Commit graph

6 commits

Author SHA1 Message Date
Vincent Ambo
8cdad7d45c feat(ops): introduce (head|tail)scale server at net.tvl.fyi
This runs a headscale server on sanduny which lets users join their
machines to the TVL tailscale network.

This would theoretically let people communicate with each other on the
internal network, but also more notably joined servers can advertise
exit node capability so that we can have our own "VPN network", for
starters with endpoints in Germany, UK and Russia (whitby, sanduny and
koptevo respectively).

This setup isn't fully stable yet, notably:

* The IP range used by tailscale is just the default one right now,
  I'm not sure if that should be changed or what.

* The system is stateful (on sanduny), but the state is not (yet)
  backed up anywhere. Use with caution.

* Machine joining is a manual process requiring SSH & root access to
  sanduny.

  The process is to log in to sanduny, then get a headscale shell with
  `sudo -u headscale bash`, and to use the `headscale` CLI within
  there to administrate access.

  I've opted to create a user account `tvl` for TVL-owned machines,
  and a personal account for myself and my machines.

Change-Id: I4f1be1fe8062a6c2e77203ff72fe8709f4e4dec8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8837
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
2023-06-22 13:23:14 +00:00
Vincent Ambo
507cd85264 feat(tazjin/koptevo): deploy tgsa
The main instance is still running on polyanka, but things are moving
in this direction.

Change-Id: Idfa9e508023c05148003ac4621ae01dceb284c66
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8827
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-06-18 12:43:15 +00:00
Vincent Ambo
fe3a8e08a4 feat(tazjin/koptevo): move some of my sites here
Change-Id: Ie7c55ee286d2a1ebcc623374fb02775ed8dfbb58
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8789
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: tazjin <tazjin@tvl.su>
2023-06-15 21:34:36 +00:00
Vincent Ambo
9bec557b33 feat(tazjin/koptevo): provision certificate (for quassel)
With this commit, Quassel becomes operative on koptevo.

Change-Id: Ic877c5bb1525cf5288b0091cb0cd1328b5276264
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8788
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-15 21:34:36 +00:00
Vincent Ambo
e4fee75add chore(tazjin/koptevo): fix some initial growing pains
Change-Id: I614bba9e28ca789d2e641391ccf3bdbc6ff95dd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8785
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
2023-06-15 21:34:36 +00:00
Vincent Ambo
a5e308587e feat(tazjin/nixos): initialise koptevo system
This is the "new polyanka" (eventually), as I'm decommissioning that
host slowly.

Change-Id: Ia0fe664f3bf64513d8177434c6c0fface857cd99
Reviewed-on: https://cl.tvl.fyi/c/depot/+/8783
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
2023-06-15 19:16:57 +00:00