Merge remote-tracking branch 'ni/master'

krebs/3modules/lass/default.nix

@@ -98,7 +98,11 @@ in {
           ];
           wireguard = {
             pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
-            subnets = [ "10.244.1.0/24" "42:1::/32" ];
+            subnets = [
+              "10.244.1.0/24"
+              (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+              (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
+            ];
           };
         };
       };

krebs/3modules/tv/default.nix

@@ -1,12 +1,30 @@
 with import <stockholm/lib>;
 { config, ... }: let
 
-  hostDefaults = hostName: host: flip recursiveUpdate host ({
+  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+    {
       owner = config.krebs.users.tv;
-  } // optionalAttrs (host.nets?retiolum) {
-    nets.retiolum.ip6.addr =
+    }
+    (optionalAttrs (host.nets?retiolum) {
+      nets.retiolum = {
+        ip6.addr =
           (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
-  });
+      };
+    })
+    (let
+      pubkey-path = ./wiregrill + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      nets.wiregrill = {
+        aliases = [
+          "${hostName}.w"
+        ];
+        ip6.addr =
+          (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
+        wireguard.pubkey = readFile pubkey-path;
+      };
+    })
+    host
+  ];
 
 in {
   dns.providers = {
@@ -103,6 +121,9 @@ in {
             -----END RSA PUBLIC KEY-----
           '';
         };
+        wiregrill.wireguard.subnets = [
+          (krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
+        ];
       };
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
     };

krebs/3modules/tv/wiregrill/alnus.pub

@@ -0,0 +1 @@
+w7+6kMf1P3Ka0kXXY4CCbr80TrWPYpe/zd13yuvz9SE=

krebs/3modules/tv/wiregrill/mu.pub

@@ -0,0 +1 @@
+4bboT+cZM1BYvNho9oKbO0MFnPFTvmASR+1IdV4/fwQ=

krebs/3modules/tv/wiregrill/ni.pub

@@ -0,0 +1 @@
+KiIiwkuin+E4FXqFajJjnoGKkHW3H3FzIx5EQrF1+lw=

krebs/3modules/tv/wiregrill/nomic.pub

@@ -0,0 +1 @@
+UgvgarDtuSvbciNx5SU2NDbctb9/OTQ9Kr8H/O3931A=

krebs/3modules/tv/wiregrill/querel.pub

@@ -0,0 +1 @@
+sxaqrsqcDgdM3+QH6mxzqDs3SLWgm7J8AytpIbRZ2n0=

krebs/3modules/tv/wiregrill/wu.pub

@@ -0,0 +1 @@
+68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=

krebs/3modules/tv/wiregrill/xu.pub

@@ -0,0 +1 @@
+XU76RFN0jG/YjffAPg3e3VuHF/iKMvVoRhHmixvLL1s=

krebs/3modules/tv/wiregrill/zu.pub

@@ -0,0 +1 @@
+WrILdnsketejrJuYM/sLEh89GdSVbddv8BG/D3sW7kw=

tv/1systems/alnus/config.nix

@@ -8,10 +8,6 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
-  # TODO remove non-hardware stuff from ../2configs/hw/x220.nix
-  # networking.wireless.enable collides with networkmanager
-  networking.wireless.enable = mkForce false;
-
   boot = {
     initrd = {
       availableKernelModules = [ "ahci" ];

tv/1systems/mu/config.nix

@@ -5,6 +5,7 @@ with import <stockholm/lib>;
     <stockholm/tv>
     <stockholm/tv/2configs/br.nix>
     <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/hw/x220.nix>
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
@@ -13,10 +14,7 @@ with import <stockholm/lib>;
 
   tv.x0vncserver.enable = true;
 
-  # hardware configuration
-  boot.initrd.luks.devices.muca = {
-    device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91";
-  };
+  boot.initrd.luks.devices.muca.device = "/dev/sda2";
   boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
   boot.initrd.availableKernelModules = [ "ahci" ];
   boot.kernelModules = [ "fbcon" "kvm-intel" ];
@@ -34,7 +32,7 @@ with import <stockholm/lib>;
       options = [ "defaults" "discard" ];
     };
     "/boot" = {
-      device = "/dev/disk/by-uuid/CEB1-9743";
+      device = "/dev/sda1";
       fsType = "vfat";
     };
   };

tv/1systems/nomic/config.nix

@@ -64,4 +64,6 @@ with import <stockholm/lib>;
     gnupg
     tmux
   ];
+
+  networking.wireless.enable = true;
 }

tv/1systems/wu/config.nix

@@ -41,6 +41,8 @@ with import <stockholm/lib>;
     };
   };
 
+  networking.wireless.enable = true;
+
   services.printing.enable = true;
 
   services.udev.extraRules = ''

tv/1systems/xu/config.nix

@@ -147,6 +147,8 @@ with import <stockholm/lib>;
     gptfdisk
   ];
 
+  networking.wireless.enable = true;
+
   #services.bitlbee.enable = true;
   #services.tor.client.enable = true;
   #services.tor.enable = true;

tv/1systems/zu/config.nix

@@ -44,6 +44,8 @@ with import <stockholm/lib>;
     };
   };
 
+  networking.wireless.enable = true;
+
   services.printing.enable = true;
 
   #services.bitlbee.enable = true;

tv/2configs/hw/AO753.nix

@@ -25,8 +25,6 @@ with import <stockholm/lib>;
     config.boot.kernelPackages.broadcom_sta
   ];
 
-  networking.wireless.enable = true;
-
   nix = {
     buildCores = 2;
     maxJobs = 2;

tv/2configs/hw/x220.nix

@@ -26,8 +26,6 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.wireless.enable = true;
-
   # Required for Centrino.
   hardware.enableRedistributableFirmware = true;