Commit 2c2e23e554be

Vincent Demeester <vincent@sbr.pm>
2026-04-13 22:54:37
fix: disable push-home-ip on athena
SSH keys missing on athena, service fails on auth to carthage. Disabled until keys are set up.
main
1 parent 279b186
Changed files (1)
systems
athena
extra.nix
systems/athena/extra.nix
@@ -1,5 +1,4 @@
 {
-  pkgs,
   ...
 }:
 {
@@ -14,41 +13,42 @@
   # Push home public IP to carthage for fail2ban whitelisting
   # Carthage has a systemd path unit that watches /var/lib/fail2ban/home-ip.txt
   # and dynamically updates fail2ban ignoreip when it changes.
-  systemd.services.push-home-ip = {
-    description = "Push home public IP to carthage for fail2ban whitelist";
-    serviceConfig = {
-      Type = "oneshot";
-      User = "vincent";
-      Group = "users";
-    };
-    path = with pkgs; [
-      curl
-      openssh
-      coreutils
-    ];
-    script = ''
-      set -euo pipefail
-      IP=$(curl -sf --max-time 10 https://ifconfig.me || curl -sf --max-time 10 https://icanhazip.com || exit 1)
-      IP=$(echo "$IP" | tr -d '[:space:]')
-      if [ -z "$IP" ]; then
-        echo "Failed to get public IP"
-        exit 1
-      fi
-      echo "Home public IP: $IP"
-      echo "$IP" | ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 carthage.vpn "cat > /var/lib/fail2ban/home-ip.txt"
-      echo "Pushed IP to carthage"
-    '';
-  };
-
-  systemd.timers.push-home-ip = {
-    description = "Push home public IP to carthage every 5 minutes";
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnBootSec = "1min";
-      OnUnitActiveSec = "5min";
-      RandomizedDelaySec = "30s";
-    };
-  };
+  # TODO: disabled — needs SSH key setup on athena (see org TODO)
+  # systemd.services.push-home-ip = {
+  #   description = "Push home public IP to carthage for fail2ban whitelist";
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "vincent";
+  #     Group = "users";
+  #   };
+  #   path = with pkgs; [
+  #     curl
+  #     openssh
+  #     coreutils
+  #   ];
+  #   script = ''
+  #     set -euo pipefail
+  #     IP=$(curl -sf --max-time 10 https://ifconfig.me || curl -sf --max-time 10 https://icanhazip.com || exit 1)
+  #     IP=$(echo "$IP" | tr -d '[:space:]')
+  #     if [ -z "$IP" ]; then
+  #       echo "Failed to get public IP"
+  #       exit 1
+  #     fi
+  #     echo "Home public IP: $IP"
+  #     echo "$IP" | ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 carthage.vpn "cat > /var/lib/fail2ban/home-ip.txt"
+  #     echo "Pushed IP to carthage"
+  #   '';
+  # };
+  #
+  # systemd.timers.push-home-ip = {
+  #   description = "Push home public IP to carthage every 5 minutes";
+  #   wantedBy = [ "timers.target" ];
+  #   timerConfig = {
+  #     OnBootSec = "1min";
+  #     OnUnitActiveSec = "5min";
+  #     RandomizedDelaySec = "30s";
+  #   };
+  # };
 
   # Age secrets for imapfilter
   age.secrets."icloud-vdemeester-password" = {