pepe.private can connect to sterni.private now

2023-01-27 00:20:18 +01:00 · 2023-01-27 00:20:18 +01:00 · e399bb3a1d
parent 211f241cd1
commit e399bb3a1d
7 changed files with 19 additions and 72 deletions
--- a/flake.nix
+++ b/flake.nix
@ -181,9 +181,9 @@

          sterni = { name, nodes, pkgs, ... }: {
            deployment.allowLocalDeployment = true;
-            #deployment.targetHost = "${name}.private";
+            deployment.targetHost = "${name}.private";
            #deployment.targetHost = "10.23.42.24";
-            deployment.targetHost = "localhost";
+            #deployment.targetHost = "localhost";
            deployment.tags = [ "desktop" "online" "private" ];
            imports = [
              grocy-scanner.nixosModule
@ -213,7 +213,8 @@
          };

          pepe = { name, nodes, pkgs, ... }: {
-            deployment.targetHost = "${name}.private";
+            #deployment.targetHost = "${name}.private";
+            deployment.targetHost = "${name}";
            deployment.tags = [ "server" "online" "private" ];
            imports = [
              grocy-scanner.nixosModule
--- a/nixos/components/network/sshd/known-hosts-private.nix
+++ b/nixos/components/network/sshd/known-hosts-private.nix
@ -1,4 +1,3 @@
-# generated by updateSshKeys.sh
 { config, lib, ... }: {

  services.openssh.knownHosts = {
@ -22,43 +21,5 @@
      ];
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
    };
-    #"sternchen.secret" = {
-    #  hostNames = [
-    #    "sternchen.secret"
-    #    config.module.cluster.services.tinc.secret.hosts.sternchen.tincIp
-    #  ];
-    #  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
-    #};
-    #"sterni.private" = {
-    #  hostNames = [
-    #    "sterni.private"
-    #    "sterni.secret"
-    #    config.module.cluster.services.tinc.private.hosts.sterni.tincIp
-    #    config.module.cluster.services.tinc.secret.hosts.sterni.tincIp
-    #  ];
-    #  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
-    #};
-    #"pepe.private" = {
-    #  hostNames = [
-    #    "pepe.private"
-    #    "pepe.lan"
-    #    config.module.cluster.services.tinc.private.hosts.pepe.tincIp
-    #  ];
-    #  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
-    #};
-    #"bobi.private" = {
-    #  hostNames = [
-    #    "bobi.private"
-    #    config.module.cluster.services.tinc.private.hosts.bobi.tincIp
-    #  ];
-    #  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
-    #};
-    #"mobi.private" = {
-    #  hostNames = [
-    #    "mobi.private"
-    #    config.module.cluster.services.tinc.private.hosts.mobi.tincIp
-    #  ];
-    #  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
-    #};
  };
 }
--- a/nixos/components/network/tinc/private.nix
+++ b/nixos/components/network/tinc/private.nix
@ -22,6 +22,10 @@ in
  services.tinc.networks = {
    ${network} = {
      ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
+      interfaceType = "tap";
+      extraConfig = ''
+        LocalDiscovery = yes
+      '';
      hostSettings = {
        mobi = {
          subnets = [{ address = hosts.mobi; }];
@ -29,7 +33,7 @@ in
        };
        sterni = {
          subnets = [{ address = hosts.sterni; }];
-          settings.Ed25519PublicKey = "Hm+YwSe6XiRNQD4HfJPgTB8UFVMyVi0vy+3ofMnW6jD";
+          settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
        };
        bobi = {
          subnets = [{ address = hosts.bobi; }];
--- a/nixos/components/network/tinc/secret.nix
+++ b/nixos/components/network/tinc/secret.nix
@ -23,7 +23,6 @@ in
      ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
      extraConfig = ''
        LocalDiscovery = yes
-        AutoConnect = yes
        Port = ${toString port}
      '';
      hostSettings = {
@ -33,7 +32,7 @@ in
        };
        sterni = {
          subnets = [{ address = hosts.sterni; }];
-          settings.Ed25519PublicKey = "Hm+YwSe6XiRNQD4HfJPgTB8UFVMyVi0vy+3ofMnW6jD";
+          settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
        };
        robi = {
          addresses = [{ address = "144.76.13.147"; port = port; }];
--- a/nixos/machines/pepe/configuration.nix
+++ b/nixos/machines/pepe/configuration.nix
@ -53,13 +53,13 @@
  networking.dhcpcd.allowInterfaces = [ "enp0s25" ];

  # nix-shell -p speedtest_cli --run speedtest
-  configuration.fireqos = {
-    enable = false;
-    interface = "enp0s25";
-    input = 200000;
-    output = 2000;
-    balance = false;
-  };
+  #configuration.fireqos = {
+  #  enable = false;
+  #  interface = "enp0s25";
+  #  input = 200000;
+  #  output = 2000;
+  #  balance = false;
+  #};

  services.printing.enable = false;
  services.smartd.enable = true;
--- a/nixos/machines/pepe/tinc.nix
+++ b/nixos/machines/pepe/tinc.nix
@ -1,23 +1,6 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
 {
-  module.cluster.services.tinc = {
-    "private" = {
-      enable = true;
-      openPort = true;
-      connectTo = [ "robi" ];
-    };
-    "retiolum" = {
-      enable = true;
-      openPort = true;
-    };
-  };

-  sops.secrets.tinc_retiolum_ed25519_key = { };
-  sops.secrets.tinc_retiolum_rsa_key = { };
+  tinc.private.enable = true;
+  tinc.private.ipv4 = "10.23.42.26";

-  users.users."tinc.retiolum".group = "tinc.retiolum";
-  users.groups."tinc.retiolum" = { };
 }
--- a/nixos/machines/sterni/tinc.nix
+++ b/nixos/machines/sterni/tinc.nix
@ -1,4 +1,3 @@
-{ config, lib, pkgs, ... }:
 {

  tinc.private.enable = true;