mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2026-03-25 18:46:10 +01:00
relay1: migrate to wstunnel + WireGuard subnet relay via Headscale
Replace the OpenVPN/OCServ path with a cleaner wstunnel-terminated WireGuard relay on :443, advertise/approve corporate subnet routes through Headscale, and add wsl DNS/route plumbing for tailnet access.
This commit is contained in:
Paul-Henri Froidmont
parent
572c6e3e54
commit
a6571d5f39
GPG key ID:
BE948AFD7E7873BE
5 changed files with 87 additions and 76 deletions
|
|
@ -117,7 +117,7 @@
|
|||
profiles.system = createSystemProfile self.nixosConfigurations.hel1;
|
||||
};
|
||||
relay1 = {
|
||||
hostname = "rl.froidmont.org";
|
||||
hostname = "rl.banditlair.com";
|
||||
profiles.system = createSystemProfile self.nixosConfigurations.relay1;
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -37,6 +37,13 @@ in
|
|||
"lefoyer.lu" = "10.33.0.100";
|
||||
};
|
||||
};
|
||||
extra_records = [
|
||||
{
|
||||
name = "wsl.ts.net";
|
||||
type = "A";
|
||||
value = "10.250.250.2";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
modulesPath,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
|
@ -23,7 +22,10 @@
|
|||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
networking.firewall.allowPing = true;
|
||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
networking.usePredictableInterfaceNames = false;
|
||||
custom.services.openssh.enable = true;
|
||||
services.openssh.openFirewall = true;
|
||||
|
|
@ -31,79 +33,78 @@
|
|||
services.nscd.enableNsncd = true;
|
||||
zramSwap.enable = true;
|
||||
|
||||
sops.secrets = {
|
||||
openvpnCa = {
|
||||
key = "openvpn/ca.crt";
|
||||
};
|
||||
openvpnServerCert = {
|
||||
key = "openvpn/server.crt";
|
||||
};
|
||||
openvpnServerKey = {
|
||||
key = "openvpn/server.key";
|
||||
};
|
||||
openvpnDh = {
|
||||
key = "openvpn/dh.pem";
|
||||
};
|
||||
openvpnTlsCrypt = {
|
||||
key = "openvpn/tls-crypt.key";
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "letsencrypt.account@banditlair.com";
|
||||
certs."ws.banditlair.com" = {
|
||||
listenHTTP = "0.0.0.0:80";
|
||||
reloadServices = [ "wstunnel-server-relay.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /etc/openvpn/ccd 0750 root root -"
|
||||
];
|
||||
services.wstunnel = {
|
||||
enable = true;
|
||||
servers.relay = {
|
||||
listen = {
|
||||
host = "0.0.0.0";
|
||||
port = 443;
|
||||
enableHTTPS = true;
|
||||
};
|
||||
useACMEHost = "ws.banditlair.com";
|
||||
settings = {
|
||||
log-lvl = "INFO";
|
||||
restrict-to = [
|
||||
{
|
||||
host = "127.0.0.1";
|
||||
