tinc: removed porani from private vpn

This commit is contained in:
Ingolf Wagner 2020-02-03 17:21:27 +13:00
parent ae461485c3
commit cc06d5bd47
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 30 additions and 20 deletions

View file

@ -1,6 +1,6 @@
{ {
backup.services.restic = { backup.services.restic = {
"on-porani.private".enable = false; "on-porani.insecure".enable = false;
"on-workhorse.private".enable = false; "on-workhorse.private".enable = false;
"on-workout.private".enable = false; "on-workout.private".enable = false;
}; };

View file

@ -17,7 +17,7 @@
networking.hostName = "porani"; networking.hostName = "porani";
backup.services.restic = { backup.services.restic = {
"on-porani.private".enable = false; "on-porani.insecure".enable = false;
"on-workhorse.private".enable = false; "on-workhorse.private".enable = false;
"on-workout.private".enable = false; "on-workout.private".enable = false;
}; };

View file

@ -1,7 +1,7 @@
{ config, ... }: { { config, ... }: {
backup.services.restic = { backup.services.restic = {
"on-porani.private".enable = true ; "on-porani.insecure".enable = true;
"on-workhorse.private".enable = true; "on-workhorse.private".enable = true;
}; };

View file

@ -121,7 +121,8 @@ let
}; };
hostPattern = name: "${name}.private"; hostPattern = name:
if name == "porani" then "${name}.insecure" else "${name}.private";
deployment = populateCommands: name: deployment = populateCommands: name:
{ host ? (hostPattern name), target ? "/var/src/", user ? "root" { host ? (hostPattern name), target ? "/var/src/", user ? "root"

View file

@ -8,7 +8,7 @@
}; };
config = let config = let
servers = [ "porani.private" "workhorse.private" "workout.private" ]; servers = [ "porani.insecure" "workhorse.private" "workout.private" ];
dirs = config.backup.all.restic.dirs; dirs = config.backup.all.restic.dirs;
setup = server: { setup = server: {

View file

@ -5,7 +5,9 @@
"sterni.private" = { "sterni.private" = {
hostNames = [ hostNames = [
"sterni.private" "sterni.private"
"sterni.insecure"
config.module.cluster.services.tinc.private.hosts.sterni.tincIp config.module.cluster.services.tinc.private.hosts.sterni.tincIp
config.module.cluster.services.tinc.insecure.hosts.sterni.tincIp
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
@ -21,7 +23,9 @@
"sputnik.private" = { "sputnik.private" = {
hostNames = [ hostNames = [
"sputnik.private" "sputnik.private"
"sputnik.insecure"
config.module.cluster.services.tinc.private.hosts.sputnik.tincIp config.module.cluster.services.tinc.private.hosts.sputnik.tincIp
config.module.cluster.services.tinc.insecure.hosts.sputnik.tincIp
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
@ -29,20 +33,21 @@
"workhorse.private" = { "workhorse.private" = {
hostNames = [ hostNames = [
"workhorse.private" "workhorse.private"
"workhorse.insecure"
config.module.cluster.services.tinc.private.hosts.workhorse.tincIp config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
config.module.cluster.services.tinc.insecure.hosts.workhorse.tincIp
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
}; };
"porani.private" = { "porani.insecure" = {
hostNames = [ hostNames = [
"porani.private" "porani.insecure"
config.module.cluster.services.tinc.private.hosts.porani.tincIp config.module.cluster.services.tinc.insecure.hosts.porani.tincIp
]; ];
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
}; };
"pepe.private" = { "pepe.private" = {
hostNames = [ hostNames = [
"pepe.private" "pepe.private"

View file

@ -20,10 +20,16 @@ with lib; {
"SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG") "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")
// (device "workout" // (device "workout"
"DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC") "DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC")
// (device "porani"
"6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI")
// (device "sterni" // (device "sterni"
"ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // { "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // {
"porani" = {
name = "porani";
id =
"6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI";
addresses =
[ "tcp://porani.insecure:22000" "tcp://porani.insecure:21027" ];
};
} // {
smartphone = { smartphone = {
name = "smartphone"; name = "smartphone";
id = id =

View file

@ -68,9 +68,7 @@ in {
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>; publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;
}; };
sputnik = { sputnik = {
realAddress = [ realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
"static.247.134.201.195.clients.your-server.de:721"
];
tincIp = "10.123.42.122"; tincIp = "10.123.42.122";
publicKey = lib.fileContents <assets/tinc/sputnik_host_file>; publicKey = lib.fileContents <assets/tinc/sputnik_host_file>;
}; };
@ -102,10 +100,10 @@ in {
tincIp = "10.23.42.23"; tincIp = "10.23.42.23";
publicKey = lib.fileContents <assets/tinc/mobi_host_file>; publicKey = lib.fileContents <assets/tinc/mobi_host_file>;
}; };
porani = { #porani = {
tincIp = "10.23.42.31"; # tincIp = "10.23.42.31";
publicKey = lib.fileContents <assets/tinc/porani_host_file>; # publicKey = lib.fileContents <assets/tinc/porani_host_file>;
}; #};
workhorse = { workhorse = {
tincIp = "10.23.42.21"; tincIp = "10.23.42.21";
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>; publicKey = lib.fileContents <assets/tinc/workhorse_host_file>;

View file

@ -1,7 +1,7 @@
{ lib, ... }: { { lib, ... }: {
backup.services.restic = { backup.services.restic = {
"on-porani.private".enable = lib.mkDefault true; "on-porani.insecure".enable = lib.mkDefault true;
"on-workhorse.private".enable = lib.mkDefault true; "on-workhorse.private".enable = lib.mkDefault true;
"on-workout.private".enable = lib.mkDefault true; "on-workout.private".enable = lib.mkDefault true;
}; };

View file

@ -1,7 +1,7 @@
{ lib, ... }: { { lib, ... }: {
backup.services.restic = { backup.services.restic = {
"on-porani.private".enable = lib.mkDefault true; "on-porani.insecure".enable = lib.mkDefault true;
"on-workhorse.private".enable = lib.mkDefault true; "on-workhorse.private".enable = lib.mkDefault true;
"on-workout.private".enable = lib.mkDefault true; "on-workout.private".enable = lib.mkDefault true;
}; };