZxPaZX1UK9T5gkSQETJz/Ix8 +EEulFiWyS1GtGImykJ1E32zM06xS+nMDKrbvQbAsUPDD0u52eMMLwex1GG8YWxcRKZyDL2 +jz63bvm/l1vcKt8AAAALcGFsb0BzdGVybmk= -----END OPENSSH PRIVATE KEY----- diff --git a/terranix/tinc-test/sshkey.pub b/terranix/tinc-test/sshkey.pub index 4e67478..dfd4b46 100644 --- a/terranix/tinc-test/sshkey.pub +++ b/terranix/tinc-test/sshkey.pub @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb5ztD3BvAHSOk+fac6Q4c8uvZUJWLmchMWPz87pw6lRyyCyDX/lhs9V6IapvMvN3Z6jHCl7H5Zyn6gSAk78fVPY0/aeexGqxzNtxlcABOcd6BrreoAnBb4EObLCNkVYCBQHlVJdRuLCpXepS/nltc6q29jR/it07y1BehaOKkbP/Xo39jrqWhQkfvBvjVdKW6jgVk5Gwry7meHrbwS04fyTUcMzXx9KmenVnNaUEs/FITf3f/k5+0miHMXY3u7F4Ct3fUjkfg8sEEVLLRmHSacozu7BsLI/EUjWQODAYHPc/m0GLSnE2MCu+q/POfiHOfTaOx/rD8x7XQN6zrNEDPBgqv8+Tla9WeuZtlDKK9BW/k7W790SbsIj8Ii4kDotk8DYncg2+FWXxb6+qyX84p96Swkm/eyg/4WiZzLY2iQ2Y6ZJ2XvS5N9wCSB+5GsJC8OVYJLohBqd2O5oOh6ovK7UwDPxF4o37IMwfn1D/4f5NZ/Uwcbecn4l/Jw5wsUn65yLaRqYJ9VlrnSbtPOkJWqOB0Hs9SmRxpOVAf6wnuLgN1vPv7Fq68V1V0AmO0DTd5MalXbFwr4fNm+FxmDkAKhhiDmy+BlRrOjQFzV/IrZqrAcYcTPtfx13UQGm4hC2+zCVzamQgWKzeE1DjSp17fLi9DHj3q4uPsTRQzM8IgFw== palo@pepe +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoPvTArswZJXq4Fo/8hbGCv95ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIHt2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVsVsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/B palo@sterni