From 00bc48d90f95bf9d5de2da6b6c82bca7d78b87f2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 2 Aug 2015 23:12:38 +0200 Subject: add host tsp (traveling salesman problem) --- krebs/3modules/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 668d66ccf..fb25f8178 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -306,6 +306,34 @@ let }; }; }; + tsp = { + cores = 4; + dc = "makefu"; #x200 + nets = { + retiolum = { + addrs4 = ["10.243.0.211"]; + addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"]; + aliases = [ + "tsp.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi + HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 + mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ + n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG + R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr + Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi + aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo + ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE + KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v + XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ + teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = addNames { makefu = { -- cgit v1.2.3 From 7d75cf113fc2ed694e100cd1e6e0f040ef870f19 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 4 Aug 2015 14:55:06 +0200 Subject: fix mkdir /root/root@/secret previously /root/root@/secret folder was created on the destination host but /root/secret/ is required. This commit fixes this behavior and creates the correct folder for bootstrapping --- krebs/3modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index fb25f8178..e677ba5ea 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -55,7 +55,7 @@ let --exclude .git \ --exclude .graveyard \ --exclude old \ - --rsync-path="mkdir -p \"$dst\" && rsync" \ + --rsync-path="mkdir -p \"$2\" && rsync" \ --usermap=\*:0 \ --groupmap=\*:0 \ --delete-excluded \ -- cgit v1.2.3 From 2499c472a08783d1cc1105c9b4c48b04f8062b5b Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 5 Aug 2015 16:55:10 +0200 Subject: fix ip of tsp (211 is already in use) --- krebs/3modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e677ba5ea..4644e59eb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -311,7 +311,7 @@ let dc = "makefu"; #x200 nets = { retiolum = { - addrs4 = ["10.243.0.211"]; + addrs4 = ["10.243.0.212"]; addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"]; aliases = [ "tsp.retiolum" -- cgit v1.2.3 From 0862e949f6b736c76b601acd3b17262521175c31 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Aug 2015 16:58:21 +0200 Subject: tsp: 2 cores --- krebs/3modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 4644e59eb..a533fcf64 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -307,7 +307,7 @@ let }; }; tsp = { - cores = 4; + cores = 2; dc = "makefu"; #x200 nets = { retiolum = { -- cgit v1.2.3 From 7c578b1cad5d33c4a2773459ef62a8a72c585972 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Aug 2015 11:46:09 +0200 Subject: {tv 2 => krebs 3}/exim-retiolum --- krebs/3modules/default.nix | 1 + krebs/3modules/exim-retiolum.nix | 142 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 krebs/3modules/exim-retiolum.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e677ba5ea..fd795a036 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./exim-retiolum.nix ./github-hosts-sync.nix ./git.nix ./nginx.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix new file mode 100644 index 000000000..09372f074 --- /dev/null +++ b/krebs/3modules/exim-retiolum.nix @@ -0,0 +1,142 @@ +{ config, pkgs, lib, ... }: + +with builtins; +with lib; +let + cfg = config.krebs.exim-retiolum; + + out = { + options.krebs.exim-retiolum = api; + config = + # This configuration makes only sense for retiolum-enabled hosts. + # TODO modular configuration + assert config.krebs.retiolum.enable; + mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs.exim-retiolum"; + }; + + imp = { + services.exim = { + enable = true; + config = '' + primary_hostname = ${retiolumHostname} + domainlist local_domains = @ : localhost + domainlist relay_to_domains = *.retiolum + hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 + + acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data + + host_lookup = * + rfc1413_hosts = * + rfc1413_query_timeout = 5s + + log_file_path = syslog + syslog_timestamp = false + syslog_duplication = false + + begin acl + + acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + #accept + # hosts = *.retiolum + # domains = *.retiolum + # control = dkim_disable_verify + + #require verify = sender + + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require verify = recipient + + accept + + + acl_check_data: + accept + + + begin routers + + retiolum: + driver = manualroute + domains = ! ${retiolumHostname} : *.retiolum + transport = remote_smtp + route_list = ^.