From d6efeb5097ff9e0529e0073b78dc4a11fd2dd785 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Mon, 3 Feb 2020 19:08:43 +1300 Subject: [PATCH] tinc: fix last issues with insecure net on porani --- configs/porani/syncthing.nix | 4 ++++ configs/porani/tinc.nix | 10 +++++----- system/desktop/home-manager/ssh.nix | 5 +++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/configs/porani/syncthing.nix b/configs/porani/syncthing.nix index 8f89968..b46b407 100644 --- a/configs/porani/syncthing.nix +++ b/configs/porani/syncthing.nix @@ -1,4 +1,7 @@ { config, pkgs, lib, ... }: { + + networking.firewall.interfaces."tinc.insecure".allowedTCPPorts = [ 8384 ]; + custom.samba-share = { enable = true; folders = { @@ -10,6 +13,7 @@ }; test.services.syncthing = { + guiAddress = lib.mkForce "${config.networking.hostName}.insecure:8384"; enable = true; openDefaultPorts = true; declarative = { diff --git a/configs/porani/tinc.nix b/configs/porani/tinc.nix index 56cbb60..5357629 100644 --- a/configs/porani/tinc.nix +++ b/configs/porani/tinc.nix @@ -1,11 +1,11 @@ { config, lib, pkgs, ... }: { module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - connectTo = [ "sputnik" ]; - }; + #"private" = { + # enable = true; + # openPort = true; + # connectTo = [ "sputnik" ]; + #}; "insecure" = { enable = true; openPort = true; diff --git a/system/desktop/home-manager/ssh.nix b/system/desktop/home-manager/ssh.nix index be08bd4..e37c53e 100644 --- a/system/desktop/home-manager/ssh.nix +++ b/system/desktop/home-manager/ssh.nix @@ -15,6 +15,11 @@ with lib; { identitiesOnly = true; user = "root"; }; + "*.insecure" = { + identityFile = "~/.ssh/card_rsa.pub"; + identitiesOnly = true; + user = "root"; + }; "*.private" = { identityFile = "~/.ssh/card_rsa.pub"; identitiesOnly = true;