sans-self.org / infrastructure
this repo has no description
fork atom

Move knot Git SSH to port 22 and node management SSH to 22222

Swap SSH ports so Tangled knot gets the standard port 22 for git
operations, eliminating the need for ssh:// URI or custom port
config. Node management SSH moved to 22222 with SELinux policy
and Hetzner firewall rules updated accordingly.

sans-self.org f76645cc 243f5c19

+14 -5
+1
CHANGELOG.md
··· 15 15 - Update PDS to v0.4.208 for OAuth metadata support (#13) 16 16 17 17 ### Changed 18 + - Move node SSH to port 2222 and expose knot Git SSH on port 22 (#14) 18 19 - Update knot hostname from git.sans-self.org to knot.sans-self.org (#12) 19 20 - Deploy Tangled knot to k3s cluster (#11) 20 21 - Refactor backup cronjobs to share common rclone/SQLite logic (#10)
+13 -5
kube.tf
··· 31 31 # This is to keep Terraform from re-provisioning all nodes at once, which would lose data. If you want to update 32 32 # those, you should instead change the value here and manually re-provision each node. Grep for "lifecycle". 33 33 34 - # Customize the SSH port (by default 22) 35 - # ssh_port = 2222 34 + # Node management SSH on non-standard port; port 22 is used by Tangled knot 35 + ssh_port = 22222 36 36 37 37 # * Your ssh public key 38 38 ssh_public_key = file("./keypair/id_ed25519_homelab.pub") ··· 427 427 # Example: 428 428 # traefik_additional_ports = [{name = "example", port = 1234, exposedPort = 1234}] 429 429 430 - # Tangled knot SSH access (git clone ssh://git@knot.sans-self.org:2222/...) 431 - traefik_additional_ports = [{ name = "knot-ssh", port = 2222, exposedPort = 2222 }] 430 + # Tangled knot SSH access (git clone git@knot.sans-self.org:handle/repo) 431 + traefik_additional_ports = [{ name = "knot-ssh", port = 22, exposedPort = 22 }] 432 432 433 433 # If you want to configure additional trusted IPs for traefik, enter them here as a list of IPs (strings). 434 434 # Example for Cloudflare: ··· 657 657 # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall 658 658 extra_firewall_rules = [ 659 659 { 660 + description = "Node management SSH" 661 + direction = "in" 662 + protocol = "tcp" 663 + port = "22222" 664 + source_ips = ["0.0.0.0/0", "::/0"] 665 + destination_ips = [] 666 + }, 667 + { 660 668 description = "Tangled knot Git SSH" 661 669 direction = "in" 662 670 protocol = "tcp" 663 - port = "2222" 671 + port = "22" 664 672 source_ips = ["0.0.0.0/0", "::/0"] 665 673 destination_ips = [] 666 674 }