port = 51820;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."openvpn/ccd/wsl".text = ''
|
||||
iroute 10.33.0.0 255.255.0.0
|
||||
iroute 10.46.0.0 255.255.0.0
|
||||
iroute 10.133.0.0 255.255.0.0
|
||||
iroute 10.134.0.0 255.255.0.0
|
||||
iroute 10.161.0.0 255.255.0.0
|
||||
iroute 10.200.0.0 255.255.0.0
|
||||
'';
|
||||
systemd.services.wstunnel-server-relay = {
|
||||
after = [ "acme-ws.banditlair.com.service" ];
|
||||
wants = [ "acme-ws.banditlair.com.service" ];
|
||||
};
|
||||
|
||||
services.openvpn.servers.relay.config = ''
|
||||
port 443
|
||||
proto tcp-server
|
||||
dev tun
|
||||
topology subnet
|
||||
networking.wireguard.enable = true;
|
||||
networking.wireguard.interfaces.wg-relay = {
|
||||
ips = [ "10.250.250.1/30" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = "/var/lib/wireguard/wg-relay.key";
|
||||
generatePrivateKeyFile = true;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "EX3QEJYNzs3sA3FUEIc9YGAhEup20qOCzUe+nMRrljQ=";
|
||||
allowedIPs = [
|
||||
"10.250.250.2/32"
|
||||
"10.33.0.0/16"
|
||||
"10.46.0.0/16"
|
||||
"10.133.0.0/16"
|
||||
"10.134.0.0/16"
|
||||
"10.161.0.0/16"
|
||||
"10.200.0.0/16"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
user nobody
|
||||
group nogroup
|
||||
persist-key
|
||||
persist-tun
|
||||
keepalive 10 120
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "server";
|
||||
extraSetFlags = [
|
||||
"--advertise-routes=10.250.250.2/32,10.33.0.0/16,10.46.0.0/16,10.133.0.0/16,10.134.0.0/16,10.161.0.0/16,10.200.0.0/16"
|
||||
];
|
||||
};
|
||||
|
||||
ca ${config.sops.secrets.openvpnCa.path}
|
||||
cert ${config.sops.secrets.openvpnServerCert.path}
|
||||
key ${config.sops.secrets.openvpnServerKey.path}
|
||||
dh ${config.sops.secrets.openvpnDh.path}
|
||||
tls-crypt ${config.sops.secrets.openvpnTlsCrypt.path}
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
|
||||
server 10.8.0.0 255.255.255.0
|
||||
client-config-dir /etc/openvpn/ccd
|
||||
|
||||
route 10.33.0.0 255.255.0.0
|
||||
route 10.46.0.0 255.255.0.0
|
||||
route 10.133.0.0 255.255.0.0
|
||||
route 10.134.0.0 255.255.0.0
|
||||
route 10.161.0.0 255.255.0.0
|
||||
route 10.200.0.0 255.255.0.0
|
||||
|
||||
push "route 10.33.0.0 255.255.0.0"
|
||||
push "route 10.46.0.0 255.255.0.0"
|
||||
push "route 10.133.0.0 255.255.0.0"
|
||||
push "route 10.134.0.0 255.255.0.0"
|
||||
push "route 10.161.0.0 255.255.0.0"
|
||||
push "route 10.200.0.0 255.255.0.0"
|
||||
|
||||
push "dhcp-option DNS 1.1.1.1"
|
||||
push "dhcp-option DNS 9.9.9.9"
|
||||
|
||||
status /var/log/openvpn-relay-status.log
|
||||
log-append /var/log/openvpn-relay.log
|
||||
verb 3
|
||||
'';
