all: switch tailnets
This commit is contained in:
parent
712a64f1f3
commit
cb122176d1
@ -47,7 +47,7 @@ if [ "$1" = "watch" ]; then
|
||||
for f in pull_requests/*.json; do
|
||||
pr=$(basename $f .json)
|
||||
if [ "$(jq -r '.status' <$f)" = "open" ]; then
|
||||
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
|
||||
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
|
||||
msg "Updated watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
|
||||
else
|
||||
msg "$Skipping: ${pr} ($(jq -r .title <pull_requests/${pr}.json)), already complete"
|
||||
@ -55,7 +55,7 @@ if [ "$1" = "watch" ]; then
|
||||
done
|
||||
else
|
||||
pr="$2"
|
||||
curl -s -o - https://pr-status.humpback-trout.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
|
||||
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
|
||||
msg "Added watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
|
||||
git add pull_requests/${pr}.json
|
||||
fi
|
||||
|
@ -29,7 +29,7 @@ in
|
||||
${htBin} git create "$proj" || echo "error creating '$proj' on 'sr.ht'"
|
||||
|
||||
git config --unset-all remote.origin.url || echo "no remote defined..."
|
||||
for repo in "git@github.com:qbit/%s.git" "git@gitle.humpback-trout.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
|
||||
for repo in "git@github.com:qbit/%s.git" "git@gitle.otter-alligator.ts.net:%s" "ssh://gitea@git.tapenet.org:2222/qbit/%s.git" "git@codeberg.org:qbit/%s.git" "git@git.sr.ht:~qbit/%s"; do
|
||||
echo "Adding remote: $(printf $repo $proj)"
|
||||
git config --add remote.origin.url "$(printf $repo $proj)"
|
||||
done
|
||||
|
@ -91,7 +91,7 @@ with lib; {
|
||||
tsrevprox = {
|
||||
enable = true;
|
||||
reverseName = "nix-binary-cache";
|
||||
envFile = config.sops.secrets.ts_proxy_env.path;
|
||||
#envFile = config.sops.secrets.ts_proxy_env.path;
|
||||
};
|
||||
harmonia = {
|
||||
enable = true;
|
||||
|
@ -101,5 +101,5 @@ with lib; {
|
||||
sopsFile = config.xin-secrets.manager;
|
||||
};
|
||||
};
|
||||
systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
|
||||
#systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs));
|
||||
}
|
||||
|
@ -145,9 +145,9 @@ in
|
||||
if config.xinCI.enable
|
||||
then { }
|
||||
else {
|
||||
substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ];
|
||||
substituters = [ "https://nix-binary-cache.otter-alligator.ts.net/" ];
|
||||
trusted-public-keys = [
|
||||
"nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
||||
"nix-binary-cache.otter-alligator.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0="
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -202,7 +202,7 @@ in
|
||||
package = myOpenSSH.openssh;
|
||||
agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
|
||||
knownHosts = {
|
||||
"[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
|
||||
"[namish.otter-alligator.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk";
|
||||
"[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW";
|
||||
};
|
||||
knownHostsFiles = [ ./configs/ssh_known_hosts ];
|
||||
|
@ -118,7 +118,7 @@ in
|
||||
hosts = {
|
||||
"127.0.0.1" = [ "git.tapenet.org" ];
|
||||
"10.6.0.15" = [ "jelly.bold.daemon" ];
|
||||
"100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ];
|
||||
"100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ];
|
||||
};
|
||||
interfaces.enp7s0 = { useDHCP = true; };
|
||||
|
||||
@ -348,7 +348,7 @@ in
|
||||
# settings = {
|
||||
# PHOTOPRISM_UPLOAD_NSFW = "true";
|
||||
# PHOTOPRISM_DETECT_NSFW = "false";
|
||||
# PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos";
|
||||
# PHOTOPRISM_SITE_URL = "https://box.otter-alligator.ts.net/photos";
|
||||
# PHOTOPRISM_SETTINGS_HIDDEN = "false";
|
||||
# PHOTOPRISM_DATABASE_DRIVER = "sqlite";
|
||||
# };
|
||||
@ -356,7 +356,7 @@ in
|
||||
#nextcloud = {
|
||||
# enable = true;
|
||||
# enableBrokenCiphersForSSE = false;
|
||||
# hostName = "box.humpback-trout.ts.net";
|
||||
# hostName = "box.otter-alligator.ts.net";
|
||||
# home = "/media/nextcloud";
|
||||
# https = true;
|
||||
|
||||
@ -401,12 +401,12 @@ in
|
||||
. /etc/profile;
|
||||
(
|
||||
mkdir -p /etc/nixos/secrets;
|
||||
chown root /etc/nixos/secrets/box.humpback-trout.ts.net.*;
|
||||
chown root /etc/nixos/secrets/box.otter-alligator.ts.net.*;
|
||||
tailscale cert \
|
||||
--cert-file /etc/nixos/secrets/box.humpback-trout.ts.net.crt \
|
||||
--key-file=/etc/nixos/secrets/box.humpback-trout.ts.net.key \
|
||||
box.humpback-trout.ts.net;
|
||||
chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.*
|
||||
--cert-file /etc/nixos/secrets/box.otter-alligator.ts.net.crt \
|
||||
--key-file=/etc/nixos/secrets/box.otter-alligator.ts.net.key \
|
||||
box.otter-alligator.ts.net;
|
||||
