summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/makefu/default.nix51
-rw-r--r--krebs/3modules/tinc_graphs.nix59
2 files changed, 84 insertions, 26 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 14cee8e12..0b58c75cb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -48,6 +48,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.2";
+ aliases = [
+ "darth.siem"
+ ];
+ };
};
};
tsp = {
@@ -98,6 +104,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.4";
+ aliases = [
+ "arch.siem"
+ ];
+ };
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
@@ -184,6 +196,8 @@ with config.krebs.lib;
internet = {
ip4.addr = "104.233.87.86";
aliases = [
+ "wry.i"
+ "paste.i"
"wry.internet"
"paste.internet"
];
@@ -194,10 +208,10 @@ with config.krebs.lib;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"graphs.wry.retiolum"
- "graphs.retiolum"
+ "graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
- "paste.retiolum"
- "wry.retiolum"
+ "paste.r" "paste.retiolum"
+ "wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
@@ -343,6 +357,13 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
shoney = rec {
cores = 1;
nets = {
+ siem = {
+ ip4.addr = "10.8.10.1";
+ aliases = [
+ "sjump.siem"
+ "graphs.siem"
+ ];
+ };
internet = {
ip4.addr = "64.137.234.215";
aliases = [
@@ -456,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
+ lariat = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.64.7";
+ aliases = [
+ "lariat.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
+ eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
+ 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
+ unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
+ d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
+ yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
soundflower = rec {
cores = 1;
nets = {
@@ -598,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
+ } // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
cores = 1;
nets = {
@@ -626,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
- } // { # hosts only maintained in stockholm, not owned by me
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index dec89d249..0f1bae090 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -20,6 +20,18 @@ let
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
};
+ hostsPath = mkOption {
+ type = types.str;
+ description = "Path to Hosts directory";
+ default = "${config.krebs.retiolum.hostsPackage}";
+ };
+
+ network = mkOption {
+ type = types.str;
+ description = "Tinc Network to use";
+ default = "retiolum";
+ };
+
nginx = {
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
@@ -73,10 +85,10 @@ let
};
imp = {
- environment.systemPackages = [ pkgs.tinc_graphs];
+ environment.systemPackages = [ pkgs.tinc_graphs ];
systemd.timers.tinc_graphs = {
description = "Build Tinc Graphs via via timer";
- wantedBy = [ "timers.target"];
+ wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.services.tinc_graphs = {
@@ -85,7 +97,8 @@ let
EXTERNAL_FOLDER = external_dir;
INTERNAL_FOLDER = internal_dir;
GEODB = cfg.geodbPath;
- TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
+ TINC_HOSTPATH = cfg.hostsPath;
+ TINC_NETWORK = cfg.network;
};
restartIfChanged = true;
@@ -103,7 +116,7 @@ let
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
- ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
+ ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
# TODO: this may break if workingDir is set to something stupid
@@ -121,24 +134,26 @@ let
uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
-
- krebs.nginx.servers = mkIf cfg.nginx.enable {
- tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${internal_dir};
- '')
- ];
- }] ;
- tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${external_dir};
- '')
- ];
- }];
+ krebs.nginx = mkIf cfg.nginx.enable {
+ enable = mkDefault true;
+ servers = {
+ tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${internal_dir};
+ '')
+ ];
+ }] ;
+ tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${external_dir};
+ '')
+ ];
+ }];
+ };
};
};