falkenstein: cleanups

dns: move all local hosts under vpn.rfive.de
updates
2025-04-04 13:56:19 +02:00 · 2024-04-01 14:25:19 +02:00 · 2024-04-01 14:23:43 +02:00 · 2024-04-01 13:07:32 +02:00 · 2024-04-01 13:07:10 +02:00
6 changed files with 27 additions and 59 deletions
--- a/flake.lock
+++ b/flake.lock
@ -180,11 +180,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711625603,
-        "narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=",
+        "lastModified": 1711915616,
+        "narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2",
+        "rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6",
        "type": "github"
      },
      "original": {
@ -200,11 +200,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709110024,
-        "narHash": "sha256-5gJQgQAYZPvT5vzSrR2yHD4wGCQNO7Pds618MMGUTD8=",
+        "lastModified": 1711658384,
+        "narHash": "sha256-CbIPdqcX4k7DfnRaicJy6IlaszWyDIxiQMAxB6OGGK4=",
        "owner": "rouven0",
        "repo": "TruckSimulatorBot-images",
-        "rev": "05f98442b21c771c90699b55eed8f1e1c0dd50cd",
+        "rev": "7f57bdee9a22d4b2bb46ed1eae5aba11dfe34976",
        "type": "github"
      },
      "original": {
@ -281,11 +281,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711249705,
-        "narHash": "sha256-h/NQECj6mIzF4XR6AQoSpkCnwqAM+ol4+qOdYi2ykmQ=",
+        "lastModified": 1711854532,
+        "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "34519f3bb678a5abbddf7b200ac5347263ee781b",
+        "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7",
        "type": "github"
      },
      "original": {
@ -296,11 +296,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1711523803,
-        "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
+        "lastModified": 1711703276,
+        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
+        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
        "type": "github"
      },
      "original": {
@ -398,11 +398,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711391819,
-        "narHash": "sha256-sNI0PLFXvFM5M6h9PYrbF+IfL199OYLRz875lNZ9Y0Q=",
+        "lastModified": 1711961571,
+        "narHash": "sha256-kYcs9KKTbN0ACPYTmeAF+EIj62kGBiimffHmFgOeQJo=",
        "owner": "rouven0",
        "repo": "purge",
-        "rev": "e82088390a446b6ad1f4df92d62478ea557d98de",
+        "rev": "6ce3c6cedb0f31885fc3775c96fb8cfca403bc93",
        "type": "github"
      },
      "original": {
@ -507,11 +507,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711395032,
-        "narHash": "sha256-2fH6TXdPKZaTx6NXucFn7HaFDZ9vC1ebTql5XkdkWTI=",
+        "lastModified": 1711961583,
+        "narHash": "sha256-ClezUJ0pH/DMU0u3e3t0qAgm+HQ9v6BmH1y5z8W6TZg=",
        "owner": "rouven0",
        "repo": "TruckSimulatorBot",
-        "rev": "4776a2235fffb96aa8fcc8e33d39af17907754ae",
+        "rev": "eeffe63c4948769034a28cf0cd04885c754eba97",
        "type": "github"
      },
      "original": {
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@ -6,7 +6,7 @@ let
    $ORIGIN rfive.de.

    rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
-      2024032601 ; serial
+      2024040103 ; serial
      10800      ; refresh
      3600       ; retry
      604800     ; expire
@ -29,10 +29,6 @@ let
    nuc         A     141.30.227.6
    falkenstein A     23.88.121.184
    falkenstein AAAA  2a01:4f8:c012:49de::1
-    falkenstein SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F
-    falkenstein SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990
-    falkenstein SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A
-    falkenstein SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2

    @    MX 1 mail.rfive.de.
    mail A 23.88.121.184
--- a/hosts/falkenstein/modules/fail2ban/default.nix
+++ b/hosts/falkenstein/modules/fail2ban/default.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ ... }:
 {
  services.fail2ban = {
    enable = true;
@ -11,11 +11,6 @@
      enable = true;
    };
    jails = {
-      sshd = lib.mkForce ''
-        enabled = true
-        port = ssh
-        filter= sshd[mode=aggressive]
-      '';
      dovecot = ''
        enabled = true
        # aggressive mode add blocking for aborted connections
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -163,7 +163,8 @@
      networkConfig = {
        Address = "192.168.43.3/32";
        DNS = "192.168.43.1";
-        DNSSEC = true;
+        Domains = "~vpn.rfive.de";
+        DNSSEC = false;
        BindCarrier = [ "wlp9s0" ];
      };
    };
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@ -27,9 +27,6 @@

    # messaging
    tdesktop
-    gomuks
-    profanity
-    fractal

    # games
    prismlauncher
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@ -3,14 +3,14 @@ let
  git = "~/.ssh/git";
 in
 {
-  programs.ssh = rec {
+  programs.ssh = {
    enable = true;
    compression = true;
    controlMaster = "auto";
    controlPersist = "10m";
    extraConfig = ''
      CanonicalizeHostname yes
-      CanonicalDomains agdsn.network
+      CanonicalDomains agdsn.network vpn.rfive.de
      PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
      IdentityFile ~/.ssh/id_ed25519
      VisualHostKey = yes
@ -21,26 +21,6 @@ in
        match = "Host github.com User git";
        identityFile = git;
      };
-      "rfive.de" = {
-        hostname = "falkenstein.rfive.de";
-        user = "root";
-        extraOptions = {
-          VerifyHostKeyDNS = "yes";
-        };
-      };
-      # used for nix remote building
-      falkenstein = matchBlocks."rfive.de";
-
-      "nuc" = {
-        hostname = "192.168.42.2";
-        user = "root";
-      };
-
-      "router" = {
-        hostname = "192.168.42.1";
-        user = "root";
-      };
-
      # iFSR
      "fsr" = {
        hostname = "ifsr.de";
@ -70,10 +50,6 @@ in
        hostname = "tomate.ifsr.de";
        user = "root";
      };
-      "durian" = {
-        hostname = "durian.ifsr.de";
-        user = "root";
-      };
      "git@ifsr.de" = {
        match = "Host ifsr.de User git";
        identityFile = git;
@ -94,6 +70,9 @@ in
          VerifyHostKeyDNS = "yes";
        };
      };
+      "*.vpn.rfive.de" = {
+        user = "root";
+      };
      "git@git.agdsn.de" = {
        match = "Host git.agdsn.de User git";
        identityFile = git;
Author	SHA1	Message	Date
Rouven Seifert	1b3c8721ec	falkenstein: cleanups	2024-04-01 14:25:19 +02:00
Rouven Seifert	0205b8b2ea	dns: move all local hosts under vpn.rfive.de	2024-04-01 14:23:43 +02:00
Rouven Seifert	0b0ddf7faf	updates	2024-04-01 13:07:32 +02:00
Rouven Seifert	fcae1118f4	dns: only use wireguard for the .lan domain	2024-04-01 13:07:10 +02:00