tinc: removed porani from private vpn

2020-02-03 17:21:27 +13:00 · 2020-02-03 17:21:27 +13:00 · cc06d5bd47
parent ae461485c3
commit cc06d5bd47
10 changed files with 30 additions and 20 deletions
--- a/configs/mobi/restic.nix
+++ b/configs/mobi/restic.nix
@ -1,6 +1,6 @@
 {
  backup.services.restic = {
-    "on-porani.private".enable = false;
+    "on-porani.insecure".enable = false;
    "on-workhorse.private".enable = false;
    "on-workout.private".enable = false;
  };
--- a/configs/porani/configuration.nix
+++ b/configs/porani/configuration.nix
@ -17,7 +17,7 @@
  networking.hostName = "porani";

  backup.services.restic = {
-    "on-porani.private".enable = false;
+    "on-porani.insecure".enable = false;
    "on-workhorse.private".enable = false;
    "on-workout.private".enable = false;
  };
--- a/configs/workhorse/restic.nix
+++ b/configs/workhorse/restic.nix
@ -1,7 +1,7 @@
 { config, ... }: {

  backup.services.restic = {
-    "on-porani.private".enable = true ;
+    "on-porani.insecure".enable = true;
    "on-workhorse.private".enable = true;
  };

--- a/shell.nix
+++ b/shell.nix
@ -121,7 +121,8 @@ let

  };

-  hostPattern = name: "${name}.private";
+  hostPattern = name:
+    if name == "porani" then "${name}.insecure" else "${name}.private";

  deployment = populateCommands: name:
    { host ? (hostPattern name), target ? "/var/src/", user ? "root"
--- a/system/all/restic.nix
+++ b/system/all/restic.nix
@ -8,7 +8,7 @@
  };

  config = let
-    servers = [ "porani.private" "workhorse.private" "workout.private" ];
+    servers = [ "porani.insecure" "workhorse.private" "workout.private" ];
    dirs = config.backup.all.restic.dirs;

    setup = server: {
--- a/system/all/sshd-known-hosts-private.nix
+++ b/system/all/sshd-known-hosts-private.nix
@ -5,7 +5,9 @@
    "sterni.private" = {
      hostNames = [
        "sterni.private"
+        "sterni.insecure"
        config.module.cluster.services.tinc.private.hosts.sterni.tincIp
+        config.module.cluster.services.tinc.insecure.hosts.sterni.tincIp
      ];
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
@ -21,7 +23,9 @@
    "sputnik.private" = {
      hostNames = [
        "sputnik.private"
+        "sputnik.insecure"
        config.module.cluster.services.tinc.private.hosts.sputnik.tincIp
+        config.module.cluster.services.tinc.insecure.hosts.sputnik.tincIp
      ];
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
@ -29,20 +33,21 @@
    "workhorse.private" = {
      hostNames = [
        "workhorse.private"
+        "workhorse.insecure"
        config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
+        config.module.cluster.services.tinc.insecure.hosts.workhorse.tincIp
      ];
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
    };
-    "porani.private" = {
+    "porani.insecure" = {
      hostNames = [
-        "porani.private"
-        config.module.cluster.services.tinc.private.hosts.porani.tincIp
+        "porani.insecure"
+        config.module.cluster.services.tinc.insecure.hosts.porani.tincIp
      ];
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
    };
-
    "pepe.private" = {
      hostNames = [
        "pepe.private"
--- a/system/all/syncthing.nix
+++ b/system/all/syncthing.nix
@ -20,10 +20,16 @@ with lib; {
        "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")
      // (device "workout"
        "DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC")
-      // (device "porani"
-        "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI")
      // (device "sterni"
        "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // {
+          "porani" = {
+            name = "porani";
+            id =
+              "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI";
+            addresses =
+              [ "tcp://porani.insecure:22000" "tcp://porani.insecure:21027" ];
+          };
+        } // {
          smartphone = {
            name = "smartphone";
            id =
--- a/system/all/tinc.nix
+++ b/system/all/tinc.nix
@ -68,9 +68,7 @@ in {
          publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
        };
        sputnik = {
-          realAddress = [
-            "static.247.134.201.195.clients.your-server.de:721"
-          ];
+          realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
          tincIp = "10.123.42.122";
          publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
        };
@ -102,10 +100,10 @@ in {
          tincIp = "10.23.42.23";
          publicKey = lib.fileContents <assets/tinc/mobi_host_file>;
        };
-        porani = {
-          tincIp = "10.23.42.31";
-          publicKey = lib.fileContents <assets/tinc/porani_host_file>;
-        };
+        #porani = {
+        #  tincIp = "10.23.42.31";
+        #  publicKey = lib.fileContents <assets/tinc/porani_host_file>;
+        #};
        workhorse = {
          tincIp = "10.23.42.21";
          publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
--- a/system/desktop/restic.nix
+++ b/system/desktop/restic.nix
@ -1,7 +1,7 @@
 { lib, ... }: {

  backup.services.restic = {
-    "on-porani.private".enable = lib.mkDefault true;
+    "on-porani.insecure".enable = lib.mkDefault true;
    "on-workhorse.private".enable = lib.mkDefault true;
    "on-workout.private".enable = lib.mkDefault true;
  };
--- a/system/server/restic.nix
+++ b/system/server/restic.nix
@ -1,7 +1,7 @@
 { lib, ... }: {

  backup.services.restic = {
-    "on-porani.private".enable = lib.mkDefault true;
+    "on-porani.insecure".enable = lib.mkDefault true;
    "on-workhorse.private".enable = lib.mkDefault true;
    "on-workout.private".enable = lib.mkDefault true;
  };