From c48b1995f8c7bbc659ec4ca54c34add9fdaf7a2b Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sat, 18 Mar 2023 20:41:09 -0600 Subject: [PATCH] Remove zerotier --- README.md | 2 +- TODO.md | 4 ---- common/network/default.nix | 1 - common/network/hosts.nix | 18 +++--------------- common/network/ping.nix | 1 - common/network/tailscale.nix | 6 +++++- common/network/zerotier.nix | 16 ---------------- common/pc/mount-samba.nix | 8 ++++---- common/server/mailserver.nix | 4 ++++ machines/nat/configuration.nix | 2 -- machines/ponyo/configuration.nix | 5 ++--- machines/ray/configuration.nix | 2 -- machines/router/configuration.nix | 4 ++-- machines/storage/s0/configuration.nix | 3 +-- 14 files changed, 22 insertions(+), 54 deletions(-) delete mode 100644 common/network/zerotier.nix diff --git a/README.md b/README.md index 8304fb5..b9f747c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ### Source Layout - `/common` - common configuration imported into all `/machines` - `/boot` - config related to bootloaders, cpu microcode, and unlocking LUKS root disks over tor - - `/network` - config for tailscale, zeroteir, and NixOS container with automatic vpn tunneling via PIA + - `/network` - config for tailscale, and NixOS container with automatic vpn tunneling via PIA - `/pc` - config that a graphical desktop computer should have. Use `de.enable = true;` to enable everthing. - `/server` - config that creates new nixos services or extends existing ones to meet my needs - `/ssh.nix` - all ssh public host and user keys for all `/machines` diff --git a/TODO.md b/TODO.md index 8627c2e..1ffe0bf 100644 --- a/TODO.md +++ b/TODO.md @@ -52,10 +52,6 @@ - https://ampache.org/ - replace nextcloud with seafile -### Networking -- tailscale for p2p connections - - remove all use of zerotier - ### Archive - https://www.backblaze.com/b2/cloud-storage.html - email diff --git a/common/network/default.nix b/common/network/default.nix index cdb739b..db8ecaa 100644 --- a/common/network/default.nix +++ b/common/network/default.nix @@ -13,7 +13,6 @@ in ./ping.nix ./tailscale.nix ./vpn.nix - ./zerotier.nix ]; options.networking.ip_forward = mkEnableOption "Enable ip forwarding"; diff --git a/common/network/hosts.nix b/common/network/hosts.nix index 2c7300a..aef397d 100644 --- a/common/network/hosts.nix +++ b/common/network/hosts.nix @@ -22,22 +22,10 @@ let ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion"; s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion"; }; - - zerotierHosts = { - "s0.zt.neet.dev" = "172.30.145.180"; - "ponyo.zt.neet.dev" = "172.30.109.9"; - "ray.zt.neet.dev" = "172.30.189.212"; - }; in { - # some DNS providers filter local ip results from DNS request - networking.hosts = concatMapAttrs (host: ip: {ip = [host];}) zerotierHosts; - - # TODO only add if zerotier is enabled - keepalive-ping.hosts = attrNames zerotierHosts; - programs.ssh.knownHosts = { ponyo = { - hostNames = [ "ponyo" "ponyo.neet.dev" "ponyo.zt.neet.dev" "git.neet.dev" ]; + hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ]; publicKey = system.ponyo; }; ponyo-unlock = { @@ -53,11 +41,11 @@ in { publicKey = system.router-unlock; }; ray = { - hostNames = [ "ray" "ray.zt.neet.dev" ]; + hostNames = [ "ray" ]; publicKey = system.ray; }; s0 = { - hostNames = [ "s0" "s0.zt.neet.dev" ]; + hostNames = [ "s0" ]; publicKey = system.s0; }; s0-unlock = { diff --git a/common/network/ping.nix b/common/network/ping.nix index 5f4c92e..fd0c758 100644 --- a/common/network/ping.nix +++ b/common/network/ping.nix @@ -10,7 +10,6 @@ with builtins; let cfg = config.keepalive-ping; - # keepalive-ping = { serviceTemplate = host: { "keepalive-ping@${host}" = { diff --git a/common/network/tailscale.nix b/common/network/tailscale.nix index 3340c1c..788de17 100644 --- a/common/network/tailscale.nix +++ b/common/network/tailscale.nix @@ -8,7 +8,11 @@ in { options.services.tailscale.exitNode = mkEnableOption "Enable exit node support"; - config.services.tailscale.enable = !config.boot.isContainer; + config.services.tailscale.enable = mkDefault (!config.boot.isContainer); + + # MagicDNS + config.networking.nameservers = mkIf cfg.enable [ "1.1.1.1" "8.8.8.8" "100.100.100.100" ]; + config.networking.search = mkIf cfg.enable [ "koi-bebop.ts.net" ]; # exit node config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose"; diff --git a/common/network/zerotier.nix b/common/network/zerotier.nix deleted file mode 100644 index dd8fc2c..0000000 --- a/common/network/zerotier.