From 62ad5ff9d2bb41acdad20b68ee47c4a32ce928b6 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 24 Jul 2015 21:15:18 +0200
Subject: [PATCH 1/4] { * tv identity -> 3 krebs}.hosts
---
1systems/tv/cd.nix | 2 +-
1systems/tv/mkdir.nix | 2 +-
1systems/tv/nomic.nix | 2 +-
1systems/tv/rmdir.nix | 2 +-
1systems/tv/wu.nix | 2 +-
2configs/tv/consul-server.nix | 2 +-
2configs/tv/identity.nix | 153 ---------------------------------
3modules/krebs/default.nix | 157 ++++++++++++++++++++++++++++++++++
3modules/tv/identity.nix | 7 +-
9 files changed, 164 insertions(+), 165 deletions(-)
diff --git a/1systems/tv/cd.nix b/1systems/tv/cd.nix
index d30e7ed8f..c0c41e96c 100644
--- a/1systems/tv/cd.nix
+++ b/1systems/tv/cd.nix
@@ -34,7 +34,7 @@ in
}
{
imports = [ ../../2configs/tv/identity.nix ];
- tv.identity.self = config.tv.identity.hosts.cd;
+ tv.identity.self = config.krebs.hosts.cd;
}
{
tv.iptables = {
diff --git a/1systems/tv/mkdir.nix b/1systems/tv/mkdir.nix
index 3e5fb7286..113fc9596 100644
--- a/1systems/tv/mkdir.nix
+++ b/1systems/tv/mkdir.nix
@@ -12,7 +12,7 @@ with lib;
../../2configs/tv/git.nix
{
imports = [ ../../2configs/tv/identity.nix ];
- tv.identity.self = config.tv.identity.hosts.mkdir;
+ tv.identity.self = config.krebs.hosts.mkdir;
}
{
tv.iptables = {
diff --git a/1systems/tv/nomic.nix b/1systems/tv/nomic.nix
index 2d32d9e1f..fc58c1698 100644
--- a/1systems/tv/nomic.nix
+++ b/1systems/tv/nomic.nix
@@ -11,7 +11,7 @@ with lib;
../../2configs/tv/git.nix
{
imports = [ ../../2configs/tv/identity.nix ];
- tv.identity.self = config.tv.identity.hosts.nomic;
+ tv.identity.self = config.krebs.hosts.nomic;
}
{
tv.iptables = {
diff --git a/1systems/tv/rmdir.nix b/1systems/tv/rmdir.nix
index c470086ce..15d624d1c 100644
--- a/1systems/tv/rmdir.nix
+++ b/1systems/tv/rmdir.nix
@@ -12,7 +12,7 @@ with lib;
../../2configs/tv/git.nix
{
imports = [ ../../2configs/tv/identity.nix ];
- tv.identity.self = config.tv.identity.hosts.rmdir;
+ tv.identity.self = config.krebs.hosts.rmdir;
}
{
tv.iptables = {
diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix
index 234b80559..4a74d552f 100644
--- a/1systems/tv/wu.nix
+++ b/1systems/tv/wu.nix
@@ -18,7 +18,7 @@ in
../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled
{
imports = [ ../../2configs/tv/identity.nix ];
- tv.identity.self = config.tv.identity.hosts.wu;
+ tv.identity.self = config.krebs.hosts.wu;
}
{
environment.systemPackages = with pkgs; [
diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix
index 5d3fd5579..63dabdc2a 100644
--- a/2configs/tv/consul-server.nix
+++ b/2configs/tv/consul-server.nix
@@ -9,7 +9,7 @@
server = true;
- hosts = with config.tv.identity.hosts; [
+ hosts = with config.krebs.hosts; [
# TODO get this list automatically from each host where tv.consul.enable is true
cd
mkdir
diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix
index 379d02e45..481ac72a6 100644
--- a/2configs/tv/identity.nix
+++ b/2configs/tv/identity.nix
@@ -4,158 +4,5 @@
tv.identity = {
enable = true;
search = "retiolum";
- hosts = {
- cd = {
- cores = 2;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.219.7.216"];
- aliases = [
- "cd.internet"
- "cd.viljetic.de"
- "cgit.cd.viljetic.de"
- "cd.krebsco.de"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.222"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
- aliases = [
- "cd.retiolum"
- "cgit.cd.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
- rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
- e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
- sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
- CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
- PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
- LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
- DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
- ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
- jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
- Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- mkdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.248.167.241"];
- aliases = [
- "mkdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.223"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
- aliases = [
- "mkdir.retiolum"
- "cgit.mkdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- nomic = {
- cores = 2;
- dc = "tv"; #dc = "gg23";
- nets = rec {
- retiolum = {
- addrs4 = ["10.243.0.110"];
- addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
- aliases = [
- "nomic.retiolum"
- "cgit.nomic.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
- qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
- Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
- 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
- OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
- Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- };
- rmdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["167.88.44.94"];
- aliases = [
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.224"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
- aliases = [
- "rmdir.retiolum"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- wu = {
- cores = 4;
- # TODO wu is mobile, so dc means "home data center"
- dc = "tv"; #dc = "gg23";
- nets = {
- retiolum = {
- addrs4 = ["10.243.13.37"];
- addrs6 = ["42:0:0:0:0:0:0:1337"];
- aliases = [
- "wu.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
- M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
- GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
- KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
- 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
- AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- };
- };
};
}
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index b8722d18f..b60ce789a 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -17,6 +17,163 @@ let
};
api = {
+ hosts = mkOption {
+ type = with types; attrsOf host;
+ default = addNames {
+ cd = {
+ cores = 2;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.219.7.216"];
+ aliases = [
+ "cd.internet"
+ "cd.viljetic.de"
+ "cgit.cd.viljetic.de"
+ "cd.krebsco.de"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.222"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
+ aliases = [
+ "cd.retiolum"
+ "cgit.cd.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
+ rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
+ e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
+ sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
+ CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
+ PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
+ LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
+ DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
+ ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
+ jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
+ Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ mkdir = {
+ cores = 1;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.248.167.241"];
+ aliases = [
+ "mkdir.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.223"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
+ aliases = [
+ "mkdir.retiolum"
+ "cgit.mkdir.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
+ dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
+ voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
+ 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
+ Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
+ 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ nomic = {
+ cores = 2;
+ dc = "tv"; #dc = "gg23";
+ nets = rec {
+ retiolum = {
+ addrs4 = ["10.243.0.110"];
+ addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
+ aliases = [
+ "nomic.retiolum"
+ "cgit.nomic.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
+ qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
+ Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
+ 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
+ OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
+ Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
+ rmdir = {
+ cores = 1;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["167.88.44.94"];
+ aliases = [
+ "rmdir.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.224"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
+ aliases = [
+ "rmdir.retiolum"
+ "cgit.rmdir.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
+ i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
+ Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
+ hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
+ 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
+ SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ wu = {
+ cores = 4;
+ # TODO wu is mobile, so dc means "home data center"
+ dc = "tv"; #dc = "gg23";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.13.37"];
+ addrs6 = ["42:0:0:0:0:0:0:1337"];
+ aliases = [
+ "wu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
+ M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
+ GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
+ KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
+ 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
+ AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
+ };
+ };
+
users = mkOption {
type = with types; attrsOf user;
default = addNames {
diff --git a/3modules/tv/identity.nix b/3modules/tv/identity.nix
index 584b27165..9de432203 100644
--- a/3modules/tv/identity.nix
+++ b/3modules/tv/identity.nix
@@ -21,11 +21,6 @@ let
# default = filterAttrs (name: _host: name != cfg.self.name) cfg.hosts;
#};
- hosts = mkOption {
- type = with types; attrsOf host;
- apply = mapAttrs (name: value: value // { inherit name; });
- };
-
search = mkOption {
type = types.hostname;
};
@@ -44,7 +39,7 @@ let
in
map (addr: "${addr} ${aliases}") net.addrs
) host.nets
- ) cfg.hosts
+ ) config.krebs.hosts
));
};
From b61f19e6edc0a583bf4cae45c62d75fce4ac910a Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 24 Jul 2015 21:27:19 +0200
Subject: [PATCH 2/4] krebs.hosts: populate if enable, not via default
---
2configs/tv/base.nix | 2 +
3modules/krebs/default.nix | 350 +++++++++++++++++++------------------
2 files changed, 184 insertions(+), 168 deletions(-)
diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix
index 0494ea08e..14d84c9f6 100644
--- a/2configs/tv/base.nix
+++ b/2configs/tv/base.nix
@@ -9,6 +9,8 @@ let
in
{
+ krebs.enable = true;
+
imports = [
{
users.extraUsers =
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index b60ce789a..979cc35ad 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -13,187 +13,201 @@ let
./urlwatch.nix
];
options.krebs = api;
- config = mkIf cfg.enable imp;
+ config = mkIf cfg.enable (mkMerge [
+ imp
+ { krebs.hosts = lass-hosts; }
+ { krebs.hosts = makefu-hosts; }
+ { krebs.hosts = tv-hosts; }
+ ]);
};
api = {
+ enable = mkEnableOption "krebs";
+
hosts = mkOption {
type = with types; attrsOf host;
- default = addNames {
- cd = {
- cores = 2;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.219.7.216"];
- aliases = [
- "cd.internet"
- "cd.viljetic.de"
- "cgit.cd.viljetic.de"
- "cd.krebsco.de"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.222"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
- aliases = [
- "cd.retiolum"
- "cgit.cd.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
- rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
- e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
- sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
- CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
- PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
- LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
- DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
- ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
- jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
- Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- mkdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.248.167.241"];
- aliases = [
- "mkdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.223"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
- aliases = [
- "mkdir.retiolum"
- "cgit.mkdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- nomic = {
- cores = 2;
- dc = "tv"; #dc = "gg23";
- nets = rec {
- retiolum = {
- addrs4 = ["10.243.0.110"];
- addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
- aliases = [
- "nomic.retiolum"
- "cgit.nomic.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
- qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
- Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
- 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
- OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
- Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- };
- rmdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["167.88.44.94"];
- aliases = [
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.224"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
- aliases = [
- "rmdir.retiolum"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- wu = {
- cores = 4;
- # TODO wu is mobile, so dc means "home data center"
- dc = "tv"; #dc = "gg23";
- nets = {
- retiolum = {
- addrs4 = ["10.243.13.37"];
- addrs6 = ["42:0:0:0:0:0:0:1337"];
- aliases = [
- "wu.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
- M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
- GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
- KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
- 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
- AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- };
- };
};
users = mkOption {
type = with types; attrsOf user;
- default = addNames {
- lass = {
- pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
- };
- makefu = {
- pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
- };
- tv = {
- pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
- };
- uriel = {
- pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
- };
- };
};
};
imp = {
+ krebs.users = addNames {
+ lass = {
+ pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ };
+ makefu = {
+ pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ };
+ tv = {
+ pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ };
+ uriel = {
+ pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ };
+ };
+ };
+
+ lass-hosts = addNames {
+ };
+
+ makefu-hosts = addNames {
+ };
+
+ tv-hosts = addNames {
+ cd = {
+ cores = 2;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.219.7.216"];
+ aliases = [
+ "cd.internet"
+ "cd.viljetic.de"
+ "cgit.cd.viljetic.de"
+ "cd.krebsco.de"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.222"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
+ aliases = [
+ "cd.retiolum"
+ "cgit.cd.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
+ rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
+ e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
+ sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
+ CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
+ PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
+ LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
+ DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
+ ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
+ jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
+ Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ mkdir = {
+ cores = 1;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.248.167.241"];
+ aliases = [
+ "mkdir.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.223"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
+ aliases = [
+ "mkdir.retiolum"
+ "cgit.mkdir.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
+ dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
+ voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
+ 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
+ Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
+ 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ nomic = {
+ cores = 2;
+ dc = "tv"; #dc = "gg23";
+ nets = rec {
+ retiolum = {
+ addrs4 = ["10.243.0.110"];
+ addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
+ aliases = [
+ "nomic.retiolum"
+ "cgit.nomic.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
+ qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
+ Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
+ 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
+ OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
+ Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
+ rmdir = {
+ cores = 1;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["167.88.44.94"];
+ aliases = [
+ "rmdir.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.224"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
+ aliases = [
+ "rmdir.retiolum"
+ "cgit.rmdir.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
+ i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
+ Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
+ hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
+ 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
+ SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ wu = {
+ cores = 4;
+ # TODO wu is mobile, so dc means "home data center"
+ dc = "tv"; #dc = "gg23";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.13.37"];
+ addrs6 = ["42:0:0:0:0:0:0:1337"];
+ aliases = [
+ "wu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
+ M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
+ GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
+ KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
+ 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
+ AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
};
in
From 7e43b2cc3e7eb903f972003ea8cd21fad97ae9f5 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 24 Jul 2015 21:35:36 +0200
Subject: [PATCH 3/4] krebs.users: populate if enable, not via default
---
3modules/krebs/default.nix | 39 ++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index 979cc35ad..9aec879f9 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -14,10 +14,12 @@ let
];
options.krebs = api;
config = mkIf cfg.enable (mkMerge [
- imp
{ krebs.hosts = lass-hosts; }
{ krebs.hosts = makefu-hosts; }
{ krebs.hosts = tv-hosts; }
+ { krebs.users = lass-users; }
+ { krebs.users = makefu-users; }
+ { krebs.users = tv-users; }
]);
};
@@ -33,28 +35,24 @@ let
};
};
- imp = {
- krebs.users = addNames {
- lass = {
- pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
- };
- makefu = {
- pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
- };
- tv = {
- pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
- };
- uriel = {
- pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
- };
+ lass-hosts = addNames {
+ };
+ lass-users = addNames {
+ lass = {
+ pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ };
+ uriel = {
+ pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
};
};
- lass-hosts = addNames {
- };
-
makefu-hosts = addNames {
};
+ makefu-users = addNames {
+ makefu = {
+ pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ };
+ };
tv-hosts = addNames {
cd = {
@@ -209,6 +207,11 @@ let
secure = true;
};
};
+ tv-users = addNames {
+ tv = {
+ pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ };
+ };
in
out
From 85077a0cde6498d919c67a5f476cc25a068e06f6 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 24 Jul 2015 21:38:41 +0200
Subject: [PATCH 4/4] 3 krebs: put imps into user namespaces
---
3modules/krebs/default.nix | 337 +++++++++++++++++++------------------
1 file changed, 171 insertions(+), 166 deletions(-)
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index 9aec879f9..4da2d7fa2 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -13,14 +13,7 @@ let
./urlwatch.nix
];
options.krebs = api;
- config = mkIf cfg.enable (mkMerge [
- { krebs.hosts = lass-hosts; }
- { krebs.hosts = makefu-hosts; }
- { krebs.hosts = tv-hosts; }
- { krebs.users = lass-users; }
- { krebs.users = makefu-users; }
- { krebs.users = tv-users; }
- ]);
+ config = mkIf cfg.enable imp;
};
api = {
@@ -35,181 +28,193 @@ let
};
};
- lass-hosts = addNames {
- };
- lass-users = addNames {
- lass = {
- pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ imp = mkMerge [
+ { krebs = lass-imp; }
+ { krebs = makefu-imp; }
+ { krebs = tv-imp; }
+ ];
+
+ lass-imp = {
+ hosts = addNames {
};
- uriel = {
- pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ users = addNames {
+ lass = {
+ pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ };
+ uriel = {
+ pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ };
};
};
- makefu-hosts = addNames {
- };
- makefu-users = addNames {
- makefu = {
- pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ makefu-imp = {
+ hosts = addNames {
+ };
+ users = addNames {
+ makefu = {
+ pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ };
};
};
- tv-hosts = addNames {
- cd = {
- cores = 2;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.219.7.216"];
- aliases = [
- "cd.internet"
- "cd.viljetic.de"
- "cgit.cd.viljetic.de"
- "cd.krebsco.de"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.222"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
- aliases = [
- "cd.retiolum"
- "cgit.cd.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
- rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
- e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
- sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
- CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
- PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
- LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
- DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
- ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
- jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
- Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
+ tv-imp = {
+ hosts = addNames {
+ cd = {
+ cores = 2;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.219.7.216"];
+ aliases = [
+ "cd.internet"
+ "cd.viljetic.de"
+ "cgit.cd.viljetic.de"
+ "cd.krebsco.de"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.222"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
+ aliases = [
+ "cd.retiolum"
+ "cgit.cd.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
+ rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
+ e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
+ sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
+ CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
+ PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
+ LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
+ DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
+ ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
+ jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
+ Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
};
};
- };
- mkdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.248.167.241"];
- aliases = [
- "mkdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.223"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
- aliases = [
- "mkdir.retiolum"
- "cgit.mkdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ mkdir = {
+ cores = 1;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.248.167.241"];
+ aliases = [
+ "mkdir.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.223"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
+ aliases = [
+ "mkdir.retiolum"
+ "cgit.mkdir.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
+ dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
+ voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
+ 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
+ Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
+ 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
};
};
- };
- nomic = {
- cores = 2;
- dc = "tv"; #dc = "gg23";
- nets = rec {
- retiolum = {
- addrs4 = ["10.243.0.110"];
- addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
- aliases = [
- "nomic.retiolum"
- "cgit.nomic.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
- qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
- Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
- 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
- OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
- Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ nomic = {
+ cores = 2;
+ dc = "tv"; #dc = "gg23";
+ nets = rec {
+ retiolum = {
+ addrs4 = ["10.243.0.110"];
+ addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
+ aliases = [
+ "nomic.retiolum"
+ "cgit.nomic.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
+ qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
+ Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
+ 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
+ OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
+ Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
+ rmdir = {
+ cores = 1;
+ dc = "tv"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["167.88.44.94"];
+ aliases = [
+ "rmdir.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.113.224"];
+ addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
+ aliases = [
+ "rmdir.retiolum"
+ "cgit.rmdir.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
+ i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
+ Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
+ hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
+ 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
+ SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
};
};
- secure = true;
- };
- rmdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["167.88.44.94"];
- aliases = [
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.224"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
- aliases = [
- "rmdir.retiolum"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ wu = {
+ cores = 4;
+ # TODO wu is mobile, so dc means "home data center"
+ dc = "tv"; #dc = "gg23";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.13.37"];
+ addrs6 = ["42:0:0:0:0:0:0:1337"];
+ aliases = [
+ "wu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
+ M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
+ GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
+ KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
+ 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
+ AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
};
+ secure = true;
};
};
- wu = {
- cores = 4;
- # TODO wu is mobile, so dc means "home data center"
- dc = "tv"; #dc = "gg23";
- nets = {
- retiolum = {
- addrs4 = ["10.243.13.37"];
- addrs6 = ["42:0:0:0:0:0:0:1337"];
- aliases = [
- "wu.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
- M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
- GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
- KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
- 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
- AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ users = addNames {
+ tv = {
+ pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
};
- secure = true;
- };
- };
- tv-users = addNames {
- tv = {
- pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
};
};