garage: add monitoring, connect to grafana + loki

https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/
wireguard: add trinkgenossin, delite, blue-shell
2024-08-25 00:15:06 +02:00 · 2024-08-25 00:13:53 +02:00 · 2024-08-24 21:48:48 +02:00
22 changed files with 1523 additions and 14 deletions
--- a/flake.nix
+++ b/flake.nix
@ -139,15 +139,15 @@
              sshUser = username;
            };
            trinkgenossin = {
-              #hostname = "trinkgenossin.wg.pub.solar";
+              hostname = "trinkgenossin.wg.pub.solar";
              sshUser = username;
            };
            delite = {
-              #hostname = "delite.wg.pub.solar";
+              hostname = "delite.wg.pub.solar";
              sshUser = username;
            };
            blue-shell = {
-              #hostname = "delite.wg.pub.solar";
+              hostname = "blue-shell.wg.pub.solar";
              sshUser = username;
            };
          };
--- a/hosts/blue-shell/configuration.nix
+++ b/hosts/blue-shell/configuration.nix
@ -12,8 +12,6 @@
    "ip=dhcp"
  ];
  services.openssh.openFirewall = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
--- a/hosts/blue-shell/default.nix
+++ b/hosts/blue-shell/default.nix
@ -7,7 +7,7 @@
    ./disk-config.nix
    ./networking.nix
-    #./wireguard.nix
+    ./wireguard.nix
    #./backups.nix
  ];
 }
--- a/hosts/blue-shell/wireguard.nix
+++ b/hosts/blue-shell/wireguard.nix
@ -0,0 +1,49 @@
 {
  config,
  pkgs,
  flake,
  ...
 }:
 let
  wireguardIPv4 = "10.7.6.7";
  wireguardIPv6 = "fd00:fae:fae:fae:fae:7::";
 in
 {
  networking.firewall.allowedUDPPorts = [ 51820 ];
  age.secrets.wg-private-key.file = "${flake.self}/secrets/blue-shell-wg-private-key.age";
  networking.wireguard.interfaces = {
    wg-ssh = {
      listenPort = 51820;
      mtu = 1300;
      ips = [
        "${wireguardIPv4}/32"
        "${wireguardIPv6}/96"
      ];
      privateKeyFile = config.age.secrets.wg-private-key.path;
      peers = flake.self.logins.admins.wireguardDevices ++ [
        {
          # flora-6.pub.solar
          endpoint = "80.71.153.210:51820";
          publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
          allowedIPs = [
            "10.7.6.2/32"
            "fd00:fae:fae:fae:fae:2::/96"
          ];
        }
      ];
    };
  };
  services.openssh.listenAddresses = [
    {
      addr = wireguardIPv4;
      port = 22;
    }
    {
      addr = "[${wireguardIPv6}]";
      port = 22;
    }
  ];
 }
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -96,10 +96,11 @@
          self.nixosModules.overlays
          self.nixosModules.unlock-luks-on-boot
          self.nixosModules.core
-          #self.nixosModules.prometheus-exporters
+          self.nixosModules.prometheus-exporters
-          #self.nixosModules.promtail
+          self.nixosModules.promtail
          self.nixosModules.garage
          self.nixosModules.nginx
        ];
      };
@ -116,6 +117,7 @@
          #self.nixosModules.promtail
          self.nixosModules.garage
          self.nixosModules.nginx
        ];
      };
@ -132,6 +134,7 @@
          #self.nixosModules.promtail
          self.nixosModules.garage
          self.nixosModules.nginx
        ];
      };
    };
--- a/hosts/delite/configuration.nix
+++ b/hosts/delite/configuration.nix
@ -12,8 +12,6 @@
    "ip=dhcp"
  ];
  services.openssh.openFirewall = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
--- a/hosts/delite/default.nix
+++ b/hosts/delite/default.nix
@ -7,7 +7,7 @@
    ./disk-config.nix
    ./networking.nix
-    #./wireguard.nix
+    ./wireguard.nix
    #./backups.nix
  ];
 }
--- a/hosts/delite/wireguard.nix
+++ b/hosts/delite/wireguard.nix
@ -0,0 +1,49 @@
 {
  config,
  pkgs,
  flake,
  ...
