From 0205b8b2ea06cd23d3c1ffacccefddc2adc324a6 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 1 Apr 2024 14:23:43 +0200
Subject: [PATCH] dns: move all local hosts under vpn.rfive.de

---
 hosts/falkenstein/modules/dns/default.nix   |  2 +-
 hosts/thinkpad/modules/networks/default.nix |  4 +--
 users/rouven/modules/ssh/default.nix        | 31 ++++-----------------
 3 files changed, 8 insertions(+), 29 deletions(-)

diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index eb4e333..aa1ea34 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -6,7 +6,7 @@ let
     $ORIGIN rfive.de.
 
     rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
-      2024032601 ; serial
+      2024040102 ; serial
       10800      ; refresh
       3600       ; retry
       604800     ; expire
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 6c385b3..cbfb1f4 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -163,8 +163,8 @@
       networkConfig = {
         Address = "192.168.43.3/32";
         DNS = "192.168.43.1";
-        Domains = "~lan";
-        DNSSEC = true;
+        Domains = "~vpn.rfive.de";
+        DNSSEC = false;
         BindCarrier = [ "wlp9s0" ];
       };
     };
diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix
index 59fd80d..284d555 100644
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@@ -3,14 +3,14 @@ let
   git = "~/.ssh/git";
 in
 {
-  programs.ssh = rec {
+  programs.ssh = {
     enable = true;
     compression = true;
     controlMaster = "auto";
     controlPersist = "10m";
     extraConfig = ''
       CanonicalizeHostname yes
-      CanonicalDomains agdsn.network
+      CanonicalDomains agdsn.network vpn.rfive.de
       PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
       IdentityFile ~/.ssh/id_ed25519
       VisualHostKey = yes
@@ -21,26 +21,6 @@ in
         match = "Host github.com User git";
         identityFile = git;
       };
-      "rfive.de" = {
-        hostname = "falkenstein.rfive.de";
-        user = "root";
-        extraOptions = {
-          VerifyHostKeyDNS = "yes";
-        };
-      };
-      # used for nix remote building
-      falkenstein = matchBlocks."rfive.de";
-
-      "nuc" = {
-        hostname = "192.168.42.2";
-        user = "root";
-      };
-
-      "router" = {
-        hostname = "192.168.42.1";
-        user = "root";
-      };
-
       # iFSR
       "fsr" = {
         hostname = "ifsr.de";
@@ -70,10 +50,6 @@ in
         hostname = "tomate.ifsr.de";
         user = "root";
       };
-      "durian" = {
-        hostname = "durian.ifsr.de";
-        user = "root";
-      };
       "git@ifsr.de" = {
         match = "Host ifsr.de User git";
         identityFile = git;
@@ -94,6 +70,9 @@ in
           VerifyHostKeyDNS = "yes";
         };
       };
+      "*.vpn.rfive.de" = {
+        user = "root";
+      };
       "git@git.agdsn.de" = {
         match = "Host git.agdsn.de User git";
         identityFile = git;