qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

all: switch tailnets

Browse Source
This commit is contained in:
Aaron Bieber 2023-09-25 14:36:25 -06:00
parent 712a64f1f3
commit cb122176d1
No known key found for this signature in database
10 changed files with 43 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/deploy
View File

@ -47,7 +47,7 @@ if [ "$1" = "watch" ]; then
for f in pull_requests/*.json; do
pr=$(basename $f .json)
if [ "$(jq -r '.status' <$f)" = "open" ]; then
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
msg "Updated watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
else
msg "$Skipping: ${pr} ($(jq -r .title <pull_requests/${pr}.json)), already complete"
@ -55,7 +55,7 @@ if [ "$1" = "watch" ]; then
done
else
pr="$2"
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
msg "Added watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
git add pull_requests/${pr}.json
fi

2
bins/rpr.nix
View File

@ -29,7 +29,7 @@ in
${htBin} git create "$proj" || echo "error creating '$proj' on 'sr.ht'"
git config --unset-all remote.origin.url || echo "no remote defined..."
for repo in "git@github.com:qbit/%s.git" "git@gitle.humpback-trout.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
for repo in "git@github.com:qbit/%s.git" "git@gitle.otter-alligator.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
echo "Adding remote: $(printf $repo $proj)"
git config --add remote.origin.url "$(printf $repo $proj)"
done

2
configs/ci.nix
View File

@ -91,7 +91,7 @@ with lib; {
tsrevprox = {
enable = true;
reverseName = "nix-binary-cache";
envFile = config.sops.secrets.ts_proxy_env.path;
#envFile = config.sops.secrets.ts_proxy_env.path;
};
harmonia = {
enable = true;

2
configs/tailnet.nix
View File

@ -101,5 +101,5 @@ with lib; {
sopsFile = config.xin-secrets.manager;
};
};
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
#systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
}

6
default.nix
View File

@ -145,9 +145,9 @@ in
if config.xinCI.enable
then { }
else {
substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
substituters = [ "https://nix-binary-cache.otter-alligator.ts.net/" ];
trusted-public-keys = [
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
"nix-binary-cache.otter-alligator.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
];
};
};
@ -202,7 +202,7 @@ in
package = myOpenSSH.openssh;
agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
knownHosts = {
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[namish.otter-alligator.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
};
knownHostsFiles = [ ./configs/ssh_known_hosts ];

24
hosts/box/default.nix
View File

@ -118,7 +118,7 @@ in
hosts = {
"127.0.0.1" = [ "git.tapenet.org" ];
"10.6.0.15" = [ "jelly.bold.daemon" ];
"100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ];
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
};
interfaces.enp7s0 = { useDHCP = true; };
@ -348,7 +348,7 @@ in
# settings = {
# PHOTOPRISM_UPLOAD_NSFW = "true";
# PHOTOPRISM_DETECT_NSFW = "false";
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
# PHOTOPRISM_SITE_URL = "https://box.otter-alligator.ts.net/photos";
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
# };
@ -356,7 +356,7 @@ in
#nextcloud = {
# enable = true;
# enableBrokenCiphersForSSE = false;
# hostName = "box.humpback-trout.ts.net";
# hostName = "box.otter-alligator.ts.net";
# home = "/media/nextcloud";
# https = true;
@ -401,12 +401,12 @@ in
. /etc/profile;
(
mkdir -p /etc/nixos/secrets;
chown root /etc/nixos/secrets/box.humpback-trout.ts.net.*;
chown root /etc/nixos/secrets/box.otter-alligator.ts.net.*;
tailscale cert \
--cert-file /etc/nixos/secrets/box.humpback-trout.ts.net.crt \
--key-file=/etc/nixos/secrets/box.humpback-trout.ts.net.key \
box.humpback-trout.ts.net;
chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.*
--cert-file /etc/nixos/secrets/box.otter-alligator.ts.net.crt \
--key-file=/etc/nixos/secrets/box.otter-alligator.ts.net.key \
box.otter-alligator.ts.net;
chown nginx /etc/nixos/secrets/box.otter-alligator.ts.net.*
) >/dev/null 2>&1
'';
in
@ -683,7 +683,7 @@ in
}
{
job_name = "h";
static_configs = [{ targets = [ "100.64.247.69:9002" ]; }];
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
}
{
job_name = "namish";
@ -815,10 +815,10 @@ in
proxyWebsockets = true;
};
};
"box.humpback-trout.ts.net" = {
"box.otter-alligator.ts.net" = {
forceSSL = true;
sslCertificateKey = "/etc/nixos/secrets/box.humpback-trout.ts.net.key";
sslCertificate = "/etc/nixos/secrets/box.humpback-trout.ts.net.crt";
sslCertificateKey = "/etc/nixos/secrets/box.otter-alligator.ts.net.key";
sslCertificate = "/etc/nixos/secrets/box.otter-alligator.ts.net.crt";
locations."/photos" = {
proxyPass = "http://localhost:2343";

