From 2a0cd63387049350f6de73f609a32a0bf4e49253 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 29 Dec 2015 20:21:06 +0100
Subject: [PATCH 01/82] l 2 baseX: add pkgs.dmenu
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0596682df..ede1c7b7b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -31,6 +31,7 @@ in {
environment.systemPackages = with pkgs; [
+ dmenu
gitAndTools.qgit
mpv
much
From 35902b25e35b75f64a8ac01a6b5d0baea2d4154e Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 30 Dec 2015 02:04:43 +0100
Subject: [PATCH 02/82] l 2 base: checkout nixpkgs to /var/src/
---
lass/2configs/base.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 66e12b262..4685e1713 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -51,6 +51,7 @@ with lib;
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+ target-path = "/var/src/nixpkgs";
};
dir.secrets = {
host = config.krebs.hosts.mors;
From 83555272fdcb6ab5ce968b08a90199c8aaeb460b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 30 Dec 2015 02:05:14 +0100
Subject: [PATCH 03/82] l 2: add buildbot-standalone
---
lass/2configs/buildbot-standalone.nix | 78 +++++++++++++++++++++++++++
1 file changed, 78 insertions(+)
create mode 100644 lass/2configs/buildbot-standalone.nix
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
new file mode 100644
index 000000000..4d02fb97a
--- /dev/null
+++ b/lass/2configs/buildbot-standalone.nix
@@ -0,0 +1,78 @@
+{ lib, config, pkgs, ... }:
+{
+ #networking.firewall.allowedTCPPorts = [ 8010 9989 ];
+ krebs.buildbot.master = {
+ slaves = {
+ testslave = "lasspass";
+ };
+ change_source.stockholm = ''
+ stockholm_repo = 'http://cgit.mors/stockholm'
+ cs.append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=120))
+ '';
+ scheduler = {
+ force-scheduler = ''
+ sched.append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["fast-tests"]))
+ '';
+ fast-tests-scheduler = ''
+ # test the master real quick
+ sched.append(schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ name="fast-master-test",
+ builderNames=["fast-tests"]))
+ '';
+ };
+ builder_pre = ''
+ # prepare grab_repo step for stockholm
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+
+ env = {"LOGNAME": "lass", "NIX_REMOTE": "daemon"}
+
+ # prepare nix-shell
+ # the dependencies which are used by the test script
+ deps = [ "gnumake", "jq","nix","rsync" ]
+ # TODO: --pure , prepare ENV in nix-shell command:
+ # SSL_CERT_FILE,LOGNAME,NIX_REMOTE
+ nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+
+ # prepare addShell function
+ def addShell(factory,**kwargs):
+ factory.addStep(steps.ShellCommand(**kwargs))
+ '';
+ builder = {
+ fast-tests = ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ addShell(f,name="mors-eval",env=env,
+ command=nixshell + ["make -s eval get=krebs.deploy filter=json system=mors"])
+
+ bu.append(util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+ '';
+ };
+ enable = true;
+ web.enable = true;
+ irc = {
+ enable = true;
+ nick = "lass-buildbot";
+ server = "cd.retiolum";
+ channels = [ "retiolum" ];
+ allowForce = true;
+ };
+ };
+
+ krebs.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "lasspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ };
+}
From f16742895c26b0f3df71ca8503afc5f4cb97a9ae Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 30 Dec 2015 17:14:31 +0100
Subject: [PATCH 04/82] l: add new host dishfire
---
krebs/3modules/lass/default.nix | 32 ++++++++++++++++++++++++
krebs/Zhosts/dishfire | 12 +++++++++
lass/1systems/dishfire.nix | 43 +++++++++++++++++++++++++++++++++
3 files changed, 87 insertions(+)
create mode 100644 krebs/Zhosts/dishfire
create mode 100644 lass/1systems/dishfire.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 26b0947bb..592ed475d 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -4,6 +4,38 @@ with lib;
{
hosts = addNames {
+ dishfire = {
+ cores = 4;
+ dc = "lass"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["144.76.172.188"];
+ aliases = [
+ "dishfire.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.133.99"];
+ addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
+ aliases = [
+ "dishfire.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+ Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+ uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+ R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+ vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+ HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ #ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
+ };
echelon = {
cores = 2;
dc = "lass"; #dc = "cac";
diff --git a/krebs/Zhosts/dishfire b/krebs/Zhosts/dishfire
new file mode 100644
index 000000000..c4cf68b6b
--- /dev/null
+++ b/krebs/Zhosts/dishfire
@@ -0,0 +1,12 @@
+Address = 144.76.172.188
+Subnet = 10.243.133.99
+Subnet = 42:0000:0000:0000:0000:0000:d15f:1233
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
+Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
+uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
+R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
+vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
+HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
new file mode 100644
index 000000000..a1288d578
--- /dev/null
+++ b/lass/1systems/dishfire.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ../2configs/base.nix
+ {
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ }
+ {
+ networking.dhcpcd.allowInterfaces = [
+ "enp*"
+ "eth*"
+ ];
+ }
+ {
+ sound.enable = false;
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.dishfire;
+}
From eba696c5d2d8e25f1cd4a00007c3c1521fcc6e6f Mon Sep 17 00:00:00 2001
From: miefda <miefda@miefda.de>
Date: Wed, 30 Dec 2015 18:15:11 +0100
Subject: [PATCH 05/82] miefda: init with bobby
---
krebs/3modules/default.nix | 1 +
krebs/3modules/miefda/default.nix | 40 ++++++++
krebs/Zhosts/bobby | 10 ++
miefda/1systems/bobby.nix | 102 +++++++++++++++++++++
miefda/2configs/git.nix | 87 ++++++++++++++++++
miefda/2configs/hardware-configuration.nix | 23 +++++
miefda/2configs/miefda.nix | 8 ++
miefda/2configs/tinc-basic-retiolum.nix | 15 +++
miefda/2configs/tlp.nix | 25 +++++
miefda/2configs/x220t.nix | 27 ++++++
miefda/5pkgs/default.nix | 1 +
11 files changed, 339 insertions(+)
create mode 100644 krebs/3modules/miefda/default.nix
create mode 100644 krebs/Zhosts/bobby
create mode 100644 miefda/1systems/bobby.nix
create mode 100644 miefda/2configs/git.nix
create mode 100644 miefda/2configs/hardware-configuration.nix
create mode 100644 miefda/2configs/miefda.nix
create mode 100644 miefda/2configs/tinc-basic-retiolum.nix
create mode 100644 miefda/2configs/tlp.nix
create mode 100644 miefda/2configs/x220t.nix
create mode 100644 miefda/5pkgs/default.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 740ba67b8..dddb2df50 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -81,6 +81,7 @@ let
imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; }
+ { krebs = import ./miefda { inherit lib; }; }
{ krebs = import ./mv { inherit lib; }; }
{ krebs = import ./shared { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; }
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
new file mode 100644
index 000000000..8ecf898c5
--- /dev/null
+++ b/krebs/3modules/miefda/default.nix
@@ -0,0 +1,40 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ hosts = addNames {
+ bobby = {
+ cores = 4;
+ dc = "miefda";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.112"];
+ addrs6 = ["42:0:0:0:0:0:111:112"];
+ aliases = [
+ "bobby.retiolum"
+ "cgit.bobby.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
+ uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
+ Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
+ 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
+ jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
+ cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ #ssh.privkey.path = <secrets/ssh.ed25519>;
+ #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
+ };
+ };
+ users = addNames {
+ miefda = {
+ mail = "miefda@miefda.de";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
+ };
+ };
+}
diff --git a/krebs/Zhosts/bobby b/krebs/Zhosts/bobby
new file mode 100644
index 000000000..ee111e695
--- /dev/null
+++ b/krebs/Zhosts/bobby
@@ -0,0 +1,10 @@
+Subnet = 10.243.111.112/32
+Subnet = 42:0:0:0:0:0:111:112/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
+uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
+Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
+0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
+jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
+cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/miefda/1systems/bobby.nix b/miefda/1systems/bobby.nix
new file mode 100644
index 000000000..d24595256
--- /dev/null
+++ b/miefda/1systems/bobby.nix
@@ -0,0 +1,102 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+
+ ../2configs/miefda.nix
+ ../2configs/tlp.nix
+ ../2configs/x220t.nix
+ ../2configs/hardware-configuration.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ../2configs/git.nix
+ ];
+
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda";
+
+ networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+
+ # Select internationalisation properties.
+ i18n = {
+ # consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "us";
+ # defaultLocale = "en_US.UTF-8";
+ };
+
+ # Set your time zone.
+ time.timeZone = "Europe/Amsterdam";
+
+ # List packages installed in system profile. To search by name, run:
+ # $ nix-env -qaP | grep wget
+ environment.systemPackages = with pkgs; [
+ wget chromium
+ ];
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ services.openssh.enable = true;
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+ services.xserver.layout = "us";
+ # services.xserver.xkbOptions = "eurosign:e";
+
+ # Enable the KDE Desktop Environment.
+ #services.xserver.displayManager.kdm.enable = true;
+ services.xserver.desktopManager = {
+ xfce.enable = true;
+ xterm.enable= false;
+ };
+
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.extraUsers.miefda = {
+ isNormalUser = true;
+ initialPassword= "welcome";
+ uid = 1000;
+ extraGroups= [
+ "wheel"
+ ];
+ };
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+
+
+ networking.hostName = config.krebs.build.host.name;
+
+ krebs = {
+ enable = true;
+ search-domain = "retiolum";
+ build = {
+ host = config.krebs.hosts.bobby;
+ user = config.krebs.users.miefda;
+ source = {
+ git.nixpkgs = {
+ url = https://github.com/Lassulus/nixpkgs;
+ rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
+ target-path = "/var/src/nixpkgs";
+ };
+ dir.secrets = {
+ host = config.krebs.hosts.bobby;
+ path = "/home/miefda/secrets/${config.krebs.build.host.name}";
+ };
+ dir.stockholm = {
+ host = config.krebs.hosts.bobby;
+ path = "/home/miefda/gits/stockholm";
+ };
+ };
+ };
+ };
+}
diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix
new file mode 100644
index 000000000..84bb50399
--- /dev/null
+++ b/miefda/2configs/git.nix
@@ -0,0 +1,87 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ out = {
+ krebs.git = {
+ enable = true;
+ root-title = "public repositories at ${config.krebs.build.host.name}";
+ root-desc = "keep calm and engage";
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ rules = rules;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+
+ repos =
+ public-repos //
+ optionalAttrs config.krebs.build.host.secure restricted-repos;
+
+ rules = concatMap make-rules (attrValues repos);
+
+ public-repos = mapAttrs make-public-repo {
+ painload = {};
+ stockholm = {
+ desc = "take all the computers hostage, they'll love you!";
+ };
+ #wai-middleware-time = {};
+ #web-routes-wai-custom = {};
+ #go = {};
+ #newsbot-js = {};
+ #kimsufi-check = {};
+ #realwallpaper = {};
+ };
+
+ restricted-repos = mapAttrs make-restricted-repo (
+ {
+ brain = {
+ collaborators = with config.krebs.users; [ tv makefu ];
+ };
+ } //
+ import <secrets/repos.nix> { inherit config lib pkgs; }
+ );
+
+ make-public-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = true;
+ hooks = {
+ post-receive = pkgs.git-hooks.irc-announce {
+ # TODO make nick = config.krebs.build.host.name the default
+ nick = config.krebs.build.host.name;
+ channel = "#retiolum";
+ server = "cd.retiolum";
+ verbose = config.krebs.build.host.name == "prism";
+ };
+ };
+ };
+
+ make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
+ inherit name collaborators desc;
+ public = false;
+ };
+
+ make-rules =
+ with git // config.krebs.users;
+ repo:
+ singleton {
+ user = miefda;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ } ++
+ optional repo.public {
+ user = [ lass tv makefu uriel ];
+ repo = [ repo ];
+ perm = fetch;
+ } ++
+ optional (length (repo.collaborators or []) > 0) {
+ user = repo.collaborators;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+in out
diff --git a/miefda/2configs/hardware-configuration.nix b/miefda/2configs/hardware-configuration.nix
new file mode 100644
index 000000000..3eb1f43fe
--- /dev/null
+++ b/miefda/2configs/hardware-configuration.nix
@@ -0,0 +1,23 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+ ];
+
+ boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usb_storage" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/4db70ae3-1ff9-43d7-8fcc-83264761a0bb";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ nix.maxJobs = 4;
+}
diff --git a/miefda/2configs/miefda.nix b/miefda/2configs/miefda.nix
new file mode 100644
index 000000000..545987a68
--- /dev/null
+++ b/miefda/2configs/miefda.nix
@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+
+ #networking.wicd.enable = true;
+
+}
diff --git a/miefda/2configs/tinc-basic-retiolum.nix b/miefda/2configs/tinc-basic-retiolum.nix
new file mode 100644
index 000000000..153b41d78
--- /dev/null
+++ b/miefda/2configs/tinc-basic-retiolum.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.retiolum = {
+ enable = true;
+ hosts = ../../krebs/Zhosts;
+ connectTo = [
+ "gum"
+ "pigstarter"
+ "prism"
+ "ire"
+ ];
+ };
+}
diff --git a/miefda/2configs/tlp.nix b/miefda/2configs/tlp.nix
new file mode 100644
index 000000000..0e1bb0d6b
--- /dev/null
+++ b/miefda/2configs/tlp.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ zramSwap.enable = true;
+ zramSwap.numDevices = 2;
+
+ hardware.trackpoint = {
+ enable = true;
+ sensitivity = 220;
+ speed = 220;
+ emulateWheel = true;
+ };
+
+
+ services.tlp.enable = true;
+ services.tlp.extraConfig = ''
+ START_CHARGE_THRESH_BAT0=80
+ '';
+}
diff --git a/miefda/2configs/x220t.nix b/miefda/2configs/x220t.nix
new file mode 100644
index 000000000..bea84f796
--- /dev/null
+++ b/miefda/2configs/x220t.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+
+ services.xserver = {
+ xkbVariant = "altgr-intl";
+ videoDriver = "intel";
+ # vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ '';
+ };
+
+
+
+ services.xserver.displayManager.sessionCommands =''
+ xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
+ xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
+ xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
+ # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
+ '';
+
+ hardware.bluetooth.enable = true;
+
+
+}
diff --git a/miefda/5pkgs/default.nix b/miefda/5pkgs/default.nix
new file mode 100644
index 000000000..2eb33a153
--- /dev/null
+++ b/miefda/5pkgs/default.nix
@@ -0,0 +1 @@
+_:{}
From b96fd072e1ac5e5b6b5b3e92c678dc4bb4cb7e1f Mon Sep 17 00:00:00 2001
From: miefda <miefda@miefda.de>
Date: Wed, 30 Dec 2015 18:17:38 +0100
Subject: [PATCH 06/82] mi 2 git: bobby now verbose
---
miefda/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/miefda/2configs/git.nix b/miefda/2configs/git.nix
index 84bb50399..fec828f80 100644
--- a/miefda/2configs/git.nix
+++ b/miefda/2configs/git.nix
@@ -55,7 +55,7 @@ let
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "prism";
+ verbose = config.krebs.build.host.name == "bobby";
};
};
};
From 93a652d1e816d9ecdcf9af5e413cd180c54a5981 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:08:38 +0100
Subject: [PATCH 07/82] l 1 uriel: activate skype
---
lass/1systems/uriel.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 1b008cbfd..d53e783d0 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -13,6 +13,7 @@ with builtins;
../2configs/retiolum.nix
../2configs/bitlbee.nix
../2configs/weechat.nix
+ ../2configs/skype.nix
{
users.extraUsers = {
root = {
From 4ce4b0053fde81608a8f2e3ecb2888a71203801b Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:09:10 +0100
Subject: [PATCH 08/82] l 2 base: nixpkgs rev 93d8671 -> d0e3cca
---
lass/2configs/base.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 4685e1713..eca3becd6 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119";
+ rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
target-path = "/var/src/nixpkgs";
};
dir.secrets = {
From c6cec0234b5543d23e2b8afe9b2340395de8184c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:10:14 +0100
Subject: [PATCH 09/82] l 2 base: CVE-2016-0778 workaround
---
lass/2configs/base.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index eca3becd6..ab7cda7d3 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -177,4 +177,10 @@ with lib;
noipv4ll
'';
+ #CVE-2016-0777 and CVE-2016-0778 workaround
+ #https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
+ programs.ssh.extraConfig = ''
+ UseRoaming no
+ '';
+
}
From 688db8b46d0d6c697ed8970a018a94dd9cfb41fe Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:11:10 +0100
Subject: [PATCH 10/82] l 2 git: add miefda to allowed users
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 16ecaefec..10e54074c 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -74,7 +74,7 @@ let
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu uriel ];
+ user = [ tv makefu miefda uriel ];
repo = [ repo ];
perm = fetch;
} ++
From 63910263ccaf2f18bd83ed6e5d49301601ba53e1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sun, 17 Jan 2016 13:12:17 +0100
Subject: [PATCH 11/82] l 1 mors: activate buildbot
---
lass/1systems/mors.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 61f57f1f9..effaa576b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -25,6 +25,7 @@
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
+ ../2configs/buildbot-standalone.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
From 186d5cc95a7430136da3107734409511c64d7080 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Tue, 19 Jan 2016 19:59:53 +0100
Subject: [PATCH 12/82] l 2 bitcoin: add sudo config
---
lass/2configs/bitcoin.nix | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index d3bccbf5c..2f4cd5710 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -1,6 +1,8 @@
{ config, pkgs, ... }:
-{
+let
+ mainUser = config.users.extraUsers.mainUser;
+in {
environment.systemPackages = with pkgs; [
electrum
];
@@ -14,4 +16,7 @@
createHome = true;
};
};
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
+ '';
}
From 873d00042bf825b1efb856a33d55d23a3ad22649 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:41:18 +0100
Subject: [PATCH 13/82] k 3 l: remove dead hosts
---
krebs/3modules/lass/default.nix | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 592ed475d..3926b48be 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -228,22 +228,6 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
- schnabel-ap = {
- nets = {
- gg23 = {
- addrs4 = ["10.23.1.20"];
- aliases = ["schnabel-ap.gg23"];
- };
- };
- };
- Reichsfunk-ap = {
- nets = {
- gg23 = {
- addrs4 = ["10.23.1.10"];
- aliases = ["Reichsfunk-ap.gg23"];
- };
- };
- };
};
users = addNames {
From 8b5523b7f4efb462f4865e0032541d691d176e64 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:44:01 +0100
Subject: [PATCH 14/82] k 3 l: declare pubkeys inline
---
krebs/3modules/lass/default.nix | 6 +++---
krebs/Zpubkeys/lass.ssh.pub | 1 -
krebs/Zpubkeys/uriel.ssh.pub | 1 -
3 files changed, 3 insertions(+), 5 deletions(-)
delete mode 100644 krebs/Zpubkeys/lass.ssh.pub
delete mode 100644 krebs/Zpubkeys/uriel.ssh.pub
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 3926b48be..b99ebf01d 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -232,11 +232,11 @@ with lib;
};
users = addNames {
lass = {
- pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
mail = "lass@mors.retiolum";
};
- uriel = {
- pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ lass_uriel = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
mail = "lass@uriel.retiolum";
};
};
diff --git a/krebs/Zpubkeys/lass.ssh.pub b/krebs/Zpubkeys/lass.ssh.pub
deleted file mode 100644
index 172fd2dda..000000000
--- a/krebs/Zpubkeys/lass.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors
diff --git a/krebs/Zpubkeys/uriel.ssh.pub b/krebs/Zpubkeys/uriel.ssh.pub
deleted file mode 100644
index 015b57837..000000000
--- a/krebs/Zpubkeys/uriel.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel
From 314d0bd691d81386e1ff5c99faa04f035694ebb2 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:45:30 +0100
Subject: [PATCH 15/82] l 1 mors: remove redundant retiolum import
---
lass/1systems/mors.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index effaa576b..86a34a637 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -17,7 +17,6 @@
#../2configs/ircd.nix
../2configs/chromium-patched.nix
../2configs/git.nix
- ../2configs/retiolum.nix
#../2configs/wordpress.nix
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
From e3806dfa40d61eb70b543ba34758b1c8a4d11aef Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:54:43 +0100
Subject: [PATCH 16/82] l 2: give helios & uriel more access
---
lass/2configs/base.nix | 5 +++--
lass/2configs/git.nix | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index ab7cda7d3..5505da67f 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -17,7 +17,8 @@ with lib;
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.uriel.pubkey
+ config.krebs.users.lass_uriel.pubkey
+ config.krebs.users.lass_helios.pubkey
];
};
mainUser = {
@@ -31,7 +32,7 @@ with lib;
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
- config.krebs.users.uriel.pubkey
+ config.krebs.users.lass_uriel.pubkey
];
};
};
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 10e54074c..2d8ee95dd 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -69,12 +69,12 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = lass;
+ user = [ lass lass_helios lass_uriel ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ tv makefu miefda uriel ];
+ user = [ tv makefu miefda ];
repo = [ repo ];
perm = fetch;
} ++
From 55b99a6c056b28be7601d7f56fab5a08a181ea29 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:55:41 +0100
Subject: [PATCH 17/82] l: add helios as new system
---
krebs/3modules/lass/default.nix | 31 ++++++++++++++
krebs/Zhosts/helios | 10 +++++
lass/1systems/helios.nix | 72 +++++++++++++++++++++++++++++++++
3 files changed, 113 insertions(+)
create mode 100644 krebs/Zhosts/helios
create mode 100644 lass/1systems/helios.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b99ebf01d..49ff50e8c 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -228,6 +228,33 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
+ helios = {
+ cores = 2;
+ dc = "lass";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.3"];
+ addrs6 = ["42:0:0:0:0:0:0:7105"];
+ aliases = [
+ "helios.retiolum"
+ "cgit.helios.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
+ Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
+ 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
+ oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
+ hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
+ Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
+ };
};
users = addNames {
@@ -239,5 +266,9 @@ with lib;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
mail = "lass@uriel.retiolum";
};
+ lass_helios = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios";
+ mail = "lass@helios.retiolum";
+ };
};
}
diff --git a/krebs/Zhosts/helios b/krebs/Zhosts/helios
new file mode 100644
index 000000000..b34b7f180
--- /dev/null
+++ b/krebs/Zhosts/helios
@@ -0,0 +1,10 @@
+Subnet = 42:0:0:0:0:0:0:7105/128
+Subnet = 10.243.0.3/32
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
+Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
+5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
+oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
+hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
+Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
new file mode 100644
index 000000000..93b24c793
--- /dev/null
+++ b/lass/1systems/helios.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+with builtins;
+{
+ imports = [
+ ../2configs/baseX.nix
+ ../2configs/browsers.nix
+ ../2configs/programs.nix
+ #{
+ # users.extraUsers = {
+ # root = {
+ # openssh.authorizedKeys.keys = map readFile [
+ # ../../krebs/Zpubkeys/uriel.ssh.pub
+ # ];
+ # };
+ # };
+ #}
+ ];
+
+ krebs.build.host = config.krebs.hosts.helios;
+
+ networking.wireless.enable = true;
+
+ hardware.enableAllFirmware = true;
+ nixpkgs.config.allowUnfree = true;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ kernelModules = [ "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "ext4";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ };
+
+ #services.udev.extraRules = ''
+ # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
+ # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
+ #'';
+
+ services.xserver = {
+ videoDriver = "intel";
+ vaapiDrivers = [ pkgs.vaapiIntel ];
+ deviceSection = ''
+ Option "AccelMethod" "sna"
+ BusID "PCI:0:2:0"
+ '';
+ };
+
+ services.xserver.synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ accelFactor = "0.035";
+ additionalOptions = ''
+ Option "FingerHigh" "60"
+ Option "FingerLow" "60"
+ '';
+ };
+}
From 87c8d7830fb09d9e956308396018d5a00509cbf3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:56:24 +0100
Subject: [PATCH 18/82] l 1 mors: update nginx tests
---
lass/1systems/mors.nix | 91 +++++++++++++++++++++++++-----------------
1 file changed, 55 insertions(+), 36 deletions(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 86a34a637..d0aae6dbb 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -32,51 +32,70 @@
