tinc-test: prepare the test machine and wrote log procedure

This commit is contained in:
Ingolf Wagner 2020-01-07 17:47:25 +13:00
parent fe231d26b3
commit 10c334cd5d
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
12 changed files with 122 additions and 86 deletions

View file

@ -3,13 +3,22 @@
with lib;
{
imports = [
<test-config/nixserver-server/tinc.nix>
];
module.cluster.services.tinc = {
"private" = {
enable = true;
enable = false;
openPort = true;
connectTo = [ "sputnik" ];
};
"retiolum" = {
enable = false;
openPort = true;
};
"test" = {
enable = true;
openPort = true;
};

View file

@ -71,6 +71,11 @@ let
pkgs.file = toString ./pkgs;
assets.file = toString ./assets;
# test-tinc
test-assets.file = toString ./terranix/tinc-test/02-build/assets;
test-config.file = toString ./terranix/tinc-test/02-build/configs;
test-generated.file = toString ./terranix/tinc-test/02-build/generated;
nix-writers.git = {
url = "https://cgit.krebsco.de/nix-writers/";
ref = (ops.importJson ./.nix-writers.json).rev;
@ -117,7 +122,7 @@ let
};
hostPattern = name: "${name}.private";
hostPattern = name: "localhost";
serverDeployment = name:
{ host ? (hostPattern name), user ? "root" }:

View file

@ -1,7 +1,8 @@
{ pkgs, ... }: {
services.tor = {
enable = true;
client.enable = true;
enable = false;
client.enable = false;
hiddenServices.liveos.map = [{ port = 1337; }];
};

View file

@ -1,25 +1,20 @@
{ config, lib, pkgs, ... }:
let
hcloud-modules = pkgs.fetchgit {
#url = "https://github.com/mrVanDalo/terranix-hcloud.git";
url = "https://git.ingolf-wagner.de/terranix/hcloud.git";
rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b";
sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85";
};
#hcloud-modules = pkgs.fetchgit {
# #url = "https://github.com/mrVanDalo/terranix-hcloud.git";
# url = "https://git.ingolf-wagner.de/terranix/hcloud.git";
# rev = "b6896f385f45ecfd66e970663c55635c9fd8b26b";
# sha256 = "1bggnbry7is7b7cjl63q6r5wg9pqz0jn8i3nnc4rqixp0ckwdn85";
#};
#hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11;
hcloud-modules = /home/palo/dev/terranix-hcloud/terraform-0.11;
in {
imports = [
(toString hcloud-modules)
imports = [ (toString hcloud-modules) ./config/ssh-setup.nix ];
./config/file-generation.nix
./config/ssh-setup.nix
];
#hcloud.export.nix = "${toString ../02-build/generated}/test.nix";
hcloud.export.nix = "${toString ../02-build/generated}/nixos-machines.nix";
hcloud.nixserver.server = {
configurationFile = pkgs.writeText "configuration.nix" ''

View file

@ -21,7 +21,7 @@ let
&& ${terraform}/bin/terraform apply
'';
clean = pkgs.writers.writeBashBin "clean" ''
destroy = pkgs.writers.writeBashBin "destroy" ''
${terraform}/bin/terraform destroy
rm ${toString ./.}/config.tf.json
rm ${toString ./.}/terraform.tfstate*
@ -29,6 +29,6 @@ let
in pkgs.mkShell {
buildInputs = with pkgs; [ terranix terraform create clean ];
buildInputs = with pkgs; [ terranix terraform create destroy ];
}

View file

@ -3,10 +3,16 @@
networking.hostName = "server";
environment.systemPackages = with pkgs; [ htop git vim mosh ];
networking.firewall.allowedUDPPorts = [ 60001 ];
# ssh
environment.systemPackages = with pkgs; [ htop git vim mosh tmux ];
networking.firewall.allowedUDPPortRanges = [{
from = 60000;
to = 60100;
}];
services.sshd.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ <generated/sshkey.pub> ];
users.users.root.openssh.authorizedKeys.keyFiles = [ <test-generated/sshkey.pub> ];
# wireshark
programs.wireshark.enable = true;
}