30
hosts/faf/default.nix
View File

@ -33,7 +33,7 @@ in
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
allowedUDPPorts = [ 53 ];
};
hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; };
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
};
users.users = {
@ -111,24 +111,24 @@ in
enable = true;
settings = {
server = {
interface = [ "100.64.130.122" ];
interface = [ "100.80.94.131" ];
access-control = [ "100.64.0.0/10 allow" ];
};
local-zone = ''"bold.daemon." static'';
local-data = [
''"books.bold.daemon. IN A 100.120.151.126"''
''"headphones.bold.daemon. IN A 100.120.151.126"''
''"jelly.bold.daemon. IN A 100.120.151.126"''
''"lidarr.bold.daemon. IN A 100.120.151.126"''
''"nzb.bold.daemon. IN A 100.120.151.126"''
''"prowlarr.bold.daemon. IN A 100.120.151.126"''
''"radarr.bold.daemon. IN A 100.120.151.126"''
''"reddit.bold.daemon. IN A 100.120.151.126"''
''"sonarr.bold.daemon. IN A 100.120.151.126"''
''"readarr.bold.daemon. IN A 100.120.151.126"''
''"home.bold.daemon. IN A 100.120.151.126"''
''"graph.bold.daemon. IN A 100.120.151.126"''
''"invidious.bold.daemon. IN A 100.120.151.126"''
''"books.bold.daemon. IN A 100.115.16.150"''
''"headphones.bold.daemon. IN A 100.115.16.150"''
''"jelly.bold.daemon. IN A 100.115.16.150"''
''"lidarr.bold.daemon. IN A 100.115.16.150"''
''"nzb.bold.daemon. IN A 100.115.16.150"''
''"prowlarr.bold.daemon. IN A 100.115.16.150"''
''"radarr.bold.daemon. IN A 100.115.16.150"''
''"reddit.bold.daemon. IN A 100.115.16.150"''
''"sonarr.bold.daemon. IN A 100.115.16.150"''
''"readarr.bold.daemon. IN A 100.115.16.150"''
''"home.bold.daemon. IN A 100.115.16.150"''
''"graph.bold.daemon. IN A 100.115.16.150"''
''"invidious.bold.daemon. IN A 100.115.16.150"''
''"router.bold.daemon. IN A 10.6.0.1"''
];
};

6
hosts/h/default.nix
View File

@ -295,7 +295,7 @@ in
enable = true;
reverseName = "pr-status";
reversePort = 3003;
envFile = config.sops.secrets.pr_status_env.path;
#envFile = config.sops.secrets.pr_status_env.path;
};
sliding-sync = {
enable = true;
@ -317,7 +317,7 @@ in
#};
tsvnstat = {
enable = true;
keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
#keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
};
yarr.enable = true;
gotosocial = {
@ -358,7 +358,7 @@ in
grpc_listen_port = 0;
};
positions = { filename = "/tmp/positions.yaml"; };
clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }];
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
scrape_configs = [
{
job_name = "journal";

2
modules/ts-rev-prox.nix
View File

@ -99,7 +99,7 @@ in
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
toString cfg.reversePort
} -ip ${cfg.reverseIP}";
EnvironmentFile = cfg.envFile;
#EnvironmentFile = cfg.envFile;
};
};
};

6
modules/tsvnstat.nix
View File

@ -22,7 +22,7 @@ in
};
keyPath = mkOption {
type = types.path;
type = with types; oneOf [ path str ];
default = "";
description = ''
Path to the TS API key file
@ -87,7 +87,9 @@ in
CacheDirectory = "tsvnstat";
CacheDirectoryMode = "0755";
ExecStart = "${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} -key ${cfg.keyPath}";
ExecStart = ''
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
'';
};
};
};