];
}
{
- #wordpress-test
- #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ #static-nginx-test
imports = [
- ../3modules/wordpress_nginx.nix
+ ../3modules/static_nginx.nix
];
- lass.wordpress."testserver.de" = {
- multiSite = {
- "1" = "testserver.de";
- "2" = "bla.testserver.de";
+ lass.staticPage."testserver.de" = {
+ #sslEnable = true;
+ #certificate = "${toString <secrets>}/testserver.de/server.cert";
+ #certificate_key = "${toString <secrets>}/testserver.de/server.pem";
+ ssl = {
+ enable = true;
+ certificate = "${toString <secrets>}/testserver.de/server.cert";
+ certificate_key = "${toString <secrets>}/testserver.de/server.pem";
};
};
-
- services.mysql = {
- enable = true;
- package = pkgs.mariadb;
- rootPassword = "<secrets>/mysql_rootPassword";
- };
networking.extraHosts = ''
10.243.0.2 testserver.de
'';
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
}
- {
- #owncloud-test
- #imports = singleton (sitesGenerators.createWordpress "testserver.de");
- imports = [
- ../3modules/owncloud_nginx.nix
- ];
- lass.owncloud."owncloud-test.de" = {
- };
+ #{
+ # #wordpress-test
+ # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ # imports = [
+ # ../3modules/wordpress_nginx.nix
+ # ];
+ # lass.wordpress."testserver.de" = {
+ # multiSite = {
+ # "1" = "testserver.de";
+ # "2" = "bla.testserver.de";
+ # };
+ # };
- #services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = "<secrets>/mysql_rootPassword";
- #};
- networking.extraHosts = ''
- 10.243.0.2 owncloud-test.de
- '';
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
- ];
- }
+ # services.mysql = {
+ # enable = true;
+ # package = pkgs.mariadb;
+ # rootPassword = "<secrets>/mysql_rootPassword";
+ # };
+ # networking.extraHosts = ''
+ # 10.243.0.2 testserver.de
+ # '';
+ # krebs.iptables.tables.filter.INPUT.rules = [
+ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+ # ];
+ #}
+ #{
+ # #owncloud-test
+ # #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ # imports = [
+ # ../3modules/owncloud_nginx.nix
+ # ];
+ # lass.owncloud."owncloud-test.de" = {
+ # };
+
+ # #services.mysql = {
+ # # enable = true;
+ # # package = pkgs.mariadb;
+ # # rootPassword = "<secrets>/mysql_rootPassword";
+ # #};
+ # networking.extraHosts = ''
+ # 10.243.0.2 owncloud-test.de
+ # '';
+ # krebs.iptables.tables.filter.INPUT.rules = [
+ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+ # ];
+ #}
];
krebs.build.host = config.krebs.hosts.mors;
From 8efbd093537de1e419b0c193b6aa2a262ae1f4c3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:57:54 +0100
Subject: [PATCH 19/82] l 2 buildbot-sta..: change name to buildbot-lass
---
lass/2configs/buildbot-standalone.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 4d02fb97a..8c71553fe 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -60,7 +60,7 @@
web.enable = true;
irc = {
enable = true;
- nick = "lass-buildbot";
+ nick = "buildbot-lass";
server = "cd.retiolum";
channels = [ "retiolum" ];
allowForce = true;
From cebb19ca9e412cd355638d0fbf028eba3b721bfa Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:58:35 +0100
Subject: [PATCH 20/82] l 2 websites wohnprojekt: add laura user
---
lass/2configs/websites/wohnprojekt-rhh.de.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index cd31450c5..ac784d4c7 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -8,5 +8,11 @@
lass.staticPage = {
"wohnprojekt-rhh.de" = {};
};
+
+ users.users.laura = {
+ home = "/srv/http/wohnprojekt-rhh.de";
+ createHome = true;
+ useDefaultShell = true;
+ };
}
From 77eaa656683dbe84bd66c4e7bc84670d836ed379 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 15:58:53 +0100
Subject: [PATCH 21/82] l 2 newsbot-js: disable truther feed
---
lass/2configs/newsbot-js.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 74d09b7fa..4482c4e9d 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -161,7 +161,7 @@ let
torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
- truther|http://truthernews.wordpress.com/feed/|#news
+ #truther|http://truthernews.wordpress.com/feed/|#news
un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
From 7d6d0a46643f66b18aa9480df6bb88391924f262 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 16:01:48 +0100
Subject: [PATCH 22/82] l 2 xserver: copy default.nix from tv
---
lass/2configs/xserver/default.nix | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index 04d14c7ce..d351fcf19 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -44,7 +44,7 @@ let
"slock"
];
- systemd.services.display-manager = mkForce {};
+ systemd.services.display-manager.enable = false;
services.xserver.enable = true;
@@ -93,9 +93,10 @@ let
xmonad-start = pkgs.writeScriptBin "xmonad" ''
#! ${pkgs.bash}/bin/bash
set -efu
- export PATH; PATH=${makeSearchPath "bin" ([
+ export PATH; PATH=${makeSearchPath "bin" [
+ pkgs.alsaUtils
pkgs.rxvt_unicode
- ] ++ config.environment.systemPackages)}:/var/setuid-wrappers
+ ]}:/var/setuid-wrappers
settle() {(
# Use PATH for a clean journal
command=''${1##*/}
From 45343b1e14a3fd2f581465d3e78adac372918a0c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 16:03:03 +0100
Subject: [PATCH 23/82] l 3 *_nginx: allow configuration of ssl
---
lass/3modules/owncloud_nginx.nix | 29 +++++++++++++++++---
lass/3modules/static_nginx.nix | 44 ++++++++++++++++++++++++++++++-
lass/3modules/wordpress_nginx.nix | 29 +++++++++++++++++++-
3 files changed, 97 insertions(+), 5 deletions(-)
diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix
index 0cb11846c..79c9de1d4 100644
--- a/lass/3modules/owncloud_nginx.nix
+++ b/lass/3modules/owncloud_nginx.nix
@@ -46,8 +46,22 @@ let
type = str;
};
ssl = mkOption {
- type = bool;
- default = false;
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };
+ ciphers = mkOption {
+ type = str;
+ default = "AES128+EECDH:AES128+EDH";
+ };
+ };
+ });
+ default = {};
};
};
}));
@@ -58,7 +72,7 @@ let
group = config.services.nginx.group;
imp = {
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@@ -102,7 +116,16 @@ let
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
+ ${if ssl.enable then ''
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ '' else ""}
'';
+ listen = (if ssl.enable then
+ [ "80" "443 ssl" ]
+ else
+ "80"
+ );
});
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
listen = ${folder}/phpfpm.pool
diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix
index cc2641af2..fd5cfdfd7 100644
--- a/lass/3modules/static_nginx.nix
+++ b/lass/3modules/static_nginx.nix
@@ -21,6 +21,35 @@ let
type = str;
default = "/srv/http/${config.domain}";
};
+ #sslEnable = mkEnableOption "ssl";
+ #certificate = mkOption {
+ # type = str;
+ #};
+ #certificate_key = mkOption {
+ # type = str;
+ #};
+ #ciphers = mkOption {
+ # type = str;
+ # default = "AES128+EECDH:AES128+EDH";
+ #};
+ ssl = mkOption {
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };
+ ciphers = mkOption {
+ type = str;
+ default = "AES128+EECDH:AES128+EDH";
+ };
+ };
+ });
+ default = {};
+ };
};
}));
default = {};
@@ -29,8 +58,10 @@ let
user = config.services.nginx.user;
group = config.services.nginx.group;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+
imp = {
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@@ -43,6 +74,17 @@ let
deny all;
'')
];
+
+ listen = (if ssl.enable then
+ [ "80" "443 ssl" ]
+ else
+ "80"
+ );
+ extraConfig = (if ssl.enable then ''
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ '' else "");
+
});
};
diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix
index 974aacd83..bfed9e7c6 100644
--- a/lass/3modules/wordpress_nginx.nix
+++ b/lass/3modules/wordpress_nginx.nix
@@ -53,6 +53,23 @@ let
"1" = "test.testsite.de";
};
};
+ ssl = mkOption {
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };
+ ciphers = mkOption {
+ type = str;
+ default = "AES128+EECDH:AES128+EDH";
+ };
+ };
+ });
+ };
};
}));
default = {};
@@ -68,7 +85,7 @@ let
# }
#'';
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@@ -114,7 +131,17 @@ let
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
+ ${if ssl.enable then ''
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ '' else ""}
+
'';
+ listen = (if ssl.enable then
+ [ "80" "443 ssl" ]
+ else
+ "80"
+ );
});
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
listen = ${folder}/phpfpm.pool
From 8beca9b31177183bfec031c6d0a947a1c99fc497 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 16:04:05 +0100
Subject: [PATCH 24/82] l: add fritz websites to dishfire
---
lass/1systems/dishfire.nix | 1 +
lass/2configs/websites/fritz.nix | 33 ++++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+)
create mode 100644 lass/2configs/websites/fritz.nix
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index a1288d578..0e650bfad 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,6 +4,7 @@
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
+ ../2configs/websites/fritz.nix
{
boot.loader.grub = {
device = "/dev/vda";
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
new file mode 100644
index 000000000..073f3de14
--- /dev/null
+++ b/lass/2configs/websites/fritz.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+
+ imports = [
+ ../../3modules/static_nginx.nix
+ ../../3modules/owncloud_nginx.nix
+ ../../3modules/wordpress_nginx.nix
+ ];
+
+ lass.staticPage = {
+ "biostase.de" = {};
+ "gs-maubach.de" = {};
+ "spielwaren-kern.de" = {};
+ "societyofsimtech.de" = {};
+ "ttf-kleinaspach.de" = {};
+ "edsn.de" = {};
+ "eab.berkeley.edu" = {};
+ "habsys.de" = {};
+ };
+
+ #lass.owncloud = {
+ # "o.ubikmedia.de" = {
+ # instanceid = "oc8n8ddbftgh";
+ # };
+ #};
+
+ #services.mysql = {
+ # enable = true;
+ # package = pkgs.mariadb;
+ # rootPassword = toString (<secrets/mysql_rootPassword>);
+ #};
+}
From 04d14aac7670e37c633565fad8e15e46b74b0eb6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 16:10:02 +0100
Subject: [PATCH 25/82] l 1 helios: import git.nix
---
lass/1systems/helios.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 93b24c793..67e3738ea 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -6,6 +6,7 @@ with builtins;
../2configs/baseX.nix
../2configs/browsers.nix
../2configs/programs.nix
+ ../2configs/git.nix
#{
# users.extraUsers = {
# root = {
From 0cd9c450f0ddcd41f95608f20d193fbf6b062c2f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 16:18:17 +0100
Subject: [PATCH 26/82] k 3 l: add ssh host key for dishfire
---
krebs/3modules/lass/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 49ff50e8c..9f22018a8 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -33,8 +33,8 @@ with lib;
'';
};
};
- #ssh.privkey.path = <secrets/ssh.id_ed25519>;
- #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
};
echelon = {
cores = 2;
From 138bdc6bf6a18a59cf47d2d2db7c4e7640f50641 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 1 Feb 2016 16:18:36 +0100
Subject: [PATCH 27/82] l 1 dishfire: import git.nix
---
lass/1systems/dishfire.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index 0e650bfad..cc9836dff 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -4,6 +4,7 @@
imports = [
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
+ ../2configs/git.nix
../2configs/websites/fritz.nix
{
boot.loader.grub = {
From 0939b8b37601fbbd509f88f95f7cab30b906a383 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:54:00 +0100
Subject: [PATCH 28/82] make deploy: properly print ssh target
---
Makefile | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 958629055..886a26f89 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,3 @@
-.ONESHELL:
-.SHELLFLAGS := -eufc
-
ifndef system
$(error unbound variable: system)
endif
@@ -22,7 +19,7 @@ execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
# usage: make deploy system=foo [target_host=bar]
deploy:
$(call execute,populate)
- ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
+ @set -x; ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
eval eval.:;@$(call evaluate)
@@ -33,7 +30,7 @@ eval.%:;@$(call evaluate,-A $*)
#install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
#install:;@set -x
# $(ssh) "$$target_user@$$target_host" \
-# env target_path=/var/src \
+# env target_path="$target_path" \
# sh -s prepare < krebs/4lib/infest/prepare.sh
# make -s populate target_path=/mnt"$$target_path"
# $(ssh) "$$target_user@$$target_host" \
From 8682f49ed7ba2687f65e8d11f1b943777896a228 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:57:47 +0100
Subject: [PATCH 29/82] Makefile execute: don't try to run failed evaluations
:D
---
Makefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 886a26f89..e61d16b75 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,10 @@ evaluate = \
--show-trace \
$(1)
-execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
+execute = \
+ result=$$($(call evaluate,-A config.krebs.build.$(1) --json)) && \
+ script=$$(echo "$$result" | jq -r .) && \
+ echo "$$script" | sh
# usage: make deploy system=foo [target_host=bar]
deploy:
From d739448ab940da4ed5bdf9be5398f6b93b854412 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 12:46:09 +0100
Subject: [PATCH 30/82] krebs.build.populate: cleanup (less) harder
---
krebs/3modules/build.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 00142acdd..0da5dd38a 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -74,7 +74,7 @@ let
unset tmpdir
trap '
- rm "$tmpdir"/*
+ rm -f "$tmpdir"/*
rmdir "$tmpdir"
trap - EXIT INT QUIT
' EXIT INT QUIT
From cb264dfb9119de4fb6d081171473e4276cdbb9d5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2016 15:11:22 +0100
Subject: [PATCH 31/82] urlwatch: 2.0 -> 2.1
---
krebs/5pkgs/urlwatch/default.nix | 23 ++++++-----------------
1 file changed, 6 insertions(+), 17 deletions(-)
diff --git a/krebs/5pkgs/urlwatch/default.nix b/krebs/5pkgs/urlwatch/default.nix
index d9b595314..780ad24f5 100644
--- a/krebs/5pkgs/urlwatch/default.nix
+++ b/krebs/5pkgs/urlwatch/default.nix
@@ -1,29 +1,18 @@
{ stdenv, fetchurl, python3Packages }:
python3Packages.buildPythonPackage rec {
- name = "urlwatch-2.0";
+ name = "urlwatch-2.1";
src = fetchurl {
url = "https://thp.io/2008/urlwatch/${name}.tar.gz";
- sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b";
+ sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6";
};
propagatedBuildInputs = with python3Packages; [
- pyyaml
keyring
- (python3Packages.buildPythonPackage rec {
- name = "minidb-2.0.1";
- src = fetchurl {
- url = "https://thp.io/2010/minidb/${name}.tar.gz";
- sha256 = "1x958zr9jc26vaqij451qb9m2l7apcpz34ir9fwfjg4fwv24z2dy";
- };
- meta = {
- description = "A simple SQLite3-based store for Python objects";
- homepage = https://thp.io/2010/minidb/;
- license = stdenv.lib.licenses.isc;
- maintainers = [ stdenv.lib.maintainers.tv ];
- };
- })
+ minidb
+ pyyaml
+ requests2
];
postFixup = ''
@@ -36,4 +25,4 @@ python3Packages.buildPythonPackage rec {
license = stdenv.lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.tv ];
};
-}#
+}
From b2303e081fb1ccc9a0b88f538736045fb2fba14f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2016 15:18:28 +0100
Subject: [PATCH 32/82] cd: use default upstream-nixpkgs
---
tv/1systems/cd.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index e42d5750a..8297a56df 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -6,11 +6,6 @@ with lib;
krebs.build.host = config.krebs.hosts.cd;
krebs.build.target = "root@cd.internet";
- krebs.build.source.upstream-nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "b7ff030";
- };
-
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
From 23c7c10f5a5ed83dca001d7382e5b89981277f8c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:11:30 +0100
Subject: [PATCH 33/82] krebs.retiolum.hosts: change type to attrsOf host
---
krebs/3modules/retiolum.nix | 46 +++++++++++++-------------
krebs/4lib/types.nix | 16 +++++----
krebs/Zhosts/Styx | 10 ------
krebs/Zhosts/ThinkArmageddon | 9 -----
krebs/Zhosts/TriBot | 11 ------
krebs/Zhosts/ach | 11 ------
krebs/Zhosts/air | 11 ------
krebs/Zhosts/alarmpi | 11 ------
krebs/Zhosts/albi10 | 11 ------
krebs/Zhosts/albi7 | 10 ------
krebs/Zhosts/almoehi | 11 ------
krebs/Zhosts/alphalabs | 10 ------
krebs/Zhosts/apfull | 11 ------
krebs/Zhosts/bitchctl | 11 ------
krebs/Zhosts/bitchextend | 11 ------
krebs/Zhosts/bitchtop | 11 ------
krebs/Zhosts/bobby | 11 ------
krebs/Zhosts/box | 10 ------
krebs/Zhosts/bridge | 12 -------
krebs/Zhosts/c2ft | 10 ------
krebs/Zhosts/c2fthome | 10 ------
krebs/Zhosts/casino | 11 ------
krebs/Zhosts/cat1 | 11 ------
krebs/Zhosts/cband | 11 ------
krebs/Zhosts/cd | 17 ----------
krebs/Zhosts/cloudkrebs | 12 -------
krebs/Zhosts/darth | 12 -------
krebs/Zhosts/dei | 11 ------
krebs/Zhosts/destroy | 11 ------
krebs/Zhosts/devstar | 11 ------
krebs/Zhosts/echelon | 12 -------
krebs/Zhosts/eigenserv | 11 ------
krebs/Zhosts/elvis | 12 -------
krebs/Zhosts/eulerwalk | 11 ------
krebs/Zhosts/exile | 9 -----
krebs/Zhosts/exitium_mobilis | 10 ------
krebs/Zhosts/falk | 11 ------
krebs/Zhosts/fastpoke | 12 -------
krebs/Zhosts/filebitch | 11 ------
krebs/Zhosts/filepimp | 11 ------
krebs/Zhosts/flap | 12 -------
krebs/Zhosts/foobar | 11 ------
krebs/Zhosts/fuerkrebs | 10 ------
krebs/Zhosts/gum | 15 ---------
krebs/Zhosts/heidi | 11 ------
krebs/Zhosts/horisa | 12 -------
krebs/Zhosts/horreum_magnus | 15 ---------
krebs/Zhosts/incept | 13 --------
krebs/Zhosts/ire | 12 -------
krebs/Zhosts/ire2 | 9 -----
krebs/Zhosts/irkel | 12 -------
krebs/Zhosts/juhulian | 11 ------
krebs/Zhosts/k2 | 28 ----------------
krebs/Zhosts/kabinett | 11 ------
krebs/Zhosts/kaepsele | 11 ------
krebs/Zhosts/kalle | 11 ------
krebs/Zhosts/karthus | 10 ------
krebs/Zhosts/kebsco | 11 ------
krebs/Zhosts/khackplug | 11 ------
krebs/Zhosts/kheurop | 12 -------
krebs/Zhosts/kiosk | 12 -------
krebs/Zhosts/krebsplug | 10 ------
krebs/Zhosts/kvasir | 11 ------
krebs/Zhosts/laqueus | 11 ------
krebs/Zhosts/linuxatom | 11 ------
krebs/Zhosts/luminos | 11 ------
krebs/Zhosts/machine | 11 ------
krebs/Zhosts/makalu | 11 ------
krebs/Zhosts/mako | 11 ------
krebs/Zhosts/miefda0 | 10 ------
krebs/Zhosts/minikrebs | 10 ------
krebs/Zhosts/mkdir | 11 ------
krebs/Zhosts/monitor | 11 ------
krebs/Zhosts/mors | 10 ------
krebs/Zhosts/motor | 12 -------
krebs/Zhosts/mu | 10 ------
krebs/Zhosts/muhbaasu | 13 --------
krebs/Zhosts/nomic | 10 ------
krebs/Zhosts/nomic2 | 10 ------
krebs/Zhosts/nukular | 11 ------
krebs/Zhosts/omo | 9 -----
krebs/Zhosts/pic | 11 ------
krebs/Zhosts/pigstarter | 13 --------
krebs/Zhosts/pike | 11 ------
krebs/Zhosts/pnp | 11 ------
krebs/Zhosts/pornocauster | 10 ------
krebs/Zhosts/prism | 12 -------
krebs/Zhosts/radiotuxmini | 11 ------
krebs/Zhosts/random | 10 ------
krebs/Zhosts/raspafari | 11 ------
krebs/Zhosts/reimae | 12 -------
krebs/Zhosts/rmdir | 11 ------
krebs/Zhosts/robchina | 11 ------
krebs/Zhosts/rockit | 11 ------
krebs/Zhosts/rtjure_debian_oder_so | 11 ------
krebs/Zhosts/rtjure_ras | 11 ------
krebs/Zhosts/rtjure_rdrlab_linkstation | 11 ------
krebs/Zhosts/rubus | 9 -----
krebs/Zhosts/senderechner | 10 ------
krebs/Zhosts/serenity | 11 ------
krebs/Zhosts/seruundroid | 12 -------
krebs/Zhosts/sir_krebs_a_lot | 11 ------
krebs/Zhosts/skirfir | 11 ------
krebs/Zhosts/sleipnir | 12 -------
krebs/Zhosts/smove | 9 -----
krebs/Zhosts/sokrates | 11 ------
krebs/Zhosts/sokrateslaptop | 11 ------
krebs/Zhosts/soundflower | 10 ------
krebs/Zhosts/steve | 10 ------
krebs/Zhosts/stro | 10 ------
krebs/Zhosts/tahoe | 12 -------
krebs/Zhosts/taschenkrebs | 11 ------
krebs/Zhosts/terrapi | 11 ------
krebs/Zhosts/thomasDOTde | 9 -----
krebs/Zhosts/tincdroid | 9 -----
krebs/Zhosts/tmpd | 11 ------
krebs/Zhosts/tpsw | 11 ------
krebs/Zhosts/tsp | 16 ---------
krebs/Zhosts/ufo | 11 ------
krebs/Zhosts/uriel | 11 ------
krebs/Zhosts/vault | 10 ------
krebs/Zhosts/vbob | 9 -----
krebs/Zhosts/voyager | 17 ----------
krebs/Zhosts/wbob | 10 ------
krebs/Zhosts/wolf | 10 ------
krebs/Zhosts/wooktop | 11 ------
krebs/Zhosts/wry | 16 ---------
krebs/Zhosts/wu | 10 ------
krebs/Zhosts/xu | 13 --------
krebs/Zhosts/ytart | 9 -----
krebs/Zhosts/zombiecancer | 11 ------
lass/2configs/retiolum.nix | 1 -
makefu/1systems/repunit.nix | 1 -
makefu/1systems/vbob.nix | 1 -
134 files changed, 32 insertions(+), 1479 deletions(-)
delete mode 100644 krebs/Zhosts/Styx
delete mode 100644 krebs/Zhosts/ThinkArmageddon
delete mode 100644 krebs/Zhosts/TriBot
delete mode 100644 krebs/Zhosts/ach
delete mode 100644 krebs/Zhosts/air
delete mode 100644 krebs/Zhosts/alarmpi
delete mode 100644 krebs/Zhosts/albi10
delete mode 100644 krebs/Zhosts/albi7
delete mode 100644 krebs/Zhosts/almoehi
delete mode 100644 krebs/Zhosts/alphalabs
delete mode 100644 krebs/Zhosts/apfull
delete mode 100644 krebs/Zhosts/bitchctl
delete mode 100644 krebs/Zhosts/bitchextend
delete mode 100644 krebs/Zhosts/bitchtop
delete mode 100644 krebs/Zhosts/bobby
delete mode 100644 krebs/Zhosts/box
delete mode 100644 krebs/Zhosts/bridge
delete mode 100644 krebs/Zhosts/c2ft
delete mode 100644 krebs/Zhosts/c2fthome
delete mode 100644 krebs/Zhosts/casino
delete mode 100644 krebs/Zhosts/cat1
delete mode 100644 krebs/Zhosts/cband
delete mode 100644 krebs/Zhosts/cd
delete mode 100644 krebs/Zhosts/cloudkrebs
delete mode 100644 krebs/Zhosts/darth
delete mode 100644 krebs/Zhosts/dei
delete mode 100644 krebs/Zhosts/destroy
delete mode 100644 krebs/Zhosts/devstar
delete mode 100644 krebs/Zhosts/echelon
delete mode 100644 krebs/Zhosts/eigenserv
delete mode 100644 krebs/Zhosts/elvis
delete mode 100644 krebs/Zhosts/eulerwalk
delete mode 100644 krebs/Zhosts/exile
delete mode 100644 krebs/Zhosts/exitium_mobilis
delete mode 100644 krebs/Zhosts/falk
delete mode 100644 krebs/Zhosts/fastpoke
delete mode 100644 krebs/Zhosts/filebitch
delete mode 100644 krebs/Zhosts/filepimp
delete mode 100644 krebs/Zhosts/flap
delete mode 100644 krebs/Zhosts/foobar
delete mode 100644 krebs/Zhosts/fuerkrebs
delete mode 100644 krebs/Zhosts/gum
delete mode 100644 krebs/Zhosts/heidi
delete mode 100644 krebs/Zhosts/horisa
delete mode 100644 krebs/Zhosts/horreum_magnus
delete mode 100644 krebs/Zhosts/incept
delete mode 100644 krebs/Zhosts/ire
delete mode 100644 krebs/Zhosts/ire2
delete mode 100644 krebs/Zhosts/irkel
delete mode 100644 krebs/Zhosts/juhulian
delete mode 100644 krebs/Zhosts/k2
delete mode 100644 krebs/Zhosts/kabinett
delete mode 100644 krebs/Zhosts/kaepsele
delete mode 100644 krebs/Zhosts/kalle
delete mode 100644 krebs/Zhosts/karthus
delete mode 100644 krebs/Zhosts/kebsco
delete mode 100644 krebs/Zhosts/khackplug
delete mode 100644 krebs/Zhosts/kheurop
delete mode 100644 krebs/Zhosts/kiosk
delete mode 100644 krebs/Zhosts/krebsplug
delete mode 100644 krebs/Zhosts/kvasir
delete mode 100644 krebs/Zhosts/laqueus
delete mode 100644 krebs/Zhosts/linuxatom
delete mode 100644 krebs/Zhosts/luminos
delete mode 100644 krebs/Zhosts/machine
delete mode 100644 krebs/Zhosts/makalu
delete mode 100644 krebs/Zhosts/mako
delete mode 100644 krebs/Zhosts/miefda0
delete mode 100644 krebs/Zhosts/minikrebs
delete mode 100644 krebs/Zhosts/mkdir
delete mode 100644 krebs/Zhosts/monitor
delete mode 100644 krebs/Zhosts/mors
delete mode 100644 krebs/Zhosts/motor
delete mode 100644 krebs/Zhosts/mu
delete mode 100644 krebs/Zhosts/muhbaasu
delete mode 100644 krebs/Zhosts/nomic
delete mode 100644 krebs/Zhosts/nomic2
delete mode 100644 krebs/Zhosts/nukular
delete mode 100644 krebs/Zhosts/omo
delete mode 100644 krebs/Zhosts/pic
delete mode 100644 krebs/Zhosts/pigstarter
delete mode 100644 krebs/Zhosts/pike
delete mode 100644 krebs/Zhosts/pnp
delete mode 100644 krebs/Zhosts/pornocauster
delete mode 100644 krebs/Zhosts/prism
delete mode 100644 krebs/Zhosts/radiotuxmini
delete mode 100644 krebs/Zhosts/random
delete mode 100644 krebs/Zhosts/raspafari
delete mode 100644 krebs/Zhosts/reimae
delete mode 100644 krebs/Zhosts/rmdir
delete mode 100644 krebs/Zhosts/robchina
delete mode 100644 krebs/Zhosts/rockit
delete mode 100644 krebs/Zhosts/rtjure_debian_oder_so
delete mode 100644 krebs/Zhosts/rtjure_ras
delete mode 100644 krebs/Zhosts/rtjure_rdrlab_linkstation
delete mode 100644 krebs/Zhosts/rubus
delete mode 100644 krebs/Zhosts/senderechner
delete mode 100644 krebs/Zhosts/serenity
delete mode 100644 krebs/Zhosts/seruundroid
delete mode 100644 krebs/Zhosts/sir_krebs_a_lot
delete mode 100644 krebs/Zhosts/skirfir
delete mode 100644 krebs/Zhosts/sleipnir
delete mode 100644 krebs/Zhosts/smove
delete mode 100644 krebs/Zhosts/sokrates
delete mode 100644 krebs/Zhosts/sokrateslaptop
delete mode 100644 krebs/Zhosts/soundflower
delete mode 100644 krebs/Zhosts/steve
delete mode 100644 krebs/Zhosts/stro
delete mode 100644 krebs/Zhosts/tahoe
delete mode 100644 krebs/Zhosts/taschenkrebs
delete mode 100644 krebs/Zhosts/terrapi
delete mode 100644 krebs/Zhosts/thomasDOTde
delete mode 100644 krebs/Zhosts/tincdroid
delete mode 100644 krebs/Zhosts/tmpd
delete mode 100644 krebs/Zhosts/tpsw
delete mode 100644 krebs/Zhosts/tsp
delete mode 100644 krebs/Zhosts/ufo
delete mode 100644 krebs/Zhosts/uriel
delete mode 100644 krebs/Zhosts/vault
delete mode 100644 krebs/Zhosts/vbob
delete mode 100644 krebs/Zhosts/voyager
delete mode 100644 krebs/Zhosts/wbob
delete mode 100644 krebs/Zhosts/wolf
delete mode 100644 krebs/Zhosts/wooktop
delete mode 100644 krebs/Zhosts/wry
delete mode 100644 krebs/Zhosts/wu
delete mode 100644 krebs/Zhosts/xu
delete mode 100644 krebs/Zhosts/ytart
delete mode 100644 krebs/Zhosts/zombiecancer
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index e0e2692a8..08ac96461 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }:
-
-with builtins;
with lib;
let
cfg = config.krebs.retiolum;
@@ -40,7 +38,7 @@ let
'';
};
- network = mkOption {
+ netname = mkOption {
type = types.str;
default = "retiolum";
description = ''
@@ -65,10 +63,13 @@ let
};
hosts = mkOption {
- type = with types; either package path;
- default = ../Zhosts;
+ type = with types; attrsOf host;
+ default =
+ filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts;
description = ''
- If a path is given, then it will be used to generate an ad-hoc package.
+ Hosts which should be part of the tinc configuration.
+ Note that these hosts must have a correspondingly named network
+ configured, see <literal>config.krebs.retiolum.netname</literal>.
