Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2023-09-28 23:22:59 +0200
committer: makefu <github@syntax-fehler.de> 2023-09-28 23:22:59 +0200
commit: 2db6777b7caa37477c5ffddd99d69b2f2c6d9d7f (patch)
tree: a72905fad73089b7ab295a948eda837bad013362 /kartei
parent: 29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (diff)
parent: 0215fbddccf206801d94f52518cbfec91ccc3cc5 (diff)
18 files changed, 89 insertions, 90 deletions
diff --git a/kartei/Ra33it0/default.nix b/kartei/Ra33it0/default.nix
new file mode 100644
index 000000000..64e40182a
--- /dev/null
+++ b/kartei/Ra33it0/default.nix
@@ -0,0 +1,30 @@
+{ config, lib, ... }: let
+  slib = import ../../lib/pure.nix { inherit lib; };
+in {
+  users.Ra33it0 = {
+    mail = "Ra33it0@posteo.net";
+  };
+  hosts.DUMMYHOST = {
+    owner = config.krebs.users.Ra33it0;
+    nets.retiolum = {
+      aliases = [ "Ra33it0.Ra33it0.r" ];
+      ip6.addr = (slib.krebs.genipv6 "retiolum" "Ra33it0" { hostName = "unispore"; }).address;
+      tinc.pubkey = ''
+        -----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA6Cb+b+snYpsQv1J0yMPSL4P0iKs2EkDtqtt6kBOvqFTr2lRB2thp
+mu9fRbz/CFmcvFXoEMWQEEkKcyhgJEola2+7Ra49iMNX55o/I0iZ499ZI5rIK/JG
++A60ijPCh5TSGYIMiD7VWRsxoAtzB1DZ6n4z94KN0wQB5dXKuLPjk/TDfJPuzMrS
+J5k9uSyBKcRdW2iop78wNOnYO8NVd9wr6odUBc/L5J0krDU2gLGRGJGDfoW4zfly
+5DwtY58DBCZS7uFAymKBdvEBUzj7/wD0B2Jfq/EUOdEKeFbP2G4fdOTQBuXGDqMi
+dqufCy2cK3AOi5l3VaC2LfkCMztRBPzryY8+EcfjgqENBPCx55GBZDrtn/W+29S7
+ynMfI+1e8TntpFGLhuJXyl9//rG68tvYUED5MQ98OXViiffW7lBo7i5TCck3f9Cv
+CWYM/HzSffzztK8bF0DwhdWzjtNcwZ05XfA2krGZyMj9UxpwN84o1syCnnYC1Xzg
+4r48fUhubXXE4SbdnN68pCNCct9DT8exPeYeJL2FHi6s+EsfBY+NGEAaQGJTeQEW
+zUSnX/txoZV6xGUKZ4iOgfQ4MBCVVdtPAaurNP/esVwOr0WF0DTuBDPGBaOqo+Us
+Ef5cREwrCE8nEY8tu3xl4M9iuCTwBuT79YFhfNI3jr1lcg6f8wGaTYsCAwEAAQ==
+        -----END RSA PUBLIC KEY-----
+      '';
+      tinc.pubkey_ed25519 = "cFCAfLbDYv/Ty3m34aHgHr1dXGp2DSwfP0K7GG1TA7D";
+    };
+  };
+}
diff --git a/kartei/berber/default.nix b/kartei/berber/default.nix
new file mode 100644
index 000000000..e4084054a
--- /dev/null
+++ b/kartei/berber/default.nix
@@ -0,0 +1,30 @@
+{ config, lib, ... }: let
+  slib = import ../../lib/pure.nix { inherit lib; };
+in {
+  users.berber = {
+    mail = "berber@zmberber.com";
+  };
+  hosts.schlepptop = {
+    owner = config.krebs.users.berber;
+    nets.retiolum = {
+      aliases = [ "schlepptop.berber.r" ];
+      ip6.addr = (slib.krebs.genipv6 "retiolum" "berber" { hostName = "schlepptop"; }).address;
+      tinc.pubkey = ''
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAsotvQWb0zgZzHQheM2LBMCyxYZ4JqWcpLkfz8nvLJl6wktEWz8IH
+7hkc9qjrvR0jLecO79PzFaF9n6h47OBMhJC2BzJJJys0iiOUcjWpMtLGUZTy2M83
+Wtfz8YuY0zMJmnt63cVFpEsorj2v99YmYxQww8IU1iSpxotNx1hED/3dEN44qqlL
+/aYRrnuFb/UOMxTcanpezJRqgqQpXBmlXYM0uE/uqUOWxHpWtQB5DsMf3s3YET/j
+N7yp8DStlAqRruWS52GtWqnqXTgRBjqcIdGvmSRP0ZsHEEXk7du7icAlo1ZdGDQ1
+BXo1LTeiKr7Ujb7f5Kz/aq0+xZsODXVjYwiS5ZuZvHO+YD0/eDD4YwQyCovJDNRS
+1GEkOBcE3acVn55ygg27PiRdm4FLbPoEL8t6CpgUCFVt1LTuuu/h++8WrbR4ggVp
+A8/5xmcUPd0DtWk9Uj++3ZW1PmPLnMtTFuUSkzLv1rdfCHgtQbTcTSEXByaizKlp
+CZdCSZjQnycBhPRW56ySWX3du38MNeAAlwGfXUjt4lOQsFiPs55MAedN9/JoTQCp
+2uJ+oy2I2zPWxt03e/3WW8eD0csTiSA4c/KRCtHKr9DCaT83Lmal52ztwmxzXhzU
+Aa8Zk+rzxj+e48Lab8COzOuqUyWYruxsFoM4BumEfmNOBrkXKCPjVokCAwEAAQ==
+-----END RSA PUBLIC KEY-----
+      '';
+      tinc.pubkey_ed25519 = "soXXSBhFM1/V7otecSzUIwTT4Zpn4DLyJ5B5p7Euz/B";
+    };
+  };
+}
diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix
index bbf6a74f8..6c5c86ead 100644
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -77,6 +77,7 @@ in {
           aliases = [
             "hotdog.r"
             "agenda.r"
+            "bedge.r"
             "kri.r"
             "build.r"
             "build.hotdog.r"
diff --git a/kartei/lass/echelon.nix b/kartei/lass/echelon.nix
deleted file mode 100644
index d66033ba4..000000000
--- a/kartei/lass/echelon.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ r6, w6, ... }:
-{
-  nets = {
-    retiolum = {
-      ip4.addr = "10.243.0.3";
-      ip6.addr = r6 "4";
-      aliases = [
-        "echelon.r"
-      ];
-      tinc = {
-        pubkey = ''
-          -----BEGIN PUBLIC KEY-----
-          MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp
-          1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A
-          MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe
-          UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V
