From 5382bf72517bdf95947db9254ab7617c7f74dbaa Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Fri, 6 Feb 2026 11:49:43 -0600 Subject: [PATCH] vps known_host for lidarr_mb_gap --- hosts/server/configuration.nix | 2 +- specs/004-vps-migration/quickstart.md | 4 ++-- specs/004-vps-migration/spec.md | 2 +- specs/004-vps-migration/tasks.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index c1964c2..dda80d9 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -121,7 +121,7 @@ in config.my.ips.vps "[${config.my.ips.vps}]:3456" ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvtTURGBtAFXxxfzMJVoNJrtWLykOloJ5XYjxGh1OUx"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP"; }; }; }; diff --git a/specs/004-vps-migration/quickstart.md b/specs/004-vps-migration/quickstart.md index 6e572c0..36bddfe 100644 --- a/specs/004-vps-migration/quickstart.md +++ b/specs/004-vps-migration/quickstart.md @@ -22,7 +22,7 @@ - Apply nftables/NixOS firewall rules derived from the iptables reference - Enable wireguard on VPS and expose port - Add service users and admin SSH keys - - Update VPS public IP to `45.33.0.228` in SSH configuration + - Update VPS public IP to `45.79.25.87` in SSH configuration - Update host server VPN client to target the new VPS 4. Provide and review legacy proxy config snapshot: @@ -82,7 +82,7 @@ - **T002**: verify this section exists in `/home/jawz/Development/NixOS/specs/004-vps-migration/quickstart.md` - **T003**: `rg -n "mainServer|enableProxy" hosts/server/toggles.nix modules/modules.nix` - **T004**: `rg -n "wireguard|wg0|services.wireguard" modules/services/wireguard.nix hosts/vps/configuration.nix` -- **T005**: `rg -n "vps|45.33.0.228|programs.ssh" config/jawz.nix modules/modules.nix` +- **T005**: `rg -n "vps|45.79.25.87|programs.ssh" config/jawz.nix modules/modules.nix` - **T006**: `rg -n "/etc/caddy/Caddyfile.d" sudo_hist jawz_hist` - **T007**: `rg -n 'mainServer = "vps"' hosts/server/toggles.nix modules/modules.nix` - **T008**: `rg -n "enableProxy = true" hosts/vps/toggles.nix hosts/vps/configuration.nix hosts/server/toggles.nix` diff --git a/specs/004-vps-migration/spec.md b/specs/004-vps-migration/spec.md index dc069f8..92e9f2c 100644 --- a/specs/004-vps-migration/spec.md +++ b/specs/004-vps-migration/spec.md @@ -46,7 +46,7 @@ I need you to create the service users and groups for deploy and lidarr-reports. in those, I need you to add ./secrets/ssh/ed25519_deploy.pub to authorized_keys for the user deploy and for lidarr-reports ed25519_lidarr-reports.pub -6. similar to every other host, add ssh login authorized_keys for workstation, server, deacero, galaxy and check if Im missing one. Because this will replace the ssh vps on the ssh config, you need to replace the existing vps ip with 45.33.0.228. 7. change the configuration on the host server, so that its wireguard session, connects to this server (i think will ve done automagically when the ip changes right?) 8. Ive added sudo_hist and jawz_hist, which are a dump of the histfile of this server, just check if there is a configuration that Im missing, something I did on there that I missed, and add it to the clarification list, so when I run clarify I tell you if I want that or not, granted lots of those commands are trial and error, so I think I have everything. 9. I have setup a plausible server, write the steps necesary to migrate it, I dont know. +6. similar to every other host, add ssh login authorized_keys for workstation, server, deacero, galaxy and check if Im missing one. Because this will replace the ssh vps on the ssh config, you need to replace the existing vps ip with 45.79.25.87. 7. change the configuration on the host server, so that its wireguard session, connects to this server (i think will ve done automagically when the ip changes right?) 8. Ive added sudo_hist and jawz_hist, which are a dump of the histfile of this server, just check if there is a configuration that Im missing, something I did on there that I missed, and add it to the clarification list, so when I run clarify I tell you if I want that or not, granted lots of those commands are trial and error, so I think I have everything. 9. I have setup a plausible server, write the steps necesary to migrate it, I dont know. 10. add verification steps for every task we did, when youre done and" diff --git a/specs/004-vps-migration/tasks.md b/specs/004-vps-migration/tasks.md index 3f4155a..453c947 100644 --- a/specs/004-vps-migration/tasks.md +++ b/specs/004-vps-migration/tasks.md @@ -54,7 +54,7 @@ Deliver MVP as User Story 1 (primary host reverse proxy + keep services on host - [x] T017 [US3] Configure sshd port and auth settings in hosts/vps/configuration.nix to match: Port 3456, PermitRootLogin no, PasswordAuthentication no - [x] T018 [US3] Harden remote rebuild access by switching to a non-root SSH user for rebuilds (nixremote) and requiring sudo for nixos-rebuild in hosts/vps/configuration.nix and modules/users/nixremote.nix - [x] T019 [US3] Restrict SSH access for remote rebuilds by limiting allowed users/keys for nixremote (update inputs.self.lib.getSshKeys list in hosts/vps/configuration.nix) -- [x] T020 [US3] Update VPS IP to 45.33.0.228 in modules/modules.nix and config/jawz.nix SSH host entry +- [x] T020 [US3] Update VPS IP to 45.79.25.87 in modules/modules.nix and config/jawz.nix SSH host entry - [x] T021 [US3] Update host server wireguard client configuration in hosts/server/configuration.nix to target the new VPS endpoint ## Phase 6: User Story 4 (P3) - Migration gaps and verification