'';
};
@@ -104,7 +105,7 @@ let
};
imp = {
- environment.systemPackages = [ tinc hosts iproute ];
+ environment.systemPackages = [ tinc iproute ];
networking.extraHosts = retiolumExtraHosts;
@@ -140,17 +141,16 @@ let
tinc = cfg.tincPackage;
- hosts = getAttr (typeOf cfg.hosts) {
- package = cfg.hosts;
- path = pkgs.stdenv.mkDerivation {
- name = "custom-retiolum-hosts";
- src = cfg.hosts;
- installPhase = ''
- mkdir $out
- find . -name .git -prune -o -type f -print0 \
- | xargs -0 cp --target-directory $out
- '';
- };
+ tinc-hosts = pkgs.stdenv.mkDerivation {
+ name = "${cfg.netname}-tinc-hosts";
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir $out
+ ${concatStrings (mapAttrsToList (_: host: ''
+ echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \
+ > $out/${shell.escape host.name}
+ '') cfg.hosts)}
+ '';
};
iproute = cfg.iproutePackage;
@@ -159,7 +159,7 @@ let
{ }
''
generate() {
- (cd ${hosts}
+ (cd ${tinc-hosts}
printf \'\'
for i in `ls`; do
names=$(hostnames $i)
@@ -180,11 +180,11 @@ let
generate
;;
long)
- hostnames() { echo "$1.${cfg.network}"; }
+ hostnames() { echo "$1.${cfg.netname}"; }
generate
;;
both)
- hostnames() { echo "$1.${cfg.network} $1"; }
+ hostnames() { echo "$1.${cfg.netname} $1"; }
generate
;;
*)
@@ -203,12 +203,12 @@ let
mkdir -p $out
- ln -s ${hosts} $out/hosts
+ ln -s ${tinc-hosts} $out/hosts
cat > $out/tinc.conf <<EOF
Name = ${cfg.name}
Device = /dev/net/tun
- Interface = ${cfg.network}
+ Interface = ${cfg.netname}
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
${cfg.extraConfig}
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index c596d0f9d..6c396a132 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -119,16 +119,18 @@ types // rec {
default = {};
};
tinc = mkOption {
- type = let net-config = config; in nullOr (submodule ({ config, ... }: {
+ type = let net = config; in nullOr (submodule ({ config, ... }: {
options = {
config = mkOption {
type = str;
- default = ''
- ${optionalString (net-config.via != null)
- (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)}
- ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs}
- ${config.pubkey}
- '';
+ default = concatStringsSep "\n" (
+ (optionals (net.via != null)
+ (map (a: "Address = ${a}") net.via.addrs))
+ ++
+ (map (a: "Subnet = ${a}") net.addrs)
+ ++
+ [config.pubkey]
+ );
};
pubkey = mkOption {
type = str;
diff --git a/krebs/Zhosts/Styx b/krebs/Zhosts/Styx
deleted file mode 100644
index fad453168..000000000
--- a/krebs/Zhosts/Styx
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.42/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4jbOi+HZIGOGNm4aBSwnq4m3Vg3IXHmYUbJx1AzP4a/yvEgswfk6
-MP5FXvoY/hZ0NQ0IRzbbJxGbcUdulz0WSjX1C+8uQUZstz+lvYZ4FeCXcdE5cuFM
-ROKAbA4qxO3WOFhPAs4G+K6srDqswmmBSfgPAfOBexEZxHweoBQLOYKUPnBCWf5q
-I1gKWgMVWv6KY/pgYxloarycb8gEd2GsNZcNwoNhRd2G/Tn6idh1qRBI96eaasbV
-P24FEVkPVFVgIGrvFZCICCeQzA4g+Sn4TmgxnTWLQxG4hAHOZQX/ld8u7NHTU9Qm
-PwmjESwfas9Z8UjknrbcaZvuqKrnMp7JwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ThinkArmageddon b/krebs/Zhosts/ThinkArmageddon
deleted file mode 100644
index e51e1c92b..000000000
--- a/krebs/Zhosts/ThinkArmageddon
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.137/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1EAiyBWICkyB1zHE31fHSbGR1nJJmXSfnrqm9yXRZSGweIKrbsof
-QVcRzM4vsFBRUMBeKW7fzlGcvgXULFRnGelvEl4GRiBMO9odBlBI3t8CjZW7X2N7
-JqCMkB+CRuiHbNYQdRFTozQEfPq+DNh8accD5LjUM6gF0dKUdby5qNeHCfZSxU4v
-YZDRqq/haO4up6m8/S6YhnHPOSaIAu7R7hFaUeB/FPT+s5irKk6WtAiWnIdXb22q
-0zxT4+t9sWFb4V9u/MImggYQVWjk+TfF5KpihBOvExEQsSR8JJcRUJAtN4W0w2Pc
-S4/j9ArKcBj5Wf2qHcJMN5MbwUFW1oMkGwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/TriBot b/krebs/Zhosts/TriBot
deleted file mode 100644
index 821046f5d..000000000
--- a/krebs/Zhosts/TriBot
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.117.163
-Subnet = 42:ff05:504f:f27a:3534:9be1:4343:5e95
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAz8pZtvSqDEKo/8IHt71GzWa2oTqZPUv2kRoipUXbJGv3eWpkbd4n
-OpaLuY7MjUveZ39m830t5RAkgB9iChU5wurszgfLrxJ15uibJe+yFJl9O6kuYJr1
-69s12F/v/pPno5eWuXWJ+CdMW8srZB1I/ZIL1/GaptuDoMxu7uBnDbL/NJrpPBSr
-JxCJGHET8jh2++B3cqsBWNGkQjQTM8NwwAup6HQjBrbOQYOAQbcOTMmalc/9JFfO
-LUz63LrCPk5pIeLi+876IdAJBuJsVWwmTbl/D9R6D34Z8bYHIv9mDmO/omckcxX2
-JJgEq5/xlLb2gHt/qfUunbYHIstp/s2bSwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ach b/krebs/Zhosts/ach
deleted file mode 100644
index 7774f17c4..000000000
--- a/krebs/Zhosts/ach
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.32.89
-Subnet = 42:6bb3:0a07:6777:9aa5:e39c:e140:cb68
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsTyjNQ5aO2aIKXgkgZSiUb0POtEVoAPFrIkSv5Ci+7AYv+CLXsIr
-TKBfFIg474KZ4MCrX0oA3Z66s9d2UW6mcH5JufW8siRPJvdydqaANyF6Fvk++59R
-+GMKR0MGdPGfcxjaw64ChemOZx1T6ODHF7KTgaWRI+Aiz+jWsvVCSKutSwVDJTgJ
-4lub95/gbWckRY6fchkh7rSTfNXXYevbysQYdZaAR/qgquUNt23/ewlagF7uqgZt
-CQx7MHMU2quEdvIfZuUPFWe0yHBb1bZCHYxKXo6XG8I7WdUAFRuwFLTjqgSYPD1j
-EpUyU0+xxfyXB3vWrM/jcw8XKzi04wWHuQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/air b/krebs/Zhosts/air
deleted file mode 100644
index f27106f0e..000000000
--- a/krebs/Zhosts/air
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.99
-Subnet = 42:32d7:b589:8ae8:57a5:4cde:f49e:851d/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1yNqMyy9C1O031M518kzLYLh+Ox0D2r9UgVSSb9OgpQ85ZJgl7Kb
-SUzlZLbC9CX4O+PmtWvZwtPfLjua9VbVOtUJTB6zTB9Oqe4hTmX0oKIgheGf1rKS
-ylOaLfSz7PaPR3zGms17F4ovLDUBG2rpOyoHJM54T9LyJbPny/t7v/fjAFqu6atK
-1RgER3j3s5oPaRPw0pYR0kiGXayZRL6q7Qc6AXMlMi22sdRI9e1YCMCyC4u1oU6U
-grw7khyPWoEaue9B7fKfG5PixRHHlrsVDdwXEVvH87+/X2IU3H3C1/pslenAQ98i
-qGNJOl2eJ9FHInQjI1cDMgFURcT6i8mGpQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/alarmpi b/krebs/Zhosts/alarmpi
deleted file mode 100644
index 205b0d838..000000000
--- a/krebs/Zhosts/alarmpi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.187
-Subnet = 42:2de9:fab6:7460:2fee:9199:fa1d:70ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAunQOFP1mnEmsmnMYjCwbWdbGe0/hHQs2bxIdwO1RXngXgw/TBBhN
-Xlp75LzPiT0ELF5WBPVclqskT+bl+FOOITH9XDkYzm22jzeLHq3bs3YiZhwzidkO
-Xhq5pwGY4HL4o3SfFtfOHse688qqLXefoc9CfyAIKMCRRAxlzpqNVuZEg1eUcuUJ
-z6gugJj+YyA4V3JGq7GuJDiPPOMrGel0rITMlWtYYtm0jf6deYBPjo+ZogDESlez
-tBmPKNCXynSxb6cV39StUsbUQbLvHgPBrA01T+Hw1DV5eHmWoycvD4IfJqXdfMbc
-BOqRHOlErXGTG5m2EUoU0VSj75zl06gW6wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/albi10 b/krebs/Zhosts/albi10
deleted file mode 100644
index 9bcca7ccd..000000000
--- a/krebs/Zhosts/albi10
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 74.122.198.15
-Subnet = 10.243.0.10
-Subnet = 42:aaa9:4ba3:8c43:bdd8:2cc8:29a0:e8e6/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0Jz5rQ7NpIQWwhDsrZHlJYAnC1k1onl2ln/6CJbdV9t3gG2hlx/9
-0SEARo6sq9fftyzzZd3iY4WK7+zRXJFXHsLmDa6mq8Mme7Yv+YHZoHPTm9c3tN3v
-laiV/qAdoi/sv43DCo7JywI2lTW1pPxuitXuud2ajd7GXuCoRqFRqLtaURorVKkW
-4j9UGpMKrEa+CV9wP5jZ57RSPQ7aMq8D4GiMqKDgUeCZnvXxpYWDOEdGNlpuUcWt
-/erC6u50/vnjUkkHx66OmkZe5AX5MmwNp2q4zC4sTh/BRhqk27AmNl5wbp0kL7/B
-hg+r0F8ckrdLc21sSU36lUIeeFa/S+A06QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/albi7 b/krebs/Zhosts/albi7
deleted file mode 100644
index 32cf0dc84..000000000
--- a/krebs/Zhosts/albi7
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.7/32
-Subnet = 42:6c61:6962:6137:626c:3769:000a:1337/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+SwdWv1anjIaKSnvel9d23tgqye5RguIVfgMnjpMsqOYpFklLIa8
-4wREhVvpiArnIsoTXbKzdeCFgaAbMS6aQ701Pyv7QriVy8m3iUlgqvB/znogxN8U
-z1fqL0jAHLkQkoyZ2a6mUgHpByvUqZNcq6istYLwGnXO3JQrS7U54hHPpXbxwFY5
-0/Wli9OueG4fWaZ9skDa2Faq4c/Lngku+Iv1gBBgII1EDSsgedNWw3YBTmHDFNTZ
-SsORj2ho5nQgdvw42qEINbxpU01jK8XB+jmVEO+ixZZCsWlOeCjl9Zym4MZDRePg
-euTLTbgs/809ElM8V+EzRKSPNR2k6FrBXwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/almoehi b/krebs/Zhosts/almoehi
deleted file mode 100644
index d856f682f..000000000
--- a/krebs/Zhosts/almoehi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.239.66
-Subnet = 42:0730:2eed:2bb9:9d4b:eeb1:641c:0fe6
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtyfcqaDrDmsBVh5w4CksDI1Hn/jDcZVyNWZlqxQojjB2SsxH1VyD
-VcpmwyzDSE87CCZPN4xjIbrc+KgjiOVSAu+8Ax4dLqVrP96s5lJUIunVcwd3lQVi
-D7Ol2zDredbXuNi3jb0qBU+/qiK9mp1vTcEXhXmCSTiXIHz0d7vkv9S0h+YgKGMJ
-xBQsyCsEI9uAeGghVwrLcwY0ea6ZJuYz0miIn9+g4D5PROxImBAJV6uvbG0cP8QG
-rLY85YYByk2qKPIXrpec4uc1A/P1+1DSl5I+GEkBBhSmQB71UYCDULfuL4Eu6mFN
-AFAPsSCk8DFo5//lULky24CEkxTtp4rcPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/alphalabs b/krebs/Zhosts/alphalabs
deleted file mode 100644
index e5f98d692..000000000
--- a/krebs/Zhosts/alphalabs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:a1fa/128
-Subnet = 10.243.1.10/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvUAbMmmOFn+4kOvJAvmi0R/XCQa1YBlkjUvC6Pmt0Q8gV1DodXjB
-DgwP8yhLcxaVy2Hk82aJvNTUrfMeB2sdt1RJHQiEPQkHthdp8Spm0Px4uTiMjmFB
-ev91xi00eCCGIKsXdh/qso1K7EDHt9MEVHOvSlkawWzoyJ6AaHStW1ElwDdGjZpl
-0YWrhx4Gk5X7pCp3LKkQJFfGtqoqGOVg2JjqK3qMsAdRo6QvYDqjFzARed/D0k55
-kcKXjBJAVxoU/CqGfS/Lr0fL8tdYgXaAXvPO9dbr1t0KyOUY2KRNBePeSvRp/etb
-H0LBPsO9F7PQiPI3DBoWCYgsuj/hBXapvwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/apfull b/krebs/Zhosts/apfull
deleted file mode 100644
index c64750b84..000000000
--- a/krebs/Zhosts/apfull
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.138.112
-Subnet = 42:0707:afc5:96a3:8215:305e:0474:02fb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxNnJB29djjUFUZqM7EQ8kj+IRx/a+2fA0ZdNoUm4ar6t7kTmOc40
-GzGr0zE+QPqQ3abDk7eTmZbU3yUNiAUDzDMD+iqwKAVJnMb8pjXlGmcpdvMuxwbz
-bHeTEaVqBmF4seXlwUKL+waa2Yr1t0YsynCUte8dbcauaD9CY61QjDUP7TQBglmk
-eKq+qbFNKjzIjLQf2iXsl2+dzuFqg4OUaUD0zZJVzjNpKSz24uEK2mD9fSmS3oYF
-yzsNaOKaXr/j+1Xlosxy9Rde/o54UbtZTPYsNdhNgnXmBan4zTv/QnI67Uf9RqiK
-PHsSAkfCj/K7iAOKE/A30xYbd8eV2tPANwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchctl b/krebs/Zhosts/bitchctl
deleted file mode 100644
index 8f188a2ae..000000000
--- a/krebs/Zhosts/bitchctl
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.104.101
-Subnet = 42:5ac9:c698:4d1d:6ec5:45b9:647b:a8ee
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuxd4ZU3y1ZgvI+/7mQkWBlF6VvX6ty8+iKYwmjsSUCclxz3O5DB+
-clps9k+0tQvtKlsxG3lnFQz9fd4Pj0GIuWsAdHRH/hpnb9nYSRePKWy0RBjAZRr4
-8rXqI8NOdkQiIQT8gWw3ujzw/Mau/bV6AWqi+CbeExm+J0bPW/QZlAZ4BEKFvuqK
-U8yOQ38p9s3Dpe4S5JZ3cu54j5f5JygXTZgk2ZW3frJ/JS+lRHfFlIW0ZAuTqn/u
-GD5ahHLbRZPGsG5aSR+agfOVIAHLBnDoFx6AQUr09m4zyMgPEC+Xq/DvdP/Hvuas
-RYRol9qHtNeFJViWIUOQPHypTw2a4Ev7fQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchextend b/krebs/Zhosts/bitchextend
deleted file mode 100644
index 82d8ffa43..000000000
--- a/krebs/Zhosts/bitchextend
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.141.142
-Subnet = 42:f8a6:9f59:381d:eedf:d90d:8611:4a9e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA02Zp9aYkEn5yLSaOhrmuFzObpmWdZfT5OWzE11LUeoCu4rsEZY9T
-DB93iliJpxKYuLnmI49vGfSSzqGs6B2yoh6Y60OsrYrvBSQ2Li3aTOqUTL8GpR6Y
-GivInlr6F5/T+6BEg8paau/1rwRE/r2cJ78AvG1nd+JtRL9Hl4tYPakOVIbRk3D9
-4qDtWDWZS5BdirbaO66wvYxS8ps14LRvyVkjiT7IPMXf8p6rxumXPIr3JtJ6QC/K
-DKuP95v0vztZm3U32hO92NB+mDb0XjGSOaspEl2HX45phad6GnGBPqhGpSv47xDa
-HprcO9uxkGcEhyQtCALWD8THX1SNoNHh0QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchtop b/krebs/Zhosts/bitchtop
deleted file mode 100644
index 975575efa..000000000
--- a/krebs/Zhosts/bitchtop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.12.178
-Subnet = 42:4119:cdae:6fb4:0b58:59c6:a993:17ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3NJmRzOn5e8FwhlcdvjIwZSvCL2eJ/lJ6E3/m/BOy7qUneMwfotE
-DarxHFxd6ccMLK8yH0fUuTC9zKVud6bw5Xfaw8BnFm8QXTr3eSwol3Lq1I8+k06I
-PZ5a3tkdK7bQxOi+v70jGyR9E/Q1D7fP6L/q9L3W2RmNivlvS5qi5LgfxiEkFvgM
-EO1FPfXwTKhBCB5LqFY4e+viyGxjZ+nK55QgacU7MMNEJN0ntvSp4pLepL29q7ZN
-wSRAjZC3PJX5QZtOOtCYAJ0QqsUv8vZPhaObwPfLvGHku2vl9E8TH+HY0DWjvrte
-E9ZjPn19RWRFExiK2KpbfTJezFULhaAQaQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bobby b/krebs/Zhosts/bobby
deleted file mode 100644
index aac6e377b..000000000
--- a/krebs/Zhosts/bobby
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.111.112/32
-Subnet = 42:0:0:0:0:0:111:112/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
-uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
-Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
-0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
-jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
-cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/box b/krebs/Zhosts/box
deleted file mode 100644
index e02f8ca67..000000000
--- a/krebs/Zhosts/box
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.43.43
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvUMfRZOPb/zKvALZTyxKQuzowqqJ/HW2lm/RIOKL2uoTUgVX1DJB
-fCLf66e2fHnjnStXuaMDNs1kq2gi4EyK5Q50RxVBq7XayXYqfnFwzTE+Iqape542
-vYSWKLdrxljln8a2EYU7njtcWkTpW+cJIwSHEUkDLAowF87ElQ0gBmyX4p107pow
-jg7zcYierVdQXkI7mO4g2zWsywfhwscbu5hdCp1Fw3wHFDatgyhPj1pJruKe+O3c
-AebF5yQOAsCxAk8ZcwGLmmF5xK7lAeux2Qzu1B4Pkfxi97g1GVLnX+so7PR+vvkQ
-+OMzQGIWXtaOqov5q2O1N5RJzng/kCjC/QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bridge b/krebs/Zhosts/bridge
deleted file mode 100644
index db75113be..000000000
--- a/krebs/Zhosts/bridge
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.26.29
-Subnet = 42:927a:3d59:1cb3:29d6:1a08:78d3:812e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
-VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
-UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
-oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
-/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
-lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/c2ft b/krebs/Zhosts/c2ft
deleted file mode 100644
index 8ce0539e2..000000000
--- a/krebs/Zhosts/c2ft
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:e674:8a82:7fe4:fa51:d305:192e:846b/128
-Subnet = 42.221.17.214/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqS+nvuQnAlhsGHgjKRz0nq2nj9HWwzrA96xnng6UCmkTpFyprM7b
-20vQ5wqcHFAbuZh1dOOb9G2qqsZYE6V1452YLZZLMsnxiJD8kSorHrF6kJid5JjH
-xyyqSvkXaHClQItVjo7rIn5P/Tl+BMt64KaPxpu/4GBVHkCE1apLtaVRnEq5t2DG
-htZuUqzhuLN4TQiSVC++7qY1UQotjLbAQpYxf67np5sKWMOqg5UA+ghuLeO9jpqL
-qKoh2TMzotGwlYBMXVA0jJtQu5Sq/IWKWAyk9zca2LT0W0ZZWYiTl+Ai5urbJgCV
-GvWeJCoBKteIKUHRVNK1RLDFl6/ITOu9XQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/c2fthome b/krebs/Zhosts/c2fthome
deleted file mode 100644
index a8eaabc97..000000000
--- a/krebs/Zhosts/c2fthome
+++ /dev/null
@@ -1,10 +0,0 @@
-Address = samularity.mine.nu
-Subnet = 42.44.64.126/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4ADumWibheOOocw3diK27ww4xfyptLZzlPcih5BJFUPOljXN33th
-1rbFwBr0QyRSad5U+/w1qlTCCqadjNdu+0RPGxbCrEqE3bUlrbES3Fw1ZtyIeuRH
-v6yTQuOzJXyceGGYJpK4JjFgFOggSH35dURDa1+x3pJECyWUAVDknWE5CS7HNufW
-bcREh18LoTUi7SGPeWauDLvVb/eeuDNJkoFj+HWpNqupFXpXUD7vQ+FBTtKO9FZu
-vd/QGYv7gkRGQfma3+2XW9fWgIfE1oS0qf4UfbycaEKMFS5Tn7li3tzCcH9Da4iB
-SsyWm1Hg1UYXccBdDYWYo+vdG59hIjmh8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/casino b/krebs/Zhosts/casino
deleted file mode 100644
index e35691c3c..000000000
--- a/krebs/Zhosts/casino
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.233
-Subnet = 42:3c1f:ea16:e181:7ab2:c51a:8892:7fb7/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzmZ7x4HVpW8RC3ZkwmNKY/6VGlMKQbpBQtmrUzV1XFxKWZRhH3VI
-NOqlfVpTEaRTorht7R8F1aw9psDDUcg7yuQFcUdoXxBJxwbc1h0FKyZZr5kAIfpS
-ObE0rbBRRqJVAWgztpQAalWC95D73y/+tpHnQ+LRFq9IWeX5+QobaSym1oG4Y0Jz
-STSbw2ksjH8CuWHS5TjZr50Nyx6cH99HABDnadxhLBtQriJPSYRYdWyp7tYrW3jd
-As28mxkyFj0sFV3IJ/bYfZD9KSGg1KjQu+c73xKOBUhNtSHFjUzN5myYGd/nWCw8
-0PUReLrWC1ZHYPzqiwelTHcNJ3UcojpO9wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cat1 b/krebs/Zhosts/cat1
deleted file mode 100644
index 1a9dd2fea..000000000
--- a/krebs/Zhosts/cat1
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.244.32
-Subnet = 42:86cf:a3fb:16b4:edbb:df13:a7a9:cd61
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyjmB9IyBYexahK+fxSzVNrVxMXroXMc4Fyx16+XOt9hugn24Suht
-06kQwwbpkwjWfIEONzr0UPAbsOWG/Qj3w+dqiC5iqHZWFW/NdBgwunF5+INnEamj
-eIIqei1230C/NNpTph9u3UsT+ZgZnc+r4usEmTpZslvtkVwg20jwT4w3Vq1ws1Jc
-8Ccy8vk4FjgBP88zuvqzjBtTGQMrDgBd68XlGVKOhrvxCebHknbcHWpUz4cN8TX7
-bRNpSUTCSGd2taY6g4cUxiegbTeK2LDVvW/6XtISvJqVVllLD/p661W6gRUlkspv
-phLJc+zNLRxOC624JRivt+Ag5iBI4YP4SQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cband b/krebs/Zhosts/cband
deleted file mode 100644
index 51c51e9c9..000000000
--- a/krebs/Zhosts/cband
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.7.76
-Subnet = 42:c293:090f:df44:0926:c7af:5012:7cd8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA11kwqXkkDRmxmoZNFDqtUsxK6d/HzTdFC/v1V3fttePuYFiEOhZl
-rLBS3+Eei4CsQrOwnaRBhHdnoOZGEdxJmq3YXDWGoVAn4bEgommCddzssVzWtVMf
-hIntuCExczEMIY+MGzM3QupYxUgRRVjFtvxoC9kKOSlaq0BhkdJiWygzN/NUfqpv
-HgDufoAcORLQInTpmQYEkZO+XmXejcCY/C+VD0MENqj3SijGw9tm2YmInwSwZnwX
-Zjh2xn96QbV9O7bpfGHcLxWhsUyyRC46knbbBXuAdbDsa2TUdzT5D7nb/TLfP412
-agIhk+cwFM24y/ChHdfoUBakKF4wZI3l4wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cd b/krebs/Zhosts/cd
deleted file mode 100644
index d65814f46..000000000
--- a/krebs/Zhosts/cd
+++ /dev/null
@@ -1,17 +0,0 @@
-Address = 162.219.7.216
-Subnet = 10.243.113.222
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af3
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
-rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
-e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
-sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
-CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
-PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
-LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
-DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
-ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
-jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
-Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cloudkrebs b/krebs/Zhosts/cloudkrebs
deleted file mode 100644
index 3886371ff..000000000
--- a/krebs/Zhosts/cloudkrebs
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 104.167.113.104
-Subnet = 10.243.206.102
-Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f762
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
-OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
-QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
-3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
-sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
-TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/darth b/krebs/Zhosts/darth
deleted file mode 100644
index bcabc5f58..000000000
--- a/krebs/Zhosts/darth
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.0.84
-Subnet = 42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyx5x0jzfhex8EBSFLlOIkP1yJ5cSPLQ3hpPMvN0J7QdVbypU6a9C
-fzGpzBph1sRwXnaqCMe0og5VT3EdFtngbmm6t/CyMhBojkxMQI08m71JT5c07+1U
-OSSLXBXYHcN6cAEYEsvTiSuvP9RoAbUeQQbZryI4wpzzQ7ET1l7k/3eeXAwqRKR6
-xiqn/4597U09QYmllqfplJUBv2pIAIcFlm/KHvNTZGEZS83udfnECwDwgU63PMns
-38yiCpI79kagXyTOGCbkUatt0KNTzGNLAm0CyeFd1AdgUrj8fVg2jQLQlBrze+Gx
-jkphgkVEgMtVMTz8WKfz+Dro3jBfQstIjQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/dei b/krebs/Zhosts/dei
deleted file mode 100644
index 0d401b019..000000000
--- a/krebs/Zhosts/dei
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.247.164
-Subnet = 42:d702:e261:bf4d:2f5f:00e8:bf56:4d50
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAva8pJ7H+ebQFEpqLZhr6hE6OlCRhSlPQwEoWtQLHT/zsgmUEhXcw
-9045IAAgALc1Wf6lVWKwNEBNyLNULUgmkXzgjCG1OuLAn7jWtaNQZT+b6ZM/b2Qn
-hrGdHCcpvW1kpIfho3zMts4dVx28Z85JJlI4ZqfFZWwiuCj+x8OELdqtm2IYryiu
-6dHRR+4WkgEvqL+1YF2RRxXIcSW2wFdZOggjXYobzC2wl9zWkTBPC6lKQjlKlSrV
-ZZBKRwuHloHPt7HJTjWZTX28CbC/P+3l5NyMhfmqtFPZuhC4p7EAWwcXXDz1Gkxl
-w5EbcTz01pePFj5oVfK5aUoi1JFZ9GSZFQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/destroy b/krebs/Zhosts/destroy
deleted file mode 100644
index 8b5f7f5ab..000000000
--- a/krebs/Zhosts/destroy
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:9277:1f1e:7599:ae4b:7cca:b4a3:fe47/128
-Subnet = 10.243.0.31/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAofIF/j4ddJEG0sOJJNp6hVXqLpj9FPw6a1vLLqZsn/NuZi3QCZ/w
-xj1nIsQbc1TnPLluHhpn5kuvzb0lThqmPJvX2uXnbq7WH6OvRyN/FV/Gn40txdni
-MFWD53zGlAle1/Jdt+to/+0mvRP8U+dKuggemGljX2nrUxaJgVRVzynvkys5l6vZ
-2oMeO/LnFcAt9ZkMFoqDfKB/RPOqTD9k6Sz8xubVtasQ4ufpQl8Uv6zcYl1PnV7C
-9Pj5MMtQVtRRV8hljImqpERunU6ZsXhyqI9O/cVw9+QkWf7Qh5E0vUKTT9FISyTV
-nmQ9v8JGV2zPDVMmwP1ewyA1W9YhGiFd7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/devstar b/krebs/Zhosts/devstar
deleted file mode 100644
index 875f62e2a..000000000
--- a/krebs/Zhosts/devstar
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.133
-Subnet = 42:2be0:92f5:3546:5f0f:8f22:6244:25f4/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwkkmkhGMnI0x5VIgdLwV2SvXO9Bw3Sy1U5AToZiG2dSB+OiwwLir
-JIrTHv4r73lMLROJjQhznq06VMmNviC82178H7/DZqgSqlGU7d9p1Okd5XCs6LI3
-eaL5mYTXFuA+PMHVvYqQ5fDQRQ4KoWmlSV65XUPejPlxtl3FXqOSHVuuBSbka+St
-qLyWLAh9d8AfWjxbAIv41fl6WOyw2IuDc05K36aT/TwzA3ykl+ekNObAjvpI0cxI
-+d3j8H8JY5jDcg1hvWT06JqpUcTJRkWLL7BBdQvWySaBcET1Flfo8eYVqVQDK4kU
-XV/tA1ax7YPFBQ7Lh3Ru9nEC45Gv6R4HbwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon
deleted file mode 100644
index de4366875..000000000
--- a/krebs/Zhosts/echelon
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 104.233.84.57
-Subnet = 10.243.206.103
-Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
-oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
-MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
-4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
-n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
-do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/eigenserv b/krebs/Zhosts/eigenserv
deleted file mode 100644
index f59667940..000000000
--- a/krebs/Zhosts/eigenserv
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:c9d8:ab9e:c7fe:43ff:0268:f862:42f7/128
-Subnet = 10.243.0.32/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyy060LWeo6Z+Kp2h5LtyMx+KGdxL9/WjWfc1yf/YZ8lhZutNb+Kd
-u9AHbnrqTRWRslP+toNiC55aJ/KlTBFQA5nBu2DC1KdG71AX5th7bRvUMfEAEG1+
-7MpcyuC8Owvleg/b4Ihr+/kQNbIPPhAraPJU780Oy173jnt+PCIYY+aTnEuO3UBh
-yt3oPhfwMa2ssPL8GfF3YL9Pvh4UEbUu1E7zSOqzCOzH3od5I/G/TjvfHl3u4tEr
-6kWHVqOYaKMJlqYvb7tnw7QjJNFhVneBJN6eMaWfcmTp2G9S+SwOppW3P4yRxrar
-GLWPgEU6to1wduAktecWU/oWambgXb/hUQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/elvis b/krebs/Zhosts/elvis
deleted file mode 100644
index c98ce7865..000000000
--- a/krebs/Zhosts/elvis
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 94.79.154.86
-Subnet = 10.243.228.181
-Subnet = 42:42a3:7ad4:f156:906f:f6f3:943b:7b1d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAv7wpfzpazvXzKJsDkJ8J9zsTZRoI6LnpSIcO8hLQcHNk6LTWjBy1
-xdnsSe3eQYxNmZPKi28PdbMo4YQlFdewLSB69PP6ZX5ISNXVlCZ5Cend/kfU1fXV
-tcZ4JQCl/adHqg8niLAODfnXhwVjMpllgq6gCg5mVPILy+CZ08OM6Ij7Q5d+3Jr4
-1zMvAXyeuNQcL+MkBveblKC6j/e9fqaK86sUh/4unfgmkB7GWjqFwmoHZepR83o9
-HTBmKxEIDKYjLWVXV1Wph3/JN/65igTtju26cVarUmTtGIhU44NzCi+94+wKuJMU
-Bbjk/CnuWQoU2ABPsxtW3r6m4pSDhypNZQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/eulerwalk b/krebs/Zhosts/eulerwalk
deleted file mode 100644
index b6dbf43e0..000000000
--- a/krebs/Zhosts/eulerwalk
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.176.249
-Subnet = 42:7429:4e08:14cf:fb5d:9c17:76e5:ddcb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAv0GyX62KaykRkN9f6ZgtAOPk1rr+ZFG6Il24crrkIJgx0He+VVjr
-XgXE7EaVwNjNm/7nIhGGWbCzravDIrRzQXzY+IQIzXwSPKv0WZkqFHZj122SIt9L
-QKtkGnECA136uH3AqbXoxhsz2FnuDunZ6gKAi6XIlq5Qr2Nyv0qKKaM0zTZZ4pI5
-PqsNfV6r2gc3jo/tOuxVgG86dMAEHLMdwjdBE6/49daGXyhsGG7Gh93c8UlyFKyt
-r6LC+4Oc1MCMtCbxsmE/iZWJtpUHAcQDzTcAynP916xg1PBLhczfWFCPR0LXOQGe
-MYSv34G0gZqPmkNJryi1MEFZ61zo/SiO9wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/exile b/krebs/Zhosts/exile
deleted file mode 100644
index 25d68ca4c..000000000
--- a/krebs/Zhosts/exile
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42.116.243.248/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0H+DslKV6EDCZWBCJs+MFyvTR9Ej0yWthIHKzFrA4qI8rxskrGGP
-xhb16keQLPCAgBVVVmikh3pQVMq1K6ry5Of0uM7rU7crBzRfJ8zpGZXfYlBDFDAd
-Vg8wwDvEYsYCAKrZbYIKb88WR0mT7K47ipTbXd9utzmoWGa/SuGtPkYOigcWYMRN
-4QClPDLdICQvdohVvfd7/LXRNuwrWOJcmtLitTEZY9lo2hhv+ZKs7PBrmpTBhTMY
-N2Et69tVPQh1t7cljf3Esij5AUczv979C9Lvukj8Kb51Et0T9qcGAs/M3b64X7FO
-KjWVVQttj3AkjgLZ5OdYlm7uRRmYmKQ95wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/exitium_mobilis b/krebs/Zhosts/exitium_mobilis
deleted file mode 100644
index 3b112a0f7..000000000
--- a/krebs/Zhosts/exitium_mobilis
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:AFFF/128
-Subnet = 42.127.75.187/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1zv7tkHIUxJX2FIFcfakvZZYuI3VH56nkQYlpTUzO9WscMF1BgoH
-WKOvHy9QzxAJgqmceroZKbV2PIws/PZgwk7vNGPmmZtzkTuNS+RXd2y1WwKTHpxT
-IZ5TKo9AGuU4dcMLAR2xheCJzTRNoxj4UrUgN1WkAqdKhN0Dysglfb+FuUiMdbop
-rbzsKhJZKnJOnS00Z9K7ZrTWkYQR6nhMuZ0EMggc+pa5NesHfIoeitXQxB7tz9M4
-6O7xE8ZkECdKXmRBGhSU2ghnCqiomDj9l6L6S6Ms8Q0ElPM78RTh1a32Euj9Ffob
-v4gQuzI0fUKe+pbm3VC6B+9awkdd8n1AzwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/falk b/krebs/Zhosts/falk
deleted file mode 100644
index a8c9e2f21..000000000
--- a/krebs/Zhosts/falk
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.120.19
-Subnet = 42:845f:0432:a816:c623:fa89:8485:8700
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
-4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
-9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
-2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
-0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
-FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/fastpoke b/krebs/Zhosts/fastpoke
deleted file mode 100644
index c897a97bc..000000000
--- a/krebs/Zhosts/fastpoke
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 193.22.164.36
-Subnet = 10.243.253.152
-Subnet = 42:422a:194f:ff3b:e196:2f82:5cf5:bc00
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
-DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
-FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
-ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
-EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
-rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/filebitch b/krebs/Zhosts/filebitch
deleted file mode 100644
index 64c88cb0d..000000000
--- a/krebs/Zhosts/filebitch
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.189.130
-Subnet = 42:c64e:011f:9755:31e1:c3e6:73c0:af2d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
-fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
-e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
-KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
-oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
-wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/filepimp b/krebs/Zhosts/filepimp
deleted file mode 100644
index c689c8852..000000000
--- a/krebs/Zhosts/filepimp
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.153.102
-Subnet = 42:4b0b:d990:55ba:8da8:630f:dc0e:aae0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
-3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
-wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
-oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
-UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
-8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/flap b/krebs/Zhosts/flap
deleted file mode 100644
index 94e6bdc75..000000000
--- a/krebs/Zhosts/flap
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.211.172
-Subnet = 10.243.211.172 53
-Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
-2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
-8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
-3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
-hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
-Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/foobar b/krebs/Zhosts/foobar
deleted file mode 100644
index 2c77b79c4..000000000
--- a/krebs/Zhosts/foobar
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.135.219
-Subnet = 42:edd1:d518:f7d8:ada3:1ce3:f4f5:a986
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsCu6xC0OctUKu0UsscOWfyQlMtMrD0Pt/wB+IDOnkEgDKqcTYGXW
-h6VqMqE2cQhV3ThoxqeIPnQzwiMuVd0n2q3ZDexfYvHmqTZoaMrQZJlgY4rDx8jC
-USFqnvtkJbOxFBiS3c5yjOIybGSGDXrAaxmn80xewNIsdSqaY1/2FxKwx1Fn+Kf2
-hIQOEYkdLhwPso+HyNGUwVKjsRVCSWdJSzBHB38cPZRoPpcmRHOTs/Jtx0b4RXQr
-tVYW8i+Jq6hCt9sDLJexP9unPGl30Gn052noj1t4DRCPFpOYSLJFcGU4n/OzYbzY
-O8VB5DjgGK0eyEXvtByxvWYPnuRwSLaH3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/fuerkrebs b/krebs/Zhosts/fuerkrebs
deleted file mode 100644
index 35bbcf181..000000000
--- a/krebs/Zhosts/fuerkrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0f19:8a1e:7865:721b:2378:bef7:1159/128
-Subnet = 10.243.0.144/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1HoKqh7HvXCKybe2FNBI/wuOvkZuftL0/DDZfZtPlCRtdcOA4XFj
-hQng5+VE3NG0yKcRs59U8iHSeN9b7Is1YF4q0RtM9YQTDhvS/vfpHDq42ftjMs/e
-MIFvYBGr2WIOzOYPiACURRcaMmoAViqK2Bwda45jORPUGo1afibH9UcDs76lFuaI
-f3mUZvLlqdJEtG040WoT1douGWtUWkCB6/pVUgLAurncOz/XiSI3GFzkMUY+0pT6
-0G34AcYqvdQyxH3x0ebclFlfY2aPStf6bGMejcpRJm4M02xF809DVYlUL3mG6krF
-MdWP85dCQ4V/RL0HdZ9PEjlVhgNOF1aQowIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
deleted file mode 100644
index 7a1a305d6..000000000
--- a/krebs/Zhosts/gum
+++ /dev/null
@@ -1,15 +0,0 @@
-Address= 195.154.108.70
-Address= 195.154.108.70 53
-Address= 195.154.108.70 21031
-
-Subnet = 10.243.0.211
-Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
-BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
-i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
-09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
-u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
-OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/heidi b/krebs/Zhosts/heidi