View file

@ -3,6 +3,7 @@
module.cluster.services.tinc = {
"test" = {
debugLevel = 5;
enable = true;
openPort = true;
};

View file

@ -1,9 +1,12 @@
# shared tinc file between client and server
{ config, pkgs, lib, ... }:
let
nixosMachines = import <test-generated/nixos-machines.nix>;
in {
{
imports = [ <cluster-module> ];
imports = [
<cluster-module>
];
networking.firewall.trustedInterfaces = [ "tinc.private" ];
@ -14,16 +17,19 @@
extraConfig = ''
LocalDiscovery = yes
'';
privateEd25519KeyFile = toString <assets/tinc/ed25519_key>;
privateRsaKeyFile = toString <assets/tinc/rsa_key>;
privateEd25519KeyFile = toString <test-assets/tinc/ed25519_key>;
privateRsaKeyFile = toString <test-assets/tinc/rsa_key>;
hosts = {
server = {
tincIp = "10.123.142.1";
publicKey = lib.fileContents <assets/tinc/server_host_file>;
realAddress = [
nixosMachines.nixserver-server.host.ipv4
];
publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
};
client = {
sterni = {
tincIp = "10.123.142.100";
publicKey = lib.fileContents <assets/tinc/client_host_file>;
publicKey = lib.fileContents <test-assets/tinc/server_host_file>;
};
};
};

View file

@ -32,8 +32,8 @@ let
system = name: {
configs.file = toString ./configs;
assets.file = toString ./assets;
generated.file = toString ./generated;
test-assets.file = toString ./assets;
test-generated.file = toString ./generated;
nixos-config.symlink = "configs/${name}/configuration.nix";
};
@ -47,9 +47,9 @@ let
servers = import ./generated/nixos-machines.nix;
deployServer = name:
{ user, host, ... }:
{ user ? "root", host, ... }:
with ops;
jobs "deploy-${name}" "${user}@${host}" [
jobs "deploy-${name}" "${user}@${host.ipv4}" [
(populate (source.system name))
(populate source.nixPkgs)
(populate source.modules)
@ -57,13 +57,13 @@ let
];
moshServer = name:
{ user, host, ... }:
{ user ? "root", host, ... }:
pkgs.writers.writeDashBin "mosh-${name}" ''
${pkgs.mosh}/bin/mosh \
--ssh="${pkgs.openssh}/bin/ssh -F ${
toString ./generated/ssh-configuration
}" \
"${user}@${host}"
"${user}@${host.ipv4}"
'';
in pkgs.mkShell {

View file

@ -31,6 +31,41 @@ cd ./02-build
nix-shell --run deploy-server
```
## tracking and collecting
```
dumpcap \
-i ens3 \
-w /root/hardware-device_working.dcap
dumpcap \
-i tinc.test \
-w /root/tinc-device_working.dcap
```
and for the not working experiment
```
dumpcap \
-i ens3 \
-w /root/hardware-device_not-working.dcap
dumpcap \
-i tinc.test \
-w /root/tinc-device_not-working.dcap
```
logs
```
systemctl --from "2020-01-04 15:00" --until "2020-01-04 16:00" -o json > working-logs.json
systemctl --from "2020-01-04 17:00" --until "2020-01-04 18:00" -o json > nog-working-logs.json
```
and setup
```
tar cvzf etc.tgz /etc/tinc
```
## cleanup
```sh