* $0 byname + no_more + + nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + + local_user: + # debug_print = "R: local_user for $local_part@$domain" + driver = accept + check_local_user + # local_part_suffix = +* : -* + # local_part_suffix_optional + transport = home_maildir + cannot_route_message = Unknown user + + + begin transports + + remote_smtp: + driver = smtp + + home_maildir: + driver = appendfile + maildir_format + directory = $home/Maildir + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + # group = mail + # mode = 0660 + + begin retry + *.retiolum * F,42d,1m + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + begin rewrite + + begin authenticators + ''; + }; + }; + + # TODO get the hostname from somewhere else. + retiolumHostname = "${config.networking.hostName}.retiolum"; +in +out -- cgit v1.2.3 From ab2d3f96be09e4a77f33b7ce2f3b96dbc9b57c39 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Aug 2015 12:02:26 +0200 Subject: services: add pigstarter --- krebs/3modules/default.nix | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a533fcf64..8573c5a05 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -164,7 +164,7 @@ let { krebs = tv-imp; } { krebs.dns.providers = { - de.krebsco = "ovh"; + de.krebsco = "zones"; internet = "hosts"; retiolum = "hosts"; }; @@ -334,6 +334,43 @@ let }; }; }; + pigstarter = { + cores = 1; + dc = "makefu"; #x200 + nets = { + internet = { + addrs4 = ["192.40.56.122"]; + addrs6 = ["2604:2880::841f:72c"]; + aliases = [ + "pigstarter.internet" + ]; + zones = [ + { "pigstarter.krebsco.de" = "A";} + { "io.krebsco.de" = "NS";} + { "io.krebsco.de" = "A";} + { "mx42.krebsco.de" = "MX";} + { "mx42.krebsco.de" = "A";} + ]; + }; + retiolum = { + addrs4 = ["10.243.0.153"]; + addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"]; + aliases = [ + "pigstarter.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ + 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv + 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG + 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE + DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv + sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = addNames { makefu = { -- cgit v1.2.3 From 6c2c01b5cbf0a6b6a4db46ad4f0623772a5b7c15 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Aug 2015 11:46:09 +0200 Subject: {tv 2 => krebs 3}/exim-retiolum --- krebs/3modules/default.nix | 1 + krebs/3modules/exim-retiolum.nix | 143 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 krebs/3modules/exim-retiolum.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e677ba5ea..fd795a036 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ./exim-retiolum.nix ./github-hosts-sync.nix ./git.nix ./nginx.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix new file mode 100644 index 000000000..71c091917 --- /dev/null +++ b/krebs/3modules/exim-retiolum.nix @@ -0,0 +1,143 @@ +{ config, pkgs, lib, ... }: + +with builtins; +with lib; +let + cfg = config.krebs.exim-retiolum; + + out = { + options.krebs.exim-retiolum = api; + config = + # This configuration makes only sense for retiolum-enabled hosts. + # TODO modular configuration + mkIf cfg.enable ( + #assert config.krebs.retiolum.enable; + imp); + }; + + api = { + enable = mkEnableOption "krebs.exim-retiolum"; + }; + + imp = { + services.exim = { + enable = true; + config = '' + primary_hostname = ${retiolumHostname} + domainlist local_domains = @ : localhost + domainlist relay_to_domains = *.retiolum + hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 + + acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data + + host_lookup = * + rfc1413_hosts = * + rfc1413_query_timeout = 5s + + log_file_path = syslog + syslog_timestamp = false + syslog_duplication = false + + begin acl + + acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + #accept + # hosts = *.retiolum + # domains = *.retiolum + # control = dkim_disable_verify + + #require verify = sender + + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require verify = recipient + + accept + + + acl_check_data: + accept + + + begin routers + + retiolum: + driver = manualroute + domains = ! ${retiolumHostname} : *.retiolum + transport = remote_smtp + route_list = ^.