deleted file mode 100644
index c8af51b04..000000000
--- a/krebs/Zhosts/heidi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.21
-Subnet = 42:9898:a8be:ce56:0ee3:b99c:42c5:109e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
-1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
-jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
-ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
-q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
-w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/horisa b/krebs/Zhosts/horisa
deleted file mode 100644
index ac4ed6dab..000000000
--- a/krebs/Zhosts/horisa
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.226.213
-Subnet = 42:432e:2379:0cd2:8486:f3b5:335a:5d83
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
-Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
-XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
-+EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
-sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
-M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/horreum_magnus b/krebs/Zhosts/horreum_magnus
deleted file mode 100644
index 3019e9cf5..000000000
--- a/krebs/Zhosts/horreum_magnus
+++ /dev/null
@@ -1,15 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:affe/128
-Subnet = 42.35.89.21/32
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA4PcEqnw1ZrBgPl0yNO7eQ9aJpV4HKlENVhc/cobLh3dQgbmpw2Qr
-MQODR5qPxY+WmyZiQeU5sh8WutfpVn6xBCmR7QDqA+xpPhe/Y6uqWGDjxNftnetz
-gphYv/nPGj0Dv5mo2HGPFK1VG+kp9k+vlZb3r+03OVFrIVHsUg6qE4e8o7pN4OmF
-O10i85csMyKvSfA/rNHC7RdYP0tVLZTw4ZMTQh5t6zr/foHMr5KPXGVM/hjUWXW+
-ujSxUam6JxS1wk1zFp72Vd3X+JQH1eaDHidm3BBVAvCynyhUyaQh7nSjIDWZdGqQ
-GmBcj0M05o1tVGV/7sgQUTNHiLaX6vE35hQoq0Jr2bhfIzjhESLl7HuBMpvDntLE
-Tv+c/R3qryTNBBHFZOvYU0qx7I0cq5NLx4BqUXd6EykQvLZ53TyjFlINGQuEZXsj
-LOtyAj4n2EEg6WmSUhrB+tyowqumdT8ltemuhZ2zDmimep9EvMiZOVns8VkTqmBw
-lRzatTHS5tv6NieDzWTBuMqZiWjgpK8GILUn5e/ecIT2xTSVvo0jzIBwKtFpwf+X
-CkBB0tNlYYmDmHJxiKWBsgw27BFmQI59h3wGHXHSDRgShLBjNH62Lm6omDwivDJQ
-CJaTYPIsL8sdoCglCIV9NwUkj8tM+cvxZiZjvB3zizNxL57ZqpAcNGsCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/incept b/krebs/Zhosts/incept
deleted file mode 100644
index 348e44b1b..000000000
--- a/krebs/Zhosts/incept
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 77.95.224.63
-#Address = incept.krebsco.de
-Address = 2a00:7b80:3008:3::fafc:241
-Subnet = 10.243.0.174
-Subnet = 42:a2fc:1c89:65c7:6e60:1f62:eaf9:e9b6/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvy4J8CewsXeFkFOLqDwiTN+3fF0yjmP5ZVtrLrPJn7Ux75elTdn3
-iLcJYTgaO1/dmw8fPD5DkNnb3wiadZiFGXpsTd1jD69mHcn/6RY/0Fcne9qDiqgp
-vafpUD5UP7/7S+l5kkD6n7HVRblLXJIJk6Z8RCRN8OGyfjMM1IKeoR8kR1+85fpf
-C28fnU3Nz3YJDazOaMD7aGiyGZDRyY+wRjbWtMXE/NH8ydN148ZpFaMvBjM7fl/B
-q8XS5Rs9lFlW2jpex+W2DNq5t4QRMUDrLgD0gug0UiYCYw4IJg7OiI3g6vwjSDtq
-hRxpQ4nq3avmTR/NWzZ97PP4eXTCIQhiQQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ire b/krebs/Zhosts/ire
deleted file mode 100644
index db4f9808c..000000000
--- a/krebs/Zhosts/ire
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 198.147.22.115
-Subnet = 10.243.231.66
-Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7
-rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt
-6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU
-1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K
-LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu
-nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ire2 b/krebs/Zhosts/ire2
deleted file mode 100644
index 6b9d0a79c..000000000
--- a/krebs/Zhosts/ire2
+++ /dev/null
@@ -1,9 +0,0 @@
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwXkn0H/+BUiARYSzZCpjqEwGeDZsbRHoWcRNlmlP6XjPMbKKQBHf
-gdERPevhoGaNtQdW6SEA5xb1cJDHZILHZtpJ63hs6999gB9x/n4x7eR6C9d7HPDD
-rGv+tBdwo8QWOIQIVnSAr6WdduSg2CyZbHd6d2Xd12vrfqJxnODSUHibrUusEc/D
-XBK2n1un3znzk7P+KT0xXMtNPU2678tGuwsvSIOoDfDx9+2xuxGANeqvEOeSAgg/
-SUH5CbcAFI2/4AKWP4e/yxM26YoKdz1Fu/hx7WqKwYmPERrgcr8ienx4WFGG83AJ
-CmiYwO23L4qSp1KZT8SbGDh2YpamZg2BZwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/irkel b/krebs/Zhosts/irkel
deleted file mode 100644
index b197e5d29..000000000
--- a/krebs/Zhosts/irkel
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.253.117
-Subnet = 42:1970:cb1b:d9e2:4603:c1fe:ee00:8145
-Address = 2a01:4f8:140:21cb::5
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1i2XcUold9p5aa4qGv2o3hMwlIt4+CBxuOwnzMOp4WjJyGWBrQiM
-Lw9qpwvc0W6c/MYTAUzkq42766jlYRzA/yse0/DeKJvF5BrCk36eH9R2okK1A7K5
-tk725pTf6D37mkjbiupo7FFfHNGjFdSH7174ZpK/N81YWgrGo1cQUU8JJKGgFv6S
-XZWiWbJWKnLW/a4zyg7wnkH3KlvOAthSNgyrVqZazi6gTJ12kZTg9DGg+Q7iTdi5
-oXc4hilymCdF2fDfmG7M3naaRQKntjlpJmc2Au7wTVXj3525c3Ms+1k//HlX8DQK
-a93ZJA25nfpoYznx73lz/IASO2n/jn/3mwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/juhulian b/krebs/Zhosts/juhulian
deleted file mode 100644
index d9da75aa0..000000000
--- a/krebs/Zhosts/juhulian
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.38
-Subnet = 42:449f:b00a:e973:514c:3e9f:97ed:aac2/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnNyOsNItOzNQndheZ3ppOMWvIOuO1wgLXArINS1ORcgIAJmLpqDI
-whsZFCVifwAXsdeBJyyZOPZrc2PQ4F3KB9ByX6PQ9jqAhun1aE9SDDqp+woOrTlP
-BtJ/8zAmRhrfak61TxpeTndLk95xOLaCwvS2P4SJLIcyutTbbFdBCqpu7cFUGOOP
-qCKLX7/mv2L+GNmQAnWZ5HwXQzBS6gNaNIcQ8mPCUAIZgRU2T83x/tnyH1RlATK2
-lYUWRM0ie+dRMhiDcwmmZrwYl8wzyvuBPEr/p8ZBM2tua8GlQzJUJl44AiAcx3w9
-0EB5MIRL5Qb0yBvXD0yR+bDizqvhd40LvQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/k2 b/krebs/Zhosts/k2
deleted file mode 100644
index 588f96cc3..000000000
--- a/krebs/Zhosts/k2
+++ /dev/null
@@ -1,28 +0,0 @@
-Subnet = 10.243.97.72
-Subnet = 42:717e:2a17:e7ff:eb6f:b760:5af4:7da9
-
-
------BEGIN RSA PUBLIC KEY-----
-MIIECgKCBAEA53djolgdUlLom7SDi+x1jscvLduf+fzPNlVRk0c6UtR54iHpzVrg
-7OT+PZEAirhWrHyhQQIRoKRK6vRKMwm0PfrMjQXo+1zhBVD/JiPzVGSBfETqVI8E
-jeCS7EaKsZ8gRdWZ4QkDfaQhdWA2RrvVcwpVVxMkjYsHj3EtaHkWGcJs1JAuOsK5
-Zo8ZbxpzgcNz3tiFR4PSp+N3ARE7t2sj8U6z2lk/0TIff3To56u8rDasUGAKf3Rp
-okQmG0EGgTN+qJs/dwIdeKtxcZrRCVd68shphiYE9wC4WXELgJJ8jo4tIiZRu7n4
-lXRn9zQYY2lax4OlBZSkRiaPEISwv5Vv48/H+I1vRaEhx02QL/PnODWSlqMNGiic
-wMBh+DdvQIXRm1W0xxlsY2YOo7GdCywJyLDue6v7ykmQBFgYqP/gVrsoR1y68IdS
-3/dT0lYhrNL+PwKjI0iXPBvA018yw0Dvdgup681C9nzdyvd7y9NorxjeE9Gl9/yd
-X6W8ZE2WIAsli2wGsZLuedcn0mZ25flXbFn6OhrPhP++Kub5IBid/iT60KvxY6H1
-l/DEBJJmFJBsBvFPyFXoEkPJSD/Uc/2veMlb/ues4ur0eBMVML1ZaiK0EzdBYfCv
-kgnVwQG6c5+0XkMk3x5kQ93E0Mr5whILK2upI2tBygAN/SpTsoNXvOFIHw/Ksmcl
-Eqly4P7DtQ9Lu+1DkoLa4ltcejZj0Jjy1j3AI59v0p3Ygx2OWHFv4H5GVjq1T2Pk
-1IAU8X2UTNmcQw5UReJxkNdREOw/XI2pNSBKBDOCMKXH4+a7P3GwheadQiVU5z/Z
-ie/wbsAtp8MGd67aN/i2nrTQfk7RZzIec/UG1XhlQPmJAVIfS5QnFnw+cTAMtYeU
-wHHe4Q3m2+bikBFoqdhJo93Ut5ywGeueKXSyJX6I5AXiiiWnme+IHuNH0G5568yO
-bA9OwDLt4C2U6BFEQtHBA0I8Hh2RT9ObrLUVBUK1aAujLvGvfPhq8QYCcWDJsvxm
-/uAJGb8UdPScTEjftYTWIc1/jikIpK70qOeKiQfxT91hQEBw5mgMCRnAy4m9OjCI
-ntVpHGpylesZWM/na8gZe4lo2dXI7tc2urpqyOThkbpYXNdlNG4F/QcuP90QmiV1
-hyriyHPjbSwIRM3aX7Y/WKwzky0swW+J6mW78yqa5Gt4SzDQxd3KHDAP5lZuFgEM
-aHLOkmOoYlOxWi8eOIWByoH77GFyudeH0EMZV8pwCOTw3GUa1ehhOUlDD6i3CH1/
-gJOQjoKC/ndny8Qz/S+tCLjRHIpQAx36yLME3AvXoKXctuZsZy/9CAsLt9tLZJI5
-AqC/vsOcurKsk1i4GtwuCFnu3qr4OvhwywIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kabinett b/krebs/Zhosts/kabinett
deleted file mode 100644
index e434d4190..000000000
--- a/krebs/Zhosts/kabinett
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.213.120
-Subnet = 42:e792:1d5c:c89f:f932:e954:6ada:1dbf
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1sVtqyeCdKB1nabs0FOC62J+J+grP5B/3/s1cuAxcJmER+NaT/Kv
-rvQeB13BmrIjfJTBaezdR+wp0RiPB7s/aMPjWwS5rzh3KhSFk2SFpnLjB2WIpKqs
-N9TQEf2xB0TBWHqcpSqSthjP3SOGNP7gt5l0D13QIHkRQ2xX1PqYikkYi07cQLO4
-rwXrlEBOY8Dn0GR37NA0k+zt0AIdJ78zXHNjVn5hRj8aLGKB0q/FOtdMNRYEGD40
-An82Y2sW+b7U6Tnrw43TOO+AP/OrclEjmNDTRqYLiVAeFHXKjwbCsSlof0qmoipZ
-H+nbsB3qkFpNEy1cA9c/pqHfSpqV3WihRQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kaepsele b/krebs/Zhosts/kaepsele
deleted file mode 100644
index fc8bf4587..000000000
--- a/krebs/Zhosts/kaepsele
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.166.2
-Subnet = 42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
-Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
-rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
-y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
-yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
-FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kalle b/krebs/Zhosts/kalle
deleted file mode 100644
index 8238887c8..000000000
--- a/krebs/Zhosts/kalle
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.154.218
-Subnet = 42:05bb:0d2f:4f25:2c6c:1217:6264:dee0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtILSBsb+ISWiyUjJHWN5JWNY7Z5hxxxFADQbK/1ZdlCdeIorQI2j
-gDHdWgck9NasXXa04I+5jw2eDLjU26+r+T1vP/fdOg5yLOgnknL4jkHFVCb/ScRM
-2JZAEXLSAz6g33ks2snQzuyAPTEvZhp49+PN9VmX0JBr/ErKGZzFKVVU+gREVRKa
-fOC4+daKrmRzZWg9DFaH5DIrIEiXidixuX/boHprJeULdp81NbnymXxhc929UWbV
-5g8BnuTlKqDDM7stJC4dwKizrv6wXuH6GD0OsDiU8JcoxV3jvM16NmgtAe9BKH1q
-tg1fIY6f67eIihr3Lnjb3UPw3UqwFXosGQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/karthus b/krebs/Zhosts/karthus
deleted file mode 100644
index 75a8d15d6..000000000
--- a/krebs/Zhosts/karthus
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.42.13
-Subnet = 42:42:42:42:23:23:23:23
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtGL2Gu8Dw/NsgJNcu4XY9eWUM8prL0JC1UfnACXuOCPns+Bdm/dG
-uVTHdejjxv6y4FjWNCoD+45lP31QfBIqIOtUsfz/4ox9bvyTOUWQCe0NtBs2SMyO
-O1eWSD4cnNfskYdyOHQbD+KSSiksyzaZdcqqx9FgWo1VT0f+oElnZ4nLBKRNBguN
-GwVLjreE0GSxhcV2r6oHsaT+udvQ/PlQgn/zia2tKT+OI54WDJGXsKEvwRRnaRz5
-33Di58g3dffo0i7B3S889sa5B7l1kh229cw24Gc0AOtmm8Vacle6iTw3Eg0uLzxM
-nKpOma0+K7CoE4IqSZy350iTgheHwq+y0QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kebsco b/krebs/Zhosts/kebsco
deleted file mode 100644
index 2fd1c5f42..000000000
--- a/krebs/Zhosts/kebsco
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.212.68
-Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0dEwTZh2uzJpP9GL7YRyiLuezJqYiJ8/4Bl4IPshJnuO9IGbEcto
-0cFm9uM9gxxqggfaCi96DsIQNlyqff2vDfEj3mdIu9T3tkRROByQF8y1NWX29NyH
-zZEX8Ri8u4U2KdYTEzPXEFxBEl0GQX9mMtlvwzCq7V4ueCcWB1xDA+DtJjpd894z
-3FOw0rIxYmfYhLAL5B3rzF74bcHFGV30f4JWq11wLBkyR6/Q5gxgZzkKYGwdZ/SN
-C6gg86abKdp65/Wq5P331IbwPBal1ZhGbaAo1y7JpjpLvZytI2jboXeQuPZ8P5hU
-L3zKKceAibPKrw9+y8lb+IKoYLF7I1KYIwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/khackplug b/krebs/Zhosts/khackplug
deleted file mode 100644
index c149d93b1..000000000
--- a/krebs/Zhosts/khackplug
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.217.107
-Subnet = 42:ebe3:90b0:539a:6ef0:0910:b724:00b1
- │
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvytShP1vgYLDYJhiC26Vc1/cVJOptUnuyTc8Id9vkCkgHZRpKs3T
-jO2KRaQMDWMXfXkMfVp84/2Q85hpUzYqXQHaNzitg9nHGR2n+a6zfwNKWAm6n2WK
-AMsPf1weamzs6EfCm5WztqenoHKNUxpzXVyLJES/WK6e5ba7FEpszZx+ydoc5GjL
-kezqch5p+U/J2JoUx3aIpQuWvc0i/4KYOuGzlWgUYLNyqL1m3gBkahiPuOtzf9Ul
-EP8QY/GQa1HTFuhLS0Y5nVjZvWnjVVEloXbq9SD2I2fc4GD4+F8wtFMsJyEF2qxY
-XfSLTlpHaJbSBNiopQyWG62RZda/p0yq3QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kheurop b/krebs/Zhosts/kheurop
deleted file mode 100644
index bbe93fe0f..000000000
--- a/krebs/Zhosts/kheurop
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 91.250.101.180
-Subnet = 10.243.78.78
-Subnet = 42:bcd9:7340:9628:9604:7068:5061:4976
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqIFB0Nk2eSg/K/dJGOEegtezhn5P1RUi1ZgxoZoTR6K4T/tSbD2u
-gjPU53mhRN622lLayMMXtWVKdhO4IUu3mKfemA/8/fy7Qu9T51UUS+NXu/4g5X3W
-Jg2a37TrnQUrsqNud7QQhPTGF8L0+UT2mHlfRYggtAO1J2pSWtsqDiMAOD+89zvg
-Gta8aMdaFPhdkfboaHH6mVJBFOkrjQJE4RiUzwZS24PKh6gRJV4cENdcNRYdVwhv
-dOM+SWzPZXDTAVyG6HptvSdfDUKi4hJY4yS+TIf9j7yR0YpUie3CsbN4a9jP2KVt
-/NhzZ9nNaEv6O8Nk+7Zu8OaxUPgctEFYfQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kiosk b/krebs/Zhosts/kiosk
deleted file mode 100644
index 8f53a08fe..000000000
--- a/krebs/Zhosts/kiosk
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 2003:6a:674e:1001:211:25ff:fe05:a54d/64
-Subnet = 10.243.232.122
-Subnet = 42:1ad1:b481:00f5:aab8:f8cc:51fe:4b87
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwohazY/T/cp5Na3zLEWhz9Lnz78PladH7CMN+1TLzNXgK96bPvrN
-6ktxIFc0s4m/jWW1AZOjxxGZGmwvaGag9XH8NLMmaqtd2NpASI4c801wEVLuNpss
-gqPAIhDdDWV0WmiDiHe96qQuBVNGv7jlHTuNghwlmgLF0csRDiZZDHn5Bq7plAJB
-0kQSspvq7UpBzVHVlDefIIe15/Yyt9IC21S1o746ZIZ8RYCG63Mnbcs4vfShVxJX
-NnD9++HJV39NA9ozR0bDQUw6s0rVHH/n5iWaktJZ23r2TG3O+7ZZj4QHmkng/Xow
-pgIjcpIWlaqfG29Gl43SWgsVnphemvyP3QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/krebsplug b/krebs/Zhosts/krebsplug
deleted file mode 100644
index ab9c966c1..000000000
--- a/krebs/Zhosts/krebsplug
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.182
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyd4FnOIEcUDQDudDOhU4wwKT+lqV4RJMfg9QgZC2O3xTGvzsFeRG
-aSMIDMkPzhJ/ggIWAzC+IM2kBv+YCRhu4zOnzWIo5IaC8Me2TZ1JhZ0nZN1YzEGD
-LmBsnngO5L1VnWLYSKRALa5Kv6wQHHz0T6PlsvBQ8SWDG3IKIe/gOFz7eh1Z+ss/
-5XaiYeLMmukEuuilOJZhfDiZPmYOeFI5w7YTM+8Iz/oZRyf8P57pjN21R3feoyTm
-WusgHUuRLRqSUHdYu/E36EyZ9Oc0WPk5yLUhstkPaS1Y35xMEhZfQQpIruQxOst1
-fgiOQg/gKmizzgzdCbfAf13dknkWsqoc0wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kvasir b/krebs/Zhosts/kvasir
deleted file mode 100644
index 470172528..000000000
--- a/krebs/Zhosts/kvasir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.103.166
-Subnet = 42:c039:e082:3c01:2577:a367:7097:6824
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4Jp39vupT7tRf+o6H/ucM01lUwgd0UBCqnapUHZhWKVSAde91lxU
-Z49unHxUrfQMzuJkY3MgsS/fyIC9eBHexwRpLnhc56p7d+tmLk1WZ2ysLifNi/k+
-AOvyBcwT3u/59VJGDcAyJwXeoX6CvX9nxUshGqQ2mkVUwbZEt5lLwtiDMnp2K5rg
-dqQK6tBrmzup/yzppPPRSPwMfGi9Gv8T5OrWqwr78I7WiVkH9LBpudJqJHPFVreF
-TTsN9a/4OWJGZ01M23IGcO6eCnynOIP7gxsmUEwSSxK7MEy2kxBKi/2+OtsCUOpT
-QQRFu/MTVEFXl/cl5XyXOMQadMZEB6MjwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/laqueus b/krebs/Zhosts/laqueus
deleted file mode 100644
index 0bdef307e..000000000
--- a/krebs/Zhosts/laqueus
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:1a1a/128
-Subnet = 10.243.0.12/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAy9lnH4qDSYeNbpzpcQyq2LzzxkVy2N1vGgKkVttzx0cgMvyRm3aX
-wlacS+3ILBZ3tw+JuCKR9gjRluwKkqoReEINcAam/GbubJ6QBpV54goYm7YGOIuf
-GkbWVk7Kts67KWWhZDzEL30GRv94K6e+m8e7rhnqrTgPyPk3oSwHzvPy1oaf6bTI
-Y/aDQjohFVvQZxF8joKhAE8JrzjKAn8yXmX8VlGW53XBXAb88Ggkr5raMZ24Rcc4
-pdkOc7sFfVImH/ASwkcPi2xX0adlz937lD7rkn5/Q9B9AwsHb1yQKJgWEeYWOQ8C
-F0SzpZiwHz5qB+eg3wMT0ZnvPJKitshyjQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/linuxatom b/krebs/Zhosts/linuxatom
deleted file mode 100644
index dfd09b514..000000000
--- a/krebs/Zhosts/linuxatom
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.173.58
-Subnet = 42:1c07:1a24:1a26:c799:3b44:a8f5:59ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvGy172meTuwHfGZLVHi04+7jb+GRumqNRowffrmMOxFAq6wiL1E6
-7NfJFSc2/wmLZdTCnAtScVicVFZ8UEK2Uv/WMdevJWP63LxUOXpSFtoxNAlpSk9e
-rzwxWj3VxHru7EZA6gu45ff4/seApy/jDy+hceOmOiG5z8VudoRYWe98IoO1ua0E
-rtz415WP0xN+Mb4mGU48JSLYZkOHVIvkf+VVF5jXFbbnH+w0kkTuRMMp6Z7ETvdZ
-RU9nKJ55sflkPhs1/ttU4cYkci55YPVGl7GCCr6Xw4oerIz/jHnzBGroh/wDpEXm
-6RxpsC6DnVQUW3zw0DXuSKoAy0UoQPYqQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/luminos b/krebs/Zhosts/luminos
deleted file mode 100644
index fe04b33da..000000000
--- a/krebs/Zhosts/luminos
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:23:42:23:42:23:42:23
-Subnet = 10.243.42.129
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuxgY9SfSCyCuTw2bPtC/He2/NZDYQOcGd8+5Bo6h1/h2pU+qKPQB
-0digU617dG2NVMaT0qmzEz86e2avr0PQsyfhmHO8JNOTqwjyQzKcv3iA+B0jU7Gh
-F/PaW+e+0O+a3LO27FCA0uuxEHyWaXqk53a3wKmjo4fuVy1QKOOoiaFaYLaaTgmm
-8OJG+AKWR/ArihpopgAHFjiqB89xWVw5CgxHDwfzVcmI9SOAaEuTfL065XM4uoH/
-LnbtoyT8zN+He1AlaEJMUaWdo8SWfjBFyVrT1zRQ+0S47tlTCW8Neb0KKs+m9d0G
-rAdv6+iFmQzpv76cgYQw2+AkqkUF8Y8xSwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/machine b/krebs/Zhosts/machine
deleted file mode 100644
index 4927fc847..000000000
--- a/krebs/Zhosts/machine
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.60.31
-Subnet = 42:698d:4e02:4d70:b080:acdd:513d:70aa
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvkLboZ6wRALd++ntUXfyzCT9G1pWSJNJhrdut8dPfz/+IIbx4thz
-tbq5apWQRaHj6IILMiQqpfUkhbfz3WS2YP62f8nAzKLKB0zzRAJ1lQjoZOXQseQJ
-Ydyf9dEDhRtnSnOwsmSDEch/2KhgCj+fdMcnbcoAg3PYJGzsz2ykEtoh80Rv1IQa
-tW285CP2GooRp1gwy3WKL6at/uW6D4/tTIimHML5JbLKj7mH+3nOyrhRGyZP1b9s
-XtdkePuaQKrIjmv4rEIYx2taFmmQp7XpC2m4Vdoy7WdIzR3WTgWo546IOygY1KIW
-fDOH+3UoG5oI6y4hNNa7+NH8DpmdtzXYnQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/makalu b/krebs/Zhosts/makalu
deleted file mode 100644
index 3d080ca52..000000000
--- a/krebs/Zhosts/makalu
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.90.132
-Subnet = 42:5ee8:8626:f03e:bdf1:562d:94d1:f395
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArFuedyPX7kDeH2GwYD3UcRoFjGpTBJXjJzm3LoleyXOeYSdkZZ3d
-ljIeEq9alf6UtqEvYH2HfX8m9fEcHxwFMmJ1CPEwkDZI2IgbLOYV0x2MWLShEvtC
-vGeNyPt+TdiDqDhN8EyRvhB/KzEXdbCUZ79htf8lRonNLYPSRNh58CTZ18T/+3iF
-vy6igdpj4JiLGzdXEggO0KToW5ZVCRjuEaH65BlXdjkCM0dk28FJGh/oakv7hjlZ
-M6c3HJY5RAygO4uLWOyB37j38GDAseDYnNwnLt4jCk7gO48SnsS77efEghEMVVXK
-qnSKbX0KCSvVOJbrvVyP/16o2521eGl3MQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mako b/krebs/Zhosts/mako
deleted file mode 100644
index 0488bcaae..000000000
--- a/krebs/Zhosts/mako
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.7.19
-Subnet = 42:4522:2222:2222:2222:2222:fefe:fefe
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0FQq5EDxcRUfquoDottz1urpT72PB7pReCSZ1fLGqK5z8+DLW4m9
-YB36xW4jJ8pct9iD6kKnX1JCNt11h19QZvc8GI/9pELV3nNaliz+PI1SQNhOrwM+
-Lza/lnddpmvQmJvF6TTLtuGqTANEZcJ7MUpLJ5x/XEFwIcZb9L30EDIaQQNeRyIs
-xJbuAxHquKrb2Wpanm4hWNYqknV1W7lNbcvmONZ/GupQ411XBhXs4EIAA7fqBEcp
-7FAgjgHIxiAT07Z1hBclv6CPDjFT4ieJAq6giCR/gc484x0UNwSpHBkalK558m4e
-icDuVgajrCZ0ShIAQXgtrSpSM3Y53GUhnwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/miefda0 b/krebs/Zhosts/miefda0
deleted file mode 100644
index acf001249..000000000
--- a/krebs/Zhosts/miefda0
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.8.1
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqrYc7LfSPjKpgnbfENU3oeAoFIRnG1CKHi0r4Tvy34anMBRHA4yY
-olPC/IWiNoEadnCvlAEGtcFFh/xncNm+rW+BhO1WPLuo0wDe5fxJrkApuuhwP/lk
-DMNrKtPOH6PV18yuQTtWgmiLo9gT15rRTDs8SaEf9eyTEV6zWVRDFDiFqwuY77iJ
-GihKSlKGDYCUdT8TdaguUQ8akdAUhfXk0F33fAqTYwT25BDAXJdeldTLTb/5EADx
-UMhnY0CsWgDYz9fpL5UNUDe3Gu53GghFS5RWvApasbzmlbrCwCF7MFDfc/yJFCrE
-lF3Nm+GVqU6Uu6cNJ9VYHCu+uxk4PIU5GQIDAQAB
------END RSA PUBLIC KEY-----
-ECDSAPublicKey = DEwsTd8tdaQLx/o0EgIOl9l+d0MqDRLEVWnBT9imfRyuzXWatwgXotADc723HxhZ4NXlvuOu+er7PdWstif3nS9/qC
diff --git a/krebs/Zhosts/minikrebs b/krebs/Zhosts/minikrebs
deleted file mode 100644
index b0d605583..000000000
--- a/krebs/Zhosts/minikrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.1.1/32
-#Subnet = 42:0:0:0:0:0:1:1/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0fu8F+XJ6hHsIj8QtdSZIhE+Ae2sEIY4dHcnHbCOeHJlOQQDJrme
-frmG65BX4BMcClUyhvvMwlZIerFwsJoEwa39lB3/Y58OwSS9cNCZTShQPbyVy5wo
-oS97tVUyQENMELXgodg7CUNaloVXGOyXgCOkfYOb5CpWi8NXNsSE1CjZc1XZNI2Q
-2dFBzp6FtRcKc5x5xWuUMnw1Ll2upW2uHZWfgRtgv+pzxVTiNvDqACu8Klwj0bls
-B87DEYeUmiC+CioOtyhiQimUGE8lU1aMaqCyfSsqeBEclSvOCnpaEQu4j6aiY8SE
-5Gm+rteYWKfK2LYV2NOg7n9AUR6d0v8P2wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mkdir b/krebs/Zhosts/mkdir
deleted file mode 100644
index 2233fd5b5..000000000
--- a/krebs/Zhosts/mkdir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.113.223
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af4
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
-dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
-voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
-2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
-Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
-3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/monitor b/krebs/Zhosts/monitor
deleted file mode 100644
index 8584f70b1..000000000
--- a/krebs/Zhosts/monitor
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.227.145
-Subnet = 42:2ae3:6ed3:a317:d0be:022f:6343:1de8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAlNDrSskoSPInRiO8JW529o178D2kDdHbt3zZklM+jveFZuynDH2/
-WTfxr7wAIUd26jb12/6zLZ/gnEikLd3LpYiTA1J+ZL2c5SvXOoIqTU3Q3dwEecG2
-qwLcZ8UCjjOKiwWmjGHhNgEx/XUF7gpMwXb/m7fqzTGEiQozaCnQ3ZJA4t8GG00Z
-PZnDZHj8xYtXK3c3vOUa11xj9/dOwZb9e+VON0bXJxvxh+C7XkLO3NYTayyRX9qL
-+OOdRLSkzINzoj94+juPepCEQtRusrIbOkSPwCl2u29rKRNfPBkqbAcN3zP1mfDC
-IXNqUobWP8xvSLyBZh5zglcbQbczxMkKiwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mors b/krebs/Zhosts/mors
deleted file mode 100644
index be9782b10..000000000
--- a/krebs/Zhosts/mors
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:dea7/128
-Subnet = 10.243.0.2/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
-H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
-+P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
-1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
-9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
-O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/motor b/krebs/Zhosts/motor
deleted file mode 100644
index 41ff57438..000000000
--- a/krebs/Zhosts/motor
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.167.69
-Subnet = 42:e31e:c798:6192:c408:8520:df6c:9d76
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4xYBdiGtzg77lLeIjbpdXDb6hEfAhcdZgEZeKYWqyeMeu0D5tHod
-3nSPTZu70XhLGgzM3vG1GSmcmg0BeJPQCZkEcyu10RtLN6gvMVqtU54IT57RpoXi
-3MKfMKuHkohzeir0ihlwaN1XF2CbuNiE5q1IaW15lz9IAPE0WuRKcaHs4fc9n6wh
-dk/4pQ74M+/gYHdCNWoxqklpY61tk/QBIS0bAs2wKCSER9rahtLAttAC0Dccgxkq
-vrs3IkJg5omjgJ9pgCo/VeX4JJuVFlrVa9o1D0OMUDssyymt/RjYyXejxvemyeV0
-jbavVMB9GEDIZxD7w2ef18FsvZZnILPQHwIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/mu b/krebs/Zhosts/mu
deleted file mode 100644
index 90bca775b..000000000
--- a/krebs/Zhosts/mu
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.20.01/32
-Subnet = 42:0:0:0:0:0:0:2001/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
-g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
-XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
-o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
-QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
-FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/muhbaasu b/krebs/Zhosts/muhbaasu
deleted file mode 100644
index 490fe3fae..000000000
--- a/krebs/Zhosts/muhbaasu
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 217.160.206.154
-#Address = muhbaasu.de
-Subnet = 10.243.139.184
-Subnet = 42:d568:6106:ba30:753b:0f2a:8225:b1fb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
-KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
-5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
-+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
-YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
-igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nomic b/krebs/Zhosts/nomic
deleted file mode 100644
index f418233c1..000000000
--- a/krebs/Zhosts/nomic
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.110/32
-Subnet = 42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
-qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
-Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
-5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
-OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
-Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nomic2 b/krebs/Zhosts/nomic2
deleted file mode 100644
index 63d83ff54..000000000
--- a/krebs/Zhosts/nomic2
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.111/32
-Subnet = 42:02d5:733f:d6da:c0f5:2bb7:2b18:09ed/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4RATrMG+MJyNq77+qUqoXkBIpUeytIvUNXT5OdvU5v91Xo2eGI23
-NXiFtILDb1nEPB+L4vVWkUKRuPAy+ThgqgTH1vyugT6jRoRhWWmGmSn2GjaF+UxK
-edTfGJqO0Iwn0kZsIFxXUibkmG5iRbJBoPXXz33VtNxOv2gZZ6klfv/pYWnrxmLm
-RZXkE1H3Y0U2ulQEXvpexzVscfYmlAw7h0Ew4aaY2LK4spLLPjx9RdDgfwZOZdS+
-gi5cmi/qM71/o67/4XippR9+7GQ8YecbeoR4bcZpDNoDy1ri7HPPu/t6CiqsYVyg
-jYGBm+IGbwI9hxGel2bXCVBGLE7gpN51TwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nukular b/krebs/Zhosts/nukular
deleted file mode 100644
index 27bd2bfd3..000000000
--- a/krebs/Zhosts/nukular
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.231.219
-Subnet = 42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
-gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
-gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
-H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
-tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
-meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/omo b/krebs/Zhosts/omo
deleted file mode 100644
index d2788d28c..000000000
--- a/krebs/Zhosts/omo
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.89/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
-ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
-sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
-s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
-GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
-5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pic b/krebs/Zhosts/pic
deleted file mode 100644
index fb091856d..000000000
--- a/krebs/Zhosts/pic
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.64.210
-Subnet = 42:8115:848f:f56d:4025:49bf:9042:d3b8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA7jWZo6QlyLMW1BK/PxBDgU/qBZajMfSo5nLtp/WUMSMa6cJCjFFO
-ppUSfAKBu4uwzjYUmdzQMoxE2AQKT2+gMc7moxz18sVBTbbWlyueBlsTvhpC1b9k
-YPs3eAJDV6mQPvKb908iubqhardaZAdODDas1S5W4N7DuZZBKryARYOoO7cN6/wd
-+YDTAxf97sV5IuxCDOV1inTuOrNx8XfGU4wVVELqzd9VLCHGuD8kAcz0+emDrI9d
-MSo8ryCL9tbF5owtC1A8HFDo3LM4da7411HrPHpVyOVgjXmX6bjlLIQ23XNDQOC9
-IbyhK2tCc5q+pms7gYEWPByxmy/mb6WBBQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pigstarter b/krebs/Zhosts/pigstarter
deleted file mode 100644
index dd12a0d8e..000000000
--- a/krebs/Zhosts/pigstarter
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 192.40.56.122
-Address = 2604:2880::841f:72c
-#Address = pigstarter.de
-Subnet = 10.243.0.153
-Subnet = 42:9143:b4c0:f981:6030:7aa2:8bc5:4110/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
-9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
-3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
-4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
-DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
-sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pike b/krebs/Zhosts/pike
deleted file mode 100644
index 1d47a6144..000000000
--- a/krebs/Zhosts/pike
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.97.232
-Subnet = 42:4d6d:8699:99c2:0de9:ea78:8d50:f53a
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0CS28CMhqeUuJxY+JEISeEDzP2I5T5ILFn4/3loEagEtS90QAm/K
-rbMDbvJENrNCnaaOcHuOsG3vS8s31ffY9RM89Na2zjcV9l0QBhBkNebUr/Ol0nQp
-ONWXEgmXV2mCGfFnC4uOHhELkZhnkwJduWfR5kyGPPApjxlBVIbI8pkAV4GFqjoF
-WTTm9qp80G26sD4O2q+Ldv9eIKquPAHN/zMFk0TzhgmAylgQUcc84HdUDZ+g9n1Q
-Ap62VwM8lGcnRy+f03cBaPyWQEEdnA3hG2mMfaaAoVYw4eruBbAz8GGUPMT3UH/E
-rGGNmyVzzUQOKvnOjB4qvyseSI+/mPzGJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pnp b/krebs/Zhosts/pnp
deleted file mode 100644
index 66c99f24d..000000000
--- a/krebs/Zhosts/pnp
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.210
-Subnet = 42:f9f1:0000:0000:0000:0000:0000:0001
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
-Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
-pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
-SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
-TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
-Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pornocauster b/krebs/Zhosts/pornocauster
deleted file mode 100644
index cc7d89556..000000000
--- a/krebs/Zhosts/pornocauster
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db/128
-Subnet = 10.243.0.91/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
-RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
-kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
-JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
-2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
-+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/prism b/krebs/Zhosts/prism
deleted file mode 100644
index 4c875631f..000000000
--- a/krebs/Zhosts/prism
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 213.239.205.240
-Subnet = 10.243.0.103
-Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
-kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
-JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
-AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
-jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
-anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/radiotuxmini b/krebs/Zhosts/radiotuxmini
deleted file mode 100644
index 96c069314..000000000
--- a/krebs/Zhosts/radiotuxmini
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.185
-Subnet = 42:5553:9d1f:5e66:ed7f:bbd6:b7fd:51b2/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3A0wJPSrNGpb3g98iv1EDTk7s9dgUKSHf7rmqrN2IlW9g21pkGEY
-T3EWz5X8mGEQbDw2im9W8Lm7OSnYuRQjNxacq5WMIN3AGpsiGB6KWEXu73lDWDkE
-hL7dxjSWFSQQMUkbjhduxyaibmLLI748w5npYzhAsjICs4MsrBhcL/ER7tCwVyKm
-AEKUBbLd21tVLGM5dapJslKamZ5NxeHY6TBdtbd2AQZ+67EINKt/WEx9Ruw/t57P
-OAa37NhFrjBbRClQQZVOunbh1Sb0EX3Abj4oZczrtAaBfcDQbA7x2LwbqugZH/EN
-i/oa3sCqOLo7ZcYvuvyxaZgWLK3KB2MEQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/random b/krebs/Zhosts/random
deleted file mode 100644
index 59a354e93..000000000
--- a/krebs/Zhosts/random
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.134
-Subnet = 42:725b:abec:0922:09c6:b51e:1a33:b93a/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApgs77ljzQp7I8/9KbqzGjoDdNAA3Bp6dKziIJnHLAIDAHD30yY+o