View file

@ -1,49 +1,27 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nITFj8/O6cOpUcsgsg1/5Y
bPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZXAATnHega63qAJwW+BDmy
wjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/16N/Y66loUJH7wb41XSl
uo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5OftJohzF2N7uxeArd31I
5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArvqvzzn4hzn02jsf6w/Me1
0Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6LZPA2J3INvhVl8W+vqsl
/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlWCS6IQandjuaDoeqLyu1M
Az8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfVZa50m7TzpCVqjgdB7PUp
kcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhcZg5ACoYYg5svgZUazo0B
c1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y4vQx496uLj7E0UMzPCIB
cAAAdAgoAp4IKAKeAAAAAHc3NoLXJzYQAAAgEAm+c7Q9wbwB0jpPn2nOkOHPLr2VCVi5nI
TFj8/O6cOpUcsgsg1/5YbPVeiGqbzLzd2eoxwpex+Wcp+oEgJO/H1T2NP2nnsRqsczbcZX
AATnHega63qAJwW+BDmywjZFWAgUB5VSXUbiwqV3qUv55bXOqtvY0f4rdO8tQXoWjipGz/
16N/Y66loUJH7wb41XSluo4FZORsK8u5nh628EtOH8k1HDM18fSpnp1ZzWlBLPxSE393/5
OftJohzF2N7uxeArd31I5H4PLBBFSy0Zh0mnKM7uwbCyPxFI1kDgwGBz3P5tBi0pxNjArv
qvzzn4hzn02jsf6w/Me10Des6zRAzwYKr/Pk5WvVnrmbZQyivQVv5O1u/dEm7CI/CIuJA6
LZPA2J3INvhVl8W+vqsl/OKfeksJJv3soP+Fomcy2NokNmOmSdl70uTfcAkgfuRrCQvDlW
CS6IQandjuaDoeqLyu1MAz8ReKN+yDMH59Q/+H+TWf1MHG3nJ+JfycOcLFJ+uci2kamCfV
Za50m7TzpCVqjgdB7PUpkcaTlQH+sJ7i4Ddbz7+xauvFdVdAJjtA03eTGpV2xcK+HzZvhc
Zg5ACoYYg5svgZUazo0Bc1fyK2aqwHGHEz7X8dd1EBpuIQtvswlc2pkIFis3hNQ40qde3y
4vQx496uLj7E0UMzPCIBcAAAADAQABAAACAFUT1q+tiidIv47kKcRvGhiKKFKrOzC3dyrS
1RxiSjdd8A7pK78zOaYcML5ZDzSnTJoCx6zdg24K8kmV9aiygWbI9C/K53kqiTlGkvd4K3
KjiT1Tzz2MNyysMbiYWagDUOE4Af6JamfFCkY6yrnW/RyzpKRwQxpB1n+FZm/bAPOh1+wh
eP8464IY3ZB/SYOS6G3p2t+4F5++yUiUkliHf9awwp7lA2dKkNXSIJOMANk/yLqDMUTzlo
/EHPWdiDr+Gj95R5djHa6QSuzGG99tRxSRtn8bsZZewszoa9WOkiuZe78FsSgly9vEjA3P
hFNm71Hb2Jzl1Efd5EYAXAjutv5ouKDxLHjCSuFmB0j7b+ZXMulVvF9Ka7RK0GxTZnpv50
AwzeBHdadHdtciHytTV+aggTLt5fj/1zYFw8FutUGXI4XrmC3KlDQ1etqmX0dwCS64GdpC
BCA/Fsw5G/iYqZApkKb4d71ftULObmEQy3G8VhLSpNUzDuDgHfP2wWniX6pFZokUu6GHws
t3NStX3SgReG+yuZ/vqFgDmijW/QtreL6HcjA2dysav07BkXEroaP+fA7fltK8MybKNAN4
uHt8I4kZrPwwV2w1EllyZEdvwIa6oe0gTjHgmN0ijYshcTFS1RNnvtauxZ02LkpZVyEPDW
VFQKTB+HICqXyZ+pshAAABAHleerfKzAyvr383dCNjYpVCvRHZaqpm63gARf5vkh4599Gp
CuvMYxwq3z/Q9avtAJn92Libp1aWBOtGwhh7v8py42agNj52ytk8DeQRwKngmHQoyVJ3DG
y5azutxF/JV0/bZwFvgeFhNrhG6ilOmCvMcMiaHidffXKdeo1f4nCbv9aj4S18ehEcV/zp
uvHfgpz7K4I4eqBKQTqlCa1/Zle0tvZuk/PVnJUu8Qd3e/ZVWBVa/OG54MElbpYS76kGPw