 }:
 let
  wireguardIPv4 = "10.7.6.6";
  wireguardIPv6 = "fd00:fae:fae:fae:fae:6::";
 in
 {
  networking.firewall.allowedUDPPorts = [ 51820 ];
  age.secrets.wg-private-key.file = "${flake.self}/secrets/delite-wg-private-key.age";
  networking.wireguard.interfaces = {
    wg-ssh = {
      listenPort = 51820;
      mtu = 1300;
      ips = [
        "${wireguardIPv4}/32"
        "${wireguardIPv6}/96"
      ];
      privateKeyFile = config.age.secrets.wg-private-key.path;
      peers = flake.self.logins.admins.wireguardDevices ++ [
        {
          # flora-6.pub.solar
          endpoint = "80.71.153.210:51820";
          publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
          allowedIPs = [
            "10.7.6.2/32"
            "fd00:fae:fae:fae:fae:2::/96"
          ];
        }
      ];
    };
  };
  services.openssh.listenAddresses = [
    {
      addr = wireguardIPv4;
      port = 22;
    }
    {
      addr = "[${wireguardIPv6}]";
      port = 22;
    }
  ];
 }
--- a/hosts/flora-6/wireguard.nix
+++ b/hosts/flora-6/wireguard.nix
@ -47,6 +47,33 @@
            "fd00:fae:fae:fae:fae:4::/96"
          ];
        }
        {
          # trinkgenossin.pub.solar
          endpoint = "85.215.152.22:51820";
          publicKey = "QWgHovHxtqiQhnHLouSWiT6GIoQDmuvnThYL5c/rvU4=";
          allowedIPs = [
            "10.7.6.5/32"
            "fd00:fae:fae:fae:fae:5::/96"
          ];
        }
        {
          # delite.pub.solar
          endpoint = "5.255.119.132:51820";
          publicKey = "ZT2qGWgMPwHRUOZmTQHWCRX4m14YwOsiszjsA5bpc2k=";
          allowedIPs = [
            "10.7.6.6/32"
            "fd00:fae:fae:fae:fae:6::/96"
          ];
        }
        {
          # blue-shell.pub.solar
          endpoint = "194.13.83.205:51820";
          publicKey = "bcrIpWrKc1M+Hq4ds3aN1lTaKE26f2rvXhd+93QrzR8=";
          allowedIPs = [
            "10.7.6.7/32"
            "fd00:fae:fae:fae:fae:7::/96"
          ];
        }
      ];
    };
  };
--- a/hosts/trinkgenossin/configuration.nix
+++ b/hosts/trinkgenossin/configuration.nix
@ -14,8 +14,6 @@
    "ip=dhcp"
  ];
  services.openssh.openFirewall = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
--- a/hosts/trinkgenossin/default.nix
+++ b/hosts/trinkgenossin/default.nix
@ -6,7 +6,7 @@
    ./configuration.nix
    ./networking.nix
-    #./wireguard.nix
+    ./wireguard.nix
    #./backups.nix
  ];
 }
--- a/hosts/trinkgenossin/wireguard.nix
+++ b/hosts/trinkgenossin/wireguard.nix
@ -0,0 +1,49 @@
 {
  config,
  pkgs,
  flake,
  ...
