From 38929646bfd35568000d052277e37ca66011bc99 Mon Sep 17 00:00:00 2001 From: Maximilien Richer Date: Mon, 10 Feb 2025 11:06:24 +0100 Subject: [PATCH] Move ssh to port 110, update nomad to 1.7 --- cluster/staging/cluster.nix | 4 ++-- cluster/staging/node/df-pw5.nix | 2 +- cluster/staging/node/origan.nix | 2 +- cluster/staging/node/piranha.nix | 2 +- cluster/staging/ssh_config | 2 ++ nix/configuration.nix | 1 + nix/deuxfleurs.nix | 4 ++-- 7 files changed, 10 insertions(+), 7 deletions(-) diff --git a/cluster/staging/cluster.nix b/cluster/staging/cluster.nix index 8a71424..e928824 100644 --- a/cluster/staging/cluster.nix +++ b/cluster/staging/cluster.nix @@ -100,8 +100,8 @@ ## ===== EXPERIMENTAL SECTION FOR STAGING CLUSTER ===== - # Test nomad 1.6 - services.nomad.package = pkgs.nomad_1_6; + # Test nomad 1.7 + services.nomad.package = pkgs.nomad_1_7; nixpkgs.config.allowUnfree = true; # Accept nomad's BSL license # We're doing lots of experiments so GC periodically is usefull. diff --git a/cluster/staging/node/df-pw5.nix b/cluster/staging/node/df-pw5.nix index 45f392f..1d3394b 100644 --- a/cluster/staging/node/df-pw5.nix +++ b/cluster/staging/node/df-pw5.nix @@ -14,5 +14,5 @@ deuxfleurs.staticIPv6.address = "2a02:a03f:6510:5102:223:24ff:feb0:e8a7"; deuxfleurs.isRaftServer = true; - system.stateVersion = "22.11"; + system.stateVersion = "24.05"; } diff --git a/cluster/staging/node/origan.nix b/cluster/staging/node/origan.nix index 2cc4791..a95c136 100644 --- a/cluster/staging/node/origan.nix +++ b/cluster/staging/node/origan.nix @@ -10,5 +10,5 @@ deuxfleurs.staticIPv6.address = "2a01:e0a:5e4:1d0:223:24ff:feaf:fdec"; deuxfleurs.isRaftServer = true; - system.stateVersion = "22.11"; + system.stateVersion = "24.05"; } diff --git a/cluster/staging/node/piranha.nix b/cluster/staging/node/piranha.nix index 2dc0677..e63c47c 100644 --- a/cluster/staging/node/piranha.nix +++ b/cluster/staging/node/piranha.nix @@ -12,5 +12,5 @@ deuxfleurs.staticIPv4.address = "192.168.5.25"; deuxfleurs.staticIPv6.address = "2001:912:1ac0:2200::25"; - system.stateVersion = "22.11"; + system.stateVersion = "24.05"; } diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config index 4f38f47..fcf49ec 100644 --- a/cluster/staging/ssh_config +++ b/cluster/staging/ssh_config @@ -1,4 +1,6 @@ UserKnownHostsFile ./cluster/staging/known_hosts +Host * + Port 110 Host caribou #HostName caribou.machine.deuxfleurs.fr diff --git a/nix/configuration.nix b/nix/configuration.nix index 68751a2..4eb701b 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -77,6 +77,7 @@ SystemMaxUse=1G # Enable the OpenSSH daemon and disable password login. services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; + services.openssh.ports = [ 110 ]; virtualisation.docker = { enable = true; diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 45a64c0..1b9ae3d 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -412,8 +412,8 @@ in enable = true; allowedTCPPorts = [ - # Allow anyone to connect on SSH port - (head ({ openssh.ports = [22]; } // config.services).openssh.ports) + # Allow anyone to connect on SSH port on tcp/110, port 22 is used by forgejo + (head ({ openssh.ports = [ 110 ]; } // config.services).openssh.ports) ]; allowedUDPPorts = [