A1FTy9CAUujYqtEW1OSoSjQB3DIRkhExowtuaeNu+UrT4sqA713/SVODUPRciOCyoQvfXm
vJA+HEWZwhh5JNgAAAEBAM1wwERBlJ7y9C1PARp35LHM3e2iBnROdQ45g4nzyLR6Z8k39z
8AoToiJhnO7fkuobY+b2Pvs9ncWSRtapNzXBz7tanMGIZoLAt1+2f1s8TM5dKTHNdhZpgQ
vxy5TwkxqII4d9CNyfIxyyQkGSTl6QRVFGP5mvengfEpSL9n7S5RFjr0X1Lf2Pjrjkdwud
DCiD/OtyTkfYL0zl0c1ezuc6rN6AX+3lhK88v9xQQcSYcd2s9qQjjccL5Onaio6e9VgSiM
gSehvmLn7FPYOEajEQ7bLblqoSItz5r9EcfeE4eUBzaZHJDZ5qF96+cneIr+26H1UEfsTw
/GGxJzlfW2b2UAAAEBAMJFhE16Ek4iLKy0gQRJArVvbathgKJBz+CJLSKpX8N++34Vs/tZ
oF7t4FF59OK/wghAPDTDv1q2MyUpIlpvIzdNE7mZzChM6aVXkKHKJfOxEFCnP2c52e4Lm1
0LRyL2JSUB9e9s728ORCAW3LEm58UsPVkEV1DwvQ45xHf7jOhiHfLTA7sDt6ram/cXdP49
WgCAR03bd2vvQlvMWnKnwkLQd8CpR6FGe0CfvWrobHaPs0jKxPKij0gi3GY27EvXH11h01
fEAc4ag4iC1NEhyzQbWDrP6evoremWchYhNKmXyw+P5vEAPgr/OxmYJflu6f4FhVQzW9d9
E5rOblFvb8sAAAAJcGFsb0BwZXBlAQI=
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAqD70wK7MGSV6uBaP/IWxgr/eWm/LXsVu0rLOF8/VQdcPZgVw8eo6
ZyDnfJpSvaYMknP9JlaiawMTpwrON8A5y8i2prQDhdO8Uz1pK+VXfZgY6hEOcs1UJmacsV
82oyaYAHg8gYUsRp8FOYQUCyZPrVlQMJN4F854sCugVr9Zfgc8B3Q+zoLX13jO+QLCTefI
BRkKwBDHK3lGrNYyJ6qSTV/gA6LruwglPlK5BQsyB7djoLRgi7eNmJRyFqH7SotY40TzZR
w3BF7ssW4DFfqCXw/OtuOKls7+uivQgfUkAKvhGVbFbGRdEzRKTmgMzUNVXILZ5CYoTjEJ
FGzrB6APwQAAA8A3cOj/N3Do/wAAAAdzc2gtcnNhAAABAQCoPvTArswZJXq4Fo/8hbGCv9
5ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF
07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6
BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIH
t2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVs
VsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/BAAAAAwEAAQAAAQBwNZTNEYeD2fBP6JRd
adkrB8ZHcLolWe4AzkoPrYhgogteEpDydzI+Z76b5tz6KU3HO16B/FPUpTetN9KzchvZ4u
KWqgaTcdTve0yyfwHr/M3ZBkkpnfHarqMg1Qy+oVXNMmPASk5uR06XvpQTn5iSV7fYvfHh
hs4NSPtl/7azCxFK6PnQSKoUz1FSSdV/JT1Iptw5pSASMv6qCPWK04tIpfV9kVnxJMDRuD
f8DZqxhruien6YjIKaP2UOvVIj2cog5siELmkRN56naPEXdEKs2heSnQ1NtjexmKkzEJM7
vAbZJ1EBT2c4UbmLlCJ/M+3wgjTdDIzjUK7WHVRD1Mh1AAAAgBfcHhwEwStAZ2DUgrOFYE
kBUWZzBUmnFIK/HB0SX7CGk7V1I3PhpG8TF2PhC85dcC44i/wYdrEC/R+zA/iOf/94tO3l
T0pksYewfk+1uUPWxJtBLzDpYJk/RfskA+K5aLw1UI+4kGdtaoia/Y1qbHmwrBfNUYUZx6
NDo7X5teQKAAAAgQDTBDReUialFX046Qq6CXinMpvprgwKNaWgdUfnZ6ihKye3IoLkVqYk
IkIJDcDzyPiekJc2Xwi2uFVo//2T02aeisYgkOmFYYNXM4eHQfsEQyt6SqtpvlsoZ6BF7z
sB4QQsYnuwxsO6vbQSKItlX5qrodbnldNqjqwU9Eiz6S+5XwAAAIEAzByjPznLIcsYAk/u
bZ8TyX2Iigd8WAmuauvhfHJ9o65AQM1D5kYytD8c3Zn64iZxPaZX1UK9T5gkSQETJz/Ix8
EEulFiWyS1GtGImykJ1E32zM06xS+nMDKrbvQbAsUPDD0u52eMMLwex1GG8YWxcRKZyDL2
jz63bvm/l1vcKt8AAAALcGFsb0BzdGVybmk=
-----END OPENSSH PRIVATE KEY-----