 }:
 let
  wireguardIPv4 = "10.7.6.5";
  wireguardIPv6 = "fd00:fae:fae:fae:fae:5::";
 in
 {
  networking.firewall.allowedUDPPorts = [ 51820 ];
  age.secrets.wg-private-key.file = "${flake.self}/secrets/trinkgenossin-wg-private-key.age";
  networking.wireguard.interfaces = {
    wg-ssh = {
      listenPort = 51820;
      mtu = 1300;
      ips = [
        "${wireguardIPv4}/32"
        "${wireguardIPv6}/96"
      ];
      privateKeyFile = config.age.secrets.wg-private-key.path;
      peers = flake.self.logins.admins.wireguardDevices ++ [
        {
          # flora-6.pub.solar
          endpoint = "80.71.153.210:51820";
          publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
          allowedIPs = [
            "10.7.6.2/32"
            "fd00:fae:fae:fae:fae:2::/96"
          ];
        }
      ];
    };
  };
  services.openssh.listenAddresses = [
    {
      addr = wireguardIPv4;
      port = 22;
    }
    {
      addr = "[${wireguardIPv6}]";
      port = 22;
    }
  ];
 }
--- a/modules/garage/default.nix
+++ b/modules/garage/default.nix
@ -16,12 +16,77 @@
    mode = "400";
  };
  age.secrets."acme-namecheap-env" = {
    file = "${flake.self}/secrets/acme-namecheap-env.age";
    mode = "400";
  };
  networking.firewall.allowedTCPPorts = [
    3900
    3901
    3902
  ];
  networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [
    3903
  ];
  security.acme = {
    defaults = {
      environmentFile = config.age.secrets.acme-namecheap-env.path;
    };
    certs = {
      # Wildcard certificate gets created automatically
      "buckets.${config.pub-solar-os.networking.domain}" = {
        # disable http challenge
        webroot = null;
        # enable dns challenge
        dnsProvider = "namecheap";
        dnsPropagationCheck = false;
      };
      # Wildcard certificate gets created automatically
      "web.${config.pub-solar-os.networking.domain}" = {
        # disable http challenge
        webroot = null;
        # enable dns challenge
        dnsProvider = "namecheap";
        dnsPropagationCheck = false;
      };
    };
  };
  services.nginx = {
    upstreams.s3_backend.servers = {
      "[::1]:3900" = { };
    };
    upstreams.web_backend.servers = {
      "[::1]:3902" = { };
    };
    virtualHosts."buckets.${config.pub-solar-os.networking.domain}" = {
      serverAliases = ["*.buckets.${config.pub-solar-os.networking.domain}"];
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://s3_backend";
        extraConfig = ''
          proxy_max_temp_file_size 0;
        '';
      };
    };
    virtualHosts."web.${config.pub-solar-os.networking.domain}" = {
      serverAliases = ["*.web.${config.pub-solar-os.networking.domain}"];
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://web_backend";
      };
    };
  };
  services.garage = {
    enable = true;
    package = pkgs.garage_1_0_0;
@ -42,6 +107,9 @@
        root_domain = ".web.${config.pub-solar-os.networking.domain}";
        index = "index.html";
      };
      admin = {
        api_bind_addr = "[::]:3903";
      };
    };
  };
--- a/modules/grafana/default.nix
+++ b/modules/grafana/default.nix
@ -33,6 +33,11 @@
      group = "grafana";
      user = "grafana";
    };
    "grafana-dashboards/grafana-garage-dashboard-prometheus.json" = {
      source = ./grafana-dashboards/grafana-garage-dashboard-prometheus.json;
      group = "grafana";
      user = "grafana";
    };
  };
  services.caddy.virtualHosts."grafana.${config.pub-solar-os.networking.domain}" = {
--- a/modules/grafana/grafana-dashboards/grafana-garage-dashboard-prometheus.json
+++ b/modules/grafana/grafana-dashboards/grafana-garage-dashboard-prometheus.json
--- a/modules/prometheus/default.nix
+++ b/modules/prometheus/default.nix
@ -69,6 +69,14 @@
              instance = "tankstelle";
            };
          }
          {
            targets = [
              "trinkgenossin.wg.${config.pub-solar-os.networking.domain}:${toString config.services.prometheus.exporters.node.port}"
            ];
            labels = {
              instance = "trinkgenossin";
            };
          }
        ];
      }
      {
@ -83,6 +91,18 @@
          }
        ];
      }
      {
        job_name = "garage";
        static_configs = [
          {
            targets = [
              "trinkgenossin.wg.${config.pub-solar-os.networking.domain}:3903"
              "delite.wg.${config.pub-solar-os.networking.domain}:3903"
              "blue-shell.wg.${config.pub-solar-os.networking.domain}:3903"
            ];
          }
        ];
      }
    ];
    ruleFiles = [
--- a/secrets/acme-namecheap-env.age
+++ b/secrets/acme-namecheap-env.age
--- a/secrets/blue-shell-wg-private-key.age
+++ b/secrets/blue-shell-wg-private-key.age
@ -0,0 +1,43 @@
 age-encryption.org/v1
 -> ssh-ed25519 eP5MMw xAObv9OBtCMHWnbnO9b9w5fiG3tkJJTvjFNWmYmGfhQ
 sXmgq1drzY3rap8aD8/iMbMgjGkajfENkBQDdK/2TKQ
 -> ssh-ed25519 uYcDNw sxw3K1xYG+OZQy+4U2UfX//ZElPaCieANzFHanJxfxw
 VyhqjYppfHVb2jTceXLL/yYwEJE2uD9TY4PliHu7c0E
 -> ssh-rsa f5THog
 hRIMIg4P7SOOS3IGr2vF/TAdvgAXjJ8CbjKQt+Bd8MUjxf769rD3bln3lF3DlfIU
 RMkicdnwRdWTnqp+HyV0/UsD4ZzVb0YY+ntK6wujqgEwhpef9NOE2Hsiyvv228l5
 pu6eUTrosmb0ysnw8zRmr4RYdv1+MsD9gbnLOnnuHkA+i28jAE6o4gXIdnKfDcIk
 ptJISTFwyzz+q8UvdfO4YGRBL4zSoWM5VEQS0IPjrt4+qBlOyC2IlXz1/aaGZk41
 ODgPUO68USpzFsLqsmRJJQOMxxkdnYWy4DoeHKUyZI4YO0t94zVEHIS3x6w2l+/Q
 9r7TdKXxniLFYW9t5+28ez5XfLruapXroA8kp2hy3S7ybuOyB2MIfCXVvK0kiOfw
 2kZnv7LvL4BLUMtgPKoAxj8Pzpi8HzFGxQudqNwSkjb4bvFg8eej0oP/WhvFalsY
 MGSdlFJkKKeLWh8MzmD2WXHJ5yVcRFHydyWGMHlZJ4soi0I3gTSQaNSPUxWtFSd3
 Trk3Jz4Qrd7EA6y6wn2Jc4xCX+cWb8Q3nrXVZJL/FSxss+zstQit5O3BwWupJQLt
 ubyqLxQI/PKP/gIU8sGhwKDWGjZUlwvjPBG+EdWJAxoI7S7+4UxkGgsNvx67VKgi
 xxz3ANlHPbGLgAZTtEk5AqHWLWE6ZRn/7i3Qv1HWZJ4
 -> ssh-rsa kFDS0A
 OqNv7KThlRd0aD1gixsI2LVb+Zj2r7OVm4lUD/UJ0WVe/ihlcBAeEj8noqNA3zgH
 djO53WpAkGrbt8CejuQcPYLyw8Bdk++cBu9Po+X0dAp2cCPqakgIpEI6qG1uiEty
 LOOF13TivCB802UrJmX/8HLDV3yv7IWIr2XV0V8s5UvasYlgCt1eg4suhXIngnJG
 wd7WFnXwtNtR/UcnWtpE8c6p5kaAn4wSAtx6hFqnkN5ANjKXHy29NkFR1Lgu55OU
 qoJPpcZpvEESYMQfPvfuCUSZgcSvJE8B1MJZzxdKBHFiaWa7BkkWOL2KNIARFji5
 nBrGzGLV9IaHWsS0UfIWixvM3OPl4wgwpdLtVJsnLX/ggFZrZmj+iR5DdqurfW7E
 0a8Ie1NKK7FU+HnzEk6+8aiDb0QozEhrmaE5olc8dBOKK13e1idDTCsquaQcSOEh
 DBP8r0LhqU7YwnNF6UpQiYs3Zs2HyPegfz2GwB3yeaHqc7+MnXm/j4B5qUcX5naz
 llQoNfddAtoXGeK3G0yjugkSluValw6o2hQ+4iRx4n1f3dVcurXkBr9fjCKMmjC4
 qbOHhsBU4dHCvFIOXY27Xvq5qZ4/ceNb6fq/NXvkD87eePMLg9R9hmtTaCDlEN2d
 a350/FxlWOZXEox+mRZhE+mE5qSIg+LbnFZ+zjWq+yc
 -> piv-p256 vRzPNw AzwIBCtS5Tx/zuFHRYsYSOffxAE79O5foV+ndpw0hR1t
 HDmWtvUS9wSnlNjbkD0Rc0jQ4tNhqpcqpeztW1GXC3g
 -> piv-p256 zqq/iw Av5ZYxbCJrjUImhX7hoO8nxtWEtd7mPWhofwCxtW5GNI
 tB/mFmw4U2NbeDKdasi/Z99VggQYhnv6+n9+VJekq/k
 -> ssh-ed25519 YFSOsg nl0SHBFBylYgoy4qrZ851AQ6NLuDpXtIQ5WffqQPckU
 /yk/gT3enujLcjHkYuE0XGUDrYUEEzvyPvIlKhHtf5c
 -> ssh-ed25519 iHV63A 2Gq6dIvLDJQmwgQwxhqrPpubkToiseczLkobeCZiOSA
 IXddfsh84BrA0v6X/SjqoFbUfJfw3v+zD3Dk5RdsfAE
 -> ssh-ed25519 BVsyTA 9oRVFqCqPoQ35/u+Cg4dPkG4eXw7vSRaPwhel430TGE
 C54Ofc94lPFMGLljqY4Ag0AhM/MHWeZjZ6x1fmyMmqI
 -> ssh-ed25519 +3V2lQ 2g1xRrQZy30nCaDq6RtfXQfUchtD8oOnmGYX+A2venQ
 oop5rNpGKvTUOLGN2HGc7B63H/8XYrhO+XsCjsKfPgA
 --- cMgwwO4kfMX17njkjYczc4R6FVRwC+cpK37g2cFAapc
 È
`Ñ<>Xéø¶Ó“¡;êR…Vàâ]tbM"N4×Éa§êš/æI×pšBâ7Qòe‡MÑ
§ºÀnpÊ±£†ç2Å}Éz-R4E<34>‚(éÀN
--- a/secrets/delite-wg-private-key.age
+++ b/secrets/delite-wg-private-key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -21,6 +21,12 @@ let
  metronomKeys = [ metronom-host ];
  trinkgenossinKeys = [ trinkgenossin-host ];
  deliteKeys = [ delite-host ];
  blueshellKeys = [ blue-shell-host ];
  garageKeys = [
    trinkgenossin-host
    delite-host
@ -35,6 +41,9 @@ in
  "tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
  "flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
  "metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
  "trinkgenossin-wg-private-key.age".publicKeys = trinkgenossinKeys ++ adminKeys;
  "delite-wg-private-key.age".publicKeys = deliteKeys ++ adminKeys;
  "blue-shell-wg-private-key.age".publicKeys = blueshellKeys ++ adminKeys;
  "mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
  "mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
@ -100,4 +109,6 @@ in
  # garage
  "garage-rpc-secret.age".publicKeys = garageKeys ++ adminKeys;
  "garage-admin-token.age".publicKeys = garageKeys ++ adminKeys;
  "acme-namecheap-env.age".publicKeys = garageKeys ++ adminKeys;
 }
--- a/secrets/trinkgenossin-wg-private-key.age
+++ b/secrets/trinkgenossin-wg-private-key.age
@ -0,0 +1,43 @@
 age-encryption.org/v1
 -> ssh-ed25519 NID4eA Q3E8hBMDQRxoJx6UGzECMZmkffdgyYlhGaloKFNmxw0
 37DKT5sgmAEritSoPuW+O5dvjCH23pOAdFyJG0TnY6w
 -> ssh-ed25519 uYcDNw zgfSabCBntiTnc0fdfDzpkq/AwUXSpyvsA14gkatP3w
 tLbZDE6UB/xvC153mSGcGSSWKH+Ph1Ek5D+JTrWjzdk
 -> ssh-rsa f5THog
 0THw5q/Aa/wCzfqO/9YFBOvSfISS/O2cMHBlQ7NXzF2hlj+hzGjJeL2USmL8iZ7X
 YToH0oy8lreVRYxfi/LUMyg14hQf11hTekT/sKc8m5eBm+8WiHbWJsQJKdRg6WVO
 B2Ju+3QIZXBk7ajCIcVjgoJQy1JydXm5YQkZnI69icdtAEnYSEoVEpaPHkT7Et65
 UUC/eegltWFSeJl4bzgceVXO3VtszoG/KkL7ToT2WX2Hbnb4R3U8cWLOTr4I6hzM
 90h6mNaorm3bd5fysOoU3G531/eAqcC7QZQQGyCOEBBHgx0w32ZKpjqu8q8c/f0M
 VMOgE0JfK4/iB5E3dwGqRZ2G8iXu/cx0CQY98YAFCDOYExMsQzFXzqKq8KecVd+g
 vaj598KJFxYskwrkGNXwIds2lPCte3HIa9XcGeQ4svaLYdQw5zsSIF32zOwAbxRn
 1ABzp/T7V3BYyykJbeJi3UMoHUo3nsq75xClmXRnlTvQ7I0x62DrXdMNE9tJtqAF
 lVUeD7gKlDPmYMK0QKbxFHYTVbdJ3d7UbJUgb2SxHpm5I8J7Wx29p6gLN7+swdIg
 +y0Z8+qcABkeVHQ9OWwV0XYdMdLFovnc0pDAEvHL4rxv3E8W2Nv2mm0xW7I4HcG0
 h9uJ2lU4mn60YqBtso/cu+LzUHIPcHji5sRK8/qu+Tg
 -> ssh-rsa kFDS0A
 kXXvKZebwQLFofayT/0SFzdFl0e8xQbUJf+q47YHmPMlJY7nsQBs1fvmQsp7fsfW
 TRdh14uVImErEQsuqNYgYDR/jBUVtRkySOXde8Q9QM/CZwwR7NMu8P2vBzZ6uXKL
 amlZS8iYXWJKRgmxsgiONFZwfcB9TWhaDYsmeqFxV6ui2LGgtCBllttYzvyVNWZI
 NXMg0bbkLd+I2svBSBX/p8rECxq5gUmr8PB2k+yrHuXJvnR8Hop7YjvbrC2qSy5r
 6OOTButBV7cILTf03DPvd3f61uUqm/NapxN4UdEZDTmOYud2dF8Eqw+BCNIT2wZr
 /KD49ElPlcWM8cCxBGaSTTT66mP3FWwIcCZVfdVrhf//TN/SAo+lcoN7m/p9Uj0i
 Y5nM3JR7ZuiLHfXu+fTHBiWnWBtLkPYUDlGIGlFGinMQwi4CMqoUY7jROdjHuPkt
 S0VK2ViRxBB5Z5tQSnL02+TNsDd+CDURRiBgWfdmk1kkh9o2SrSiGcxCV03UVEaE
 4Q07ZjKJF9HeC6goK+QjSOvLHS2qHyJznUty7nAiAS+yPDlq6m13/dFTvFii7H2h
 UJ+5MJcVHLd6VQhzjmwTQXCrbTn/FI2LkZgR4HPRFDElkmnMUV1NU/2gkwm7Z0gu
 RaEAuYMoKZNBQ6eQgANst+LFA7ctwpz/d0PB8Gvjf6g
 -> piv-p256 vRzPNw AmCpZNeI8ggIr211niro2CalG6ELXYubjXj2J01eSwL+
 IPXLB01UKFj7tptbB7FmNbbjDGrqbEoizjNzzJvNsXs
 -> piv-p256 zqq/iw Auwb+rr9JfTX9VoTKaDobEGFPIwJZUFAMolG8SvZ5ix6
 +e5IWW7Sxy1T2F0Ykm1tKQIvGGJFODIrNdvrCKREvrI
 -> ssh-ed25519 YFSOsg 5Eeo3PIUgfRgPrY/eR6aps8UB2NNNr9YJswZ5mPj5Fk
 cN4Dwp+ZFN8UCptfVsAp3iGesYhry7umwGc77jom2Vo
 -> ssh-ed25519 iHV63A RMH4ezLwPxlf9cLgFlWSrGMDdlySpIr22O3Nr4ESgkg
 8Ll31aL8PCOFp5+TIhv7qYVzjnBMepWJSlT6PGBMtdM
 -> ssh-ed25519 BVsyTA 9yQZMVRpIitqx4ggP9pswC2VBmtKHR8FqIiLAq6wdCs
 g/dA5SXBUNyLFGuOEVwsPIu2sEyAS4y+5RlccymLfL0
 -> ssh-ed25519 +3V2lQ unqrENNB2tJvICc/nAi31TZ8c7ilbFreww51f/Mi4nQ
 y7QWtFtEUq8elK+Q2HxpGav3nx3dxDQd5ikn9DpIJ20