* $0 byname + no_more + + nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + + local_user: + # debug_print = "R: local_user for $local_part@$domain" + driver = accept + check_local_user + # local_part_suffix = +* : -* + # local_part_suffix_optional + transport = home_maildir + cannot_route_message = Unknown user + + + begin transports + + remote_smtp: + driver = smtp + + home_maildir: + driver = appendfile + maildir_format + directory = $home/Maildir + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + # group = mail + # mode = 0660 + + begin retry + *.retiolum * F,42d,1m + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + begin rewrite + + begin authenticators + ''; + }; + }; + + # TODO get the hostname from somewhere else. + retiolumHostname = "${config.networking.hostName}.retiolum"; +in +out -- cgit v1.2.3 From 9f92ba455c4b13f4d960bae65cd577c9aad30dc4 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Aug 2015 12:08:36 +0200 Subject: krebs.exim-retiolum: assert krebs.retiolum.enable --- krebs/3modules/exim-retiolum.nix | 182 +++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 91 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 71c091917..e1315d8c8 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -8,11 +8,7 @@ let out = { options.krebs.exim-retiolum = api; config = - # This configuration makes only sense for retiolum-enabled hosts. - # TODO modular configuration - mkIf cfg.enable ( - #assert config.krebs.retiolum.enable; - imp); + mkIf cfg.enable imp; }; api = { @@ -20,121 +16,125 @@ let }; imp = { - services.exim = { - enable = true; - config = '' - primary_hostname = ${retiolumHostname} - domainlist local_domains = @ : localhost - domainlist relay_to_domains = *.retiolum - hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 + services.exim = + # This configuration makes only sense for retiolum-enabled hosts. + # TODO modular configuration + assert config.krebs.retiolum.enable; + { + enable = true; + config = '' + primary_hostname = ${retiolumHostname} + domainlist local_domains = @ : localhost + domainlist relay_to_domains = *.retiolum + hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 - acl_smtp_rcpt = acl_check_rcpt - acl_smtp_data = acl_check_data + acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data - host_lookup = * - rfc1413_hosts = * - rfc1413_query_timeout = 5s + host_lookup = * + rfc1413_hosts = * + rfc1413_query_timeout = 5s - log_file_path = syslog - syslog_timestamp = false - syslog_duplication = false + log_file_path = syslog + syslog_timestamp = false + syslog_duplication = false - begin acl + begin acl - acl_check_rcpt: - accept hosts = : - control = dkim_disable_verify + acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - accept local_parts = postmaster - domains = +local_domains + accept local_parts = postmaster + domains = +local_domains - #accept - # hosts = *.retiolum - # domains = *.retiolum - # control = dkim_disable_verify + #accept + # hosts = *.retiolum + # domains = *.retiolum + # control = dkim_disable_verify - #require verify = sender + #require verify = sender - accept hosts = +relay_from_hosts - control = submission - control = dkim_disable_verify + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify - accept authenticated = * - control = submission - control = dkim_disable_verify + accept authenticated = * + control = submission + control = dkim_disable_verify - require message = relay not permitted - domains = +local_domains : +relay_to_domains + require message = relay not permitted + domains = +local_domains : +relay_to_domains - require verify = recipient + require verify = recipient - accept + accept - acl_check_data: - accept + acl_check_data: + accept - begin routers + begin routers - retiolum: - driver = manualroute - domains = ! ${retiolumHostname} : *.retiolum - transport = remote_smtp - route_list = ^.* $0 byname - no_more + retiolum: + driver = manualroute + domains = ! ${retiolumHostname} : *.retiolum + transport = remote_smtp + route_list = ^.* $0 byname + no_more - nonlocal: - debug_print = "R: nonlocal for $local_part@$domain" - driver = redirect - domains = ! +local_domains - allow_fail - data = :fail: Mailing to remote domains not supported - no_more + nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more - local_user: - # debug_print = "R: local_user for $local_part@$domain" - driver = accept - check_local_user - # local_part_suffix = +* : -* - # local_part_suffix_optional - transport = home_maildir - cannot_route_message = Unknown user + local_user: + # debug_print = "R: local_user for $local_part@$domain" + driver = accept + check_local_user + # local_part_suffix = +* : -* + # local_part_suffix_optional + transport = home_maildir + cannot_route_message = Unknown user - begin transports + begin transports - remote_smtp: - driver = smtp + remote_smtp: + driver = smtp - home_maildir: - driver = appendfile - maildir_format - directory = $home/Maildir - directory_mode = 0700 - delivery_date_add - envelope_to_add - return_path_add - # group = mail - # mode = 0660 + home_maildir: + driver = appendfile + maildir_format + directory = $home/Maildir + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + # group = mail + # mode = 0660 - begin retry - *.retiolum * F,42d,1m - * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + begin retry + *.retiolum * F,42d,1m + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h - begin rewrite + begin rewrite - begin authenticators - ''; - }; + begin authenticators + ''; + }; }; # TODO get the hostname from somewhere else. -- cgit v1.2.3 From bdc58a02f93661796d8816818c0792cbab65f7c1 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Aug 2015 17:45:43 +0200 Subject: krebs: add pigstarter,mail --- krebs/3modules/default.nix | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 467cc4459..35ccd278d 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -335,9 +335,37 @@ let }; }; }; + pornocauster = { + cores = 2; + dc = "makefu"; #x220 + nets = { + retiolum = { + addrs4 = ["10.243.0.91"]; + addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"]; + aliases = [ + "pornocauster.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi + HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 + mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ + n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG + R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr + Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi + aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo + ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE + KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v + XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ + teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pigstarter = { cores = 1; - dc = "makefu"; #x200 + dc = "frontrange"; #vps nets = { internet = { addrs4 = ["192.40.56.122"]; @@ -375,7 +403,7 @@ let }; users = addNames { makefu = { - mail = "root@euer.krebsco.de"; + mail = "root@tsp.retiolum"; pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; }; }; -- cgit v1.2.3 From d230db96d9b7403da64887b6ceebcacc564c268b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Aug 2015 20:28:21 +0000 Subject: krebs: add extraZones --- krebs/3modules/default.nix | 56 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 9 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 35ccd278d..d77d00c05 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -184,7 +184,42 @@ let ) host.nets ) cfg.hosts )); - } + + # krebs.hosts.bob = rec { + # addrs4 = "10.0.0.1"; + # extraZones = { + # # extraZones + # "krebsco.de" = '' + # krebsco.de. IN MX 10 mx1 + # mx1 IN A ${addrs4} + # ''; + # "dickbutt.de" = '' + # dickbutt.de. IN NS ns + # ns IN A ${addrs4} + # '' + # } + # } + # krebs.hosts.khan = rec { + # addrs4 = "10.0.0.2"; + # extraZones = { + # "krebsco.de" = '' + # khan.krebsco.de IN A ${addrs4} + # }; + # } + # + # => + # "zone/krebsco.de".text = '' + # krebsco.de. IN MX 10 mx1 + # mx1 IN A 10.0.0.1 + # khan.krebsco.de IN A 10.0.0.2 + # ''; + + + environment.etc = mapAttrs' + (name: value: + nameValuePair (("zones/" + name)) ({ text=value;})) + cfg.hosts.pigstarter.extraZones; + } ]; lass-imp = { @@ -363,9 +398,19 @@ let }; }; }; - pigstarter = { + pigstarter = rec { cores = 1; dc = "frontrange"; #vps + + extraZones = { + "de.krebsco" = '' + pigstarter.krebsco.de IN A ${elemAt nets.internet.addrs4 0} + krebsco.de. IN NS io + io IN A ${elemAt nets.internet.addrs4 0} + krebsco.de. IN MX 10 mx42 + mx42 IN A ${elemAt nets.internet.addrs4 0} + ''; + }; nets = { internet = { addrs4 = ["192.40.56.122"]; @@ -373,13 +418,6 @@ let aliases = [ "pigstarter.internet" ]; - zones = [ - { "pigstarter.krebsco.de" = "A";} - { "io.krebsco.de" = "NS";} - { "io.krebsco.de" = "A";} - { "mx42.krebsco.de" = "MX";} - { "mx42.krebsco.de" = "A";} - ]; }; retiolum = { addrs4 = ["10.243.0.153"]; -- cgit v1.2.3 From db4b55527d527158bd4e7f93128668e646f2cf1f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Aug 2015 22:31:40 +0200 Subject: krebs/3: add cd extraZones --- krebs/3modules/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d77d00c05..9ad9c9f91 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -455,6 +455,13 @@ let cd = { cores = 2; dc = "tv"; #dc = "cac"; + extraZones = { + "de.krebsco" = '' + mx23 IN A ${elemAt nets.internet.addrs4 0} + cd IN A ${elemAt nets.internet.addrs4 0} + krebsco.de. IN MX 5 mx23 + ''; + }; nets = rec { internet = { addrs4 = ["162.219.7.216"]; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/f9000000.lock: No such file or directory (2)