From faff3a5eef74c4a394e6ffc3edfa5120006c40d7 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Sun, 29 Jan 2023 12:11:31 +0800 Subject: [PATCH] nixbld: relocation --- nixbld-etc-nixos/configuration.nix | 27 +++++++-------------------- nixbld-etc-nixos/named/m-labs.hk | 12 ++++++------ 2 files changed, 13 insertions(+), 26 deletions(-) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 0a027227..6518da1e 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -52,7 +52,7 @@ in security.apparmor.enable = true; services.fail2ban.enable = true; - services.fail2ban.ignoreIP = [ "42.200.147.171" "2001:470:18:629::2" ]; + services.fail2ban.ignoreIP = [ "94.190.212.123" "2001:470:18:390::2" ]; services.fail2ban.maxretry = 9; services.fail2ban.bantime-increment.enable = true; services.fail2ban.jails.sshd = @@ -101,19 +101,9 @@ in prefixLength = 24; }]; ipv6.addresses = [{ - address = "2001:470:f821:1::"; + address = "2001:470:f891:1::"; prefixLength = 64; }]; - ipv4.routes = [{ - address = "192.168.13.0"; - prefixLength = 24; - via = "192.168.1.30"; - }]; - ipv6.routes = [{ - address = "2001:470:f821:3::"; - prefixLength = 64; - via = "2001:470:f821:1:dea6:32ff:fe95:2fcf"; - }]; }; interfaces."${netifWifi}" = { ipv4.addresses = [{ @@ -121,7 +111,7 @@ in prefixLength = 24; }]; ipv6.addresses = [{ - address = "2001:470:f821:2::"; + address = "2001:470:f891:2::"; prefixLength = 64; }]; }; @@ -159,11 +149,11 @@ in sits."${netifSit}" = { dev = netifWan; remote = "216.218.221.6"; - local = "42.200.147.171"; + local = "94.190.212.123"; ttl = 255; }; interfaces."${netifSit}".ipv6 = { - addresses = [{ address = "2001:470:18:629::2"; prefixLength = 64; }]; + addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }]; routes = [{ address = "::"; prefixLength = 0; }]; }; }; @@ -176,8 +166,8 @@ in # chown named.named /etc/nixos/named services.bind = { enable = true; - listenOn = [ "42.200.147.171" ]; - listenOnIpv6 = [ "2001:470:18:629::2" ]; + listenOn = [ "94.190.212.123" ]; + listenOnIpv6 = [ "2001:470:18:390::2" ]; forwarders = []; extraOptions = "listen-on-v6 port 5354 { ::1; };"; cacheNetworks = [ "::1/128" ]; @@ -249,9 +239,6 @@ in dhcp-host=rpi-4,192.168.1.204 # Static IP addresses for non-DHCP boards - address=/rpi-ext/192.168.1.30 - address=/rpi-ext/2001:470:f821:1:dea6:32ff:fe95:2fcf - address=/thermostat/192.168.1.26 address=/powercycler/192.168.1.31 address=/kc705/192.168.1.50 diff --git a/nixbld-etc-nixos/named/m-labs.hk b/nixbld-etc-nixos/named/m-labs.hk index 28b9eaaf..70e13f13 100644 --- a/nixbld-etc-nixos/named/m-labs.hk +++ b/nixbld-etc-nixos/named/m-labs.hk @@ -1,7 +1,7 @@ $TTL 7200 @ SOA NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G. sb.m-labs.hk. ( - 2023012704 + 2023012901 7200 3600 86400 @@ -11,15 +11,15 @@ $TTL 7200 NS NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G. NS ns1.he.net. - A 42.200.147.171 - AAAA 2001:470:18:629::2 + A 94.190.212.123 + AAAA 2001:470:18:390::2 MX 10 mail.m-labs.hk. TXT "v=spf1 mx -all" TXT "google-site-verification=Tf_TEGZLG7-2BE70hMjLnzjDZ1qUeUZ6vxzbl1sagT8" -mail A 42.200.147.171 -mail AAAA 2001:470:18:629::2 +mail A 94.190.212.123 +mail AAAA 2001:470:18:390::2 mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB" _dmarc TXT "v=DMARC1; p=none" @@ -45,4 +45,4 @@ rpi-ext AAAA 2001:470:f821:1:dea6:32ff:fe95:2fcf chiron AAAA 2001:470:f891:1:7f02:9ebf:bee9:3dc7 old-nixbld AAAA 2001:470:f891:1:a07b:f49a:a4ef:aad9 -aux A 94.190.212.123 +aux A 42.200.147.171