-          rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez
-          gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO
-          c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna
-          dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze
-          ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D
-          KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq
-          GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr
-          43jjLL40ONdFxX7qW/DhT9MCAwEAAQ==
-          -----END PUBLIC KEY-----
-        '';
-        pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB";
-      };
-    };
-    wiregrill = {
-      ip6.addr = w6 "3";
-      aliases = [
-        "echelon.w"
-      ];
-      wireguard.pubkey = ''
-        SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc=
-      '';
-    };
-  };
-  ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd ";
-  syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ";
-}
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix
index ecb56264f..a44e120b2 100644
--- a/kartei/lass/prism.nix
+++ b/kartei/lass/prism.nix
@@ -37,6 +37,8 @@ rec {
       mail                60 IN A      ${nets.internet.ip4.addr}
       mail                60 IN AAAA   ${nets.internet.ip6.addr}
       flix                60 IN A      ${nets.internet.ip4.addr}
+      flex                60 IN A      ${nets.internet.ip4.addr}
+      flux                60 IN A      ${nets.internet.ip4.addr}
       testing             60 IN A      ${nets.internet.ip4.addr}
       schrott             60 IN A      ${nets.internet.ip4.addr}
     '';
@@ -66,7 +68,6 @@ rec {
         "cache.prism.r"
         "cgit.prism.r"
         "bota.r"
-        "flix.r"
         "paste.r"
         "c.r"
         "p.r"
diff --git a/kartei/lass/yellow.nix b/kartei/lass/yellow.nix
index b9dcb008c..1873e02dc 100644
--- a/kartei/lass/yellow.nix
+++ b/kartei/lass/yellow.nix
@@ -7,6 +7,7 @@
       aliases = [
         "yellow.r"
         "jelly.r"
+        "flix.r"
         "radar.r"
         "sonar.r"
         "transmission.r"
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index 646e6a834..785ec14eb 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -51,7 +51,7 @@
       ssh.pubkey = readFile pubkey-path;
       # We assume that if the sshd pubkey exits then there must be a privkey in
       # the screts store as well
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.privkey.path = "${config.krebs.secret.directory}/ssh_host_ed25519_key";
     })
     host
   ];
diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix
index 2f23324cc..e81bdd32b 100644
--- a/kartei/tv/default.nix
+++ b/kartei/tv/default.nix
@@ -43,7 +43,7 @@ in {
         })
         (host: mkIf (host.config.ssh.pubkey != null) {
           ssh.privkey = mapAttrs (const mkDefault) {
-            path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}";
+            path = "${config.krebs.secret.directory}/ssh.id_${host.config.ssh.privkey.type}";
             type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
           };
         })
diff --git a/kartei/tv/hosts/alnus.nix b/kartei/tv/hosts/alnus.nix
index e66236f1f..099f3c741 100644
--- a/kartei/tv/hosts/alnus.nix
+++ b/kartei/tv/hosts/alnus.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.21.1";
diff --git a/kartei/tv/hosts/au.nix b/kartei/tv/hosts/au.nix
index 44279b687..c897f9cb1 100644
--- a/kartei/tv/hosts/au.nix
+++ b/kartei/tv/hosts/au.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.13.39";
diff --git a/kartei/tv/hosts/bu.nix b/kartei/tv/hosts/bu.nix
index cbdf5af22..ca544c912 100644
--- a/kartei/tv/hosts/bu.nix
+++ b/kartei/tv/hosts/bu.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.13.36";
diff --git a/kartei/tv/hosts/mu.nix b/kartei/tv/hosts/mu.nix
index e10694ec1..4fb7165f6 100644
--- a/kartei/tv/hosts/mu.nix
+++ b/kartei/tv/hosts/mu.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.20.1";
diff --git a/kartei/tv/hosts/nomic.nix b/kartei/tv/hosts/nomic.nix
index 7c46dc40a..ebb0edcf5 100644
--- a/kartei/tv/hosts/nomic.nix
+++ b/kartei/tv/hosts/nomic.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.0.110";
diff --git a/kartei/tv/hosts/querel.nix b/kartei/tv/hosts/querel.nix
index 6b9b9881b..805eeab94 100644
--- a/kartei/tv/hosts/querel.nix
+++ b/kartei/tv/hosts/querel.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.22.22";
diff --git a/kartei/tv/hosts/ru.nix b/kartei/tv/hosts/ru.nix
index 334df5d07..d1a2be276 100644
