all: switch tailnets

This commit is contained in:
Aaron Bieber 2023-09-25 14:36:25 -06:00
parent 712a64f1f3
commit cb122176d1
No known key found for this signature in database
10 changed files with 43 additions and 41 deletions

View File

@ -47,7 +47,7 @@ if [ "$1" = "watch" ]; then
for f in pull_requests/*.json; do
pr=$(basename $f .json)
if [ "$(jq -r '.status' <$f)" = "open" ]; then
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
msg "Updated watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
else
msg "$Skipping: ${pr} ($(jq -r .title <pull_requests/${pr}.json)), already complete"
@ -55,7 +55,7 @@ if [ "$1" = "watch" ]; then
done
else
pr="$2"
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
msg "Added watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
git add pull_requests/${pr}.json
fi

View File

@ -29,7 +29,7 @@ in
${htBin} git create "$proj" || echo "error creating '$proj' on 'sr.ht'"
git config --unset-all remote.origin.url || echo "no remote defined..."
for repo in "git@github.com:qbit/%s.git" "git@gitle.humpback-trout.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
for repo in "git@github.com:qbit/%s.git" "git@gitle.otter-alligator.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
echo "Adding remote: $(printf $repo $proj)"
git config --add remote.origin.url "$(printf $repo $proj)"
done

View File

@ -91,7 +91,7 @@ with lib; {
tsrevprox = {
enable = true;
reverseName = "nix-binary-cache";
envFile = config.sops.secrets.ts_proxy_env.path;
#envFile = config.sops.secrets.ts_proxy_env.path;
};
harmonia = {
enable = true;

View File

@ -101,5 +101,5 @@ with lib; {
sopsFile = config.xin-secrets.manager;
};
};
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
#systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
}

View File

@ -145,9 +145,9 @@ in
if config.xinCI.enable
then { }
else {
substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
substituters = [ "https://nix-binary-cache.otter-alligator.ts.net/" ];
trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
"nix-binary-cache.otter-alligator.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
];
};
};
@ -202,7 +202,7 @@ in
package = myOpenSSH.openssh;
agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
knownHosts = {
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[namish.otter-alligator.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
};
knownHostsFiles = [ ./configs/ssh_known_hosts ];

View File

@ -118,7 +118,7 @@ in
hosts = {
"127.0.0.1" = [ "git.tapenet.org" ];
"10.6.0.15" = [ "jelly.bold.daemon" ];
"100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ];
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
};
interfaces.enp7s0 = { useDHCP = true; };
@ -348,7 +348,7 @@ in
# settings = {
# PHOTOPRISM_UPLOAD_NSFW = "true";
# PHOTOPRISM_DETECT_NSFW = "false";
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
# PHOTOPRISM_SITE_URL = "https://box.otter-alligator.ts.net/photos";
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
# };
@ -356,7 +356,7 @@ in
#nextcloud = {
# enable = true;
# enableBrokenCiphersForSSE = false;
# hostName = "box.humpback-trout.ts.net";
# hostName = "box.otter-alligator.ts.net";
# home = "/media/nextcloud";
# https = true;
@ -401,12 +401,12 @@ in
. /etc/profile;
(
mkdir -p /etc/nixos/secrets;
chown root /etc/nixos/secrets/box.humpback-trout.ts.net.*;
chown root /etc/nixos/secrets/box.otter-alligator.ts.net.*;
tailscale cert \
--cert-file /etc/nixos/secrets/box.humpback-trout.ts.net.crt \
--key-file=/etc/nixos/secrets/box.humpback-trout.ts.net.key \
box.humpback-trout.ts.net;
chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.*
--cert-file /etc/nixos/secrets/box.otter-alligator.ts.net.crt \
--key-file=/etc/nixos/secrets/box.otter-alligator.ts.net.key \
box.otter-alligator.ts.net;
chown nginx /etc/nixos/secrets/box.otter-alligator.ts.net.*
) >/dev/null 2>&1
'';
in
@ -683,7 +683,7 @@ in
}
{
job_name = "h";
static_configs = [{ targets = [ "100.64.247.69:9002" ]; }];
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
}
{
job_name = "namish";
@ -815,10 +815,10 @@ in
proxyWebsockets = true;
};
};
"box.humpback-trout.ts.net" = {
"box.otter-alligator.ts.net" = {
forceSSL = true;
sslCertificateKey = "/etc/nixos/secrets/box.humpback-trout.ts.net.key";
sslCertificate = "/etc/nixos/secrets/box.humpback-trout.ts.net.crt";
sslCertificateKey = "/etc/nixos/secrets/box.otter-alligator.ts.net.key";
sslCertificate = "/etc/nixos/secrets/box.otter-alligator.ts.net.crt";
locations."/photos" = {
proxyPass = "http://localhost:2343";

