diff options
| -rw-r--r-- | cluster/prod/ssh_config | 2 | ||||
| -rw-r--r-- | cluster/staging/ssh_config | 4 | ||||
| -rw-r--r-- | nix/deuxfleurs.nix | 6 | ||||
| -rwxr-xr-x | upgrade_nixos | 2 |
4 files changed, 13 insertions, 1 deletions
diff --git a/cluster/prod/ssh_config b/cluster/prod/ssh_config index 8341a82..f63a335 100644 --- a/cluster/prod/ssh_config +++ b/cluster/prod/ssh_config @@ -1,4 +1,6 @@ UserKnownHostsFile ./cluster/prod/known_hosts +Host * + Port 110 Host concombre HostName concombre.machine.deuxfleurs.fr diff --git a/cluster/staging/ssh_config b/cluster/staging/ssh_config index e0e191a..dadd285 100644 --- a/cluster/staging/ssh_config +++ b/cluster/staging/ssh_config @@ -2,6 +2,10 @@ UserKnownHostsFile ./cluster/staging/known_hosts Host * Port 110 +Host caribou_v4 + Port 2234 + Hostname 78.192.88.164 + Host caribou HostName caribou.machine.staging.deuxfleurs.org diff --git a/nix/deuxfleurs.nix b/nix/deuxfleurs.nix index 1b9ae3d..43e8c91 100644 --- a/nix/deuxfleurs.nix +++ b/nix/deuxfleurs.nix @@ -421,6 +421,12 @@ in cfg.wireguardPort ]; + # Don't spam logs with refused connections + logRefusedConnections = false; + + # Use REJECT instead of DROP, to avoid timeouts (e.g. when trying to connect to the wrong SSH port) + rejectPackets = true; + # Allow specific hosts access to specific things in the cluster extraCommands = '' # Allow UDP packets comming from port 1900 from a local address, diff --git a/upgrade_nixos b/upgrade_nixos index 612a612..221ff54 100755 --- a/upgrade_nixos +++ b/upgrade_nixos @@ -3,7 +3,7 @@ if [ "$CLUSTER" = "staging" ]; then cmd nix-channel --add https://nixos.org/channels/nixos-24.05 nixos else - cmd nix-channel --add https://nixos.org/channels/nixos-23.11 nixos + cmd nix-channel --add https://nixos.org/channels/nixos-24.05 nixos fi cmd nix-channel --update |