From cc06d5bd47cb4dfa08bc4ab4af0657b8693f6bd3 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Mon, 3 Feb 2020 17:21:27 +1300 Subject: [PATCH] tinc: removed porani from private vpn --- configs/mobi/restic.nix | 2 +- configs/porani/configuration.nix | 2 +- configs/workhorse/restic.nix | 2 +- shell.nix | 3 ++- system/all/restic.nix | 2 +- system/all/sshd-known-hosts-private.nix | 13 +++++++++---- system/all/syncthing.nix | 10 ++++++++-- system/all/tinc.nix | 12 +++++------- system/desktop/restic.nix | 2 +- system/server/restic.nix | 2 +- 10 files changed, 30 insertions(+), 20 deletions(-) diff --git a/configs/mobi/restic.nix b/configs/mobi/restic.nix index dd2c9c4..88fad0c 100644 --- a/configs/mobi/restic.nix +++ b/configs/mobi/restic.nix @@ -1,6 +1,6 @@ { backup.services.restic = { - "on-porani.private".enable = false; + "on-porani.insecure".enable = false; "on-workhorse.private".enable = false; "on-workout.private".enable = false; }; diff --git a/configs/porani/configuration.nix b/configs/porani/configuration.nix index d5b4d4d..fcb5923 100644 --- a/configs/porani/configuration.nix +++ b/configs/porani/configuration.nix @@ -17,7 +17,7 @@ networking.hostName = "porani"; backup.services.restic = { - "on-porani.private".enable = false; + "on-porani.insecure".enable = false; "on-workhorse.private".enable = false; "on-workout.private".enable = false; }; diff --git a/configs/workhorse/restic.nix b/configs/workhorse/restic.nix index f9c9d62..1464a79 100644 --- a/configs/workhorse/restic.nix +++ b/configs/workhorse/restic.nix @@ -1,7 +1,7 @@ { config, ... }: { backup.services.restic = { - "on-porani.private".enable = true ; + "on-porani.insecure".enable = true; "on-workhorse.private".enable = true; }; diff --git a/shell.nix b/shell.nix index 2259b1c..2e77bbc 100644 --- a/shell.nix +++ b/shell.nix @@ -121,7 +121,8 @@ let }; - hostPattern = name: "${name}.private"; + hostPattern = name: + if name == "porani" then "${name}.insecure" else "${name}.private"; deployment = populateCommands: name: { host ? (hostPattern name), target ? "/var/src/", user ? "root" diff --git a/system/all/restic.nix b/system/all/restic.nix index 0501d2a..9cd6cb7 100644 --- a/system/all/restic.nix +++ b/system/all/restic.nix @@ -8,7 +8,7 @@ }; config = let - servers = [ "porani.private" "workhorse.private" "workout.private" ]; + servers = [ "porani.insecure" "workhorse.private" "workout.private" ]; dirs = config.backup.all.restic.dirs; setup = server: { diff --git a/system/all/sshd-known-hosts-private.nix b/system/all/sshd-known-hosts-private.nix index 1c121a4..8d363f5 100644 --- a/system/all/sshd-known-hosts-private.nix +++ b/system/all/sshd-known-hosts-private.nix @@ -5,7 +5,9 @@ "sterni.private" = { hostNames = [ "sterni.private" + "sterni.insecure" config.module.cluster.services.tinc.private.hosts.sterni.tincIp + config.module.cluster.services.tinc.insecure.hosts.sterni.tincIp ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; @@ -21,7 +23,9 @@ "sputnik.private" = { hostNames = [ "sputnik.private" + "sputnik.insecure" config.module.cluster.services.tinc.private.hosts.sputnik.tincIp + config.module.cluster.services.tinc.insecure.hosts.sputnik.tincIp ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8"; @@ -29,20 +33,21 @@ "workhorse.private" = { hostNames = [ "workhorse.private" + "workhorse.insecure" config.module.cluster.services.tinc.private.hosts.workhorse.tincIp + config.module.cluster.services.tinc.insecure.hosts.workhorse.tincIp ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB"; }; - "porani.private" = { + "porani.insecure" = { hostNames = [ - "porani.private" - config.module.cluster.services.tinc.private.hosts.porani.tincIp + "porani.insecure" + config.module.cluster.services.tinc.insecure.hosts.porani.tincIp ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK"; }; - "pepe.private" = { hostNames = [ "pepe.private" diff --git a/system/all/syncthing.nix b/system/all/syncthing.nix index 73af6e4..b2c766d 100644 --- a/system/all/syncthing.nix +++ b/system/all/syncthing.nix @@ -20,10 +20,16 @@ with lib; { "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG") // (device "workout" "DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC") - // (device "porani" - "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI") // (device "sterni" "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // { + "porani" = { + name = "porani"; + id = + "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI"; + addresses = + [ "tcp://porani.insecure:22000" "tcp://porani.insecure:21027" ]; + }; + } // { smartphone = { name = "smartphone"; id = diff --git a/system/all/tinc.nix b/system/all/tinc.nix index 504baee..8d984a2 100644 --- a/system/all/tinc.nix +++ b/system/all/tinc.nix @@ -68,9 +68,7 @@ in { publicKey = lib.fileContents ; }; sputnik = { - realAddress = [ - "static.247.134.201.195.clients.your-server.de:721" - ]; + realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; tincIp = "10.123.42.122"; publicKey = lib.fileContents ; }; @@ -102,10 +100,10 @@ in { tincIp = "10.23.42.23"; publicKey = lib.fileContents ; }; - porani = { - tincIp = "10.23.42.31"; - publicKey = lib.fileContents ; - }; + #porani = { + # tincIp = "10.23.42.31"; + # publicKey = lib.fileContents ; + #}; workhorse = { tincIp = "10.23.42.21"; publicKey = lib.fileContents ; diff --git a/system/desktop/restic.nix b/system/desktop/restic.nix index 0cb50be..dde4f7c 100644 --- a/system/desktop/restic.nix +++ b/system/desktop/restic.nix @@ -1,7 +1,7 @@ { lib, ... }: { backup.services.restic = { - "on-porani.private".enable = lib.mkDefault true; + "on-porani.insecure".enable = lib.mkDefault true; "on-workhorse.private".enable = lib.mkDefault true; "on-workout.private".enable = lib.mkDefault true; }; diff --git a/system/server/restic.nix b/system/server/restic.nix index 123e5af..0a1f3d8 100644 --- a/system/server/restic.nix +++ b/system/server/restic.nix @@ -1,7 +1,7 @@ { lib, ... }: { backup.services.restic = { - "on-porani.private".enable = lib.mkDefault true; + "on-porani.insecure".enable = lib.mkDefault true; "on-workhorse.private".enable = lib.mkDefault true; "on-workout.private".enable = lib.mkDefault true; };