View File

@ -33,7 +33,7 @@ in
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
allowedUDPPorts = [ 53 ];
};
hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; };
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
};
users.users = {
@ -111,24 +111,24 @@ in
enable = true;
settings = {
server = {
interface = [ "100.64.130.122" ];
interface = [ "100.80.94.131" ];
access-control = [ "100.64.0.0/10 allow" ];
};
local-zone = ''"bold.daemon." static'';
local-data = [
''"books.bold.daemon. IN A 100.120.151.126"''
''"headphones.bold.daemon. IN A 100.120.151.126"''
''"jelly.bold.daemon. IN A 100.120.151.126"''
''"lidarr.bold.daemon. IN A 100.120.151.126"''
''"nzb.bold.daemon. IN A 100.120.151.126"''
''"prowlarr.bold.daemon. IN A 100.120.151.126"''
''"radarr.bold.daemon. IN A 100.120.151.126"''
''"reddit.bold.daemon. IN A 100.120.151.126"''
''"sonarr.bold.daemon. IN A 100.120.151.126"''
''"readarr.bold.daemon. IN A 100.120.151.126"''
''"home.bold.daemon. IN A 100.120.151.126"''
''"graph.bold.daemon. IN A 100.120.151.126"''
''"invidious.bold.daemon. IN A 100.120.151.126"''
''"books.bold.daemon. IN A 100.115.16.150"''
''"headphones.bold.daemon. IN A 100.115.16.150"''
''"jelly.bold.daemon. IN A 100.115.16.150"''
''"lidarr.bold.daemon. IN A 100.115.16.150"''
''"nzb.bold.daemon. IN A 100.115.16.150"''
''"prowlarr.bold.daemon. IN A 100.115.16.150"''
''"radarr.bold.daemon. IN A 100.115.16.150"''
''"reddit.bold.daemon. IN A 100.115.16.150"''
''"sonarr.bold.daemon. IN A 100.115.16.150"''
''"readarr.bold.daemon. IN A 100.115.16.150"''
''"home.bold.daemon. IN A 100.115.16.150"''
''"graph.bold.daemon. IN A 100.115.16.150"''
''"invidious.bold.daemon. IN A 100.115.16.150"''
''"router.bold.daemon. IN A 10.6.0.1"''
];
};

View File

@ -295,7 +295,7 @@ in
enable = true;
reverseName = "pr-status";
reversePort = 3003;
envFile = config.sops.secrets.pr_status_env.path;
#envFile = config.sops.secrets.pr_status_env.path;
};
sliding-sync = {
enable = true;
@ -317,7 +317,7 @@ in
#};
tsvnstat = {
enable = true;
keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
#keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
};
yarr.enable = true;
gotosocial = {
@ -358,7 +358,7 @@ in
grpc_listen_port = 0;
};
positions = { filename = "/tmp/positions.yaml"; };
clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }];
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
scrape_configs = [
{
job_name = "journal";

View File

@ -99,7 +99,7 @@ in
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
toString cfg.reversePort
} -ip ${cfg.reverseIP}";
EnvironmentFile = cfg.envFile;
#EnvironmentFile = cfg.envFile;
};
};
};

View File

@ -22,7 +22,7 @@ in
};
keyPath = mkOption {
type = types.path;
type = with types; oneOf [ path str ];
default = "";
description = ''
Path to the TS API key file
@ -87,7 +87,9 @@ in
CacheDirectory = "tsvnstat";
CacheDirectoryMode = "0755";
ExecStart = "${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} -key ${cfg.keyPath}";
ExecStart = ''
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
'';
};
};
};