Radish alpha
r
radicle-infra
rad:z254T5p17bdFPmzfDojsdjo4HjpoZ
Radicle Infrastructure as Code (NixOS, OpenTofu, …)
Radicle
Git
Commits 4103847
os/radicle: Also use high ports
Lorenz Leutgeb committed 6 months ago
commit 4103847eac222a1f5003222705499c60af642a4c
parent a18161b
6 files changed +21 -7
modified dns/dnsconfig.js
@@ -53,6 +53,7 @@ D("radicle.xyz", REG_NONE, DnsProvider(DSP_CLOUDFLARE),


    PTR("_radicle-node._tcp", "iris._radicle-node._tcp.radicle.xyz."),

    SRV("iris._radicle-node._tcp", 32767, 32767, 8776, "iris.radicle.xyz."),
+ 
    SRV("iris._radicle-node._tcp", 32767, 32767, 58776, "iris.radicle.xyz."),

    TXT("iris._radicle-node._tcp", "\"nid=z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7\""),
@@ -65,6 +66,7 @@ D("radicle.xyz", REG_NONE, DnsProvider(DSP_CLOUDFLARE),


    PTR("_radicle-node._tcp", "rosa._radicle-node._tcp.radicle.xyz."),

    SRV("rosa._radicle-node._tcp", 32767, 32767, 8776, "rosa.radicle.xyz."),
+ 
    SRV("rosa._radicle-node._tcp", 32767, 32767, 58776, "rosa.radicle.xyz."),

    TXT("rosa._radicle-node._tcp", "\"nid=z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo\""),
@@ -87,6 +89,7 @@ D("radicle.xyz", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
    // LOC("seed", "60 20 36.488 N 25 01 48.587 E 46m 10m 100m 100m"),

    PTR("_radicle-node._tcp", "seed._radicle-node._tcp.radicle.xyz."),

    SRV("seed._radicle-node._tcp", 32767, 32767, 8776, "seed.radicle.xyz."),
+ 
    SRV("seed._radicle-node._tcp", 32767, 32767, 58776, "seed.radicle.xyz."),

    TXT("seed._radicle-node._tcp", "\"nid=z6MksmpU5b1dS7oaqF2bHXhQi1DWy2hB7Mh9CuN7y1DN6QSz\""),
modified os/host/iris/radicle.nix
@@ -19,7 +19,7 @@
  services.radicle = {

    httpd.nginx.serverAliases = ["seed.radicle.garden"];

    settings.node.externalAddresses = lib.mkAfter [
- 
      "irisradizskwweumpydlj4oammoshkxxjur3ztcmo7cou5emc6s5lfid.onion:8776"
+ 
      "irisradizskwweumpydlj4oammoshkxxjur3ztcmo7cou5emc6s5lfid.onion:58776"

    ];

  };

}
modified os/host/rosa/radicle.nix
@@ -19,7 +19,7 @@
  services.radicle = {

    httpd.nginx.serverAliases = ["ash.radicle.garden"];

    settings.node.externalAddresses = lib.mkAfter [
- 
      "rosarad5bxgdlgjnzzjygnsxrwxmoaj4vn7xinlstwglxvyt64jlnhyd.onion:8776"
+ 
      "rosarad5bxgdlgjnzzjygnsxrwxmoaj4vn7xinlstwglxvyt64jlnhyd.onion:58776"

    ];

  };

}
modified os/host/seed/radicle.nix
@@ -16,6 +16,6 @@
  };



  services.radicle.settings.node.externalAddresses = lib.mkAfter [
- 
    "seedradanrg2oje34eyidx4z63gpuakgaedaetvt7xxw5whv6qnexmid.onion:8776"
+ 
    "seedradanrg2oje34eyidx4z63gpuakgaedaetvt7xxw5whv6qnexmid.onion:58776"

  ];

}
modified os/mixin/radicle.nix
@@ -4,21 +4,29 @@
  lib,

  ...

}: {
+ 
  networking.firewall.allowedTCPPorts = [
+ 
    8776 # radicle-node
+ 
    58776 # radicle-node
+ 
  ];
+ 


  services.radicle = {

    enable = true;

    package = pkgs.radicle-node-overlay;

    privateKeyFile = "/etc/ssh/ssh_host_ed25519_key";

    publicKey = "/etc/ssh/ssh_host_ed25519_key.pub";
+
+ 
    node.extraArgs = [ "--listen" "[::]:58776" ];
+ 


    settings = {

      node = {

        alias = config.networking.fqdn;

        externalAddresses = lib.mkBefore [
- 
          "${config.networking.fqdn}:8776"
+ 
          "${config.networking.fqdn}:58776"

        ];

        connect = [
- 
          "z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@rosa.radicle.xyz:8776"
- 
          "z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@iris.radicle.xyz:8776"
- 
          "z6MksmpU5b1dS7oaqF2bHXhQi1DWy2hB7Mh9CuN7y1DN6QSz@seed.radicle.xyz:8776"
+ 
          "z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@rosa.radicle.xyz:58776"
+ 
          "z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@iris.radicle.xyz:58776"
+ 
          "z6MksmpU5b1dS7oaqF2bHXhQi1DWy2hB7Mh9CuN7y1DN6QSz@seed.radicle.xyz:58776"

        ];

        peers.type = "dynamic";

        db.journalMode = "wal";
@@ -58,4 +66,6 @@
      };

    };

  };
+
+ 
  systemd.services.radicle-node.serviceConfig.SocketBindAllow = ["tcp:58776"];

}
modified os/mixin/tor.nix
@@ -20,6 +20,7 @@ in {
        "radicle" = {

          map = [

            {port = 8776;}
+ 
            {port = 58776;}

          ];

          secretKey = config.sops.secrets.${secret}.path;

        };