qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

all: switch tailnets

Browse Source
This commit is contained in:
Aaron Bieber 2023-09-25 14:36:25 -06:00
parent 712a64f1f3
commit cb122176d1
No known key found for this signature in database
10 changed files with 43 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/deploy
View File

@ -47,7 +47,7 @@ if [ "$1" = "watch" ]; then
for f in pull_requests/*.json; do for f in pull_requests/*.json; do
pr=$(basename $f .json) pr=$(basename $f .json)
if [ "$(jq -r '.status' <$f)" = "open" ]; then if [ "$(jq -r '.status' <$f)" = "open" ]; then
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
msg "Updated watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)" msg "Updated watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
else else
msg "$Skipping: ${pr} ($(jq -r .title <pull_requests/${pr}.json)), already complete" msg "$Skipping: ${pr} ($(jq -r .title <pull_requests/${pr}.json)), already complete"
@ -55,7 +55,7 @@ if [ "$1" = "watch" ]; then
done done
else else
pr="$2" pr="$2"
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
msg "Added watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)" msg "Added watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
git add pull_requests/${pr}.json git add pull_requests/${pr}.json
fi fi

2
bins/rpr.nix
View File

@ -29,7 +29,7 @@ in
${htBin} git create "$proj" || echo "error creating '$proj' on 'sr.ht'" ${htBin} git create "$proj" || echo "error creating '$proj' on 'sr.ht'"
git config --unset-all remote.origin.url || echo "no remote defined..." git config --unset-all remote.origin.url || echo "no remote defined..."
for repo in "git@github.com:qbit/%s.git" "git@gitle.humpback-trout.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do for repo in "git@github.com:qbit/%s.git" "git@gitle.otter-alligator.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
echo "Adding remote: $(printf $repo $proj)" echo "Adding remote: $(printf $repo $proj)"
git config --add remote.origin.url "$(printf $repo $proj)" git config --add remote.origin.url "$(printf $repo $proj)"
done done

2
configs/ci.nix
View File

@ -91,7 +91,7 @@ with lib; {
tsrevprox = { tsrevprox = {
enable = true; enable = true;
reverseName = "nix-binary-cache"; reverseName = "nix-binary-cache";
envFile = config.sops.secrets.ts_proxy_env.path; #envFile = config.sops.secrets.ts_proxy_env.path;
}; };
harmonia = { harmonia = {
enable = true; enable = true;

2
configs/tailnet.nix
View File

@ -101,5 +101,5 @@ with lib; {
sopsFile = config.xin-secrets.manager; sopsFile = config.xin-secrets.manager;
}; };
}; };
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs)); #systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
} }

6
default.nix
View File

@ -145,9 +145,9 @@ in
if config.xinCI.enable if config.xinCI.enable
then { } then { }
else { else {
substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ]; substituters = [ "https://nix-binary-cache.otter-alligator.ts.net/" ];
trusted-public-keys = [ trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0=" "nix-binary-cache.otter-alligator.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
]; ];
}; };
}; };
@ -202,7 +202,7 @@ in
package = myOpenSSH.openssh; package = myOpenSSH.openssh;
agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so"; agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
knownHosts = { knownHosts = {
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk"; "[namish.otter-alligator.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW"; "[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
}; };
knownHostsFiles = [ ./configs/ssh_known_hosts ]; knownHostsFiles = [ ./configs/ssh_known_hosts ];