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "tailscale0" ];
|
||||
externalInterface = "wg-relay";
|
||||
};
|
||||
|
||||
disko.devices = {
|
||||
disk.disk1 = {
|
||||
|
|
|
|||
|
|
@ -58,11 +58,6 @@ wireguard:
|
|||
torrents.conf: ENC[AES256_GCM,data:xmiIpECVRdZ7yXs+3bVXc1tX/vKx5NSFxnOE0HQpmF0c97rd0ztkVtoLO1a6HWgCnxA/8TQbJo/B/Ij5fOjJ4xa16PCmhHY1Ba4/qjTykwmtvHctFRMTrAxQqx9MGqf/TadiorvYvUVomvas82W2+fPQb+wmxYsoM/Tq/dXy6Os933znEHtcfBe+qCXYijGqX9ob5GbXL0DvxGnJaQIxji00XiDXXhfVBCI5jHWCI/S8XD3PmS0RwZ6cik9tqeuB3PuOxVj5ofXEM9T+YrIXsj7dCtNiY5bifADScPYKw/VmDW4tT8NOuYFTQYkwY3O5psUSZUbMAdJYyygFhDoW8j1tifxdh4VLHmsw8MrYzNOFiZxv9VR/XVDSbxA/yFaIn+JqKw==,iv:mpUekPnpCIr/NcE+kOW4li3itFki/lVVtf/hkBKtM5E=,tag:rAyp3kzzvCX3YRWkrDODHw==,type:str]
|
||||
openvpn:
|
||||
credentials: ENC[AES256_GCM,data:AZRmAhGhqsCs650ExArM0nVX,iv:Y6vTMjIC5s4gIwDWgYfEOUPGScPpj4jhk4XYeyRjpUw=,tag:vkob+Q+Mv6O2GCFvY+adRw==,type:str]
|
||||
ca.crt: ENC[AES256_GCM,data:2F9u9O6+X3uKLFuA17q8bJ4D1wT9O8xQZjwT4VS5qc4vc6Fe2ocmOjP6psyylxlrU1ckhdjqIw8glbpEGyKbZTPBLF3xeCvP0aniP/BLZnfAUnksLgKeO9IqpysFGeFBxbW5z67QNReaK2vrYFsrIwYvyZQekFqhBSot9qC7WGw7BNcCqnlsho+sRC5SvJ7PLVfOd78qQF57UkZ38pNqj+lGYPTc9D03zxotM/0qgRTyrVbpjVOuygMBm6eQx6nUFIIZ5W5gApXO4lpY1rCpPVj7TN9E6aJ8ezcuz+wI/A4JN7KDrv1GgOGAZhSLodTMc7rw0RZ0IfqWIyb2Yffl0EHftxckgUuRSNrrUpsbwsvIjRJg1gSif0E4WNdGqTLbVv7UE/M7+K92BBqo83RhN0LxD9s81BgdWr8I5HsNZ08w1YF7vo7JBssKSgSINm+xPlf0Q3HXZUb7VREYI02UKPMLPUkJcxXipb2tfV5RlZzEjl2CplF43K8w2ES3wCD7xk3l5h5EAovsHY2nroCo50Q2igaNIYDqn9IU7KeqklzNZboFd/9bDn4MwgP27dFffJuOtD2dv3Xc5yBc/exRmII0N2lM/v5vgl1goSre7GPrH6oaOxve86b14PwYnf8zvYOD1hUALZPoLRP+cC7WRiHuihaTLKvQq/FoRyqDTF5XvatldZrRSkOqa4iQbM4RA/uSEXxrBWURqhgrWJ3VL/avHrKOA00zDVHe07U2iq84B5ywblSMae6Cfew1bx7Zi9b4x+B41jc1X0YxHBmtNp6OMRw8LKnW1juzZXw9UhVt2rvZdw2IFEoMrultUkdqVMMyjw7cOHJS3BQzQucxUSTtUMGFRNLtUNmHthQRDRoEYV7A9aIYUawE7rfR+5S6kOiMsjn2VdBsGjyOs5tUplJXQl8ABJhMaFR6wZNbetbvZHWgg7CuW6x+VqvFFts2Vn+V8u5F8LCsLfhpyRXYuof9hBKuIIOh+EHdSiLgmuO8n5mixZBCx7wvfg1h4DUE/n7wk9tIzbcEaQE2i7amd07zDiadHpP2zZttz5dd279Ww/kYs2GP1xsY9rQ6KWyOM6qieQEdBxcWsv+kb+c79YWjtGqbchVo/OMHXaKgD7XPkXOQ6mQGQ83kAJZkXzooJarweN+GJIKX6UKvocCJ1ebQRvLoh1QwFaFRkp9gW5esNjTpP628eErbRpBCTsW0eGQLgB7qeodNaBw6bAV0cEh3jxkfa2tMiHQPQmTSFBCohnlp7PDX+/c1JrMSHPDoBeIeARB7jDWxOtEhZfqt9HO0MgBF0W7ka9uBdMqTj81ZF3yu6J3qbsxRqaOp01Uq8c13zP4E809jgpc/S9BbgA7jnz+EEc4RuCcmV9A9ZbdTf6thMq+ag2ujimxPAHwiA/PU2OkLu6T21pnlVRo6NobdZcRm7MADZxiR6FuplWEyXk6hwkogefEVXGDq622Ez/Oqg7ZojFBKr1BFvC4AjXQUFPDihobzpvCh+bGNUYKFUfm1iKXrZ19onvhV5dpXqX0GRFOVxZxhIMcvNpY9x7zBKq79X7x+FZt01epG1gHSspEYJF0uaVLqrdjkw6juKLkuCw==,iv:Pt11SZn1shfmZwSD2D0jg+5KUSMWO69eiomN8EHlbT8=,tag:hIzS7aIbN+7QHmi020ZAWA==,type:str]