--- a/kartei/tv/hosts/ru.nix
+++ b/kartei/tv/hosts/ru.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.13.42";
diff --git a/kartei/tv/hosts/xu.nix b/kartei/tv/hosts/xu.nix
index e943915e4..7361092b7 100644
--- a/kartei/tv/hosts/xu.nix
+++ b/kartei/tv/hosts/xu.nix
@@ -2,7 +2,6 @@
   binary-cache = {
     pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
   };
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.13.38";
diff --git a/kartei/tv/hosts/zu.nix b/kartei/tv/hosts/zu.nix
index 91270d57e..c40de32a1 100644
--- a/kartei/tv/hosts/zu.nix
+++ b/kartei/tv/hosts/zu.nix
@@ -1,5 +1,4 @@
 {
-  ci = true;
   nets = {
     retiolum = {
       ip4.addr = "10.243.13.40";
diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix
index 153f75aa8..370d583e2 100644
--- a/kartei/xkey/default.nix
+++ b/kartei/xkey/default.nix
@@ -28,17 +28,34 @@ in
   };
   hosts = mapAttrs hostDefaults {
     aland = {
-      nets.wiregrill = {
-        ip4.addr = "10.244.12.34";
-        aliases = [ "aland.xkey.w" ];
-        wireguard.pubkey = "m2IymGYQiRma2cyZbwRsOw1rCpB5ZdFkfYII1hnHzGE=";
+     nets = {
+       retiolum = {
+         ip4.addr = "10.243.23.42";
+         aliases = [ "aland.r" ];
+         tinc.pubkey = ''
+           -----BEGIN RSA PUBLIC KEY-----
+           MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
+           B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
+           HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
+           Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
+           lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+           +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
+           3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
+           vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
+           HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
+           XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
+           yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
+           -----END RSA PUBLIC KEY-----
+         '';
+         tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
+        };
       };
     };
     catalonia = {
       nets = {
        retiolum = {
          ip4.addr = "10.243.13.12";
-         aliases = [ "catalonia.xkey.r" ];
+         aliases = [ "catalonia.r" ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
            MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
@@ -58,41 +75,11 @@ in
         };
       };
     };
-    cybercube = {
-      nets.wiregrill = {
-        aliases = [ "cybercube.xkey.w" ];
-        wireguard.pubkey = "ZPOCyThKQUlR/gPFWoJ4XICHYFMNtI70XH+y5v2f6VQ=";
-      };
-    };
-    rojava = {
-     nets = {
-       retiolum = {
-         ip4.addr = "10.243.23.42";
-         aliases = [ "rojava.xkey.r" ];
-         tinc.pubkey = ''
-           -----BEGIN RSA PUBLIC KEY-----
-           MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
-           B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
-           HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
-           Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
-           lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
-           +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
-           3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
-           vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
-           HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
-           XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
-           yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
-           -----END RSA PUBLIC KEY-----
-         '';
-         tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
-        };
-      };
-    };
     sicily = {
      nets = {
        retiolum = {
          ip4.addr = "10.243.161.1";
-         aliases = [ "sicily.xkey.r" "mukke.r" "bie.r" ];
+         aliases = [ "sicily.r" "mukke.r" "bie.r" ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
            MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
author	makefu <github@syntax-fehler.de>	2023-09-28 23:22:59 +0200
committer	makefu <github@syntax-fehler.de>	2023-09-28 23:22:59 +0200
commit	2db6777b7caa37477c5ffddd99d69b2f2c6d9d7f (patch)
tree	a72905fad73089b7ab295a948eda837bad013362 /kartei
parent	29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (diff)
parent	0215fbddccf206801d94f52518cbfec91ccc3cc5 (diff)