nixbld: relocation

This commit is contained in:
Sebastien Bourdeauducq 2023-01-29 12:11:31 +08:00
parent 3210289ebf
commit faff3a5eef
2 changed files with 13 additions and 26 deletions

View File

@ -52,7 +52,7 @@ in
security.apparmor.enable = true; security.apparmor.enable = true;
services.fail2ban.enable = true; services.fail2ban.enable = true;
services.fail2ban.ignoreIP = [ "42.200.147.171" "2001:470:18:629::2" ]; services.fail2ban.ignoreIP = [ "94.190.212.123" "2001:470:18:390::2" ];
services.fail2ban.maxretry = 9; services.fail2ban.maxretry = 9;
services.fail2ban.bantime-increment.enable = true; services.fail2ban.bantime-increment.enable = true;
services.fail2ban.jails.sshd = services.fail2ban.jails.sshd =
@ -101,19 +101,9 @@ in
prefixLength = 24; prefixLength = 24;
}]; }];
ipv6.addresses = [{ ipv6.addresses = [{
address = "2001:470:f821:1::"; address = "2001:470:f891:1::";
prefixLength = 64; prefixLength = 64;
}]; }];
ipv4.routes = [{
address = "192.168.13.0";
prefixLength = 24;
via = "192.168.1.30";
}];
ipv6.routes = [{
address = "2001:470:f821:3::";
prefixLength = 64;
via = "2001:470:f821:1:dea6:32ff:fe95:2fcf";
}];
}; };
interfaces."${netifWifi}" = { interfaces."${netifWifi}" = {
ipv4.addresses = [{ ipv4.addresses = [{
@ -121,7 +111,7 @@ in
prefixLength = 24; prefixLength = 24;
}]; }];
ipv6.addresses = [{ ipv6.addresses = [{
address = "2001:470:f821:2::"; address = "2001:470:f891:2::";
prefixLength = 64; prefixLength = 64;
}]; }];
}; };
@ -159,11 +149,11 @@ in
sits."${netifSit}" = { sits."${netifSit}" = {
dev = netifWan; dev = netifWan;
remote = "216.218.221.6"; remote = "216.218.221.6";
local = "42.200.147.171"; local = "94.190.212.123";
ttl = 255; ttl = 255;
}; };
interfaces."${netifSit}".ipv6 = { interfaces."${netifSit}".ipv6 = {
addresses = [{ address = "2001:470:18:629::2"; prefixLength = 64; }]; addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }];
routes = [{ address = "::"; prefixLength = 0; }]; routes = [{ address = "::"; prefixLength = 0; }];
}; };
}; };
@ -176,8 +166,8 @@ in
# chown named.named /etc/nixos/named # chown named.named /etc/nixos/named
services.bind = { services.bind = {
enable = true; enable = true;
listenOn = [ "42.200.147.171" ]; listenOn = [ "94.190.212.123" ];
listenOnIpv6 = [ "2001:470:18:629::2" ]; listenOnIpv6 = [ "2001:470:18:390::2" ];
forwarders = []; forwarders = [];
extraOptions = "listen-on-v6 port 5354 { ::1; };"; extraOptions = "listen-on-v6 port 5354 { ::1; };";
cacheNetworks = [ "::1/128" ]; cacheNetworks = [ "::1/128" ];
@ -249,9 +239,6 @@ in
dhcp-host=rpi-4,192.168.1.204 dhcp-host=rpi-4,192.168.1.204
# Static IP addresses for non-DHCP boards # Static IP addresses for non-DHCP boards
address=/rpi-ext/192.168.1.30
address=/rpi-ext/2001:470:f821:1:dea6:32ff:fe95:2fcf
address=/thermostat/192.168.1.26 address=/thermostat/192.168.1.26
address=/powercycler/192.168.1.31 address=/powercycler/192.168.1.31
address=/kc705/192.168.1.50 address=/kc705/192.168.1.50

View File

@ -1,7 +1,7 @@
$TTL 7200 $TTL 7200
@ SOA NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G. sb.m-labs.hk. ( @ SOA NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G. sb.m-labs.hk. (
2023012704 2023012901
7200 7200
3600 3600
86400 86400
@ -11,15 +11,15 @@ $TTL 7200
NS NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G. NS NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G.
NS ns1.he.net. NS ns1.he.net.
A 42.200.147.171 A 94.190.212.123
AAAA 2001:470:18:629::2 AAAA 2001:470:18:390::2
MX 10 mail.m-labs.hk. MX 10 mail.m-labs.hk.
TXT "v=spf1 mx -all" TXT "v=spf1 mx -all"
TXT "google-site-verification=Tf_TEGZLG7-2BE70hMjLnzjDZ1qUeUZ6vxzbl1sagT8" TXT "google-site-verification=Tf_TEGZLG7-2BE70hMjLnzjDZ1qUeUZ6vxzbl1sagT8"
mail A 42.200.147.171 mail A 94.190.212.123
mail AAAA 2001:470:18:629::2 mail AAAA 2001:470:18:390::2
mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB" mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB"
_dmarc TXT "v=DMARC1; p=none" _dmarc TXT "v=DMARC1; p=none"
@ -45,4 +45,4 @@ rpi-ext AAAA 2001:470:f821:1:dea6:32ff:fe95:2fcf
chiron AAAA 2001:470:f891:1:7f02:9ebf:bee9:3dc7 chiron AAAA 2001:470:f891:1:7f02:9ebf:bee9:3dc7
old-nixbld AAAA 2001:470:f891:1:a07b:f49a:a4ef:aad9 old-nixbld AAAA 2001:470:f891:1:a07b:f49a:a4ef:aad9
aux A 94.190.212.123 aux A 42.200.147.171