From bf378949d2f008b83f88bb2b58fe6b14d9204819 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 23:55:28 +0100 Subject: [PATCH] treewide: Partial migration from custom WireGuard to Headscale --- flake.nix | 2 +- hosts/orm/default.nix | 1 + hosts/yevaud/default.nix | 1 - hosts/yevaud/experiments/birdsong-dns.nix | 32 ----------------------- services/distributed-builds.nix | 4 +-- 5 files changed, 4 insertions(+), 36 deletions(-) delete mode 100644 hosts/yevaud/experiments/birdsong-dns.nix diff --git a/flake.nix b/flake.nix index 90c14c3..3766dee 100644 --- a/flake.nix +++ b/flake.nix @@ -158,7 +158,7 @@ kilgharrah.deployment.targetHost = null; # disable remote deployment tohru.deployment.targetHost = null; # disable remote deployment - elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet + elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ]; tohru.imports = [ ./hosts/tohru home-manager ]; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index d2b6298..ce4c125 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -47,6 +47,7 @@ }; # only allow remote connections from within birdsong vpn # TODO: don't hardcode the IP addresses + # TODO: move to tailscale authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method local all all trust # used by nixos for local monitoring diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index b93c14b..1545c62 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -5,7 +5,6 @@ ./hardware-configuration.nix ./networking.nix - ./experiments/birdsong-dns.nix # TODO: this breaks external IPv6 somehow # ./experiments/pennykettle.nix ]; diff --git a/hosts/yevaud/experiments/birdsong-dns.nix b/hosts/yevaud/experiments/birdsong-dns.nix deleted file mode 100644 index 58db9b6..0000000 --- a/hosts/yevaud/experiments/birdsong-dns.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.bind = { - # enable = true; - cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; - forwarders = [ ]; - listenOn = [ config.birdsong.hosts.yevaud.ipv4 ]; - listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ]; - zones = { - "birdsong.internal" = { - master = true; - file = pkgs.writeText "birdsong.internal.zone" '' - $TTL 60 - $ORIGIN birdsong.internal. - - birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 ) - birdsong.internal. IN NS ns.birdsong.internal. - - yevaud.c.birdsong.internal. IN A 10.127.1.1 - yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 - - ns.birdsong.internal. IN A 10.127.1.1 - ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 - ''; - }; - }; - }; - networking.resolvconf.useLocalResolver = false; - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; -} diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix index 09cdd44..ec5f001 100644 --- a/services/distributed-builds.nix +++ b/services/distributed-builds.nix @@ -35,7 +35,7 @@ in nix.buildMachines = (optional (elem "kalessin" cfg.builders) { - hostName = config.birdsong.hosts."kalessin".ipv4; + hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "aarch64-linux" ]; @@ -43,7 +43,7 @@ in supportedFeatures = [ "big-parallel" ]; }) ++ (optional (elem "kilgharrah" cfg.builders) { - hostName = config.birdsong.hosts."kilgharrah".ipv4; + hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "x86_64-linux" ];