|
||||
server.crt: ENC[AES256_GCM,data:WF6g3nroT1rcEAZYahzsVOcwaBFXgG/BQzlMRDhstdSrMnwZsRLgRTYn/JdBiVc1piakYFdBkGY8sA96+EFZus6jjaiCjoD4yNtDJ5DlZk9hOQw6i0nKi++Xb+AMoCVe2x74bYLi6Pidqm3zaSaApC0NoyfZPY0HVfldryL5URh4NYutkRMTBbL/WThGV/7UemaQKvWRuEzWRJt+m0K7bBgFxR2fX8TXYpM0ids5kX4sQk62KMVvVS7tIKR+z2VjXQITa0XHPZ4iqdbdKdcgU+lxIHaDsU7/5hxtxjygqjclw97UoNhYwh3trhLjnW+sGT6JA3nPyiTb4+9Jix0NHO4qrdq/H28cpDdycTIIOm+LuA4hvt5v6O0Ky8YTkuiMHeX9x5a5up0o5rTsSURI6/uhNJtm0+fFanRTPLQ1+DO3sZ5xD4Hwd0YQ9JiWIsAbfs+3sxLuJRxH69vA5oFRpRHMccGlOGc7FxveBNtRY/o9L/QY6sVIxgLefVNMInbPT2Xz7W/VWfx0ZwmFiWtJgcDwRScoF+nu0hWJNHfqvUo7TCRhPmBQaX80tIzAQIHn0Ljn2PphvJTYDsZhTtLzZYLGyYMd70EuniDlq2AOo5hiAzZGYq2z0RXBFkBfMrv4fLDXvNdYdmKOf7IGQ75o3iql34XBoKobmEFrQyWziA6EFhnnk1ya4oQW8ApMxYSjHMvAG0xe92OziIXdqnC2Ei87ctg63pDwvHU77Uym3VsEFBnAlTxJKpW0xYdXco5UvxX0cncP6qGB/n9s7wDWkiSjjF22KkiX+qpNJcSguXtXqD0Umz7jEnoaRPhXT+OCJezooUYPlDrPXJoqaZhnQxWfA2oLKzLK3exvHZTJX3gbCxfswCbUb/mt4SRvYa7dqCXs4cxR8uEjhWtahMcICrYTx+HTF63/cmpHxVDl5qdSxO47wqn9bqkaURq0ocDaZ6frjMWSorvWACunM1UMgOYqDrFvyURh2cWOJIPuR5pWSCcrcEal/oQ8YF/hxI1JhfgKSzE7OGoVZy8P5pIZnGcQ5W5kGA6Iz7KgSKb7nl+cBYBADEmnS7ZsQq82++P5AQJyEnXIF9HAuQQjPh4SjjQ4VEeLP48D10vPojbXMlFcd0cLj4fOG5qCEBbsPBcnBw13b6QydBpLrWyZ7OCaFT1g19bIScRXJNBqRx8c7hz/J9p1X/EsG+hUwCr1griOMnv2uTdUfmAU70yVIO2CTm96Gpzn9K1RciAL37F2ld178/8Fgw1mvZJ1xvPOksLfK7SFFD0gCwn92b4VYFsOBNpQOWay7e85p3pS7vH+7JLv0hP+g0kouFIBlK5ZwQ1aKRV0ZfbUU1CsnpZFvf4xRXajnTkm2FQiC8ac7tEqKsXeVi5o45ypyWt6+BbKIQg/bABMSBY8+YgPsbpbViy6Phh4Z7WV0PiZYYTkkgjMeaRI+lJBpcXDaWwXh9RBoQgJFsCoxsRpoGbay6Hrls4ilgUcOy4Q9n5Rz0wDhPLGImaJ+QPCYCpplj4qQqLhMkQNxdeKcFPxx7eWS+4/MLq1inSP1Gf+ed3XYj3i7EcgHCSvK37SeUFlr+QCJ7jL6xF/3Im1FskfqOM0Exjw5ioEeQ==,iv:hW0+CnQBDkVPlE3ITQPJxFwqEitlYA9JCuaHefZl2ok=,tag:BQoVy7XLvLFir0kdJ38oZA==,type:str]
|
||||
server.key: ENC[AES256_GCM,data:Ae5Q2rVQpKPytWGubEucHeJw68/skBXMsKxndbX2RiBd9Axj6VmYJQ8K+GnqZeG8Z03zuwxVoMEjgEIPkpzmxgEzWi+jClPmP4Cha6XHZxWS3AISsmkhIJdoemoUxtfcXMdpqOIiR8CYSAHM43MXPKArSjlyDf9r5XoojoEKYBv/sZKeH4uchC/gan5cCnF1hcNvfjHX9zo7x7U4wrOp9lDcbE9qrhuWYmIKLY1ETW/Oy0aDcm5VrKxOomB14D3Ln2+slugLT4aDU1t0KeNSm1DFNde2ZbNbUKuGxW3dWWhisW33YO49+0NmRfgey5SYgxYTdkcLDq7SizqjNWGb4hNvXis2T54Q7cH8zS3xrWzYIuf95+BBjQ71NJPgHZ9bbkNSX9/7hr4IuF80M8m4czOB7iHDGuHGAKEAgUwD1bxyGrYBnblMn7gpKNzMJY8/z4zxQGL6Lo0VRDK7OoOXB1ve/hQGV9hpJNLvTm8e1O4BgtC3o0Eej/ZMTEw/cFW3ifZWpvx2O4q8QZrSFdFb3delr1DYXQLUjxgyPLeXvIlSVDStVgK4+f/feZPMcTWu256mU9IFKSRpbEejRhi1j0fa4ZPL336wnOE0jrzL/eunqHlzN8cfFkJ9vsP/jB/fWAXzJ7ojzPPhNjzNTJhZf5TEYgi7rFph1iz6yj22sd/KNdjN+DqJYiQS2vjauGpwLTfVKnxqga9H7hK6cOMHVtFmoLYUBNoo4AilcLdynZQevsvWL6HFXRjXnfNcByAtX9hkVPc9TS1zxk5rvU/hU7Vjne4tKjcDa4F09RmL2Bf7FWQ1hm1nbS6+IiGenpF9UEyRm+Xiw+x8vC8DcZg+brcLXAi8RuzjcZaBV9f70fNF0sOIfkjcKETJiF6tXPMMN3ZkpRndglIjHAzmZ/xeWxwe0dwlzHP6I3nyGxR9BpPlDqvJO0pr/JIV2JD7sY3ppwJafakBc7Yb9n1O3rR91maO+AmC3o2YhnQDuiGworrCiBAQRC7Y6Rb6OztP5PL159DpAnkGWlhKqT4EeUmWhq9CsSEw29gsKtU+gHRzuGHNNvFjssxljaRF1lAjMhjqLRC3VsVAAba2A5qAObaDgD1mWVSlC6e4MD/ztJmi3i5lrRLcaUwrSWYRH9St3BHuw6/ov9fnyirNtwwNx0Zj+y5mnGhYT2JnQ+sTnJZUjpFMzf20Wh1h3il2ZLE6X9uy69bqrCmT7eDXJjcIN18AxdFiojQOEPQAYA5ObXqGPvakCswKs3XznglJhaUXbSsA+FDJz1j4JM+roE0h64AuoEM/CXBun29wE3HLrdBm7sqDvaXJYa2hvkywgm00AOl2PZ9nz1QSSTsLM66N/HHcLdKu9QgjuIIWcCCMvjDF0WuZ2wMM7eZpshtYIYgmpBIqncD7KhJrELfX3LSqAEwJvZ49/zUp2i8klUavBDXjJb0tC4PHrIJfdt5kNNUoiwi5FvrYerQzxQzMXECU9PLng8cav+d6Hp8tib/Vu2WPT4o/sJukCdBG2cT+6HEruCYeeaXRxIh6O49dMoWp3sVjeTuDEQU2DvxhCoHB9wGCm925tKvONWzZQ7YN2KMLO7fTG2HXSKw7letHedYcu0GCQKbxe3M/8jBwCjvW7f2lvYz2YcAWoNdrsZgtCry9hMtg2VPHWxS41bVQUfZSJqM0PwJ91+7Zw/QbGP6GXKlofcH8pd2upvCysGGCwE3VePqDmNe4CG4l3CW+3x+7exNBB8r9J++DKOjw8561WMe+sMYOSlyF95CTZa9g0pKkkEnQHhyzi4NicXO/5PPmHabr6kAZX0+nzSz2Ntv7+xDF2g24qd2oITA0S8YqKUOE+rzuK7u1P3bhRtw9b8Za0DuNkdWEP9F/IoGt8jTbypQb177qdRc9fVSA1zBgwF0FqlpUr7SwLiLLYnc8eZ3TVBrnh8KbY33MtgaPS46Qf0x5zFyG7AYGzCnmIMG5aWIKvXGi7ge6M2dhFZZffVNmp49gVJHuwITH0AG1TBkR+CW6SxKOcDwKyGyeyK8YJOibk+epKPgovYJ1t3QDB8x45cjL94olG0Rd52ajVOCgZZYPNFNKx1u7tuuWoOkNB53iEG1yi8Z+ZFrToifCWljBA46DnMoV0/R2OYmlaIJj8CChAhajyOBHJYW+s2ZiMtZzyY2aH3/1ih8J3XiYhIc1AeLnOOdohkvJwacuZ7ilkXR4R6ZXA72VQCJj9dcxsiVu/ZShO6Q+Kc5KLRuiFdrmQTPpGbm3cZFMvPQA,iv:kXdrnvOI2wi4pKxYryM9vcFqV3epKtL2/NhNzOUUrBo=,tag:pV0XCyLKTN6wsJ12Z+RsqQ==,type:str]
|
||||
dh.pem: ENC[AES256_GCM,data:n7faEmrE3NvHESW8PRgnQQJj703rcyRTkE6HfbycfXwDphnTtJFpkLbkMPiHOKe7zTlCNjRXqtJPS6NY7QVvQ3rxYUxjG8CDD8kMpwHWZB9Aegm3yV5lM5qXOmfS/y+POR+YTgaG80GuM9n0nKLkCuwgUFDtXZLWbOFpsooCEdlTV9vfRLH2kJ+RfagI5lX/1/TLzL6X3zysmR0KpKtkAn26EPXiY/3sSdudZtHcRAx1r6M9kum5ESwPbJo6n3bp/Pwhu5ysGYhZH5YviW1veqlt0LyJ/KS8q8uhQBnP0KY/hQt07/jd0/nJtBzuHoffmkLNwXUuQHX0ir4Vl+njYuCkdVBPEfec1MkYJqT96B9DXzmuzF8vHFbxSjcPrDVBbHu0obSsQT3LSGKGZ3Sb7LQtw/L7G1LBmX4+Og34AacT5Ghoscfbso6J+ue9F2H6TPHO6jn6Q8bucm6A7LvMH3UwrVl7m0d8EFZFBsSuZaaH12vq45TlSMCjMfXkvGNdhATv9vUbG36OdKAo3vDG3MhFqpJ9FKga9T1tGsPKTLlK2Nh1hxUU54/OwU4=,iv:3EQ3WADja0DCWp4I1OHdSKnOs41nPH6lfMONC7XzOE8=,tag:TFeLbsMBXzOp7oN38dkEHw==,type:str]
|
||||