View file

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCb5ztD3BvAHSOk+fac6Q4c8uvZUJWLmchMWPz87pw6lRyyCyDX/lhs9V6IapvMvN3Z6jHCl7H5Zyn6gSAk78fVPY0/aeexGqxzNtxlcABOcd6BrreoAnBb4EObLCNkVYCBQHlVJdRuLCpXepS/nltc6q29jR/it07y1BehaOKkbP/Xo39jrqWhQkfvBvjVdKW6jgVk5Gwry7meHrbwS04fyTUcMzXx9KmenVnNaUEs/FITf3f/k5+0miHMXY3u7F4Ct3fUjkfg8sEEVLLRmHSacozu7BsLI/EUjWQODAYHPc/m0GLSnE2MCu+q/POfiHOfTaOx/rD8x7XQN6zrNEDPBgqv8+Tla9WeuZtlDKK9BW/k7W790SbsIj8Ii4kDotk8DYncg2+FWXxb6+qyX84p96Swkm/eyg/4WiZzLY2iQ2Y6ZJ2XvS5N9wCSB+5GsJC8OVYJLohBqd2O5oOh6ovK7UwDPxF4o37IMwfn1D/4f5NZ/Uwcbecn4l/Jw5wsUn65yLaRqYJ9VlrnSbtPOkJWqOB0Hs9SmRxpOVAf6wnuLgN1vPv7Fq68V1V0AmO0DTd5MalXbFwr4fNm+FxmDkAKhhiDmy+BlRrOjQFzV/IrZqrAcYcTPtfx13UQGm4hC2+zCVzamQgWKzeE1DjSp17fLi9DHj3q4uPsTRQzM8IgFw== palo@pepe
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoPvTArswZJXq4Fo/8hbGCv95ab8texW7Sss4Xz9VB1w9mBXDx6jpnIOd8mlK9pgySc/0mVqJrAxOnCs43wDnLyLamtAOF07xTPWkr5Vd9mBjqEQ5yzVQmZpyxXzajJpgAeDyBhSxGnwU5hBQLJk+tWVAwk3gXzniwK6BWv1l+BzwHdD7OgtfXeM75AsJN58gFGQrAEMcreUas1jInqpJNX+ADouu7CCU+UrkFCzIHt2OgtGCLt42YlHIWoftKi1jjRPNlHDcEXuyxbgMV+oJfD86244qWzv66K9CB9SQAq+EZVsVsZF0TNEpOaAzNQ1VcgtnkJihOMQkUbOsHoA/B palo@sterni