-UHbRPhaCP9s2M4A39wTDjrakngF75M+0covz4WBIiuGdwZywgVnliRk/9dcnqdZm
-OeCxeRJ0BY3Iy8oMieFaPJW1XgwKYi2p0eSpBeKasBct2xNQwyvh+r+xHBa6NK0P
-vV6rK04OrJu04U/tqklTFMTHGmZfjx1vmuecuPWZlgT39788/5aD9uqg2ldMoenE
-eamrPdU2Vh6qlZc8CyHVy5YZDykbXTauUL5OmW2Om4Qc05pinsNnDXfMTkSSmWpN
-oj6nieBqbp/ExuZ79LC5XxvQcAMQtk7gUwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/raspafari b/krebs/Zhosts/raspafari
deleted file mode 100644
index 1e1b48503..000000000
--- a/krebs/Zhosts/raspafari
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.156
-#Subnet = 42:9571:c499:5adc:f9e1:8982:3cb1:cf91/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA14OlKZwL5+ZMwxoMTuTpt+PLr1Mp6pIlfIdYfkkx1od6c3fuvNi6
-CHLpR0fAWDDec/hDwR55VLzonDrPa/nOj6yHCXCTpHhQXJIdZTazxSPAsUuzzKa+
-TZQcCGZWJKG09Rg8gIceTjS99l7BOVtPQXnVQc7Gfxu8csjynHOHWinZy34JU9FA
-HdcTzKsxrAr297iQCPEht7XPDCJj2hRy+NS5UOzkTF7UGTKveyRdsqVIWx/rMrll
-UlBEwxRpstuhG33bv+tAXKNi2eJn32IvHDhPZtHgrvXE71FT43V6bJLT0+xH2qFc
-SGZCCdjv3/3mO/g7Kkth64mpxMw93NGkEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/reimae b/krebs/Zhosts/reimae
deleted file mode 100644
index 125cde652..000000000
--- a/krebs/Zhosts/reimae
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 193.22.164.39
-Subnet = 10.243.177.212
-Subnet = 42:5965:bb44:aed3:9d3d:29f6:201d:7adf
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA37lXlJpfT4pgxV1XB3VzUiALVjOexrHezJZ3YxgZTVUtTTxOnydl
-urN7S4WaRgFkRPlwATGrp+KzJ6fz5/zeryYwbBUY66kcTEfJBP3+zKgWu3NIqOll
-SCcnpjlEm46FcstJ5dnnuYqhpnp98z8QkTiXHZKMI4rB+yf5NdKnMetAUsSUe2wI
-bXSxJ9lNrSm/IFToaVZ3KPYZwQ0HgzUxSWb5grkCuK5iWtGhqdf0/pqEzMpI1Y1c
-QKepcJkRCUcd2InKb9AdpwT/xygNwbPkvjxIAKj7vK/4rr5LApJAOcFL+HJRz4CT
-lDrM5LDeGtsIr+mIUbSTR6R0onWCn543LQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rmdir b/krebs/Zhosts/rmdir
deleted file mode 100644
index 09dec741b..000000000
--- a/krebs/Zhosts/rmdir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.113.224
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af5
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
-i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
-Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
-hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
-59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
-SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/robchina b/krebs/Zhosts/robchina
deleted file mode 100644
index ee67405ae..000000000
--- a/krebs/Zhosts/robchina
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.131.174
-Subnet = 42:c483:5bdb:f54e:dc72:f682:ddd1:14f8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxfCyJD9G9BgUtdZoT/t8rr6TzzcNDyUex46D0arMOliJUWTvkP9I
-m7YHzxZNeb4QoWGW3TZwDGq63OuSDLfXcmKbeTAs9hLDFFOcAzuBeACnQzd5SIqW
-sxjWOgI1yn/Thk2GVzjs2YXIKSCFwpRRR9r0d+YjuSF87ByBXkhgMmoIxn9tQYjx
-RqpAd1ELWRqGgi5W6qbN3m3C3R/3g86SsiOvJ/HbJ+MaRy+b9EC2+XoPRoSAJqWg
-XN5MHY01EmDaz2gRB2kAo1j90y6Xi3JdzMn+nl53nOdSGIBWn6dWbm3gd8KBtn5X
-KernecPr3o4YT77C481hRc68hpi+1aff8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rockit b/krebs/Zhosts/rockit
deleted file mode 100644
index e67272c35..000000000
--- a/krebs/Zhosts/rockit
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.199.33
-Subnet = 42:cec2:0a67:0ebb:7d97:8138:ac9a:8a58
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnUtx3KPzNmS6/LxpYSolmhmF+Xqsum2po3lvmZszu2aIKdcAeIfb
-B6bwz08zC9UNQjnO+27px5LMTTH9zhzRxo5xP/mcco2mVQFl5V+/73qBW5NnUV+4
-nPvUDi0+IhuVixHc+KlkxiHhgIDLdCN2WvVTkUCgxT2xVlPoESXq1dhdE3/5vvJt
-0tphFUnP0sLCVzV25IYCocul+ELj8PAc/9mP4twifM4V0uwhh+J3AHR0+14QM61r
-9qRhEnNEEkGeToYQPsoromiKPWczerUPBpaQHOpjnjg08Coz4OyrrM7+DXyspPfT
-/862pAygKmeJMuzT2b52JbRlk3NMCxw5wQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_debian_oder_so b/krebs/Zhosts/rtjure_debian_oder_so
deleted file mode 100644
index 3000705b4..000000000
--- a/krebs/Zhosts/rtjure_debian_oder_so
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.21
-Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA6J+B/2Wpr9MKu5fuWg9LSoabBKmWmXEWfN7Bs5KMyux9obSBaM8y
-dUEx0ayGwUOvDxizuhma9YCbys4P9SDGmocxrhFz2yQeyinEj03EB9ZZiPNQSqbI
-Jia39Q/fkxeCescUjr63wR0OY++a+NdefVG5OaSRhNwAmjENZzAxTE/1y5lR7mf4
-U0Pyik/BIARZIc7rnwoYn2TlGgUlu3HX7BxCXIndOFeIjtRzoSG6d+XKhcTXOvvH
-WnBNl2D5i48l+V/mDDbLYcXS0al3lgFAOgqXxVXr9WufCBGtNdxlgWlM4zSTUQZw
-UopJToHcnucM3ofb/NrDs3ygHdQPSRkhhQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_ras b/krebs/Zhosts/rtjure_ras
deleted file mode 100644
index ba44cb020..000000000
--- a/krebs/Zhosts/rtjure_ras
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.212.68
-Subnet = 42:627f:6f2a:b631:26f7:8d69:4c3a:23b0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvu1ZjElrPpJ/ery0BAYxWPtb/ZLio+PuhrsOy9BBq6b7/FHw/1yf
-GOCDa2fkdE1/pVLhI62KL+j/nDCgpHtVxzupVYKSyKOuZXnNGAS7vAHNM27jaYHp
-3DTI0Npu13v2r5rgraPOm6eGrd/D0u2gr3T9Zq8PRtg5JrXBWMU4Ugt+Kfv0V+xL
-v0lX21xZrUjvhtd0/vTcNkYLWZK5ftfU18/i3D6CimlG+AsKyeAnYe9Nkcmet84s
-65SbgQ6SBr2YyN5c7wC9j1/Ney3k+aTbxsvHqDyQ8bq8WnsDQR2B8JPZGPLd7VHD
-hdPGzus2PmJa84oB7smuUdt/5oAjzgghkQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_rdrlab_linkstation b/krebs/Zhosts/rtjure_rdrlab_linkstation
deleted file mode 100644
index dfc8c0311..000000000
--- a/krebs/Zhosts/rtjure_rdrlab_linkstation
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.188.107
-Subnet = 42:b859:6e9e:21ee:6884:171e:ebd3:3316
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3nKxW4euCO/XN/0C2H4pvTMRLJAXCbMlsGVR80U9JXFYz85x5yDY
-6UDLJfhROCMPg8JJa1WwG9+jF9uUD315hF/wMmMReqKAX0ct50Uhr5iv5QA0ER/3
-q4eg1dh920K+qZ2LAweCDt2pnJYZYw3pSX2jfiFEu1/DfwZIVUkymEKC27ObC+Zw
-KMderOYU4UPkTmrg4WkAUiHH09PToMVQukL4PLslhNMvFqhdLdGMyY2hqEltK+QP
-6cKFDUCAoZRc/L5JhNtklr7RLqYhwkQ7kgPWqbW50tdi9B8YDJfBbfAT7+QS70gj
-THyNfEm3R4Xc8FrbKw3ju1PO4LDb9KOhUQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rubus b/krebs/Zhosts/rubus
deleted file mode 100644
index aef8d4b39..000000000
--- a/krebs/Zhosts/rubus
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42:537a:0c95:6315:6598:e109:74b2:0887/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqudpo1cC1ETPA3d16cNTAwwud195Yetdx32ty5/VkY2KgLnnl672
-XTPZBVhFppG+NU6QIYq2c0+BdUV+42XNnSeTKy79xr49eSMDaAXuWiX4eY8dh4v9
-n7elTWikzTaElS5SI3wcJPz8SdajWclnRkqXbyMY7Pw7uJMgT3svC/chN8tgp1LT
-2s1DdvxaHhnFPef2NQvIWgfgytReLB8dQnSYoAiwIGvNXQT4OXgshJkTAwmok/Sq
-io8K1FeJyOranBM/ZyYbQWMEXuknoJ9PXKPbrGjD+ftS18Gs75ODWqh/Bpj75rpT
-q6HLJv6H6YpToxueTL1iYM00MNW4g/oPZQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/senderechner b/krebs/Zhosts/senderechner
deleted file mode 100644
index 4cce73cab..000000000
--- a/krebs/Zhosts/senderechner
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.163
-Subnet = 42:b67b:5752:a730:5f28:d80d:6b37:5bda/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
-lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
-rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
-inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
-BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
-OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/serenity b/krebs/Zhosts/serenity
deleted file mode 100644
index 09c519a00..000000000
--- a/krebs/Zhosts/serenity
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.137.182
-Subnet = 42:7538:6f17:220f:bcc0:2d2d:d6f6:911f
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvVxASw+8nrkQisvliqjYXASQ8O0v4KGlQDHQWx4eBKOfPyQbgJpU
-LOF1nikZTz56SyJAwZY1r7JXpvzycWKXkLK/deqJrHkm83lRbwbzKrExzW8hNaVD
-nO+P4X19uG/gcfxc9+CdPbHxtUPCNQKUhtYfnXrzTu9jiz7WibkJRYMvY1bd4SK1
-rkKGwIfQiWGvA2cLyWZH2XnFptl0YVHulGnIIVp/bvTuPDsba4mTWeuJhi+16ZzP
-PwsR5taxB+dxygESp+kwu00Xmwv5MnmL6QWDlTHYZX19FXkeAV+sHxEO0K4YLFQn
-pucTzUBNiZX68HF3R5SdH7wsg9jsvE8c3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/seruundroid b/krebs/Zhosts/seruundroid
deleted file mode 100644
index b4f0848e7..000000000
--- a/krebs/Zhosts/seruundroid
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.127.2
-Subnet = 42:81de:f850:152b:0988:1942:265d:dacb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvNtSbaaacF05L2mAxxA5SYc6DuoZEAkXlhcvLTlpu9f/0vZwUWh7
-175pLn6VqUijVoFb9vyoOwkrs9Uk3aX8mYws+5yJLwXhIje+U3uiVTphowKva+m9
-BzV6waZ5dLbh+3CGimx1TBkFTly3NkdZs886QWSO4aXLdU6lt3jRYsuay0Eop/j0
-eQ0BWg9o0QEcfDRQ7RirXrD0B7TSo6qZC0b4NSAMHTE+dvOMo7c+Z7cIPNLS0B+T
-Am7ju3gF7UU68kKPyczrNSPPPZayEvZYUZE4PHt8dyIsppojoRq0SJqsMr/mOC15
-dg/KnoKezn9nqUWzisRWrrqWStAKITJkjQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/sir_krebs_a_lot b/krebs/Zhosts/sir_krebs_a_lot
deleted file mode 100644
index f4fffd9d5..000000000
--- a/krebs/Zhosts/sir_krebs_a_lot
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 84.23.79.81
-Subnet = 42:48bd:f4cd:b2f1:ff6b:865c:d041:def6/128
-Subnet = 42.130.57.249/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzkVF0BSWUEqzdUidLTa6qL4wlNSb8gaxyZperzoAj65d5l25SCqc
-jjqvREcE6p+jM4t1STXoohnNvexubNXW3PVo5Zpew+BsaGjVvow0LkqCJ9k96Rrk
-JzU5lAVH6om3/QYws/Ot0zq1Z/+Xw/0+9JpVKhEipMWLpLgjAvWdvzSW6aBIHVN1
-3E85fkTE5f0azct+XNSNzUebdyIy8wu/EexGmFI9bN+ewIvqjZJdvxP+Ank55MsE
-8P7K9TKwVXw440MGqqoQaOhdaT75TL+2nsAfWYcrNnE3YehMOmCMp9oY+RAvsIkK
-iAYyF5l7ZTi/7KGHNsG7rr0cbytiz2nS6wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/skirfir b/krebs/Zhosts/skirfir
deleted file mode 100644
index 0214e7a1c..000000000
--- a/krebs/Zhosts/skirfir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.18/32
-Subnet = 42:423b:0f94:6b03:7c3c:593e:67e8:c857/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvQ2yhEbW2a7rOlJGb7pV8OhDMQC00jNffM9LML+sn/BAbIX6jzzi
-XgD9o5qwyW/ktpEViUbYepIB/wBbHdMgHRWux5nPS/WygxnVKcf4mPr846udJ2kx
-/38l40DjHTzMWTV6G+TFm4+Wg7++B/NUonMJczRNjX4zDVwmObZpS+XSjl8bT1DP
-vvNHeUOr06a/IPyOF7b6B/dlr+0pr4YLFw587M1KA+eee8gvJx7YvCdwUMMJP++K
-KX30apeJQ+jpf9CsVvpxGefysMTv0uUB7Rmya3b5jjddnW0ge6lTMwT87TzIF5jz
-e3hIt+dvvq7cHI7nnyyRtKcvcm1hH+ZIaQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sleipnir b/krebs/Zhosts/sleipnir
deleted file mode 100644
index 1c82461de..000000000
--- a/krebs/Zhosts/sleipnir
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.62.238
-Subnet = 42:d442:7668:e533:cd65:0e50:4714:ad05
-Address = 91.203.214.50
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA155UrbREv8ktrafcK+BMLSnDnTwPdvs70i5fLGJGefiyNc0ZzZVw
-M2+R3TGGYPqtid087zYfl6M1JLEZeDtRIcda3N5S5bxXQe6Dz70DxpVNlE1a59zy
-7xoD4D3hTJbOYzz9DIBj+9Q91+4JGIi+ZLjuulNNbj/AGGbvtzgLOKRPK5f+Gyfl
-beI8xtgD1fLUNbeYGzqz7KDFFTUz+oImWvhkf9fTlsS8riGiA6RketxCaeQGqZ4v
-s8z7S70MFjpiR8He9UyUoFWKODYY7eA+BV1EkQTuSiji1oa/GY8RexjMb83S5cBn
-hnSoQb3Q35hd1oM06Wz9LKcOiL2pczEx+QIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/smove b/krebs/Zhosts/smove
deleted file mode 100644
index fc7e194fa..000000000
--- a/krebs/Zhosts/smove
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.42.42
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzFFj6yAy2qC4gVrUV5vN6PztulRggkyXIMr2oPmPLuB85uxJE9nI
-9uvsQdbgcmmEM++moPM/ASCEXuu1ikUK1Gl+8C3rv2IxF/zhcrWEJV4e4EvHrBWP
-Xt4hSPyFG3LYpaX1OAWL2zmCvGVDmflWp+YkbBRrkMMEyXg0gZMNx+E7yJiNVYFo
-DZ7p4VSncWsAqk0I1varQpkl7BR6p7QcJlMO403Rh2oQT1bPXskkZsfAyXN8wJTP
-ATiTm5vijXiRUao+h9L60oxQTcvi9hcbhg+FpB3HYx2Rq6lWR0SqDO2OiBTTJnFM
-6qvN7Wfdmxim0mLAwaqccRLCWA06iN8b7wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sokrates b/krebs/Zhosts/sokrates
deleted file mode 100644
index 97cf1b478..000000000
--- a/krebs/Zhosts/sokrates
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.97.126
-Subnet = 42:28be:6907:ab4b:5c79:99f5:a4a1:2a25
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0emA0JAong4wHSAEUrLrkh21n8I/+pLtpS4uGTcMHn9ZrS8Tg101
-S2poRE0jZUZu868mDeOwwxZRLmCE+bL0q1OrAUDY7+ricQSAz3CNQAAQB0Sjp7ju
-YXKqLZQEYyOV3M8IJOALS72q4g1VTv5jQrLhGzMsv9vzuRSZV0pEV8tZwb187wLi
-n27rwB6SPZv7uhC3R060x8Ze/pLmfmVfrxb9DwZS3d8X1PwygTrTjSAUTeMaDa69
-NSOzvKLx25fhZ0Gm3BA3pUQDEOiGOze3oT/0l3QJMvZ48TbG1KlSBOVwtL3+f5yM
-gJZLF/JoTsYL0aZM+zHL6NAUmciy9dNXEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sokrateslaptop b/krebs/Zhosts/sokrateslaptop
deleted file mode 100644
index e05f24153..000000000
--- a/krebs/Zhosts/sokrateslaptop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.142.104
-Subnet = 42:f8a1:044d:0f75:9d73:56d8:f432:c6cc
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
-t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
-rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
-egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
-aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
-VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/soundflower b/krebs/Zhosts/soundflower
deleted file mode 100644
index 4085fd11f..000000000
--- a/krebs/Zhosts/soundflower
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.69.184
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
-H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
-Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
-FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
-lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
-8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/steve b/krebs/Zhosts/steve
deleted file mode 100644
index f86eaa50d..000000000
--- a/krebs/Zhosts/steve
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:58a0:e7b1:506e:b09e:1b68:5149:c6e8/128
-Subnet = 42.145.33.57/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2mt6xByDU2eVsQhjG33vT18Byfxqq4TPOvbV8RAyx0RWeolXGWnx
-p+wKHVITCyL5JCYs7fUYQoDC900bQa/waWgcN8dHfiUmUPtiUjcc35UWaNTLkVGs
-XEe47JMpnnB3D8ynXXKHsG8JXFjpxQpan/fnSuUG7nsB6anxjNHstkmsGGp60P1V
-6Xt5GcN+Mw1peH5LhIOcXaMNEHj/DlIjQSubCf3yelcxoSgnZibP5GfiI6JwKXDu
-A3Sv+wfAGTYdTOE6RBsvBI0lTNUSw02WxaMG4Hfe6+19XEnC1bSwg8+7VsqFmeWi
-uoaQeerhP1QD3GIX81Xe8ENvvFGzCdfARwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/stro b/krebs/Zhosts/stro
deleted file mode 100644
index cddab5421..000000000
--- a/krebs/Zhosts/stro
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.111.111/32
-Subnet = 42:0:0:0:0:0:111:111/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
-vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
-FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
-ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
-oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
-XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tahoe b/krebs/Zhosts/tahoe
deleted file mode 100644
index 3e78595d3..000000000
--- a/krebs/Zhosts/tahoe
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 148.251.47.69
-Subnet = 10.243.57.85
-Subnet = 42:2f06:b899:a3b5:1dcf:51a4:a02b:8731
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
-QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
-dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
-9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
-hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
-egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/taschenkrebs b/krebs/Zhosts/taschenkrebs
deleted file mode 100644
index 94c37eadd..000000000
--- a/krebs/Zhosts/taschenkrebs
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.66/32
-Subnet = 42:55bf:5f2b:73f4:f989:910e:ee73:2831/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0YAfK9s29WDjJmiri3Oj0hEyjKui9ylA3mlmWSiTLnk1O2REOwgD
-5DPsdYPbu+bTkW7GdzcxX/mNvHogWgC+2+F70dles1lDiSDUhSQOEHFMlz+rBbvz
-FGY3Xmm3m3qdRYOcpHUXL/ZXN6kBvsl2b5rfEkejRb+Z1OOLjssISEzNe2vPEnp4
-OmY8ZQA5UAjnxsX+GKsH2OBqD+6Xm+/l/XLHDApHfby+X3upXaJRBjUAp8DiOm0T
-hVHfYXEE3iuC8JaCzWSFtG+4qLXf9MJ5xRfwUkuyPqiiTIpeM8GxHQJ+l+QKycNd
-Dk+9AwsQ/WsoXMHqIWHyNmuqhr82wEQo4QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/terrapi b/krebs/Zhosts/terrapi
deleted file mode 100644
index cf1748eb8..000000000
--- a/krebs/Zhosts/terrapi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.30.159
-Subnet = 42:b0bd:090e:2a37:2cb4:3314:58e7:20d1
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtVhVDRBzq0L6JtdVUVEakBzhMP2RjOj7cHZnEUsXzl1TXxuOBhL1
-XOXd3LUuU0jNMMvzxO2VU7K/wM6lX30B6ryqDSfsXKEBM60BiGVzb4Kd+7No76RN
-0NsoLygtvtOm1SmvvT1UCsjomoIE4eGdBDsfQzNKt2PUoh/0rTZBHd6qGJuCZQSX
-F4IRby4jzYvjOsaSi7GVadvhoyETVxbUAi9VquxOltytA+Ud4CXPb/JW25uVmQQK
-RXhoWahWJGJ2WJLGnT1RkTvFQk0zM3XJfPBVItnKCYHuE5HMU/5nnnPvKWiICdsA
-1NNU8+kXtK3IJEHwfpRWe/isMj8rROU37wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/thomasDOTde b/krebs/Zhosts/thomasDOTde
deleted file mode 100644
index ce47b39e8..000000000
--- a/krebs/Zhosts/thomasDOTde
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.42.23/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3btaQpK89aRDJ66cW8H9RlDIzr4k4WIGiqNCsIAE5MhSGCtjboWO
-elgRWlYP59l54yRzn5FpvABAWeRupbX/AMhG8IiBgU6438+F2kVlZdJM4DP51F7c
-N2Ek2WKSoIJuiv7Aqb1WlHIWlN3ehg/BXcFPLSav+iChWXAD+MkKmMwL8lGEzsus
-MdbpRLxB0g90FUmpwr2f8euanOXYhU6sjnxH+0JY+j9AwWQLfAqtQ1eGO5MK75Dw
-htPM3Pj90bkfnYNjNXvnyjsQScDjYG/cv/zDwqRQWNcsmT3EqsBnmM5q0EL+Djo1
-lsPTacJdRtHsnQne9daNadnHywQPX+t/QwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tincdroid b/krebs/Zhosts/tincdroid
deleted file mode 100644
index c240f3d6b..000000000
--- a/krebs/Zhosts/tincdroid
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.11/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwZSgdnymspnwy8NOJ1UKVIbUXxaDUCLWGGtSpYvRt4wrzkIMpeyc
-+Bi2c/85Guy6B5H7X+3hMY7YFzM8AiixVr/FCAlKFwseZOc8ld07PuUPVtqdRN9N
-Dy4dqATaaWvjGL9320AJmccbYvoV0MZGTmWk86ZaA06tgDb0ZihEfYEFhw+5fakE
-7mxpdYmVdzaqScRyKWCF7ogn91/fQ01om/hsl+wzTI/ykqPTUumdNcijBMIK8EtZ
-qJbgOt9NSKulhDBFJ02vJmt3o6hmJSONjKcN7dify/ZotQffGCRMgdaWx0YTQJxY
-VJ1rPLlbZaPWRydsbMm3BTZAdMRXUq3uDwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tmpd b/krebs/Zhosts/tmpd
deleted file mode 100644
index 52db6b258..000000000
--- a/krebs/Zhosts/tmpd
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.235.99
-Subnet = 42:cd60:2f4b:3382:b9ba:74d7:5a13:ceb7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwSNjd1jYjsx+8JDRUV9QXhyMOrAIOMtKUGo/+Ufr+jHIY7h2BlQS
-6Jy7xjZv6zmHhEenhWs+P4qUCASXJPtZ7URgelA4NgkfVMsbgUQDM6VDZr0JwYXq
-csmp/9vxWRRbaNifG9x5+N50tMh9E5rMmDCV9ySWr3DAvDQckKAjfMtys2EWajW2
-sM02mXtMPAy5QgKNRvSbIVDnRjJyZpCkc5xNhv2rl7k+6RZltcec4IarIlnu5nv5
-f1cTAlPaWwGuyyXZeyFbzD0IAGJeWzCkt8+F8kOobRXJQbgDqYWLdH5BXagxBX4g
-VpDZTwdWU6oGph8m4kCg4vJCW1/XYOU1aQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tpsw b/krebs/Zhosts/tpsw
deleted file mode 100644
index 4e7b2a890..000000000
--- a/krebs/Zhosts/tpsw
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.183.236
-Subnet = 42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
-Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
-WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
-OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
-0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
-pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tsp b/krebs/Zhosts/tsp
deleted file mode 100644
index 314abb3f5..000000000
--- a/krebs/Zhosts/tsp
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.243.0.212
-Subnet = 42:f9f1:0000:0000:0000:0000:0000:0002
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
-HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
-mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
-n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
-R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
-Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
-aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
-ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
-KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
-XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
-teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ufo b/krebs/Zhosts/ufo
deleted file mode 100644
index 7103515b4..000000000
--- a/krebs/Zhosts/ufo
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.223.142
-Subnet = 42:d9d0:64b5:4dc5:21cc:6a57:cbc9:fac6
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuOly18THum73KzUbky8Vwmjz33sLl67bvm338Nacq8nuV1/8RkHz
-O1VWSnPiyUEpwf69jE5VP8GE/v+7gvJJ5WW/7A7K7A1Ox3vRjwDnO8PllCrzfei3
-jKffWRP9PcxwaWOjE7LKK16Y7t6ZM9k2zMyxAJtM+MmSnBvLoyd+14bIltXz+ZEU
-bpFk1g75CXMrqj29SDGfuFPWxbDfjr2bfNuYr3fCLIOKXyfBmHRaLiuPynezbZxQ
-HlLVMtCCZoKCctmlOlHON/JaL0ZHM1ZA1l6n4EaaPAL2nakMTU513LqQiCqTMej5
-r+wxsrjhHxVmWYhtPrJGOPlkQyJx9LiWjwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/uriel b/krebs/Zhosts/uriel
deleted file mode 100644
index f5f6de5f8..000000000
--- a/krebs/Zhosts/uriel
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.81.176
-Subnet = 42:dc25:60cf:94ef:759b:d2b6:98a9:2e56
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
-duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
-MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
-m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
-uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
-u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/vault b/krebs/Zhosts/vault
deleted file mode 100644
index 7ed3866c6..000000000
--- a/krebs/Zhosts/vault
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.229.17
-Subnet = 42:17ed:1eff:5aab:a541:57a2:7ca2:5c38
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzra4v9cIU8mUeC8Vr1YUTWxir/IexD4FlGc087+i7hu6LLpt7Xi8
-XdwiGMTmQLegohtaVN3yShX1a5YywAboxaZFS1aLFBptmV9VIMtsTJRIgm2dBwMy
-5tFRfu3ElV408JBr8OGwYC967p/SY5hxvSAQRc2cmSeY5duWGxybpzfdKmnjnmLr
-pGfmavBaLAi2DP+KejCFjAu4oWayVlM2BIXtbtxxn90JvZ8HI4gdfHLBbwfxiEHb
-qODqiWbu7wznQ3g4N5SUW2rq8WUqubufcx30Z+096doc0i+Zdxb5JBU79CGTNcbZ
-X6Spc/CtkrLNbsTCjVmXgNvYo6WZeg4+rwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob
deleted file mode 100644
index b233a46b0..000000000
--- a/krebs/Zhosts/vbob
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
-4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
-AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
-hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
-Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
-AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
------END RSA PUBLIC KEY-----
-Subnet = 10.243.1.91/32
diff --git a/krebs/Zhosts/voyager b/krebs/Zhosts/voyager
deleted file mode 100644
index 216d8dff4..000000000
--- a/krebs/Zhosts/voyager
+++ /dev/null
@@ -1,17 +0,0 @@
-Subnet = 10.243.24.5
-Subnet = 42:b434:5bee:21ed:2e99:a4d4:35b1:34cf
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvaSESJ+KK+DAVOdj8S7AmBb9Cqepi8VwjrnT+WTUFqbDQJ7Dwwfi
-vbqRZituKbD67xljtYbhv0MOdAXRKYgxhCuO6SO7GRlSL00Lb+lYT5KLR1LeMyMe
-Y0r1FOTSHZIYV5NfrmznMnV7FxsM3IkSiPHBZUAVxDyoJAYyb8L+loTvJyaD6lno
-i8PUNVsyRISE+UXxoIEMnGVtkOQVIhnrdO9k02pRBe/dNNKOKH2tUyPxtyP4TujX
-/A/OEqniwf1RBtGddhmKJOew2SPvNbiqJMBU+PNAs0ACTBn5GdyWg6/i6gvUpPZi
-SX4xlDNt7fmfJr32elD0Mv08r3+/dmeP1+LFGSEMkZM9R70iHTRZyqJf1TKwE8LI
-KRSflzV8EhcOa2znS5gM7YZW60OHdjSgQ8J3Czfp7ig923zxj3JA0sctCuuHtbXp
-BUfi98tb2eMT0E58dtge6TwTn/dAcYYTRN2H+fgVOUCc2NKIwN3Vt03Y+HT7Duaj
-B3klQW5setLz/SZf9Bw2W+mpnIeHjzS5M2EZ+O9gosH+bVAMMs7w2wLhuSaPnJY7
-24kF7hGMI5zHqWpNjLdB7AN+vkqHbzBnfkVLSLyHyrJCBebQCg3in/uW650Zo/D/
-Ad1k/5+a2R9xKHqONF2FUyZb26FkzROnBW1M47K1e4x/r/5N0Vq5mkcCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wbob b/krebs/Zhosts/wbob
deleted file mode 100644
index 829a59110..000000000
--- a/krebs/Zhosts/wbob
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.214.15/32
-Subnet = 42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
-QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
-cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
-khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
-rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
-TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wolf b/krebs/Zhosts/wolf
deleted file mode 100644
index ded8275bd..000000000
--- a/krebs/Zhosts/wolf
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.77.1/32
-Subnet = 42:0:0:0:0:0:77:1/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
-HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
-apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
-4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
-7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
-8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wooktop b/krebs/Zhosts/wooktop
deleted file mode 100644
index bd0cb9454..000000000
--- a/krebs/Zhosts/wooktop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.63.202
-Subnet = 42:9f67:f701:81af:b8ba:6183:4f3b:c60e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuP6ZaGowomnda2aisQjQ/li58I9C26y6x2W8++CnkrVx+2siSpsg
-M3nNOLc4n2k7hgjFIkeODqiSX4VKb94A0eHJwk6il507ILHrsgwJmheIKMWQJEx0
-44h6o1r6fbpZdsf2dREK6qjIp+wEv1sYZ74sv3fP4V3QbjPVH3WVJ/gW+CDOT5zc
-Ff6+JZNdLWwdRvHq1snQGdnUfAk3jLWpv8FZo2g0xAo1kIGfh9KCuxDgr1sonl0Y
-GcCKI+8tsJhzDT4uo6xJrZH6Hx3pqb9hqTTlAYMGRoJUMTlQAFi/efo5bxNx85Mh
-xz313oHXDnK6eVr0vqq62UcatcxIRwBpVQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wry b/krebs/Zhosts/wry
deleted file mode 100644
index bd55d1792..000000000
--- a/krebs/Zhosts/wry
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 104.233.87.86
-Subnet = 10.243.29.169
-Subnet = 42:6e1e:cc8a:7cef:827:f938:8c64:baad
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn
-U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms
-ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA
-7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2
-8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ
-j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF
-TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw
-RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC
-zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack
-86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT
-Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wu b/krebs/Zhosts/wu
deleted file mode 100644
index a63adc7cc..000000000
--- a/krebs/Zhosts/wu
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.13.37/32
-Subnet = 42:0:0:0:0:0:0:1337/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
-M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
-GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
-KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
-4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
-AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/xu b/krebs/Zhosts/xu
deleted file mode 100644
index 688e4a340..000000000
--- a/krebs/Zhosts/xu
+++ /dev/null
@@ -1,13 +0,0 @@
-
-Subnet = 10.243.13.38
-Subnet = 42:0:0:0:0:0:0:1338
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
-uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
-8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
-mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
-4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
-4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
------END RSA PUBLIC KEY-----
-
-
diff --git a/krebs/Zhosts/ytart b/krebs/Zhosts/ytart
deleted file mode 100644
index 09a55f65e..000000000
--- a/krebs/Zhosts/ytart
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.65.226/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2yCCN8nAPmZNL75Jr+FtfP5jmyuqg7IpgfW03L3s8Gg7NB1eTQAg
-UFPh13cj4lZleZOl3Yus7yx4HxMO8tYCptqnRPyP+UXrxvL+kECS4J3rLzjH/eOM
-0oAxuEe+DOa5R9Vj2bRtTouePlEvXDpgZZcDnedutRUYFGLNvkoWxu0RGqfQaJmd
-7KtOk1NJn9efNqwpl6ejPj5A+ivh2T1vAMWherM60JTjjhNGiSP4so0WG8PlBPYc
-GKnmMSQl0u5n10uTvLoVvnSfLj/QvL3d8abTrFV2lRqaCTJy+lxgkS1A5AnsTP1G
-OBbm/Gk9hRuYy2iP6FQ65q64/JfoeoqpPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/zombiecancer b/krebs/Zhosts/zombiecancer
deleted file mode 100644
index c073123f5..000000000
--- a/krebs/Zhosts/zombiecancer
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.226.40
-Subnet = 42:2cb2:77f2:86c1:ffcc:f9ff:fdcb:726f
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwmIAhFzsJb6Pjy8TjAWMECwh8TRYIFaL0sAzGMtoibyAUnIpX6UU
-kYLYUjsd6Wo8HZUn38awjoa0tD1SE43UueyD45OAEk3zYY9/ku0BVBOgGYZahcWO
-cKMkO1BtIle7lI4/+gxyfoSrj+2/0pf56odFIZTIV+kyKtFg+97Mn/eb6o7b46oR
-edhU+Nz02YGLuSs4Pv663GAuIyCUj0OTxhX3F3lYWYyP6Hbj4FW5W8YJrlfw12x3
-f5OUceLLBz2JTk2thBSgd/bXW4hAOFgpuHTu8FWZ4sh7vKFiRmPyTTN0uE7NaVdX
-vSw7x+V9kSeonkW7uPp6A3ngl1ki2xc8AwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index d26a2f4c4..f8a63706e 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -14,7 +14,6 @@
krebs.retiolum = {
enable = true;
- hosts = ../../krebs/Zhosts;
connectTo = [
"prism"
"cloudkrebs"
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index a069cc36f..0c6ba09fb 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -32,7 +32,6 @@
};
krebs.retiolum = {
enable = true;
- hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
"pigstarter"
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index d95362919..e8a2959d0 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -71,7 +71,6 @@
krebs.retiolum = {
enable = true;
extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
- hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
];
From df89fb7e9121d395357885e00a24a616eb1fef57 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:43:24 +0100
Subject: [PATCH 34/82] krebs.retiolum: don't generate extraHosts
---
krebs/3modules/default.nix | 1 -
krebs/3modules/retiolum.nix | 54 ++-----------------------------------
2 files changed, 2 insertions(+), 53 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index ba1f425d9..7418434ea 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -96,7 +96,6 @@ let
retiolum = "hosts";
};
- # XXX This overlaps with krebs.retiolum
networking.extraHosts = concatStringsSep "\n" (flatten (
mapAttrsToList (hostname: host:
mapAttrsToList (netname: net:
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 08ac96461..2bf8aa5db 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -29,22 +29,13 @@ let
'';
};
- generateEtcHosts = mkOption {
- type = types.str;
- default = "both";
- description = ''
- If set to <literal>short</literal>, <literal>long</literal>, or <literal>both</literal>,
- then generate entries in <filename>/etc/hosts</filename> from subnets.