chown nginx /etc/nixos/secrets/box.otter-alligator.ts.net.*
|
||||
) >/dev/null 2>&1
|
||||
'';
|
||||
in
|
||||
@ -683,7 +683,7 @@ in
|
||||
}
|
||||
{
|
||||
job_name = "h";
|
||||
static_configs = [{ targets = [ "100.64.247.69:9002" ]; }];
|
||||
static_configs = [{ targets = [ "100.83.77.133:9002" ]; }];
|
||||
}
|
||||
{
|
||||
job_name = "namish";
|
||||
@ -815,10 +815,10 @@ in
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"box.humpback-trout.ts.net" = {
|
||||
"box.otter-alligator.ts.net" = {
|
||||
forceSSL = true;
|
||||
sslCertificateKey = "/etc/nixos/secrets/box.humpback-trout.ts.net.key";
|
||||
sslCertificate = "/etc/nixos/secrets/box.humpback-trout.ts.net.crt";
|
||||
sslCertificateKey = "/etc/nixos/secrets/box.otter-alligator.ts.net.key";
|
||||
sslCertificate = "/etc/nixos/secrets/box.otter-alligator.ts.net.crt";
|
||||
|
||||
locations."/photos" = {
|
||||
proxyPass = "http://localhost:2343";
|
||||
|
@ -33,7 +33,7 @@ in
|
||||
allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; };
|
||||
hosts = { "100.74.8.55" = [ "nix-binary-cache.otter-alligator.ts.net" ]; };
|
||||
};
|
||||
|
||||
users.users = {
|
||||
@ -111,24 +111,24 @@ in
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
interface = [ "100.64.130.122" ];
|
||||
interface = [ "100.80.94.131" ];
|
||||
access-control = [ "100.64.0.0/10 allow" ];
|
||||
};
|
||||
local-zone = ''"bold.daemon." static'';
|
||||
local-data = [
|
||||
''"books.bold.daemon. IN A 100.120.151.126"''
|
||||
''"headphones.bold.daemon. IN A 100.120.151.126"''
|
||||
''"jelly.bold.daemon. IN A 100.120.151.126"''
|
||||
''"lidarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"nzb.bold.daemon. IN A 100.120.151.126"''
|
||||
''"prowlarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"radarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"reddit.bold.daemon. IN A 100.120.151.126"''
|
||||
''"sonarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"readarr.bold.daemon. IN A 100.120.151.126"''
|
||||
''"home.bold.daemon. IN A 100.120.151.126"''
|
||||
''"graph.bold.daemon. IN A 100.120.151.126"''
|
||||
''"invidious.bold.daemon. IN A 100.120.151.126"''
|
||||
''"books.bold.daemon. IN A 100.115.16.150"''
|
||||
''"headphones.bold.daemon. IN A 100.115.16.150"''
|
||||
''"jelly.bold.daemon. IN A 100.115.16.150"''
|
||||
''"lidarr.bold.daemon. IN A 100.115.16.150"''
|
||||
''"nzb.bold.daemon. IN A 100.115.16.150"''
|
||||
''"prowlarr.bold.daemon. IN A 100.115.16.150"''
|
||||
''"radarr.bold.daemon. IN A 100.115.16.150"''
|
||||
''"reddit.bold.daemon. IN A 100.115.16.150"''
|
||||
''"sonarr.bold.daemon. IN A 100.115.16.150"''
|
||||
''"readarr.bold.daemon. IN A 100.115.16.150"''
|
||||
''"home.bold.daemon. IN A 100.115.16.150"''
|
||||
''"graph.bold.daemon. IN A 100.115.16.150"''
|
||||
''"invidious.bold.daemon. IN A 100.115.16.150"''
|
||||
''"router.bold.daemon. IN A 10.6.0.1"''
|
||||
];
|
||||
};
|
||||
|
@ -295,7 +295,7 @@ in
|
||||
enable = true;
|
||||
reverseName = "pr-status";
|
||||
reversePort = 3003;
|
||||
envFile = config.sops.secrets.pr_status_env.path;
|
||||
#envFile = config.sops.secrets.pr_status_env.path;
|
||||
};
|
||||
sliding-sync = {
|
||||
enable = true;
|
||||
@ -317,7 +317,7 @@ in
|
||||
#};
|
||||
tsvnstat = {
|
||||
enable = true;
|
||||
keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
|
||||
#keyPath = "${config.sops.secrets.router_stats_ts_key.path}";
|
||||
};
|
||||
yarr.enable = true;
|
||||
gotosocial = {
|
||||
@ -358,7 +358,7 @@ in
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = { filename = "/tmp/positions.yaml"; };
|
||||
clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }];
|
||||
clients = [{ url = "http://box.otter-alligator.ts.net:3030/loki/api/v1/push"; }];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
|
@ -99,7 +99,7 @@ in
|
||||
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
|
||||
toString cfg.reversePort
|
||||
} -ip ${cfg.reverseIP}";
|
||||
EnvironmentFile = cfg.envFile;
|
||||
#EnvironmentFile = cfg.envFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -22,7 +22,7 @@ in
|
||||
};
|
||||
|
||||
keyPath = mkOption {
|
||||
type = types.path;
|
||||
type = with types; oneOf [ path str ];
|
||||
default = "";
|
||||
description = ''
|
||||
Path to the TS API key file
|
||||
@ -87,7 +87,9 @@ in
|
||||
CacheDirectory = "tsvnstat";
|
||||
CacheDirectoryMode = "0755";
|
||||
|
||||
ExecStart = "${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} -key ${cfg.keyPath}";
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/tsvnstat -vnstati ${pkgs.vnstat}/bin/vnstati -name ${cfg.nodeName} ${lib.optionalString (cfg.keyPath != "") "-key ${cfg.keyPath}"}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user