24
hosts/box/default.nix
View File

@ -118,7 +118,7 @@ in
hosts = { hosts = {
"127.0.0.1" = [ "git.tapenet.org" ]; "127.0.0.1" = [ "git.tapenet.org" ];
"10.6.0.15" = [ "jelly.bold.daemon" ]; "10.6.0.15" = [ "jelly.bold.daemon" ];
"100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
}; };
interfaces.enp7s0 = { useDHCP = true; }; interfaces.enp7s0 = { useDHCP = true; };
@ -348,7 +348,7 @@ in
# settings = { # settings = {
# PHOTOPRISM_UPLOAD_NSFW = "true"; # PHOTOPRISM_UPLOAD_NSFW = "true";
# PHOTOPRISM_DETECT_NSFW = "false"; # PHOTOPRISM_DETECT_NSFW = "false";
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos"; # PHOTOPRISM_SITE_URL = "https://box.otter-alligator.ts.net/photos";
# PHOTOPRISM_SETTINGS_HIDDEN = "false"; # PHOTOPRISM_SETTINGS_HIDDEN = "false";
# PHOTOPRISM_DATABASE_DRIVER = "sqlite"; # PHOTOPRISM_DATABASE_DRIVER = "sqlite";
# }; # };
@ -356,7 +356,7 @@ in
#nextcloud = { #nextcloud = {
# enable = true; # enable = true;
# enableBrokenCiphersForSSE = false; # enableBrokenCiphersForSSE = false;
# hostName = "box.humpback-trout.ts.net"; # hostName = "box.otter-alligator.ts.net";
# home = "/media/nextcloud"; # home = "/media/nextcloud";
# https = true; # https = true;
@ -401,12 +401,12 @@ in
. /etc/profile; . /etc/profile;
( (
mkdir -p /etc/nixos/secrets; mkdir -p /etc/nixos/secrets;
chown root /etc/nixos/secrets/box.humpback-trout.ts.net.*; chown root /etc/nixos/secrets/box.otter-alligator.ts.net.*;
tailscale cert \ tailscale cert \
--cert-file /etc/nixos/secrets/box.humpback-trout.ts.net.crt \ --cert-file /etc/nixos/secrets/box.otter-alligator.ts.net.crt \
--key-file=/etc/nixos/secrets/box.humpback-trout.ts.net.key \ --key-file=/etc/nixos/secrets/box.otter-alligator.ts.net.key \
box.humpback-trout.ts.net; box.otter-alligator.ts.net;
chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.* chown nginx /etc/nixos/secrets/box.otter-alligator.ts.net.*
) >/dev/null 2>&1 ) >/dev/null 2>&1
''; '';
in in
@ -683,7 +683,7 @@ in
} }
{ {
job_name = "h"; job_name = "h";
static_configs = [{ targets = [ "100.64.247.69:9002" ]; }]; static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
} }
{ {
job_name = "namish"; job_name = "namish";
@ -815,10 +815,10 @@ in
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"box.humpback-trout.ts.net" = { "box.otter-alligator.ts.net" = {
forceSSL = true; forceSSL = true;
sslCertificateKey = "/etc/nixos/secrets/box.humpback-trout.ts.net.key"; sslCertificateKey = "/etc/nixos/secrets/box.otter-alligator.ts.net.key";
sslCertificate = "/etc/nixos/secrets/box.humpback-trout.ts.net.crt"; sslCertificate = "/etc/nixos/secrets/box.otter-alligator.ts.net.crt";
locations."/photos" = { locations."/photos" = {
proxyPass = "http://localhost:2343"; proxyPass = "http://localhost:2343";

30
hosts/faf/default.nix
View File

@ -33,7 +33,7 @@ in
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ]; allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
}; };
hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; }; hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
}; };
users.users = { users.users = {
@ -111,24 +111,24 @@ in
enable = true; enable = true;
settings = { settings = {
server = { server = {
interface = [ "100.64.130.122" ]; interface = [ "100.80.94.131" ];
access-control = [ "100.64.0.0/10 allow" ]; access-control = [ "100.64.0.0/10 allow" ];
}; };
local-zone = ''"bold.daemon." static''; local-zone = ''"bold.daemon." static'';
local-data = [ local-data = [
''"books.bold.daemon. IN A 100.120.151.126"'' ''"books.bold.daemon. IN A 100.115.16.150"''
''"headphones.bold.daemon. IN A 100.120.151.126"'' ''"headphones.bold.daemon. IN A 100.115.16.150"''
''"jelly.bold.daemon. IN A 100.120.151.126"'' ''"jelly.bold.daemon. IN A 100.115.16.150"''
''"lidarr.bold.daemon. IN A 100.120.151.126"'' ''"lidarr.bold.daemon. IN A 100.115.16.150"''
''"nzb.bold.daemon. IN A 100.120.151.126"'' ''"nzb.bold.daemon. IN A 100.115.16.150"''
''"prowlarr.bold.daemon. IN A 100.120.151.126"'' ''"prowlarr.bold.daemon. IN A 100.115.16.150"''
''"radarr.bold.daemon. IN A 100.120.151.126"'' ''"radarr.bold.daemon. IN A 100.115.16.150"''
''"reddit.bold.daemon. IN A 100.120.151.126"'' ''"reddit.bold.daemon. IN A 100.115.16.150"''
''"sonarr.bold.daemon. IN A 100.120.151.126"'' ''"sonarr.bold.daemon. IN A 100.115.16.150"''
''"readarr.bold.daemon. IN A 100.120.151.126"'' ''"readarr.bold.daemon. IN A 100.115.16.150"''
''"home.bold.daemon. IN A 100.120.151.126"'' ''"home.bold.daemon. IN A 100.115.16.150"''
''"graph.bold.daemon. IN A 100.120.151.126"'' ''"graph.bold.daemon. IN A 100.115.16.150"''
''"invidious.bold.daemon. IN A 100.120.151.126"'' ''"invidious.bold.daemon. IN A 100.115.16.150"''
''"router.bold.daemon. IN A 10.6.0.1"'' ''"router.bold.daemon. IN A 10.6.0.1"''
]; ];
}; };

6
hosts/h/default.nix
View File

@ -295,7 +295,7 @@ in
enable = true; enable = true;
reverseName = "pr-status"; reverseName = "pr-status";
reversePort = 3003; reversePort = 3003;
envFile = config.sops.secrets.pr_status_env.path; #envFile = config.sops.secrets.pr_status_env.path;
}; };
sliding-sync = { sliding-sync = {
enable = true; enable = true;
@ -317,7 +317,7 @@ in
#}; #};
tsvnstat = { tsvnstat = {
enable = true; enable = true;
keyPath = "${config.sops.secrets.router_stats_ts_key.path}"; #keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
}; };
yarr.enable = true; yarr.enable = true;
gotosocial = { gotosocial = {
@ -358,7 +358,7 @@ in
grpc_listen_port = 0; grpc_listen_port = 0;
}; };
positions = { filename = "/tmp/positions.yaml"; }; positions = { filename = "/tmp/positions.yaml"; };
clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }]; clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
scrape_configs = [ scrape_configs = [
{ {
job_name = "journal"; job_name = "journal";

2
modules/ts-rev-prox.nix
View File

@ -99,7 +99,7 @@ in
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${ ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
toString cfg.reversePort toString cfg.reversePort
} -ip ${cfg.reverseIP}"; } -ip ${cfg.reverseIP}";
EnvironmentFile = cfg.envFile; #EnvironmentFile = cfg.envFile;
}; };
}; };
}; };

6
modules/tsvnstat.nix
View File

@ -22,7 +22,7 @@ in
}; };
keyPath = mkOption { keyPath = mkOption {
type = types.path; type = with types; oneOf [ path str ];
default = ""; default = "";
description = '' description = ''
Path to the TS API key file Path to the TS API key file
@ -87,7 +87,9 @@ in
CacheDirectory = "tsvnstat"; CacheDirectory = "tsvnstat";
CacheDirectoryMode = "0755"; CacheDirectoryMode = "0755";
ExecStart = "${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} -key ${cfg.keyPath}"; ExecStart = ''
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
'';
}; };
}; };
}; };