tls-crypt.key: ENC[AES256_GCM,data:mdyOH3vhXSbm5S+BEM0KTV5gDNQxONvNMakaDERoYW/gmSeWNkC7wgBZ02UjqKMBlOSMK8F87xee05vjb68nGyH9CL/vvT5v+IXOxl5tp2bNcWhwsAT+S0IQf//dfhL+LIrUbn9x/C7a6g+eYX+detpQnhq/4B0ES0EoLPtKNkwKz9MiIFOX5EAKbF5C6iSp06XcHm3AUgVQhNQAuy98ndsOPPM8nT/u5my3UOInpqLXV8hOpqnvAxlqSH9slmqn25FIoEIbdANJ9YSGCW6YcfQItS7r/TtO4uSqBVfmdByDjE1+aTf2GsdcbUC2AaAjPWxH5ycSxzL7ryXi/eITHo8u68F/9vMsbHgmFS75Z1Ayncl1evThdGlWeUBAH2XSmZnKdLsSHqPAmvhBwKYbX1rYB5jxmcako5Rps5nDZHQNnUR5xDtRhshKbh2bJYi6I6knttuFVHm2dJ07qUpmRhs0TcPeQ/fxwtH2EcoWFxhHYPb3764dwBITmV4RxQkh5yXzbSWkSVn3YbW30PfHFz11XXOqsn3rx002O/XwKE2QnfGlhNINfrzRQq1BKa08rxi5ptX+5DFsP1i8ylNmuEqE5T26y4AubtpgvpSu4kWEuCqrI17XC1ub3c1EPfZkPi4dHE6z2oJyPSNMVcLYpEay9oaMOKYuVlzdiR5/tRuBM/b7XcFZBr4l28YG04e5NRSo80aEgd99ktv+bexwWMHroE6/AxkawjLm6C0OzDwSP9tPwbvqCSX5x3/atE9A2T9EBY5AWg/43chQ5JFPPaUwGLpeYk4E5yc=,iv:w0cPb/BqAU/vddwIC5+dui2YE5uLM38UiehnpQr4AQQ=,tag:5pt39V9JdvYUitqpjjtuIw==,type:str]
|
||||
borg:
|
||||
passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str]
|
||||
client_keys:
|
||||
|
|
@ -79,8 +74,8 @@ sshfs_keys:
|
|||
public: ENC[AES256_GCM,data:/68JE+/xr4WhUNghjenqkqnB+keotQs+IVa4anFbe78AGrtWXWVndGN+GTDxh6oiETmndV2S83SnlCU6xnOTJwdctDISNlulPj8SH7gZ22vhOa01AbD9r635HFVc0sqJO4xhnQrymuMj/0yvnFb9i9+4iTqQpaY4sDfM0dDQ5Hj29FP6tRVSKE0+e9JS/e9BHnJdSHoL+IPD2YxQYDWKwWayeQwAPVfi0X0AjuZvhLq65HUP7EeqfExAJfMfGk8AB3tHEFR52aq/c9u2TfTxMAqPKMyWEjrcsTu3oQObOuj+nZEQOZuoJoyxpQlLqe3BkMXEGvL+jeehyMWA171RapstWkXEoFd6p043OlVOXw1w+Awz9VmI9Du7l3AWJUABhCCwyMPR/jwK3vRnNrxPxyS2ophFuboTuVCr9AXkTaEiGH7dALtIPHoP3xQD89yYkqL3BABMi7ymUEERecsfwgP66sk+7VXQri/1LosI+g3NsAtJP4kIyjXP9ZqJTv0VsGOxOGgbtVbrBsw7UWYPuuknGNTStmF54VBf77BEg6wVqOEM1WM9JhoZsbDvBvGIqV2PbSR4UBJg04sHtcRQoCp4h8B6b6djVoI5YZ5N7SLNAy8e6t08r6/7iwygrafMGLxXPaSw6bcBksXeT7BNRRsKFvSbiNPKax0yOpIJiJMgoM7Wo8wOgekBaG+s8+7DkI5MlXiyX/6XWUtBhJqBGUEUJTGufiIspD4RjKPsJeFTMXAUVOjzjZqg4jpv4pbhDtBgbF58zdoMpcqbWuvxfaur7gHOnCPpWMJN2VeWxLdk0Nr66yRvVzqCIVA2iFuZj0Mulmqmj0i0Vh/CHzesXZODi10wauewxv19Iie7Bjo0v3ahxjTSfvG3T8emZ7Us+Q06W8gLZ0IvHHXy0yKvsg9VgFTX51RaW1KHHBO4DehOvwLcJRcuADfHlZDhrwtUbQdA6cWAnZoezQy2np/Dp7hMC34m,iv:kUKBtPeLWola7isgEo+QDq1RZkbR26G0AoBzy7iubiE=,tag:/kUG0/G7U83dp8p9AgyJXg==,type:str]
|
||||
private: ENC[AES256_GCM,data:NVKHVh5Ap1of3j3xAXbscIX3Psa6EolJ/wuhZu0ZkvcgLLS+Oi9NFqqiBdMQw6DrL5Os+GeA2rVSlCh5/mfntUMH5FTqnRRMeiQ0aaXPS93fxlD5jsrJH7BfTLkH7aijANiAf+Hy3pdfVELD5iiKYEGimRAU3UR3Yf0t/D9TbikO+alyZ6SpaDJMSpccYLD9riEqAUsWsWOc8Gd7K2vB7h0D5uePyFFcVw3pvYweRs5S4KlOisdz9eG6CNVaG/YjL6dlvILVxWwAx34AqY3Ul7FkpZ0tennba8Yz/i/fMp3mxZX7FcDmga2DekvybU4ff30SPv9xEtnFenI/ElKIH/duSjo3wBf8xJ0+EKHXulwhmR9lpvYCfjXYvjtJDhoof2Yw9Tc+dCUcTSdTex92NJBAXLEfL2BTRqszFwhJB3RQ5xNItLilSdmuDElPvhMpNfX1c1RsqjMmlxd4MJYDIo6TiBAQ1eEP5CQG8nWfZesmGCefSBmRlAAy+rWHT2gpGtVCUUwhcBlCHs9X5MmsBHDKrcmQIrMfoQHJ7etVRjhW3+s+np7ldjnTadVqo/or53wpHWg/SCMCaAdMKxPU+APEueaIPxKP3ce3WmMaH7qrgHUFo8EOx0FYaoqxuN2JAW/Ap00JOfN3fvwvjHZwvg47SO/F4hboRqsWaryHIFhlaCcBnMs0/hszbc/w9nkhJdirqCYss8URUvtoKYa1G6quCswd+BC+5aQyQP4SU+VMhw0ESWbZXzOzqypFvr+DH1BvOX3/aGZfN2aCJTbHqaoLaqwP0b5UTEdt/uW8vH9iApnQqsOiZhdB+RCLMkKNaFRR36k1bbI+RQibLOq9QL+bwoSQ9eA0bPpPBLPrL8I0zPBv506f72mqiH690gC/wtdRn6ujXV298nvMRQc1HbjCIexyALS9v/mvhUalxUmYlkf3eLribleQmbDtf5Ehg2oCcx93Zya+mSB9zgR2WRNq7AXO6tm2UO+3jr5xG6E6+J7lhUh0kmJBY7ScFU+LgogtwyJml4xAbNxCcmx+1WKUFCctlvOBZiVo8QB5vTMG6WYcOZZ8of3EeldiodCD14vQ+dNhmagiiQmFk0xBG2LjwTJvDkq3dRET7VZfRUnhrGdibLGykT9HvflVX+0kvBsYLvwKUvuy/HM2dvr+aNvhUm7H03tHygZK3cv0bq/v93jqo/5tvjNxDW4Fr0qHvRMsbwFXURmzuw5SMTx6dtPBKoE65oR0Ueo1yh+r2rKzFMKjfVFSq9HReD2V9iqUoTWduTMzsX0pCSiUvIPMNArt5szJtC3uzZRLOedz0bKR9lTfOG96M9iFpy9sLH0CNekvGy7az2sD++PVqzpsPVUlmp11+AQPFF/F9wPsjuoQiEOh3gIEuUsqyyuBqaFUmEBhWnOoNb8RGOIDF/TXzWvvrRaDw3E5RJ6ATS8SppPK2vYlzaS1Oj9+KX2JWCvuYgOv4NJkQ8R4fnKPKTmuU4D/BEaTfkbPvsYjocgfU6ENxtFHsCqc0Am/5NZOjwZVhcoIiEBbih3g8N2+Kqv8+1/HbaB4NGLwh4GLahYIzqRyWT8IoF5Qml160h2vKZCH7BK01bCSbXppWxs7Jbs0cOnb0cLsuMrHNnYlgGTQUA6A/zUq9pEipjT0Sheu6MQrbEzGCosvKHikJ6UoDN8SGgnVZ+w6l/TairatvG9guEyfM7uG6oF2ohLSEtqmzlyS6VsiiU3FIup4awh1g2fq//DKrttUX3dOHx2ByVR1xESBbQZaK5zdYlVxuBqZjWLBLi/c6eUkJobjrbcx8kvdCc4Yeh/tO5k+Ym+gdgO/V68M4cg5j8qlC8J/YsGtMgSlmE9FbScGT8VCfCfaZAC1gONls5asEMZHF5/HH2Q6nNwMtlvfIJ4RHwj/EyoE/gC9kr7Mv1OIMl14aBx1OFzGGUtlssdyQOhGfBJIthQIwq+kRqRDSSyvLGxlvidsUnmrs6XmJQiaIxflj1aCbhmN3QgsT6klXtnn+959x8TX+TvLW7DfS6PKJyeg5DQKuV1A2hnBdyDAAHJuur/k3YbJxvp0nMWQfGGo+nCvAfSpN6hvyUYbriD/pduk9qTcICZJFI3IDDQksF82HanaMWtQnoIUb+TKiDHi6tYr0r6JCtv9x/LLKFjJ0Cq/cjMOxv5a69XNRvbQq7mhwv9bLF2XS7g6CNFLYFxVymJx/OIEXtqmq0AV/C0CRXdW4BYctJCRU71W61VDc16Bb7lfG0deuU3ufdfDaT8MQE0R2/97nAF4sdurpqLLAeP5T/AzDTHk1dgL/cDuKrQ7RSX1SpPgKZPMzSQ/+LjRI0sqHff6nQpdothYLgC2IQZAwDWrI91Xg8OeqJcDQTDVUolMk/+qiGRmMT96dl03hUqyrPpWIdipYqAXKw58djQ2wvcVz0h6ksv03W33ZpwQEqsHBYlA1nCxoCxTR5VlO3uhRNXLPVOrP2BmnnfeknlNevTwRQWA1pQuvgB2JWdYbtnJvdLK+dSvemZhAqOqQSCM6zyh4tUaw5R/oHlBgTosaj28oEQQqQ737PsAcyhpjZUYJ4TWyOg8ng5DH2Js40jomml8VsWIS8V9Cw3vmwn4FUeeKCw8DqzH+LIX6omtzgAQHUVSuOah46u6Cuuw8+adoVy81vXW45uEIj9YpKjrmu5bplWJQrGJMuZAmHOm/F6BQphMVtOhncmpzhghtKjpJhMUlVGvk5WVQmX4YiihBg9el32bTqGEPrpuGZyfrYj6+gB73dP3Ey8JpHIxlp0QVpYUvGbxsgxYKCuETweJfh/q+hby90E7FaHkDkFPBKrWYHD+A4p/AVgmKiIt4rP3pb05EkMUv0ujz8Oro0BmidEKJS5N2diIr5tB6ao3y//FZ7beuLGp03P1Ann4YDxrRp+/75g/xY9zc1WTWe0ugA1Ine4kAH+1wE//NzLTIrrI0J0TJFzpta76jf/S7sWDYyXnUHl1OSBVVUeVpgQGJeaGMLPZrkUD3fNnAf4mntEy0WTLQcCuSPDIRLftMzTb+rATGGK9edwAbF/L4JwMt+n5v0nfcNLnJUwkSvFYTL0gHf3kDxisIblx/gdFT6BotJFz0uQNOoBUMdpXMtC5XcmbmqznKMSlBBkRrrftjqkWslUgYWfu1OB+Uo17yI3yPZpD/PVsK8Q/uKx2VW3sTA5+CilLc5+TVucYWu/hfArgqgNtI4Qo16Cyv+2gnQE13qHGfC2IAnrynnPcVqpG8KUaF3F8DkC9aAoOP0C+c1s6vk6e2iFU2bB5eUKsCmgu1jToVZEacXG4v/hjfx+XunMAELPp6CRV9MDp+7MoGPIIRHcDzlqL8uOKe84CM29qsGBShZXEc03ZyAf/45fVcppO0hZJbmQIHS7AOy56yW/TziH2IlGe+iAr76Z3/EZjxHDpBhcp3flg448Pg7Cwssq8Pd5UYQ276wgGeO05ZbdAPPdhvsEFuU8SXcVXakBO14qKBKu8GlFFqk4n9z69hMCsTw63MD+KDTQEMuJ6DAvW7RUKBKKrU+xWUvE+n+GAg8A+Ff01ttjf1xJNhNKiSrAxZAHnnzBHIR7Cj6aHmpZvgQSYdTfpX/nhZ5jMc8Jfkg5oA34APxmZBxHK5/E4wJecYMWlfcuLfNn7FyVCN7JRM0iNUS4trCdSX4OhbNIAfzXEbwuGNdBRiGqha5xYV4Z28KxzyqFtXupOHYiZNtZyYGL6f1m4ZTNbGweEk0632hpaJwc4I1AYaWHZ3o02/qzczr2hjfVGKVODp0r6gX64LfuoT/m4/123qj1maJ74zVaP/LnEZJXks3LWu5TlIIt3Cq80/73am9fsaoWNFnVVERfmG/vrBfVO40fJT89Bh5QKPAHCC4nbie/WDGshImVKFHoMT0KH5NFZdIdHSWGcvnc41dMNuwowd6Z/Aie3G2PDPrOr2n/Dv7DxYfB8HgP87l5mirhxlNS1mQOH4DkKkUFkBFNa2+0vIBJmdrf+0SBxev6yZgZbO6GKDR/Fkd99p5qaGd5bRjFg/7A3ZUFiYYnX40AoRR6bhkEyECEtW3B+jd7GOnF0jZFC9wUt3mgpi+v/EiLMoi887nQ/a2SotRd7+y3VKA7hUMAsbM4VfkzPz+LVhhrSU/LF3XkEMlWSpO2fBja8t3xZVtdVaZiFkVxfcla+TBcKr3Po0b7fmzbqVdLvgz/9Zle1s042m+5wKMotHyUMuG/N+78/CGpvqwdad3Cpz8g8C/fX7OVjoVTmhKYOr98Zms0Dr4xOD+Hnb7dNRfojGyuJ3x9UPOzu5zGxkv365iskiBJliALT,iv:BO+OifdPxtMUb83G9By19/O6DtF4D2jT1tmPjXdsNvA=,tag:DVj+JfIeBs3VFwhgZqzTeA==,type:str]
|
||||
sops:
|
||||
lastmodified: "2026-03-12T22:05:00Z"
|
||||
mac: ENC[AES256_GCM,data:senWpTbLAPfc8QqH3YDG/lPqFf8bMmA+0Fi1j6ihT6P7cdkSKN+QeBSiV1eYeFynW5nfVOGDXx0dDmFiD3oPW0UTPZ1YUt5dGTVqPmtegJKa4Mv6Yh6Y+Q9NZo2mLLs1/etOTqDo8jbv/B7oC2tNdb6mjahY9ifTgxjP49Hnlmo=,iv:WdbvEnUrIHMBi4A/Bq6aq/dTJFg7Mbhv78fcSfOkyYM=,tag:+3rZT7N4kFbyDMxO0qzQ5g==,type:str]
|
||||
lastmodified: "2026-03-25T11:22:55Z"
|
||||
mac: ENC[AES256_GCM,data:QmbEO1eovjBJvuZu2pai+V+5qMWhsBmQSCYvFqRPe1P5cH4eDYwOs24kvjN4FKF55FGPLf9olKMj65wtrX5ve7g5ntvnRbE0lTL0Cm08OvKUk2Bj2tW2Fu+Im7zZrSoQY4WTx533zXHGwvlgEeDT7MPdCTdmoyVUknRgBk2PXOQ=,iv:VT3sNoEEEXrQBdL+dbB9bSnyDxwMH90giVcnMDmy2bM=,tag:VLGTjPw4ZrI0PggVTD9e5Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2026-02-27T16:44:37Z"
|
||||
enc: |-
|
||||
|
|
|
|||
|
|
@ -68,6 +68,14 @@ resource "hetznerdns_record" "hel1_a" {
|
|||
ttl = 600
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "ws_a" {
|
||||
zone_id = data.hetznerdns_zone.banditlair_zone.id
|
||||
name = "ws"
|
||||
value = hcloud_server.relay1.ipv4_address
|
||||
type = "A"
|
||||
ttl = 600
|
||||
}
|
||||
|
||||
resource "hetznerdns_record" "grafana_a" {
|
||||
zone_id = data.hetznerdns_zone.banditlair_zone.id
|
||||
name = "grafana"
|
||||
|
|
@ -383,7 +391,7 @@ resource "hetznerdns_record" "froidmont_a" {
|
|||
}
|
||||
|
||||
resource "hetznerdns_record" "rl_a" {
|
||||
zone_id = data.hetznerdns_zone.froidmont_zone.id
|
||||
zone_id = data.hetznerdns_zone.banditlair_zone.id
|
||||
name = "rl"
|
||||
value = hcloud_server.relay1.ipv4_address
|
||||
type = "A"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue