loki, prometheus, promtail should connect via wireguard #200
|
@ -28,8 +28,10 @@
|
|||
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
||||
|
||||
networking.hosts = {
|
||||
teutat3s marked this conversation as resolved
Outdated
|
||||
"10.7.6.1" = [ "nachtigall.${config.pub-solar-os.networking.domain}" ];
|
||||
"10.7.6.2" = [ "flora-6.${config.pub-solar-os.networking.domain}" ];
|
||||
"10.7.6.1" = [ "nachtigall.wg.${config.pub-solar-os.networking.domain}" ];
|
||||
"10.7.6.2" = [ "flora-6.wg.${config.pub-solar-os.networking.domain}" ];
|
||||
"10.7.6.3" = [ "metronom.wg.${config.pub-solar-os.networking.domain}" ];
|
||||
"10.7.6.4" = [ "tankstelle.wg.${config.pub-solar-os.networking.domain}" ];
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
|
|
Loading…
Reference in a new issue
Is there a reason to move this into the global DNS? we can connect to other nodes in the network without DNS being available, so it might be nice to also have their local names without a DNS server being available.
As the commit message states, the goal is to avoid surprises. I find it very confusing to have the same DNS name resolve to different IP addresses depending what host you're on. It would be my preference to remove this for clarity.
But to get this straight: We have the internal "wg.pub.solar" hosts that would could additionally set statically via
networking.hosts
right? @teutat3sI tend to agree with @b12f about a possible fuckup because of broken DNS but the middle ground here would be to not have context based in relation to the host your on but cached dns entries. It creates a bit of additional maintenance work as we have to update both but that could be ruled out by mentioning it in the docs and hanging people for not RTFM.
I have no objections to setting
*.wg.pub.solar
in/etc/hosts
as well if you're suggesting that. Not sure if I understood your comment correctly, @hensoko.Better like this?
56f692740e
Yessss. @b12f also happy?