 --- SJo44grQsKFl8WMnva4kMp88kMZ9D3EWnm3mN0Oe15c
 ~°ÙìÚŒxÌ†Il`<60>u²”˜ôÿÁÙ@«Ž'B#ÅRaˆÙ£;«ã(»ÃÎïŠ<C3AF>Šò˜åŽ³&G3<Q<>sH‰ª~Gò)½¡®
--- a/terraform/dns.tf
+++ b/terraform/dns.tf
@ -24,6 +24,21 @@ resource "namecheap_domain_records" "pub-solar" {
    type     = "A"
    address  = "10.7.6.4"
  }
  record {
    hostname = "trinkgenossin.wg"
    type     = "A"
    address  = "10.7.6.5"
  }
  record {
    hostname = "delite.wg"
    type     = "A"
    address  = "10.7.6.6"
  }
  record {
    hostname = "blue-shell.wg"
    type     = "A"
    address  = "10.7.6.7"
  }
  record {
    hostname = "nachtigall.wg"
    type     = "AAAA"
@ -44,6 +59,21 @@ resource "namecheap_domain_records" "pub-solar" {
    type     = "AAAA"
    address  = "fd00:fae:fae:fae:fae:4::"
  }
  record {
    hostname = "trinkgenossin.wg"
    type     = "AAAA"
    address  = "fd00:fae:fae:fae:fae:5::"
  }
  record {
    hostname = "delite.wg"
    type     = "AAAA"
    address  = "fd00:fae:fae:fae:fae:6::"
  }
  record {
    hostname = "blue-shell.wg"
    type     = "AAAA"
    address  = "fd00:fae:fae:fae:fae:7::"
  }
  record {
    hostname = "flora-6"
    type     = "A"
@ -99,6 +129,51 @@ resource "namecheap_domain_records" "pub-solar" {
    type     = "A"
    address  = "80.71.153.210"
  }
  record {
    hostname = "buckets"
    type     = "A"
    address  = "85.215.152.22"
  }
  record {
    hostname = "buckets"
    type     = "A"
    address  = "5.255.119.132"
  }
  record {
    hostname = "buckets"
    type     = "A"
    address  = "194.13.83.205"
  }
  record {
    hostname = "buckets"
    type     = "AAAA"
    address  = "2a01:239:35d:f500::1"
  }
  record {
    hostname = "buckets"
    type     = "AAAA"
    address  = "2a04:52c0:124:9d8c::2"
  }
  record {
    hostname = "buckets"
    type     = "AAAA"
    address  = "2a03:4000:43:24e::1"
  }
  record {
    hostname = "*.buckets"
    type     = "CNAME"
    address  = "buckets.pub.solar."
  }
  record {
    hostname = "web"
    type     = "CNAME"
    address  = "buckets.pub.solar."
  }
  record {
    hostname = "*.web"
    type     = "CNAME"
    address  = "buckets.pub.solar."
  }
  record {
    hostname = "tankstelle"
    type     = "A"
Author	SHA1	Message	Date
teutat3s	d0c587d142	garage: add monitoring, connect to grafana + loki Some checks failed Flake checks / Check (pull_request) Failing after 22s Details https://garagehq.deuxfleurs.fr/documentation/reference-manual/monitoring/	2024-08-25 00:15:06 +02:00
teutat3s	d32abd7a7f	wireguard: add trinkgenossin, delite, blue-shell	2024-08-25 00:13:53 +02:00
teutat3s	15b507904f	garage: init buckets.pub.solar, use nginx as reverse proxy https://garagehq.deuxfleurs.fr/documentation/cookbook/reverse-proxy/	2024-08-24 21:48:48 +02:00