tinc: fix last issues with insecure net on porani

2020-02-03 19:08:43 +13:00 · 2020-02-03 19:08:43 +13:00 · d6efeb5097
commit d6efeb5097
parent cc06d5bd47
3 changed files with 14 additions and 5 deletions
--- a/configs/porani/syncthing.nix
+++ b/configs/porani/syncthing.nix
@ -1,4 +1,7 @@
 { config, pkgs, lib, ... }: {
+
+  networking.firewall.interfaces."tinc.insecure".allowedTCPPorts = [ 8384 ];
+
  custom.samba-share = {
    enable = true;
    folders = {
@ -10,6 +13,7 @@
  };

  test.services.syncthing = {
+    guiAddress = lib.mkForce "${config.networking.hostName}.insecure:8384";
    enable = true;
    openDefaultPorts = true;
    declarative = {
--- a/configs/porani/tinc.nix
+++ b/configs/porani/tinc.nix
@ -1,11 +1,11 @@
 { config, lib, pkgs, ... }: {

  module.cluster.services.tinc = {
-    "private" = {
-      enable = true;
-      openPort = true;
-      connectTo = [ "sputnik" ];
-    };
+    #"private" = {
+    #  enable = true;
+    #  openPort = true;
+    #  connectTo = [ "sputnik" ];
+    #};
    "insecure" = {
      enable = true;
      openPort = true;
--- a/system/desktop/home-manager/ssh.nix
+++ b/system/desktop/home-manager/ssh.nix
@ -15,6 +15,11 @@ with lib; {
        identitiesOnly = true;
        user = "root";
      };
+      "*.insecure" = {
+        identityFile = "~/.ssh/card_rsa.pub";
+        identitiesOnly = true;
+        user = "root";
+      };
      "*.private" = {
        identityFile = "~/.ssh/card_rsa.pub";
        identitiesOnly = true;