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, ... }: - -let - cfg = config.services.zerotierone; -in { - config = lib.mkIf cfg.enable { - keepalive-ping.enable = true; - - services.zerotierone.joinNetworks = [ - "565799d8f6d654c0" - ]; - networking.firewall.allowedUDPPorts = [ - 9993 - ]; - }; -} \ No newline at end of file diff --git a/common/pc/mount-samba.nix b/common/pc/mount-samba.nix index 7029f31..ae44651 100644 --- a/common/pc/mount-samba.nix +++ b/common/pc/mount-samba.nix @@ -1,4 +1,4 @@ -# mounts the samba share on s0 over zeroteir +# mounts the samba share on s0 over tailscale { config, lib, ... }: @@ -18,15 +18,15 @@ in { enable = lib.mkEnableOption "enable mounting samba shares"; }; - config = lib.mkIf (cfg.enable && config.services.zerotierone.enable) { + config = lib.mkIf (cfg.enable && config.services.tailscale.enable) { fileSystems."/mnt/public" = { - device = "//s0.zt.neet.dev/public"; + device = "//s0.koi-bebop.ts.net/public"; fsType = "cifs"; options = [ opts ]; }; fileSystems."/mnt/private" = { - device = "//s0.zt.neet.dev/googlebot"; + device = "//s0.koi-bebop.ts.net/googlebot"; fsType = "cifs"; options = [ opts ]; }; diff --git a/common/server/mailserver.nix b/common/server/mailserver.nix index f0c33c1..8f947c1 100644 --- a/common/server/mailserver.nix +++ b/common/server/mailserver.nix @@ -17,6 +17,10 @@ let ]; in { config = lib.mkIf cfg.enable { + # kresd doesn't work with tailscale MagicDNS + mailserver.localDnsResolver = false; + services.resolved.enable = true; + mailserver = { fqdn = "mail.neet.dev"; dkimKeyBits = 2048; diff --git a/machines/nat/configuration.nix b/machines/nat/configuration.nix index 5a9a832..8285f6d 100644 --- a/machines/nat/configuration.nix +++ b/machines/nat/configuration.nix @@ -10,8 +10,6 @@ networking.hostName = "nat"; networking.interfaces.ens160.useDHCP = true; - services.zerotierone.enable = true; - de.enable = true; de.touchpad.enable = true; } diff --git a/machines/ponyo/configuration.nix b/machines/ponyo/configuration.nix index 8d9b309..f0ad0d9 100644 --- a/machines/ponyo/configuration.nix +++ b/machines/ponyo/configuration.nix @@ -11,7 +11,6 @@ # p2p mesh network services.tailscale.exitNode = true; - services.zerotierone.enable = true; # email server mailserver.enable = true; @@ -107,14 +106,14 @@ enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://s0.zt.neet.dev"; + proxyPass = "http://s0.koi-bebop.ts.net"; proxyWebsockets = true; }; }; services.nginx.virtualHosts."navidrome.neet.cloud" = { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://s0.zt.neet.dev:4533"; + locations."/".proxyPass = "http://s0.koi-bebop.ts.net:4533"; }; # TODO replace with a proper file hosting service diff --git a/machines/ray/configuration.nix b/machines/ray/configuration.nix index b45f210..0db3182 100644 --- a/machines/ray/configuration.nix +++ b/machines/ray/configuration.nix @@ -37,8 +37,6 @@ virtualisation.docker.enable = true; - services.zerotierone.enable = true; - services.mount-samba.enable = true; de.enable = true; diff --git a/machines/router/configuration.nix b/machines/router/configuration.nix index 9252e26..e6aad9d 100644 --- a/machines/router/configuration.nix +++ b/machines/router/configuration.nix @@ -7,9 +7,9 @@ networking.hostName = "router"; - services.zerotierone.enable = true; - system.autoUpgrade.enable = true; + services.tailscale.exitNode = true; + networking.useDHCP = lib.mkForce true; } \ No newline at end of file diff --git a/machines/storage/s0/configuration.nix b/machines/storage/s0/configuration.nix index 8674c06..7a18e72 100644 --- a/machines/storage/s0/configuration.nix +++ b/machines/storage/s0/configuration.nix @@ -9,9 +9,8 @@ system.autoUpgrade.enable = true; - # mesh networking + # p2p mesh network services.tailscale.exitNode = true; - services.zerotierone.enable = true; # for education purposes only services.pykms.enable = true;