- '';
- };
-
netname = mkOption {
type = types.str;
default = "retiolum";
description = ''
The tinc network name.
- It is used to generate long host entries,
- and name the TUN device.
+ It is used to name the TUN device and to generate the default value for
+ <literal>config.krebs.retiolum.hosts</literal>.
'';
};
@@ -107,8 +98,6 @@ let
imp = {
environment.systemPackages = [ tinc iproute ];
- networking.extraHosts = retiolumExtraHosts;
-
systemd.services.retiolum = {
description = "Tinc daemon for Retiolum";
after = [ "network.target" ];
@@ -155,45 +144,6 @@ let
iproute = cfg.iproutePackage;
- retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts"
- { }
- ''
- generate() {
- (cd ${tinc-hosts}
- printf \'\'
- for i in `ls`; do
- names=$(hostnames $i)
- for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do
- names="$names $(hostnames $j)"
- done
- sed -En '
- s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1 '"$names"'|p
- ' $i
- done | sort
- printf \'\'
- )
- }
-
- case ${cfg.generateEtcHosts} in
- short)
- hostnames() { echo "$1"; }
- generate
- ;;
- long)
- hostnames() { echo "$1.${cfg.netname}"; }
- generate
- ;;
- both)
- hostnames() { echo "$1.${cfg.netname} $1"; }
- generate
- ;;
- *)
- echo '""'
- ;;
- esac > $out
- '');
-
-
confDir = pkgs.runCommand "retiolum" {
# TODO text
executable = true;
From a1f7f5e510ddc7a35bebe4ec7698e19d83d57c3f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:57:43 +0100
Subject: [PATCH 35/82] krebs: DRY up shorts of the networking.extraHosts
generator
---
krebs/3modules/default.nix | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 7418434ea..20eb944e2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,10 +103,8 @@ let
aliases = longs ++ shorts;
providers = dns.split-by-provider net.aliases cfg.dns.providers;
longs = providers.hosts;
- shorts =
- map (removeSuffix ".${cfg.search-domain}")
- (filter (hasSuffix ".${cfg.search-domain}")
- longs);
+ shorts = let s = ".${cfg.search-domain}"; in
+ map (removeSuffix s) (filter (hasSuffix s) longs);
in
map (addr: "${addr} ${toString aliases}") net.addrs
) (filterAttrs (name: host: host.aliases != []) host.nets)
From 171df3acbe8ebe97d690bfb386fbf15bc14984cd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:15:25 +0100
Subject: [PATCH 36/82] tv: adopt kaepsele
---
krebs/3modules/tv/default.nix | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 31c1a375a..5f70f8489 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -130,6 +130,35 @@ with lib;
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY";
};
+ kaepsele = {
+ nets = {
+ internet = {
+ addrs4 = ["92.222.10.169"];
+ aliases = [
+ "kaepsele.internet"
+ # TODO "kaepsele.org"
+ ];
+ };
+ retiolum = {
+ addrs4 = ["10.243.166.2"];
+ addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
+ aliases = [
+ "kaepsele.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
+ Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
+ rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
+ y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
+ yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
+ FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
+ };
nomic = {
cores = 2;
dc = "tv"; #dc = "gg23";
From c4655c3baad28525550e7c1d0fb9589e06663a2b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:21:30 +0100
Subject: [PATCH 37/82] krebs.dns.providers: add i and r
---
krebs/3modules/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 20eb944e2..529506905 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -92,7 +92,9 @@ let
de.krebsco = "zones";
gg23 = "hosts";
shack = "hosts";
+ i = "hosts";
internet = "hosts";
+ r = "hosts";
retiolum = "hosts";
};
From b16bfb9c99e6f1f063c5b7358003149db42b70e3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:18:52 +0100
Subject: [PATCH 38/82] tv: add .i and .r TLDs
---
krebs/3modules/tv/default.nix | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 5f70f8489..7db5c532e 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -24,6 +24,7 @@ with lib;
internet = {
addrs4 = ["162.219.7.216"];
aliases = [
+ "cd.i"
"cd.internet"
"cd.krebsco.de"
"cgit.cd.krebsco.de"
@@ -37,6 +38,7 @@ with lib;
addrs4 = ["10.243.113.222"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
aliases = [
+ "cd.r"
"cd.retiolum"
"cgit.cd.retiolum"
];
@@ -67,6 +69,7 @@ with lib;
internet = {
addrs4 = ["104.167.114.142"];
aliases = [
+ "mkdir.i"
"mkdir.internet"
];
};
@@ -75,6 +78,7 @@ with lib;
addrs4 = ["10.243.113.223"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
aliases = [
+ "mkdir.r"
"mkdir.retiolum"
"cgit.mkdir.retiolum"
];
@@ -104,6 +108,7 @@ with lib;
internet = {
addrs4 = ["198.147.22.115"];
aliases = [
+ "ire.i"
"ire.internet"
"ire.krebsco.de"
];
@@ -113,6 +118,7 @@ with lib;
addrs4 = ["10.243.231.66"];
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
aliases = [
+ "ire.r"
"ire.retiolum"
];
tinc.pubkey = ''
@@ -135,6 +141,7 @@ with lib;
internet = {
addrs4 = ["92.222.10.169"];
aliases = [
+ "kaepsele.i"
"kaepsele.internet"
# TODO "kaepsele.org"
];
@@ -143,6 +150,7 @@ with lib;
addrs4 = ["10.243.166.2"];
addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
aliases = [
+ "kaepsele.r"
"kaepsele.retiolum"
];
tinc.pubkey = ''
@@ -171,6 +179,7 @@ with lib;
addrs4 = ["10.243.0.110"];
addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
aliases = [
+ "nomic.r"
"nomic.retiolum"
"cgit.nomic.retiolum"
];
@@ -205,6 +214,7 @@ with lib;
internet = {
addrs4 = ["167.88.34.182"];
aliases = [
+ "rmdir.i"
"rmdir.internet"
];
};
@@ -213,6 +223,7 @@ with lib;
addrs4 = ["10.243.113.224"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
aliases = [
+ "rmdir.r"
"rmdir.retiolum"
"cgit.rmdir.retiolum"
];
@@ -260,6 +271,7 @@ with lib;
addrs4 = ["10.243.13.37"];
addrs6 = ["42:0:0:0:0:0:0:1337"];
aliases = [
+ "wu.r"
"wu.retiolum"
"cgit.wu.retiolum"
];
@@ -292,6 +304,7 @@ with lib;
addrs4 = ["10.243.13.38"];
addrs6 = ["42:0:0:0:0:0:0:1338"];
aliases = [
+ "xu.r"
"xu.retiolum"
];
tinc.pubkey = ''
From 18784b439d6c58eb4102068a5a31e0e46794ee73 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:30:56 +0100
Subject: [PATCH 39/82] tv: remove stale krebs/Zpubkeys
---
krebs/Zpubkeys/deploy_wu.ssh.pub | 1 -
krebs/Zpubkeys/mv_vod.ssh.pub | 1 -
2 files changed, 2 deletions(-)
delete mode 100644 krebs/Zpubkeys/deploy_wu.ssh.pub
delete mode 100644 krebs/Zpubkeys/mv_vod.ssh.pub
diff --git a/krebs/Zpubkeys/deploy_wu.ssh.pub b/krebs/Zpubkeys/deploy_wu.ssh.pub
deleted file mode 100644
index a54a1ca37..000000000
--- a/krebs/Zpubkeys/deploy_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEieAihh+o208aeCA14fAtjzyZN/nrpOJt2vZ5VYZp69 deploy@wu
diff --git a/krebs/Zpubkeys/mv_vod.ssh.pub b/krebs/Zpubkeys/mv_vod.ssh.pub
deleted file mode 100644
index 7b7d2e260..000000000
--- a/krebs/Zpubkeys/mv_vod.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod
From 9742953ee932b96cafb390f7b61edd68499cec82 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:53:35 +0100
Subject: [PATCH 40/82] tv: add cgit.*.r aliases
---
krebs/3modules/tv/default.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 7db5c532e..b7fd1c54c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -40,6 +40,7 @@ with lib;
aliases = [
"cd.r"
"cd.retiolum"
+ "cgit.cd.r"
"cgit.cd.retiolum"
];
tinc.pubkey = ''
@@ -80,6 +81,7 @@ with lib;
aliases = [
"mkdir.r"
"mkdir.retiolum"
+ "cgit.mkdir.r"
"cgit.mkdir.retiolum"
];
tinc.pubkey = ''
@@ -181,6 +183,7 @@ with lib;
aliases = [
"nomic.r"
"nomic.retiolum"
+ "cgit.nomic.r"
"cgit.nomic.retiolum"
];
tinc.pubkey = ''
@@ -225,6 +228,7 @@ with lib;
aliases = [
"rmdir.r"
"rmdir.retiolum"
+ "cgit.rmdir.r"
"cgit.rmdir.retiolum"
];
tinc.pubkey = ''
@@ -273,6 +277,7 @@ with lib;
aliases = [
"wu.r"
"wu.retiolum"
+ "cgit.wu.r"
"cgit.wu.retiolum"
];
tinc.pubkey = ''
From c784d271c5dc8783e5e6308baf4f6dd26430bfca Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 18:38:51 +0100
Subject: [PATCH 41/82] tv: adopt mu
---
krebs/3modules/tv/default.nix | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index b7fd1c54c..9adb0ce11 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -169,6 +169,28 @@ with lib;
};
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
};
+ mu = {
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.20.01"];
+ addrs6 = ["42:0:0:0:0:0:0:2001"];
+ aliases = [
+ "mu.r"
+ "mu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
+ g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
+ XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
+ o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
+ QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
+ FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
nomic = {
cores = 2;
dc = "tv"; #dc = "gg23";
From 29746aec06b7d42d3c87245f6f14f048234251e4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 18:54:01 +0100
Subject: [PATCH 42/82] krebs.{backup.plans,hosts,users}.*.name: add default
value
---
krebs/3modules/backup.nix | 3 ++-
krebs/3modules/lass/default.nix | 4 ++--
krebs/3modules/makefu/default.nix | 4 ++--
krebs/3modules/mv/default.nix | 4 ++--
krebs/3modules/shared/default.nix | 4 ++--
krebs/3modules/tv/default.nix | 4 ++--
krebs/4lib/types.nix | 6 ++++--
makefu/2configs/backup.nix | 2 +-
tv/2configs/backup.nix | 2 +-
9 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index a1f335905..17d8a3c98 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -12,7 +12,7 @@ let
enable = mkEnableOption "krebs.backup" // { default = true; };
plans = mkOption {
default = {};
- type = types.attrsOf (types.submodule ({
+ type = types.attrsOf (types.submodule ({ config, ... }: {
# TODO enable = mkEnableOption "TODO" // { default = true; };
options = {
method = mkOption {
@@ -20,6 +20,7 @@ let
};
name = mkOption {
type = types.str;
+ default = config._module.args.name;
};
src = mkOption {
type = types.krebs.file-location;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 26b0947bb..c880ea788 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -3,7 +3,7 @@
with lib;
{
- hosts = addNames {
+ hosts = {
echelon = {
cores = 2;
dc = "lass"; #dc = "cac";
@@ -214,7 +214,7 @@ with lib;
};
};
- users = addNames {
+ users = {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
mail = "lass@mors.retiolum";
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 38e773b53..693a954ab 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -3,7 +3,7 @@
with lib;
{
- hosts = addNames {
+ hosts = {
pnp = {
cores = 1;
dc = "makefu"; #vm on 'omo'
@@ -364,7 +364,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
};
- users = addNames rec {
+ users = rec {
makefu = {
mail = "makefu@pornocauster.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
index 6da2abc85..70417157f 100644
--- a/krebs/3modules/mv/default.nix
+++ b/krebs/3modules/mv/default.nix
@@ -3,7 +3,7 @@
with lib;
{
- hosts = addNames {
+ hosts = {
stro = {
cores = 4;
dc = "mv";
@@ -31,7 +31,7 @@ with lib;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
};
};
- users = addNames {
+ users = {
mv_stro = {
mail = "mv@stro.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro";
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 91d92857b..52aa4de41 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -32,7 +32,7 @@ let
};
});
in {
- hosts = addNames {
+ hosts = {
wolf = {
dc = "shack";
nets = {
@@ -68,7 +68,7 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
};
} // testHosts;
- users = addNames {
+ users = {
shared = {
mail = "spam@krebsco.de";
pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 9adb0ce11..ca07acd17 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -6,7 +6,7 @@ with lib;
dns.providers = {
de.viljetic = "regfish";
};
- hosts = addNames {
+ hosts = {
cd = rec {
cores = 2;
dc = "tv"; #dc = "cac";
@@ -351,7 +351,7 @@ with lib;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
- users = addNames rec {
+ users = rec {
mv = {
mail = "mv@cd.retiolum";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 6c396a132..2907a413a 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -10,6 +10,7 @@ types // rec {
options = {
name = mkOption {
type = label;
+ default = config._module.args.name;
};
dc = mkOption {
type = label;
@@ -155,19 +156,20 @@ types // rec {
merge = mergeOneOption;
};
- user = submodule {
+ user = submodule ({ config, ... }: {
options = {
mail = mkOption {
type = str; # TODO retiolum mail address
};
name = mkOption {
type = str; # TODO
+ default = config._module.args.name;
};
pubkey = mkOption {
type = str;
};
};
- };
+ });
# TODO
addr = str;
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
index ed6d1f4a7..936f31c1c 100644
--- a/makefu/2configs/backup.nix
+++ b/makefu/2configs/backup.nix
@@ -24,7 +24,7 @@ let
};
};
in {
- krebs.backup.plans = addNames {
+ krebs.backup.plans = {
wry-to-omo_var-www = defaultPull wry "/var/www";
};
}
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index ce937a744..f4d368557 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -1,7 +1,7 @@
{ config, lib, ... }:
with lib;
{
- krebs.backup.plans = addNames {
+ krebs.backup.plans = {
wu-home-xu = {
method = "push";
src = { host = config.krebs.hosts.wu; path = "/home"; };
From 57d8a9ed20ab3150bd98b2437e3a966cda5c670f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:26:51 +0100
Subject: [PATCH 43/82] l 1 mors: pkgs.cac -> pkgs.cac-api
---
lass/1systems/mors.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index d0aae6dbb..ebce93957 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -226,7 +226,7 @@
};
environment.systemPackages = with pkgs; [
- cac
+ cac-api
sshpass
get
teamspeak_client
From f73feaccd7a28d06d1d62d08795574b232f0c8b9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:28:07 +0100
Subject: [PATCH 44/82] l 2 base: krebs.source adapt to api change
---
lass/2configs/base.nix | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 5505da67f..6dceace18 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -48,21 +48,21 @@ with lib;
exim-retiolum.enable = true;
build = {
user = config.krebs.users.lass;
- source = {
- git.nixpkgs = {
+ source = mapAttrs (_: mkDefault) ({
+ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
+ nixpkgs = symlink:stockholm/nixpkgs;
+ secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
+ #secrets-common = "/home/lass/secrets/common";
+ stockholm = "/home/lass/stockholm";
+ stockholm-user = "symlink:stockholm/lass";
+ upstream-nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
- target-path = "/var/src/nixpkgs";
+ dev = "/home/lass/src/nixpkgs";
};
- dir.secrets = {
- host = config.krebs.hosts.mors;
- path = "/home/lass/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- host = config.krebs.hosts.mors;
- path = "/home/lass/stockholm";
- };
- };
+ } // optionalAttrs config.krebs.build.host.secure {
+ #secrets-master = "/home/lass/secrets/master";
+ });
};
};
From d98a8c0be822655da317e101e26f2063a20b910c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:28:56 +0100
Subject: [PATCH 45/82] l 2 base: require pkgs.proot for stockholm
---
lass/2configs/base.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 6dceace18..7212698bb 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -91,6 +91,7 @@ with lib;
git
jq
parallel
+ proot
#style
most
From 3dacf4626f12c32a100ee032a14ad72f98fe6a70 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:29:21 +0100
Subject: [PATCH 46/82] l 2 browsers: don't import per-user.nix
---
lass/2configs/browsers.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index d36801863..61016fed0 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -54,8 +54,6 @@ in {
];
imports = [
- ../3modules/per-user.nix
- ] ++ [
( createFirefoxUser "ff" [ "audio" ] [ ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
From 5856d240888e89dbed141087c9580026f52dff59 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 6 Feb 2016 19:32:34 +0100
Subject: [PATCH 47/82] l 2 xserver: add pulseaudio to xserver deps
---
lass/2configs/xserver/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index d351fcf19..c407bb59e 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -95,6 +95,7 @@ let
set -efu
export PATH; PATH=${makeSearchPath "bin" [
pkgs.alsaUtils
+ pkgs.pulseaudioLight
pkgs.rxvt_unicode
]}:/var/setuid-wrappers
settle() {(
From 30306159af3aac4f04db60f27637480bbecaaa1d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 19:37:14 +0100
Subject: [PATCH 48/82] add krebs.types.{filename,username}
---
krebs/4lib/types.nix | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 2907a413a..f91503794 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -162,7 +162,7 @@ types // rec {
type = str; # TODO retiolum mail address
};
name = mkOption {
- type = str; # TODO
+ type = username;
default = config._module.args.name;
};
pubkey = mkOption {
@@ -194,4 +194,20 @@ types // rec {
};
};
};
+
+ # POSIX.1‐2013, 3.278 Portable Filename Character Set
+ filename = mkOptionType {
+ name = "POSIX filename";
+ check = let
+ filename-chars = stringToCharacters
+ "-.0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ in s: all (flip elem filename-chars) (stringToCharacters s);
+ merge = mergeOneOption;
+ };
+
+ # POSIX.1-2013, 3.431 User Name
+ username = mkOptionType {
+ name = "POSIX username";
+ check = s: filename.check s && substring 0 1 s != "-";
+ };
}
From 221510db0cd2d9cb7c38d33a148086d9187be804 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 02:04:12 +0100
Subject: [PATCH 49/82] nixpkgs: relink
---
nixpkgs/default.nix | 2 +-
nixpkgs/lib | 2 +-
nixpkgs/pkgs | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
index 74e9d7633..6e5223c16 120000
--- a/nixpkgs/default.nix
+++ b/nixpkgs/default.nix
@@ -1 +1 @@
-../upstream-nixpkgs/default.nix
\ No newline at end of file
+../../upstream-nixpkgs/default.nix
\ No newline at end of file
diff --git a/nixpkgs/lib b/nixpkgs/lib
index 2284ef489..7b13c8069 120000
--- a/nixpkgs/lib
+++ b/nixpkgs/lib
@@ -1 +1 @@
-../upstream-nixpkgs/lib
\ No newline at end of file
+../../upstream-nixpkgs/lib
\ No newline at end of file
diff --git a/nixpkgs/pkgs b/nixpkgs/pkgs
index ce5f5448b..983384943 120000
--- a/nixpkgs/pkgs
+++ b/nixpkgs/pkgs
@@ -1 +1 @@
-../upstream-nixpkgs/pkgs
\ No newline at end of file
+../../upstream-nixpkgs/pkgs
\ No newline at end of file
From 02c1f8d2703aa03e41adcd5aec0d3ec402bbb367 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 03:09:14 +0100
Subject: [PATCH 50/82] tv: accept internet echo requests
---
tv/2configs/default.nix | 1 +
tv/3modules/iptables.nix | 27 +++++++++++++++------------
2 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 57c4620c4..52d85f856 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -165,6 +165,7 @@ with lib;
{
tv.iptables.enable = true;
+ tv.iptables.accept-echo-request = "internet";
}
{
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index cbf49f577..9d5b5d075 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -13,6 +13,11 @@ let
api = {
enable = mkEnableOption "tv.iptables";
+ accept-echo-request = mkOption {
+ type = with types; nullOr (enum ["internet" "retiolum"]);
+ default = "retiolum";
+ };
+
input-internet-accept-new-tcp = mkOption {
type = with types; listOf (either int str);
default = [];
@@ -49,10 +54,14 @@ let
};
- accept-new-tcp = port:
- "-p tcp -m tcp --dport ${port} -m conntrack --ctstate NEW -j ACCEPT";
-
- rules = iptables-version:
+ rules = iptables-version: let
+ accept-echo-request = {
+ ip4tables = "-p icmp -m icmp --icmp-type echo-request -j ACCEPT";
+ ip6tables = "-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT";
+ }."ip${toString iptables-version}tables";
+ accept-new-tcp = port:
+ "-p tcp -m tcp --dport ${port} -m conntrack --ctstate NEW -j ACCEPT";
+ in
pkgs.writeText "tv-iptables-rules${toString iptables-version}" ''
*nat
:PREROUTING ACCEPT [0:0]
@@ -76,18 +85,12 @@ let
"-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
"-i lo -j ACCEPT"
]
+ ++ optional (cfg.accept-echo-request == "internet") accept-echo-request
++ map accept-new-tcp (unique (map toString cfg.input-internet-accept-new-tcp))
++ ["-i retiolum -j Retiolum"]
)}
${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([]
- ++ {
- ip4tables = [
- "-p icmp -m icmp --icmp-type echo-request -j ACCEPT"
- ];
- ip6tables = [
- "-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT"
- ];
- }."ip${toString iptables-version}tables"
+ ++ optional (cfg.accept-echo-request == "retiolum") accept-echo-request
++ map accept-new-tcp (unique (map toString cfg.input-retiolum-accept-new-tcp))
++ {
ip4tables = [
From 52fd80748d95b522561a477a1869d6923516f633 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 05:08:32 +0100
Subject: [PATCH 51/82] krebs.types.{hostname,label}: check RFC952
---
krebs/4lib/types.nix | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index f91503794..52eb764ef 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -175,8 +175,6 @@ types // rec {
addr = str;
addr4 = str;
addr6 = str;
- hostname = str;
- label = str;
krebs.file-location = types.submodule {
options = {
@@ -195,6 +193,22 @@ types // rec {
};
};
+ # RFC952, B. Lexical grammar, <hname>
+ hostname = mkOptionType {
+ name = "hostname";
+ check = x: all label.check (splitString "." x);
+ merge = mergeOneOption;
+ };
+
+ # RFC952, B. Lexical grammar, <name>
+ # RFC1123, 2.1 Host Names and Numbers
+ label = mkOptionType {
+ name = "label";
+ # TODO case-insensitive labels
+ check = x: match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null;
+ merge = mergeOneOption;
+ };
+
# POSIX.1‐2013, 3.278 Portable Filename Character Set
filename = mkOptionType {
name = "POSIX filename";
From 01dbc54c3207b44e4adaaae92fffc8a34bda6f18 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 05:09:56 +0100
Subject: [PATCH 52/82] krebs.backup: determine fastest address
---
krebs/3modules/backup.nix | 43 ++++++++++++++++++++++++++++++---------
1 file changed, 33 insertions(+), 10 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 17d8a3c98..0f85b4879 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -145,9 +145,11 @@ let
set -efu
identity=${shell.escape plan.src.host.ssh.privkey.path}
src=${shell.escape plan.src.path}
- dst_target=${shell.escape "root@${getFQDN plan.dst.host}"}
+ dst_user=root
+ dst_host=$(${fastest-address plan.dst.host})
+ dst_port=$(${network-ssh-port plan.dst.host "$dst_host"})
dst_path=${shell.escape plan.dst.path}
- dst=$dst_target:$dst_path
+ dst=$dst_user@$dst_host:$dst_path
# Export NOW so runtime of rsync doesn't influence snapshot naming.
export NOW
@@ -156,7 +158,7 @@ let
echo >&2 "update snapshot: current; $src -> $dst"
rsync >&2 \
-aAXF --delete \
- -e "ssh -F /dev/null -i $identity" \
+ -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \
--rsync-path ${shell.escape
"mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \
--link-dest="$dst_path/current" \
@@ -165,10 +167,10 @@ let
exec ssh -F /dev/null \
-i "$identity" \
- "$dst_target" \
+ ''${dst_port:+-p $dst_port} \
+ "$dst_user@$dst_host" \
-T \
env NOW="$NOW" /bin/sh < ${remote-snapshot}
- EOF
'';
remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" ''
@@ -205,7 +207,11 @@ let
# TODO check if there is a previous
set -efu
identity=${shell.escape plan.dst.host.ssh.privkey.path}
- src=${shell.escape "root@${getFQDN plan.src.host}:${plan.src.path}"}
+ src_user=root
+ src_host=$(${fastest-address plan.src.host})
+ src_port=$(${network-ssh-port plan.src.host "$src_host"})
+ src_path=${shell.escape plan.src.path}
+ src=$src_user@$src_host:$src_path
dst=${shell.escape plan.dst.path}
# Export NOW so runtime of rsync doesn't influence snapshot naming.
@@ -216,7 +222,7 @@ let
mkdir -m 0700 -p ${shell.escape plan.dst.path}
rsync >&2 \
-aAXF --delete \
- -e "ssh -F /dev/null -i $identity" \
+ -e "ssh -F /dev/null -i $identity ''${src_port:+-p $src_port}" \
--link-dest="$dst/current" \
"$src/" \
"$dst/.partial"
@@ -274,9 +280,6 @@ let
plan.snapshots)}
'';
- # TODO getFQDN: admit hosts in other domains
- getFQDN = host: "${host.name}.${config.krebs.search-domain}";
-
writeDash = name: text: pkgs.writeScript name ''
#! ${pkgs.dash}/bin/dash
${text}
@@ -292,6 +295,26 @@ let
'';
};
+ # XXX Is one ping enough to determine fastest address?
+ # Note that we're using net.addrs4 instead of net.aliases because we define
+ # ports only for addresses. See krebs/3modules/default.nix
+ fastest-address = host: ''
+ { ${pkgs.fping}/bin/fping </dev/null -a \
+ ${concatMapStringsSep " " shell.escape
+ (mapAttrsToList (_: net: head net.addrs4) host.nets)} \
+ | ${pkgs.coreutils}/bin/head -1; }
+ '';
+
+ # Note that we don't escape word on purpose, so we deref shell vars.
+ # TODO type word
+ network-ssh-port = host: word: ''
+ case ${word} in
+ ${concatStringsSep ";;\n" (mapAttrsToList
+ (_: net: "(${head net.addrs4}) echo ${toString net.ssh.port}")
+ host.nets)};;
+ esac
+ '';
+
in out
# TODO ionice
# TODO mail on failed push, pull
From f68c977a20daa4d2e62f76e1f58a26188ef84b64 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 05:14:37 +0100
Subject: [PATCH 53/82] tv: define config.krebs.hosts.*.nets.gg23.ssh.port
---
krebs/3modules/tv/default.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index ca07acd17..b9a6c5163 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -198,6 +198,7 @@ with lib;
gg23 = {
addrs4 = ["10.23.1.110"];
aliases = ["nomic.gg23"];
+ ssh.port = 11423;
};
retiolum = {
addrs4 = ["10.243.0.110"];
@@ -292,6 +293,7 @@ with lib;
gg23 = {
addrs4 = ["10.23.1.37"];
aliases = ["wu.gg23"];
+ ssh.port = 11423;
};
retiolum = {
addrs4 = ["10.243.13.37"];
@@ -326,6 +328,7 @@ with lib;
gg23 = {
addrs4 = ["10.23.1.38"];
aliases = ["xu.gg23"];
+ ssh.port = 11423;
};
retiolum = {
addrs4 = ["10.243.13.38"];
From 949f466cf78ba2e76002012715172e5d5d394006 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 05:17:07 +0100
Subject: [PATCH 54/82] tv: s/_/-/g in usernames
---
krebs/3modules/mv/default.nix | 2 +-
krebs/3modules/tv/default.nix | 4 ++--
mv/2configs/git.nix | 2 +-
tv/2configs/git.nix | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
index 70417157f..7245c143d 100644
--- a/krebs/3modules/mv/default.nix
+++ b/krebs/3modules/mv/default.nix
@@ -32,7 +32,7 @@ with lib;
};
};
users = {
- mv_stro = {
+ mv-stro = {
mail = "mv@stro.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro";
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index b9a6c5163..b6d779981 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -363,11 +363,11 @@ with lib;
mail = "tv@wu.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
};
- tv_nomic = {
+ tv-nomic = {
inherit (tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
};
- tv_xu = {
+ tv-xu = {
inherit (tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
diff --git a/mv/2configs/git.nix b/mv/2configs/git.nix
index 991d0c410..c182d0d1e 100644
--- a/mv/2configs/git.nix
+++ b/mv/2configs/git.nix
@@ -45,7 +45,7 @@ let
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
optional repo.public {
- user = [ lass makefu uriel tv tv_xu ];
+ user = [ lass makefu uriel tv tv-xu ];
repo = [ repo ];
perm = fetch;
} ++
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index b8180085f..85fd72539 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -90,7 +90,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ tv tv_xu ];
+ user = [ tv tv-xu ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
From 02ad327081f2315b9ab15733319b167f64180a0d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 05:32:03 +0100
Subject: [PATCH 55/82] krebs.backup writeDash* -> pkgs
---
krebs/3modules/backup.nix | 35 ++++++++++-------------------------
krebs/5pkgs/default.nix | 15 +++++++++++++++
2 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 0f85b4879..ae766fa9d 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -128,11 +128,11 @@ let
};
push = plan: let
- # We use writeDashBin and return the absolute path so systemd will produce
- # nice names in the log, i.e. without the Nix store hash.
+ # We use pkgs.writeDashBin and return the absolute path so systemd will
+ # produce nice names in the log, i.e. without the Nix store hash.
out = "${main}/bin/${main.name}";
- main = writeDashBin "backup.${plan.name}.push" ''
+ main = pkgs.writeDashBin "backup.${plan.name}.push" ''
set -efu
dst=${shell.escape plan.dst.path}
@@ -140,7 +140,7 @@ let
exec flock -n "$dst" ${critical-section}
'';
- critical-section = writeDash "backup.${plan.name}.push.critical-section" ''
+ critical-section = pkgs.writeDash "backup.${plan.name}.push.critical-section" ''
# TODO check if there is a previous
set -efu
identity=${shell.escape plan.src.host.ssh.privkey.path}
@@ -173,7 +173,7 @@ let
env NOW="$NOW" /bin/sh < ${remote-snapshot}
'';
- remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" ''
+ remote-snapshot = pkgs.writeDash "backup.${plan.name}.push.remote-snapshot" ''
set -efu
dst=${shell.escape plan.dst.path}
@@ -191,11 +191,11 @@ let
# TODO admit plan.dst.user and its ssh identity
pull = plan: let
- # We use writeDashBin and return the absolute path so systemd will produce
- # nice names in the log, i.e. without the Nix store hash.
+ # We use pkgs.writeDashBin and return the absolute path so systemd will
+ # produce nice names in the log, i.e. without the Nix store hash.
out = "${main}/bin/${main.name}";
- main = writeDashBin "backup.${plan.name}.pull" ''
+ main = pkgs.writeDashBin "backup.${plan.name}.pull" ''
set -efu
dst=${shell.escape plan.dst.path}
@@ -203,7 +203,7 @@ let
exec flock -n "$dst" ${critical-section}
'';
- critical-section = writeDash "backup.${plan.name}.pull.critical-section" ''
+ critical-section = pkgs.writeDash "backup.${plan.name}.pull.critical-section" ''
# TODO check if there is a previous
set -efu
identity=${shell.escape plan.dst.host.ssh.privkey.path}
@@ -235,7 +235,7 @@ let
'';
in out;
- take-snapshots = plan: writeDash "backup.${plan.name}.take-snapshots" ''
+ take-snapshots = plan: pkgs.writeDash "backup.${plan.name}.take-snapshots" ''
set -efu
NOW=''${NOW-$(date +%s)}
dst=${shell.escape plan.dst.path}
@@ -280,21 +280,6 @@ let
plan.snapshots)}
'';
- writeDash = name: text: pkgs.writeScript name ''
- #! ${pkgs.dash}/bin/dash
- ${text}
- '';
-
- writeDashBin = name: text: pkgs.writeTextFile {
- executable = true;
- destination = "/bin/${name}";
- name = name;
- text = ''
- #! ${pkgs.dash}/bin/dash
- ${text}
- '';
- };
-
# XXX Is one ping enough to determine fastest address?
# Note that we're using net.addrs4 instead of net.aliases because we define
# ports only for addresses. See krebs/3modules/default.nix
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index c4b1dafe4..a0ccdcf49 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -61,6 +61,21 @@ subdirs // rec {
strip --strip-unneeded "$exe"
'';
+ writeDash = name: text: pkgs.writeScript name ''
+ #! ${pkgs.dash}/bin/dash
+ ${text}
+ '';
+
+ writeDashBin = name: text: pkgs.writeTextFile {
+ executable = true;
+ destination = "/bin/${name}";
+ name = name;
+ text = ''
+ #! ${pkgs.dash}/bin/dash
+ ${text}
+ '';
+ };
+
writeNixFromCabal = name: path: pkgs.runCommand name {} ''
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'';
From 076f93bc02897b01e3ed997fb2f9a543eb6547c9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 05:38:27 +0100
Subject: [PATCH 56/82] mu: 10.243.20.01 -> 10.243.20.1
---
krebs/3modules/tv/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index b6d779981..abcc67933 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -172,7 +172,7 @@ with lib;
mu = {
nets = {
retiolum = {
- addrs4 = ["10.243.20.01"];
+ addrs4 = ["10.243.20.1"];
addrs6 = ["42:0:0:0:0:0:0:2001"];
aliases = [
"mu.r"
From b746dd09361b0cfb14abd3995afe10536c8fcad8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 06:22:56 +0100
Subject: [PATCH 57/82] krebs.backup: ensure link dest exists
---
krebs/3modules/backup.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index ae766fa9d..d50628073 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -160,7 +160,7 @@ let
-aAXF --delete \
-e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \
--rsync-path ${shell.escape
- "mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \
+ "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current && rsync"} \
--link-dest="$dst_path/current" \
"$src/" \
"$dst/.partial"
From f1ebd4e4e1bdc76bfca894ace336064b81cc98a1 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 06:43:26 +0100
Subject: [PATCH 58/82] krebs knownHosts: add-port everywhere
---
krebs/3modules/default.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 529506905..e11d40a05 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -179,7 +179,6 @@ let
(mapAttrsToList
(net-name: net:
let
- aliases = shorts ++ longs;
longs = net.aliases;
shorts =
map (removeSuffix ".${cfg.search-domain}")
@@ -190,7 +189,7 @@ let
then "[${a}]:${toString net.ssh.port}"
else a;
in
- aliases ++ map add-port net.addrs)
+ map add-port (shorts ++ longs ++ net.addrs))
host.nets);
publicKey = host.ssh.pubkey;
From b819d6c452605af66282c14e25907793a4b77c65 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 07:47:29 +0100
Subject: [PATCH 59/82] tv vim: add file-line plugin
---
tv/2configs/vim.nix | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 23f90af05..9f702cd4d 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -13,9 +13,21 @@ let
environment.variables.VIMINIT = ":so /etc/vimrc";
};
- extra-runtimepath = concatStringsSep "," [
- "${pkgs.vimPlugins.undotree}/share/vim-plugins/undotree"
- ];
+ extra-runtimepath = let
+ inherit (pkgs.vimUtils) buildVimPlugin rtpPath;
+ fromVimPlugins = pkgs: concatStringsSep ","
+ (mapAttrsToList (name: pkg: "${pkg}/${rtpPath}/${name}") pkgs);
+ in fromVimPlugins {
+ inherit (pkgs.vimPlugins) undotree;
+ file-line = buildVimPlugin {
+ name = "file-line-1.0";
+ src = pkgs.fetchgit {
+ url = git://github.com/bogado/file-line;
+ rev = "refs/tags/1.0";
+ sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
+ };
+ };
+ };
dirs = {
backupdir = "$HOME/.cache/vim/backup";
From 698296eb8c986127e0fb195a51b3adf3f31eeedf Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 07:50:17 +0100
Subject: [PATCH 60/82] tv vim: restore original umask
---
tv/2configs/vim.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 9f702cd4d..8a6299a39 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -47,9 +47,10 @@ let
vim = pkgs.writeScriptBin "vim" ''
#! ${pkgs.dash}/bin/dash
set -f
+ umask=$(umask)
umask 0077
${concatStringsSep "\n" (map (x: "mkdir -p ${x}") mkdirs)}
- umask 0022
+ umask "$umask"
exec ${pkgs.vim}/bin/vim "$@"
'';
From ee5a1ddffe51117862f7e2669f3939dd165d5686 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 08:09:07 +0100
Subject: [PATCH 61/82] tv vim: simplify wrapper
---
tv/2configs/vim.nix | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 8a6299a39..69a880dab 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -44,13 +44,9 @@ let
alldirs = attrValues dirs ++ map dirOf (attrValues files);
in unique (sort lessThan alldirs);
- vim = pkgs.writeScriptBin "vim" ''
- #! ${pkgs.dash}/bin/dash
- set -f
- umask=$(umask)
- umask 0077
- ${concatStringsSep "\n" (map (x: "mkdir -p ${x}") mkdirs)}
- umask "$umask"
+ vim = pkgs.writeDashBin "vim" ''
+ set -efu
+ (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs})
exec ${pkgs.vim}/bin/vim "$@"
'';
From 4c40eba8161d4afaa85984737c6f03adf861be7a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 15:58:49 +0100
Subject: [PATCH 62/82] krebs: add localhost to knownHosts
---
krebs/3modules/default.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e11d40a05..e4e5642ce 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -155,7 +155,16 @@ let
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
+ # TODO use imports for merging
services.openssh.knownHosts =
+ (let inherit (config.krebs.build.host.ssh) pubkey; in
+ optionalAttrs (pubkey != null) {
+ localhost = {
+ hostNames = ["localhost" "127.0.0.1" "::1"];
+ publicKey = pubkey;
+ };
+ })
+ //
# GitHub's IPv4 address range is 192.30.252.0/22
# Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
From 00525dc0ef2b73e6d883eb6e7358a616b8c15b69 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 16:08:07 +0100
Subject: [PATCH 63/82] krebs.backup.plans.*.startAt: null disables timer
---
krebs/3modules/backup.nix | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index d50628073..881e126f6 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -30,7 +30,7 @@ let
};
startAt = mkOption {
default = "hourly";
- type = types.str; # TODO systemd.time(7)'s calendar event
+ type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
};
snapshots = mkOption {
default = {
@@ -115,7 +115,8 @@ let
ExecStart = push plan;
Type = "oneshot";
};
- startAt = plan.startAt;
+ } // optionalAttrs (plan.startAt != null) {
+ inherit (plan) startAt;
};
makePullService = plan: assert isPullDst plan; {
@@ -124,7 +125,8 @@ let
ExecStart = pull plan;
Type = "oneshot";
};
- startAt = plan.startAt;
+ } // optionalAttrs (plan.startAt != null) {
+ inherit (plan) startAt;
};
push = plan: let
From d01c6f9dbcd2d1d7ccccff5fc8c41ffb53d04a42 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 16:09:46 +0100
Subject: [PATCH 64/82] krebs.backup: don't append .{pull,push} to service name
---
krebs/3modules/backup.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 881e126f6..935370d9c 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -72,12 +72,12 @@ let
;
systemd.services =
flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: {
- name = "backup.${name}.pull";
+ name = "backup.${name}";
value = makePullService plan;
})
//
flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: {
- name = "backup.${name}.push";
+ name = "backup.${name}";
value = makePushService plan;
})
;
From 071194c3946b325103311f5c6528fba30580f125 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 16:21:58 +0100
Subject: [PATCH 65/82] krebs.backup: DRY up push and pull
---
krebs/3modules/backup.nix | 335 ++++++++++++++------------------------
1 file changed, 126 insertions(+), 209 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 935370d9c..fa5b0cfd2 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -58,228 +58,145 @@ let
};
imp = {
- users.groups.backup.gid = genid "backup";
- users.users = {}
- // {
- root.openssh.authorizedKeys.keys =
- map (plan: plan.dst.host.ssh.pubkey)
- (filter isPullSrc (attrValues cfg.plans))
- ++
- map (plan: plan.src.host.ssh.pubkey)
- (filter isPushDst (attrValues cfg.plans))
- ;
- }
- ;
systemd.services =
- flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: {
- name = "backup.${name}";
- value = makePullService plan;
- })
- //
- flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: {
- name = "backup.${name}";
- value = makePushService plan;
- })
- ;
+ listToAttrs (map (plan: nameValuePair "backup.${plan.name}" {
+ # TODO if there is plan.user, then use its privkey
+ # TODO push destination users need a similar path
+ path = with pkgs; [
+ coreutils
+ gnused
+ openssh
+ rsync
+ utillinux
+ ];
+ serviceConfig = rec {
+ ExecStart = start plan;
+ SyslogIdentifier = ExecStart.name;
+ Type = "oneshot";
+ };
+ } // optionalAttrs (plan.startAt != null) {
+ inherit (plan) startAt;
+ }) (filter (plan: build-host-is "pull" "dst" plan ||
+ build-host-is "push" "src" plan)
+ (attrValues cfg.plans)));
+
+ users.groups.backup.gid = genid "backup";
+ users.users.root.openssh.authorizedKeys.keys =
+ map (plan: getAttr plan.method {
+ push = plan.src.host.ssh.pubkey;
+ pull = plan.dst.host.ssh.pubkey;
+ }) (filter (plan: build-host-is "pull" "src" plan ||
+ build-host-is "push" "dst" plan)
+ (attrValues cfg.plans));
};
- isPushSrc = plan:
- plan.method == "push" &&
- plan.src.host.name == config.krebs.build.host.name;
+ build-host-is = method: side: plan:
+ plan.method == method &&
+ config.krebs.build.host.name == plan.${side}.host.name;
- isPullSrc = plan:
- plan.method == "pull" &&
- plan.src.host.name == config.krebs.build.host.name;
-
- isPushDst = plan:
- plan.method == "push" &&
- plan.dst.host.name == config.krebs.build.host.name;
-
- isPullDst = plan:
- plan.method == "pull" &&
- plan.dst.host.name == config.krebs.build.host.name;
-
- # TODO push destination needs this in the dst.user's PATH
- service-path = [
- pkgs.coreutils
- pkgs.gnused
- pkgs.openssh
- pkgs.rsync
- pkgs.utillinux
- ];
-
- # TODO if there is plan.user, then use its privkey
- makePushService = plan: assert isPushSrc plan; {
- path = service-path;
- serviceConfig = {
- ExecStart = push plan;
- Type = "oneshot";
- };
- } // optionalAttrs (plan.startAt != null) {
- inherit (plan) startAt;
- };
-
- makePullService = plan: assert isPullDst plan; {
- path = service-path;
- serviceConfig = {
- ExecStart = pull plan;
- Type = "oneshot";
- };
- } // optionalAttrs (plan.startAt != null) {
- inherit (plan) startAt;
- };
-
- push = plan: let
- # We use pkgs.writeDashBin and return the absolute path so systemd will
- # produce nice names in the log, i.e. without the Nix store hash.
- out = "${main}/bin/${main.name}";
-
- main = pkgs.writeDashBin "backup.${plan.name}.push" ''
+ start = plan: pkgs.writeDash "backup.${plan.name}" ''
+ set -efu
+ ${getAttr plan.method {
+ push = ''
+ identity=${shell.escape plan.src.host.ssh.privkey.path}
+ src_path=${shell.escape plan.src.path}
+ src=$src_path
+ dst_user=root
+ dst_host=$(${fastest-address plan.dst.host})
+ dst_port=$(${network-ssh-port plan.dst.host "$dst_host"})
+ dst_path=${shell.escape plan.dst.path}
+ dst=$dst_user@$dst_host:$dst_path
+ echo "update snapshot: current; $src -> $dst" >&2
+ dst_shell() {
+ exec ssh -F /dev/null \
+ -i "$identity" \
+ ''${dst_port:+-p $dst_port} \
+ "$dst_user@$dst_host" \
+ -T "$with_dst_path_lock_script"
+ }
+ '';
+ pull = ''
+ identity=${shell.escape plan.dst.host.ssh.privkey.path}
+ src_user=root
+ src_host=$(${fastest-address plan.src.host})
+ src_port=$(${network-ssh-port plan.src.host "$src_host"})
+ src_path=${shell.escape plan.src.path}
+ src=$src_user@$src_host:$src_path
+ dst_path=${shell.escape plan.dst.path}
+ dst=$dst_path
+ echo "update snapshot: current; $dst <- $src" >&2
+ dst_shell() {
+ eval "$with_dst_path_lock_script"
+ }
+ '';
+ }}
+ # Note that this only works because we trust date +%s to produce output
+ # that doesn't need quoting when used to generate a command string.
+ # TODO relax this requirement by selectively allowing to inject variables
+ # e.g.: ''${shell.quote "exec env NOW=''${shell.unquote "$NOW"} ..."}
+ with_dst_path_lock_script="exec env start_date=$(date +%s) "${shell.escape
+ "flock -n ${shell.escape plan.dst.path} /bin/sh"
+ }
+ rsync >&2 \
+ -aAXF --delete \
+ -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \
+ --rsync-path ${shell.escape (concatStringsSep " && " [
+ "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
+ "exec flock -n ${shell.escape plan.dst.path} rsync"
+ ])} \
+ --link-dest="$dst_path/current" \
+ "$src/" \
+ "$dst/.partial"
+ dst_shell < ${toFile "backup.${plan.name}.take-snapshots" ''
set -efu
+ : $start_date
+
dst=${shell.escape plan.dst.path}
- mkdir -m 0700 -p "$dst"
- exec flock -n "$dst" ${critical-section}
- '';
-
- critical-section = pkgs.writeDash "backup.${plan.name}.push.critical-section" ''
- # TODO check if there is a previous
- set -efu
- identity=${shell.escape plan.src.host.ssh.privkey.path}
- src=${shell.escape plan.src.path}
- dst_user=root
- dst_host=$(${fastest-address plan.dst.host})
- dst_port=$(${network-ssh-port plan.dst.host "$dst_host"})
- dst_path=${shell.escape plan.dst.path}
- dst=$dst_user@$dst_host:$dst_path
-
- # Export NOW so runtime of rsync doesn't influence snapshot naming.
- export NOW
- NOW=$(date +%s)
-
- echo >&2 "update snapshot: current; $src -> $dst"
- rsync >&2 \
- -aAXF --delete \
- -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \
- --rsync-path ${shell.escape
- "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current && rsync"} \
- --link-dest="$dst_path/current" \
- "$src/" \
- "$dst/.partial"
-
- exec ssh -F /dev/null \
- -i "$identity" \
- ''${dst_port:+-p $dst_port} \
- "$dst_user@$dst_host" \
- -T \
- env NOW="$NOW" /bin/sh < ${remote-snapshot}
- '';
-
- remote-snapshot = pkgs.writeDash "backup.${plan.name}.push.remote-snapshot" ''
- set -efu
- dst=${shell.escape plan.dst.path}
-
- if test -e "$dst/current"; then
- mv "$dst/current" "$dst/.previous"
- fi
- mv "$dst/.partial" "$dst/current"
- rm -fR "$dst/.previous"
- echo >&2
-
- (${(take-snapshots plan).text})
- '';
-
- in out;
-
- # TODO admit plan.dst.user and its ssh identity
- pull = plan: let
- # We use pkgs.writeDashBin and return the absolute path so systemd will
- # produce nice names in the log, i.e. without the Nix store hash.
- out = "${main}/bin/${main.name}";
-
- main = pkgs.writeDashBin "backup.${plan.name}.pull" ''
- set -efu
- dst=${shell.escape plan.dst.path}
-
- mkdir -m 0700 -p "$dst"
- exec flock -n "$dst" ${critical-section}
- '';
-
- critical-section = pkgs.writeDash "backup.${plan.name}.pull.critical-section" ''
- # TODO check if there is a previous
- set -efu
- identity=${shell.escape plan.dst.host.ssh.privkey.path}
- src_user=root
- src_host=$(${fastest-address plan.src.host})
- src_port=$(${network-ssh-port plan.src.host "$src_host"})
- src_path=${shell.escape plan.src.path}
- src=$src_user@$src_host:$src_path
- dst=${shell.escape plan.dst.path}
-
- # Export NOW so runtime of rsync doesn't influence snapshot naming.
- export NOW
- NOW=$(date +%s)
-
- echo >&2 "update snapshot: current; $dst <- $src"
- mkdir -m 0700 -p ${shell.escape plan.dst.path}
- rsync >&2 \
- -aAXF --delete \
- -e "ssh -F /dev/null -i $identity ''${src_port:+-p $src_port}" \
- --link-dest="$dst/current" \
- "$src/" \
- "$dst/.partial"
mv "$dst/current" "$dst/.previous"
mv "$dst/.partial" "$dst/current"
rm -fR "$dst/.previous"
echo >&2
- exec ${take-snapshots plan}
- '';
- in out;
+ snapshot() {(
+ : $ns $format $retain
+ name=$(date --date="@$start_date" +"$format")
+ if ! test -e "$dst/$ns/$name"; then
+ echo >&2 "create snapshot: $ns/$name"
+ mkdir -m 0700 -p "$dst/$ns"
+ rsync >&2 \
+ -aAXF --delete \
+ --link-dest="$dst/current" \
+ "$dst/current/" \
+ "$dst/$ns/.partial.$name"
+ mv "$dst/$ns/.partial.$name" "$dst/$ns/$name"
+ echo >&2
+ fi
+ case $retain in
+ ([0-9]*)
+ delete_from=$(($retain + 1))
+ ls -r "$dst/$ns" \
+ | sed -n "$delete_from,\$p" \
+ | while read old_name; do
+ echo >&2 "delete snapshot: $ns/$old_name"
+ rm -fR "$dst/$ns/$old_name"
+ done
+ ;;
+ (ALL)
+ :
+ ;;
+ esac
+ )}
- take-snapshots = plan: pkgs.writeDash "backup.${plan.name}.take-snapshots" ''
- set -efu
- NOW=''${NOW-$(date +%s)}
- dst=${shell.escape plan.dst.path}
-
- snapshot() {(
- : $ns $format $retain
- name=$(date --date="@$NOW" +"$format")
- if ! test -e "$dst/$ns/$name"; then
- echo >&2 "create snapshot: $ns/$name"
- mkdir -m 0700 -p "$dst/$ns"
- rsync >&2 \
- -aAXF --delete \
- --link-dest="$dst/current" \
- "$dst/current/" \
- "$dst/$ns/.partial.$name"
- mv "$dst/$ns/.partial.$name" "$dst/$ns/$name"
- echo >&2
- fi
- case $retain in
- ([0-9]*)
- delete_from=$(($retain + 1))
- ls -r "$dst/$ns" \
- | sed -n "$delete_from,\$p" \
- | while read old_name; do
- echo >&2 "delete snapshot: $ns/$old_name"
- rm -fR "$dst/$ns/$old_name"
- done
- ;;
- (ALL)
- :
- ;;
- esac
- )}
-
- ${concatStringsSep "\n" (mapAttrsToList (ns: { format, retain ? null, ... }:
- toString (map shell.escape [
- "ns=${ns}"
- "format=${format}"
- "retain=${if retain == null then "ALL" else toString retain}"
- "snapshot"
- ]))
- plan.snapshots)}
+ ${concatStringsSep "\n" (mapAttrsToList (ns: { format, retain, ... }:
+ toString (map shell.escape [
+ "ns=${ns}"
+ "format=${format}"
+ "retain=${if retain == null then "ALL" else toString retain}"
+ "snapshot"
+ ]))
+ plan.snapshots)}
+ ''}
'';
# XXX Is one ping enough to determine fastest address?
From 8a1ddc5e9b8012b141c3b5e997d44acb70e1f17f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 7 Feb 2016 23:48:34 +0100
Subject: [PATCH 66/82] krebs.backup.plans.*.enable.default = true
---
krebs/3modules/backup.nix | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index fa5b0cfd2..6e9e9813c 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -13,8 +13,10 @@ let
plans = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
- # TODO enable = mkEnableOption "TODO" // { default = true; };
options = {
+ enable = mkEnableOption "krebs.backup.${config.name}" // {
+ default = true;
+ };
method = mkOption {
type = types.enum ["pull" "push"];
};
@@ -78,7 +80,7 @@ let
inherit (plan) startAt;
}) (filter (plan: build-host-is "pull" "dst" plan ||
build-host-is "push" "src" plan)
- (attrValues cfg.plans)));
+ enabled-plans));
users.groups.backup.gid = genid "backup";
users.users.root.openssh.authorizedKeys.keys =
@@ -87,9 +89,11 @@ let
pull = plan.dst.host.ssh.pubkey;
}) (filter (plan: build-host-is "pull" "src" plan ||
build-host-is "push" "dst" plan)
- (attrValues cfg.plans));
+ enabled-plans);
};
+ enabled-plans = filter (getAttr "enable") (attrValues cfg.plans);
+
build-host-is = method: side: plan:
plan.method == method &&
config.krebs.build.host.name == plan.${side}.host.name;
From 5a10c4beb56d052b816682058becedf7b8eacaaa Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 00:25:35 +0100
Subject: [PATCH 67/82] =?UTF-8?q?tv=20backup:=20xu:/home=20=E2=86=92=20wu:?=
=?UTF-8?q?/bku/xu-home=20@=2006:00?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
tv/2configs/backup.nix | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix
index f4d368557..6c90709a8 100644
--- a/tv/2configs/backup.nix
+++ b/tv/2configs/backup.nix
@@ -14,5 +14,17 @@ with lib;
yearly = { format = "%Y"; };
};
};
+ xu-home-wu = {
+ method = "push";
+ src = { host = config.krebs.hosts.xu; path = "/home"; };
+ dst = { host = config.krebs.hosts.wu; path = "/bku/xu-home"; };
+ startAt = "06:00";
+ snapshots = {
+ daily = { format = "%Y-%m-%d"; retain = 7; };
+ weekly = { format = "%YW%W"; retain = 4; };
+ monthly = { format = "%Y-%m"; retain = 12; };
+ yearly = { format = "%Y"; };
+ };
+ };
};
}
From 14afbfef1251178b1599caaf9046c6aeeb97fb19 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 00:31:26 +0100
Subject: [PATCH 68/82] krebs.backup: use aliases instead of addrs4
---
krebs/3modules/backup.nix | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 6e9e9813c..86e2e72e2 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -204,12 +204,10 @@ let
'';
# XXX Is one ping enough to determine fastest address?
- # Note that we're using net.addrs4 instead of net.aliases because we define
- # ports only for addresses. See krebs/3modules/default.nix
fastest-address = host: ''
{ ${pkgs.fping}/bin/fping </dev/null -a \
${concatMapStringsSep " " shell.escape
- (mapAttrsToList (_: net: head net.addrs4) host.nets)} \
+ (mapAttrsToList (_: net: head net.aliases) host.nets)} \
| ${pkgs.coreutils}/bin/head -1; }
'';
@@ -218,7 +216,7 @@ let
network-ssh-port = host: word: ''
case ${word} in
${concatStringsSep ";;\n" (mapAttrsToList
- (_: net: "(${head net.addrs4}) echo ${toString net.ssh.port}")
+ (_: net: "(${head net.aliases}) echo ${toString net.ssh.port}")
host.nets)};;
esac
'';
From 2b8b92cf751831cfbfbf56745871b5242e29c26a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 00:43:24 +0100
Subject: [PATCH 69/82] posix-array: how could this ever work?
---
krebs/5pkgs/posix-array/default.nix | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/krebs/5pkgs/posix-array/default.nix b/krebs/5pkgs/posix-array/default.nix
index 456a3cc11..cfcdb29a7 100644
--- a/krebs/5pkgs/posix-array/default.nix
+++ b/krebs/5pkgs/posix-array/default.nix
@@ -1,7 +1,7 @@
-{ stdenv, fetchgit, ... }:
+{ fetchgit, lib, stdenv, ... }:
-with stdenv; stdenv.mkDerivation rec {
- name = "posix-array";
+stdenv.mkDerivation rec {
+ name = "posix-array-${version}";
version = "1.0.0";
src = fetchgit {
@@ -16,16 +16,15 @@ with stdenv; stdenv.mkDerivation rec {
];
installPhase = ''
- mkdir -p "$out/bin"
+ mkdir -p $out/bin
cp -a ./array $out/bin
- rm *
'';
meta = {
- description = "Posix-compliant array implementation";
+ description = "POSIX-compliant array implementation";
url = https://github.com/makefu/array;
- license = licenses.wtfpl;
- platforms = platforms.unix;
- maintainers = with maintainers; [ makefu ];
+ license = lib.licenses.wtfpl;
+ platforms = lib.platforms.unix;
+ maintainers = with lib.maintainers; [ makefu ];
};
}
From ec7dc8a5ace37cdf1005cabd5a8554f4dc73727e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 00:46:17 +0100
Subject: [PATCH 70/82] krebs pkgs: callPackages only subdirs with a defaut.nix
---
krebs/5pkgs/default.nix | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index a0ccdcf49..cf81a96c5 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -2,8 +2,9 @@
with lib;
let
- subdirs = mapAttrs (_: flip pkgs.callPackage {}) (subdirsOf ./.);
- pkgs' = pkgs // subdirs;
+ subdirs = mapAttrs (_: flip pkgs.callPackage {})
+ (filterAttrs (_: dir.has-default-nix)
+ (subdirsOf ./.));
in
subdirs // rec {
@@ -22,7 +23,7 @@ subdirs // rec {
(builtins.readDir ./haskell-overrides));
};
- push = pkgs'.callPackage ./push {
+ push = pkgs.callPackage ./push {
inherit (subdirs) get jq;
};
From d98578e3e190463a341a94f2cc778ef886f9252d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 01:07:03 +0100
Subject: [PATCH 71/82] rm krebs.build.target
---
krebs/3modules/build.nix | 8 --------
krebs/5pkgs/test/infest-cac-centos7/notes | 1 -
makefu/1systems/gum.nix | 1 -
makefu/1systems/vbob.nix | 1 -
mv/1systems/stro.nix | 2 --
shared/1systems/wolf.nix | 1 -
tv/1systems/cd.nix | 1 -
tv/1systems/mkdir.nix | 1 -
tv/1systems/rmdir.nix | 2 --
tv/2configs/default.nix | 1 -
10 files changed, 19 deletions(-)
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 0da5dd38a..3530fd595 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -3,8 +3,6 @@
with lib;
let
- target = config.krebs.build // { user.name = "root"; };
-
out = {
# TODO deprecate krebs.build.host
options.krebs.build.host = mkOption {
@@ -17,12 +15,6 @@ let
default = "/nix/var/nix/profiles/system";
};
- # TODO make krebs.build.target.host :: host
- options.krebs.build.target = mkOption {
- type = with types; nullOr str;
- default = null;
- };
-
# TODO deprecate krebs.build.user
options.krebs.build.user = mkOption {
type = types.user;
diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes
index b3beb392f..db80c0c6c 100755
--- a/krebs/5pkgs/test/infest-cac-centos7/notes
+++ b/krebs/5pkgs/test/infest-cac-centos7/notes
@@ -115,7 +115,6 @@ _: {
users.extraUsers.root.openssh.authorizedKeys.keys = [
"$(cat ${krebs_ssh}.pub)"
];
- krebs.build.target = "$ip";
}
EOF
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index c4dfbf4b7..fe800f251 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -26,7 +26,6 @@ in {
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
- krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
krebs.retiolum.extraConfig = ''
ListenAddress = ${external-ip} 53
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 90b490802..20301795f 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -4,7 +4,6 @@
{ lib, config, pkgs, ... }:
{
krebs.build.host = config.krebs.hosts.vbob;
- krebs.build.target = "root@10.10.10.220";
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix
index 38d4b4bc6..3915219b7 100644
--- a/mv/1systems/stro.nix
+++ b/mv/1systems/stro.nix
@@ -8,8 +8,6 @@ with lib;
krebs.build.source.git.nixpkgs.rev =
"7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
- krebs.build.target = "lolwat";
-
imports = [
../2configs/hw/x220.nix
../2configs/git.nix
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index bcfbd6810..9a514428a 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -45,7 +45,6 @@ in
# uninteresting stuff
#####################
krebs.build.host = config.krebs.hosts.wolf;
- krebs.build.target = "wolf";
boot.kernel.sysctl = {
# Enable IPv6 Privacy Extensions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 8297a56df..b96548d61 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -4,7 +4,6 @@ with lib;
{
krebs.build.host = config.krebs.hosts.cd;
- krebs.build.target = "root@cd.internet";
imports = [
../2configs/hw/CAC-Developer-2.nix
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 79e5f73b9..2010dcd57 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -17,7 +17,6 @@ in
{
krebs.build.host = config.krebs.hosts.mkdir;
- krebs.build.target = "root@${primary-addr4}";
imports = [
../2configs/hw/CAC-Developer-1.nix
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 6fd79c596..4005b5e6f 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -18,8 +18,6 @@ in
{
krebs.build.host = config.krebs.hosts.rmdir;
- krebs.build.target = "root@rmdir.internet";
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 52d85f856..b5639af51 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -7,7 +7,6 @@ with lib;
krebs.build = {
user = config.krebs.users.tv;
- target = mkDefault "root@${config.krebs.build.host.name}";
source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
nixpkgs = symlink:stockholm/nixpkgs;
From 7f7256a76f5698a9f8599ce71780f47ab13590f4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 01:23:06 +0100
Subject: [PATCH 72/82] krebs pkgs: move builders to dedicated file
---
krebs/5pkgs/builders.nix | 51 ++++++++++++++++++++++++++++++++
krebs/5pkgs/default.nix | 64 ++++------------------------------------
2 files changed, 57 insertions(+), 58 deletions(-)
create mode 100644 krebs/5pkgs/builders.nix
diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix
new file mode 100644
index 000000000..b3cb1c943
--- /dev/null
+++ b/krebs/5pkgs/builders.nix
@@ -0,0 +1,51 @@
+{ lib, pkgs, ... }:
+with lib;
+{
+ execve = name: { filename, argv, envp ? {}, destination ? "" }:
+ writeC name { inherit destination; } ''
+ #include <unistd.h>
+ int main () {
+ const char *filename = ${toC filename};
+ char *const argv[] = ${toC (argv ++ [null])};
+ char *const envp[] = ${toC (
+ mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
+ )};
+ execve(filename, argv, envp);
+ return -1;
+ }
+ '';
+
+ execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
+
+ writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
+ PATH=${makeSearchPath "bin" (with pkgs; [
+ binutils
+ coreutils
+ gcc
+ ])}
+ src=${pkgs.writeText "${name}.c" src}
+ exe=$out${destination}
+ mkdir -p "$(dirname "$exe")"
+ gcc -O -Wall -o "$exe" $src
+ strip --strip-unneeded "$exe"
+ '';
+
+ writeDash = name: text: pkgs.writeScript name ''
+ #! ${pkgs.dash}/bin/dash
+ ${text}
+ '';
+
+ writeDashBin = name: text: pkgs.writeTextFile {
+ executable = true;
+ destination = "/bin/${name}";
+ name = name;
+ text = ''
+ #! ${pkgs.dash}/bin/dash
+ ${text}
+ '';
+ };
+
+ writeNixFromCabal = name: path: pkgs.runCommand name {} ''
+ ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
+ '';
+}
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index cf81a96c5..89e19dffd 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -1,14 +1,6 @@
-{ lib, pkgs, ... }:
-
+{ lib, pkgs, ... }@args:
with lib;
-let
- subdirs = mapAttrs (_: flip pkgs.callPackage {})
- (filterAttrs (_: dir.has-default-nix)
- (subdirsOf ./.));
-in
-
-subdirs // rec {
-
+{
haskellPackages = pkgs.haskellPackages.override {
overrides = self: super:
mapAttrs (name: path: self.callPackage path {})
@@ -29,55 +21,11 @@ subdirs // rec {
ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};
- execve = name: { filename, argv, envp ? {}, destination ? "" }:
- writeC name { inherit destination; } ''
- #include <unistd.h>
- int main () {
- const char *filename = ${toC filename};
- char *const argv[] = ${toC (argv ++ [null])};
- char *const envp[] = ${toC (
- mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
- )};
- execve(filename, argv, envp);
- return -1;
- }
- '';
-
test = {
infest-cac-centos7 = pkgs.callPackage ./test/infest-cac-centos7 {};
};
-
- execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
-
- writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
- PATH=${makeSearchPath "bin" (with pkgs; [
- binutils
- coreutils
- gcc
- ])}
- src=${pkgs.writeText "${name}.c" src}
- exe=$out${destination}
- mkdir -p "$(dirname "$exe")"
- gcc -O -Wall -o "$exe" $src
- strip --strip-unneeded "$exe"
- '';
-
- writeDash = name: text: pkgs.writeScript name ''
- #! ${pkgs.dash}/bin/dash
- ${text}
- '';
-
- writeDashBin = name: text: pkgs.writeTextFile {
- executable = true;
- destination = "/bin/${name}";
- name = name;
- text = ''
- #! ${pkgs.dash}/bin/dash
- ${text}
- '';
- };
-
- writeNixFromCabal = name: path: pkgs.runCommand name {} ''
- ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
- '';
}
+// import ./builders.nix args
+// mapAttrs (_: flip pkgs.callPackage {})
+ (filterAttrs (_: dir.has-default-nix)
+ (subdirsOf ./.))
From 356bb8e0d3f9add02e177a3bdfa9314e1369748e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 02:19:38 +0100
Subject: [PATCH 73/82] tv.iptables: redirect 11423 locally too
---
tv/3modules/iptables.nix | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index 9d5b5d075..a4ebef44f 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -68,12 +68,13 @@ let
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
- ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") ([]
- ++ [
- "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
- "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
- ]
- )}
+ ${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") [
+ "! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
+ "-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
+ ]}
+ ${concatMapStringsSep "\n" (rule: "-A OUTPUT ${rule}") [
+ "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
+ ]}
COMMIT
*filter
:INPUT DROP [0:0]
From 7a9f130c1230faf9662000dbd9ba8f06170bf254 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 03:21:01 +0100
Subject: [PATCH 74/82] krebs: rm types.host.dc
---
krebs/3modules/lass/default.nix | 6 ------
krebs/3modules/makefu/default.nix | 11 -----------
krebs/3modules/mv/default.nix | 1 -
krebs/3modules/shared/default.nix | 1 -
krebs/3modules/tv/default.nix | 8 --------
krebs/4lib/types.nix | 3 ---
6 files changed, 30 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c880ea788..2b3b285f2 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -6,7 +6,6 @@ with lib;
hosts = {
echelon = {
cores = 2;
- dc = "lass"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["162.252.241.33"];
@@ -40,7 +39,6 @@ with lib;
};
prism = {
cores = 4;
- dc = "lass"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["213.239.205.240"];
@@ -72,7 +70,6 @@ with lib;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
fastpoke = {
- dc = "lass";
nets = rec {
internet = {
addrs4 = ["193.22.164.36"];
@@ -103,7 +100,6 @@ with lib;
};
cloudkrebs = {
cores = 1;
- dc = "lass"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["104.167.113.104"];
@@ -136,7 +132,6 @@ with lib;
};
uriel = {
cores = 1;
- dc = "lass";
nets = {
gg23 = {
addrs4 = ["10.23.1.12"];
@@ -167,7 +162,6 @@ with lib;
};
mors = {
cores = 2;
- dc = "lass";
nets = {
gg23 = {
addrs4 = ["10.23.1.11"];
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 693a954ab..2811c0c52 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -6,7 +6,6 @@ with lib;
hosts = {
pnp = {
cores = 1;
- dc = "makefu"; #vm on 'omo'
nets = {
retiolum = {
addrs4 = ["10.243.0.210"];
@@ -30,7 +29,6 @@ with lib;
};
tsp = {
cores = 1;
- dc = "makefu"; #x200
nets = {
retiolum = {
addrs4 = ["10.243.0.212"];
@@ -58,7 +56,6 @@ with lib;
};
pornocauster = {
cores = 2;
- dc = "makefu"; #x220
nets = {
retiolum = {
addrs4 = ["10.243.0.91"];
@@ -90,7 +87,6 @@ with lib;
vbob = {
cores = 2;
- dc = "makefu"; #vm local
nets = {
retiolum = {
addrs4 = ["10.243.1.91"];
@@ -116,7 +112,6 @@ with lib;
};
flap = rec {
cores = 1;
- dc = "cac"; #vps
extraZones = {
"krebsco.de" = ''
@@ -152,7 +147,6 @@ with lib;
};
pigstarter = rec {
cores = 1;
- dc = "frontrange"; #vps
extraZones = {
"krebsco.de" = ''
@@ -191,7 +185,6 @@ with lib;
};
wry = rec {
cores = 1;
- dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
euer IN A ${head nets.internet.addrs4}
@@ -248,7 +241,6 @@ with lib;
};
filepimp = rec {
cores = 1;
- dc = "makefu"; #nas
nets = {
retiolum = {
@@ -273,7 +265,6 @@ with lib;
omo = rec {
cores = 2;
- dc = "makefu"; #AMD E350
nets = {
retiolum = {
@@ -299,7 +290,6 @@ with lib;
};
wbob = rec {
cores = 1;
- dc = "none";
nets = {
retiolm = {
addrs4 = ["10.243.214.15/32"];
@@ -323,7 +313,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
gum = rec {
cores = 1;
- dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
index 7245c143d..8803cb249 100644
--- a/krebs/3modules/mv/default.nix
+++ b/krebs/3modules/mv/default.nix
@@ -6,7 +6,6 @@ with lib;
hosts = {
stro = {
cores = 4;
- dc = "mv";
nets = {
retiolum = {
addrs4 = ["10.243.111.111"];
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 52aa4de41..df4c529bf 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -34,7 +34,6 @@ let
in {
hosts = {
wolf = {
- dc = "shack";
nets = {
shack = {
addrs4 = [ "10.42.2.150" ];
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index abcc67933..9a0b99396 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -9,7 +9,6 @@ with lib;
hosts = {
cd = rec {
cores = 2;
- dc = "tv"; #dc = "cac";
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
@@ -65,7 +64,6 @@ with lib;
};
mkdir = rec {
cores = 1;
- dc = "tv"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["104.167.114.142"];
@@ -193,7 +191,6 @@ with lib;
};
nomic = {
cores = 2;
- dc = "tv"; #dc = "gg23";
nets = rec {
gg23 = {
addrs4 = ["10.23.1.110"];
@@ -235,7 +232,6 @@ with lib;
};
rmdir = rec {
cores = 1;
- dc = "tv"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["167.88.34.182"];
@@ -287,8 +283,6 @@ with lib;
};
wu = {
cores = 4;
- # TODO wu is mobile, so dc means "home data center"
- dc = "tv"; #dc = "gg23";
nets = {
gg23 = {
addrs4 = ["10.23.1.37"];
@@ -322,8 +316,6 @@ with lib;
};
xu = {
cores = 4;
- # TODO xu is mobile, so dc means "home data center"
- dc = "tv"; #dc = "gg23";
nets = {
gg23 = {
addrs4 = ["10.23.1.38"];
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 52eb764ef..873f3ddfb 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -12,9 +12,6 @@ types // rec {
type = label;
default = config._module.args.name;
};
- dc = mkOption {
- type = label;
- };
cores = mkOption {
type = positive;
};
From 42d2d5de77590e7d6c421a3f7d80126f34646750 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 03:40:41 +0100
Subject: [PATCH 75/82] tv.iptables: inline startScript and use
SyslogIdentifier
---
tv/3modules/iptables.nix | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix
index a4ebef44f..4924db4f3 100644
--- a/tv/3modules/iptables.nix
+++ b/tv/3modules/iptables.nix
@@ -48,7 +48,12 @@ let
Type = "simple";
RemainAfterExit = true;
Restart = "always";
- ExecStart = "@${startScript} tv-iptables_start";
+ SyslogIdentifier = "tv-iptables_start";
+ ExecStart = pkgs.writeDash "tv-iptables_start" ''
+ set -euf
+ iptables-restore < ${rules 4}
+ ip6tables-restore < ${rules 6}
+ '';
};
};
};
@@ -108,16 +113,7 @@ let
)}
COMMIT
'';
-
- startScript = pkgs.writeScript "tv-iptables_start" ''
- #! /bin/sh
- set -euf
- iptables-restore < ${rules 4}
- ip6tables-restore < ${rules 6}
- '';
-
-in
-out
+in out
#let
# cfg = config.tv.iptables;
From 49ed93662983e67a8bef8641b4d6282e5a59b2f5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 04:12:56 +0100
Subject: [PATCH 76/82] tv git: bump descs
---
tv/2configs/git.nix | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 3ee708e03..f248a8cb5 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -7,8 +7,8 @@ let
out = {
krebs.git = {
enable = true;
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
+ root-title = "repositories at ${config.krebs.build.host.name}";
+ root-desc = "mostly krebs";
repos = repos;
rules = rules;
};
@@ -21,7 +21,7 @@ let
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo ({
- } // mapAttrValues (setAttr "section" "1. Miscellaneous") {
+ } // mapAttrValues (setAttr "section" "1. miscellaneous") {
cac-api = {
desc = "CloudAtCost API command line interface";
};
@@ -37,7 +37,7 @@ let
desc = "SoundCloud command line interface";
};
stockholm = {
- desc = "take all the computers hostage, they'll love you!";
+ desc = "NixOS configuration";
};
with-tmpdir = {};
} // mapAttrValues (setAttr "section" "2. Haskell libraries") {
@@ -49,7 +49,7 @@ let
web-routes-wai-custom = {};
xintmap = {};
xmonad-stockholm = {};
- } // mapAttrValues (setAttr "section" "3. Museum") {
+ } // mapAttrValues (setAttr "section" "3. museum") {
cgserver = {};
crude-mail-setup = {};
dot-xmonad = {};
From e6ea4875d467f1fbe6f39e1460352bd0d31feaea Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 8 Feb 2016 12:13:28 +0100
Subject: [PATCH 77/82] krebs.backup: admit plan.startAt
---
krebs/3modules/backup.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 86e2e72e2..66a325ed9 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -76,8 +76,7 @@ let
SyslogIdentifier = ExecStart.name;
Type = "oneshot";
};
- } // optionalAttrs (plan.startAt != null) {
- inherit (plan) startAt;
+ startAt = mkIf (plan.startAt != null) plan.startAt;
}) (filter (plan: build-host-is "pull" "dst" plan ||
build-host-is "push" "src" plan)
enabled-plans));
From 8b130a66287b829e7b6f9be0130df7231c7a6605 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 10 Feb 2016 19:06:32 +0100
Subject: [PATCH 78/82] krebs.nixpkgs.allowUnfreePredicate: init
---
krebs/3modules/default.nix | 1 +
krebs/3modules/nixpkgs.nix | 43 ++++++++++++++++++++++++++++++++++++++
tv/1systems/wu.nix | 2 +-
tv/2configs/hw/AO753.nix | 2 +-
4 files changed, 46 insertions(+), 2 deletions(-)
create mode 100644 krebs/3modules/nixpkgs.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 62db9a5a0..3d51076cf 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -21,6 +21,7 @@ let
./go.nix
./iptables.nix
./nginx.nix
+ ./nixpkgs.nix
./per-user.nix
./Reaktor.nix
./retiolum-bootstrap.nix
diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix
new file mode 100644
index 000000000..4129f9483
--- /dev/null
+++ b/krebs/3modules/nixpkgs.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ cfg = config.krebs.nixpkgs;
+
+ out = {
+ options.krebs.nixpkgs = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.nixpkgs" // { default = true; };
+
+ allowUnfreePredicate = mkOption {
+ description = ''
+ This option is similar to `nixpkgs.config.allowUnfreePredicate'
+ but can be defined in several modules. An unfree package will be
+ allowed if any of the defined predicates returns true.
+ '';
+ type = types.nullOr (mkOptionType {
+ name = "Predicate";
+ check = isFunction;
+ merge = _locs: defs: pkg: let
+ evalPredicateDef = def: let
+ allow = def.value pkg;
+ in if cfg.verbose && allow
+ then trace "unfree ‘${pkg.name}’ allowed in ${def.file}" allow
+ else allow;
+ in any evalPredicateDef defs;
+ });
+ default = null;
+ };
+
+ verbose = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ };
+
+ imp = mkIf (cfg.allowUnfreePredicate != null) {
+ nixpkgs.config.allowUnfreePredicate = cfg.allowUnfreePredicate;
+ };
+in out
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 29e6de08b..4ed13a0ea 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -157,7 +157,7 @@ with lib;
nixpkgs.config.chromium.enablePepperFlash = true;
- nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
+ krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
hardware.bumblebee.enable = true;
hardware.bumblebee.group = "video";
hardware.enableAllFirmware = true;
diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index 72a40819f..e7a2b9238 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -41,5 +41,5 @@ with lib;
HandleSuspendKey=ignore
'';
- nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "broadcom-sta-" pkg.name;
+ krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "broadcom-sta-" pkg.name;
}
From 0cf6d065f43c66efadd0a364c3414e6ecdae0004 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 11 Feb 2016 03:47:26 +0100
Subject: [PATCH 79/82] *: turn 5pkgs into a(n optional) module
---
default.nix | 6 +----
krebs/5pkgs/default.nix | 50 +++++++++++++++++++++-------------------
lass/5pkgs/default.nix | 21 +++++++++--------
makefu/5pkgs/default.nix | 12 ++++++----
miefda/5pkgs/default.nix | 1 -
mv/5pkgs/default.nix | 39 ++++++++++++++++---------------
shared/5pkgs/default.nix | 5 ----
tv/5pkgs/default.nix | 37 +++++++++++++++--------------
8 files changed, 85 insertions(+), 86 deletions(-)
delete mode 100644 miefda/5pkgs/default.nix
delete mode 100644 shared/5pkgs/default.nix
diff --git a/default.nix b/default.nix
index b0ad60d8a..2aa0a8e14 100644
--- a/default.nix
+++ b/default.nix
@@ -43,16 +43,12 @@ let stockholm = {
imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [
(map (f: f "2configs") [ lib.upath ])
(map (f: f "3modules") [ lib.kpath lib.upath ])
+ (map (f: f "5pkgs") [ lib.kpath lib.upath ])
]);
krebs.current.enable = true;
krebs.current.host = config.krebs.hosts.${current-host-name};
krebs.current.user = config.krebs.users.${current-user-name};
-
- nixpkgs.config.packageOverrides = pkgs: let
- kpkgs = import (lib.kpath "5pkgs") { inherit lib pkgs; };
- upkgs = import (lib.upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; };
- in kpkgs // upkgs;
};
eval = config: import (lib.npath "nixos/lib/eval-config.nix") {
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 89e19dffd..1cf3de56e 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -1,31 +1,33 @@
{ lib, pkgs, ... }@args:
with lib;
{
- haskellPackages = pkgs.haskellPackages.override {
- overrides = self: super:
- mapAttrs (name: path: self.callPackage path {})
- (mapAttrs'
- (name: type:
- if hasSuffix ".nix" name
- then {
- name = removeSuffix ".nix" name;
- value = ./haskell-overrides + "/${name}";
- }
- else null)
- (builtins.readDir ./haskell-overrides));
- };
+ nixpkgs.config.packageOverrides = pkgs: {
+ haskellPackages = pkgs.haskellPackages.override {
+ overrides = self: super:
+ mapAttrs (name: path: self.callPackage path {})
+ (mapAttrs'
+ (name: type:
+ if hasSuffix ".nix" name
+ then {
+ name = removeSuffix ".nix" name;
+ value = ./haskell-overrides + "/${name}";
+ }
+ else null)
+ (builtins.readDir ./haskell-overrides));
+ };
- push = pkgs.callPackage ./push {
- inherit (subdirs) get jq;
- };
+ push = pkgs.callPackage ./push {
+ inherit (subdirs) get jq;
+ };
- ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};
+ ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {};
- test = {
- infest-cac-centos7 = pkgs.callPackage ./test/infest-cac-centos7 {};
- };
+ test = {
+ infest-cac-centos7 = pkgs.callPackage ./test/infest-cac-centos7 {};
+ };
+ }
+ // import ./builders.nix args
+ // mapAttrs (_: flip pkgs.callPackage {})
+ (filterAttrs (_: dir.has-default-nix)
+ (subdirsOf ./.));
}
-// import ./builders.nix args
-// mapAttrs (_: flip pkgs.callPackage {})
- (filterAttrs (_: dir.has-default-nix)
- (subdirsOf ./.))
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 2b9582912..fee4654ae 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -3,15 +3,16 @@
let
inherit (pkgs) callPackage;
in
-
-rec {
- firefoxPlugins = {
- noscript = callPackage ./firefoxPlugins/noscript.nix {};
- ublock = callPackage ./firefoxPlugins/ublock.nix {};
- vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
+{
+ nixpkgs.config.packageOverrides = rec {
+ firefoxPlugins = {
+ noscript = callPackage ./firefoxPlugins/noscript.nix {};
+ ublock = callPackage ./firefoxPlugins/ublock.nix {};
+ vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
+ };
+ newsbot-js = callPackage ./newsbot-js/default.nix {};
+ xmonad-lass =
+ let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
+ pkgs.haskellPackages.callPackage src {};
};
- newsbot-js = callPackage ./newsbot-js/default.nix {};
- xmonad-lass =
- let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
- pkgs.haskellPackages.callPackage src {};
}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 436c52fcd..c4a7f498f 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -4,9 +4,11 @@ let
inherit (pkgs) callPackage;
in
{
- alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
- alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
- alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
- awesomecfg = callPackage ./awesomecfg {};
- tw-upload-plugin = callPackage ./tw-upload-plugin {};
+ nixpkgs.config.packageOverrides = rec {
+ alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
+ alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
+ alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
+ awesomecfg = callPackage ./awesomecfg {};
+ tw-upload-plugin = callPackage ./tw-upload-plugin {};
+ };
}
diff --git a/miefda/5pkgs/default.nix b/miefda/5pkgs/default.nix
deleted file mode 100644
index 2eb33a153..000000000
--- a/miefda/5pkgs/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-_:{}
diff --git a/mv/5pkgs/default.nix b/mv/5pkgs/default.nix
index 0c72c450e..882ac0413 100644
--- a/mv/5pkgs/default.nix
+++ b/mv/5pkgs/default.nix
@@ -1,23 +1,24 @@
{ pkgs, ... }:
{
- # TODO use XDG_RUNTIME_DIR?
- cr = pkgs.writeScriptBin "cr" ''
- #! /bin/sh
- set -efu
- export LC_TIME=de_DE.utf8
- exec ${pkgs.chromium}/bin/chromium \
- --ssl-version-min=tls1 \
- --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
- --disk-cache-size=50000000 \
- "%@"
- '';
- ff = pkgs.writeScriptBin "ff" ''
- #! /bin/sh
- set -efu
- exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
- '';
- xmonad-tv =
- let src = pkgs.writeNixFromCabal "xmonad-tv.nix" ./xmonad-tv; in
- pkgs.haskellPackages.callPackage src {};
+ nixpkgs.config.packageOverrides = rec {
+ cr = pkgs.writeScriptBin "cr" ''
+ #! /bin/sh
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${pkgs.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "%@"
+ '';
+ ff = pkgs.writeScriptBin "ff" ''
+ #! /bin/sh
+ set -efu
+ exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
+ '';
+ xmonad-tv =
+ let src = pkgs.writeNixFromCabal "xmonad-tv.nix" ./xmonad-tv; in
+ pkgs.haskellPackages.callPackage src {};
+ };
}
diff --git a/shared/5pkgs/default.nix b/shared/5pkgs/default.nix
deleted file mode 100644
index fdcfbb209..000000000
--- a/shared/5pkgs/default.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-# TODO don't require 5pkgs
-_:
-
-{
-}
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index be10e91eb..b520e1a32 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -1,22 +1,25 @@
{ pkgs, ... }:
{
- cr = pkgs.writeScriptBin "cr" ''
- #! /bin/sh
- set -efu
- export LC_TIME=de_DE.utf8
- exec ${pkgs.chromium}/bin/chromium \
- --ssl-version-min=tls1 \
- --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
- --disk-cache-size=50000000 \
- "%@"
- '';
- ejabberd = pkgs.callPackage ./ejabberd {
- erlang = pkgs.erlangR16;
+ nixpkgs.config.packageOverrides = {
+ # TODO use XDG_RUNTIME_DIR?
+ cr = pkgs.writeScriptBin "cr" ''
+ #! /bin/sh
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${pkgs.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "%@"
+ '';
+ ejabberd = pkgs.callPackage ./ejabberd {
+ erlang = pkgs.erlangR16;
+ };
+ ff = pkgs.callPackage ./ff {};
+ viljetic-pages = pkgs.callPackage ./viljetic-pages {};
+ xmonad-tv =
+ let src = pkgs.writeNixFromCabal "xmonad-tv.nix" ./xmonad-tv; in
+ pkgs.haskellPackages.callPackage src {};
};
- ff = pkgs.callPackage ./ff {};
- viljetic-pages = pkgs.callPackage ./viljetic-pages {};
- xmonad-tv =
- let src = pkgs.writeNixFromCabal "xmonad-tv.nix" ./xmonad-tv; in
- pkgs.haskellPackages.callPackage src {};
}
From aeb179696aa515865690cd752592240ff7542c78 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 11 Feb 2016 16:09:15 +0100
Subject: [PATCH 80/82] tv x220: remove unused stuff
---
tv/2configs/hw/x220.nix | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 7cec670fa..dac580865 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -5,18 +5,11 @@
../smartd.nix
];
- boot.initrd.availableKernelModules = [ "ahci" ];
- boot.kernelModules = [ "kvm-intel" ];
-
boot.loader.gummiboot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.wireless.enable = true;
- #hardware.enableAllFirmware = true;
- #zramSwap.enable = true;
- #zramSwap.numDevices = 2;
-
hardware.trackpoint = {
enable = true;
sensitivity = 220;
@@ -50,10 +43,4 @@
Option "AccelMethod" "sna"
'';
};
-
- #services.xserver.displayManager.sessionCommands =''
- # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1
- # xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Button" 8 2
- # xinput set-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
- #'';
}
From 7a6c4452e10d590e9f357be1a8b2ad1ebb05a015 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 11 Feb 2016 17:30:56 +0100
Subject: [PATCH 81/82] tv x220: rm AccepMethod sna
---
tv/2configs/hw/x220.nix | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index dac580865..9b3dd122a 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -39,8 +39,5 @@
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- '';
};
}
From 7b3b839cc7a2af73dee9858e6ebcc7be831eb481 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 11 Feb 2016 18:19:56 +0100
Subject: [PATCH 82/82] cac-api: PATH += gnugrep (how could this ever pass
full-tests?! :D)
---
krebs/5pkgs/cac-api/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
index 9ab6ac8b2..30c0168f3 100644
--- a/krebs/5pkgs/cac-api/default.nix
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
+{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
stdenv.mkDerivation {
name = "cac-api-1.1.0";
@@ -22,6 +22,7 @@ stdenv.mkDerivation {
bc
coreutils
curl
+ gnugrep
gnused
inotifyTools
jq