From f6a4131daecd6e5c1a0727adbcac43ba8530ec13 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:13:46 +0100
Subject: [PATCH 01/70] tv exim-retiolum: init
---
tv/1systems/nomic.nix | 7 +------
tv/1systems/wu.nix | 5 +----
tv/1systems/xu.nix | 8 +-------
tv/2configs/exim-retiolum.nix | 5 +++++
4 files changed, 8 insertions(+), 17 deletions(-)
create mode 100644 tv/2configs/exim-retiolum.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 7bc7b70d2..145e9b236 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -5,11 +5,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.nomic;
- krebs.build.target = "root@nomic.gg23";
-
imports = [
../2configs/hw/AO753.nix
- #../2configs/consul-server.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/pulse.nix
../2configs/xserver
@@ -24,9 +22,6 @@ with lib;
];
};
}
- {
- krebs.exim-retiolum.enable = true;
- }
{
krebs.nginx = {
enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 3bdf8d37a..47fdb2092 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -7,7 +7,7 @@ with lib;
imports = [
../2configs/hw/w110er.nix
- #../2configs/consul-client.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/pulse.nix
@@ -134,9 +134,6 @@ with lib;
];
};
}
- {
- krebs.exim-retiolum.enable = true;
- }
{
krebs.nginx = {
enable = true;
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index e6894b55e..12c115eb8 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -5,12 +5,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.xu;
- krebs.build.source.git.nixpkgs.rev =
- "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
-
imports = [
../2configs/hw/x220.nix
- #../2configs/consul-client.nix
+ ../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
../2configs/pulse.nix
@@ -135,9 +132,6 @@ with lib;
];
};
}
- {
- krebs.exim-retiolum.enable = true;
- }
{
krebs.nginx = {
enable = true;
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
new file mode 100644
index 000000000..1af72c28f
--- /dev/null
+++ b/tv/2configs/exim-retiolum.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+ krebs.exim-retiolum.enable = true;
+}
From a7e1709a466cee24783e20b6219ef5112b00e8c9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:18:07 +0100
Subject: [PATCH 02/70] tv nginx-public_html: init
---
tv/1systems/nomic.nix | 11 +----------
tv/1systems/wu.nix | 11 +----------
tv/1systems/xu.nix | 11 +----------
tv/2configs/nginx-public_html.nix | 14 ++++++++++++++
4 files changed, 17 insertions(+), 30 deletions(-)
create mode 100644 tv/2configs/nginx-public_html.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 145e9b236..64fe5a635 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -9,6 +9,7 @@ with lib;
../2configs/hw/AO753.nix
../2configs/exim-retiolum.nix
../2configs/git.nix
+ ../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/xserver
{
@@ -22,16 +23,6 @@ with lib;
];
};
}
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
{
krebs.retiolum = {
enable = true;
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 47fdb2092..6dd051210 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -10,6 +10,7 @@ with lib;
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
+ ../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/xserver
{
@@ -134,16 +135,6 @@ with lib;
];
};
}
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
{
krebs.retiolum = {
enable = true;
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 12c115eb8..409129581 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -10,6 +10,7 @@ with lib;
../2configs/exim-retiolum.nix
../2configs/git.nix
../2configs/mail-client.nix
+ ../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/xserver
{
@@ -132,16 +133,6 @@ with lib;
];
};
}
- {
- krebs.nginx = {
- enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
- };
- }
{
krebs.retiolum = {
enable = true;
diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix
new file mode 100644
index 000000000..50c623915
--- /dev/null
+++ b/tv/2configs/nginx-public_html.nix
@@ -0,0 +1,14 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ krebs.nginx = {
+ enable = true;
+ servers.default.locations = [
+ (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '')
+ ];
+ };
+}
From b3a481e0b9462bdb4ed92bfc27b2cbf723a8ec30 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:30:38 +0100
Subject: [PATCH 03/70] krebs lib.ne: init
---
krebs/4lib/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index dfc51bbe4..4d7e0b549 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -6,6 +6,7 @@ with lib;
let out = rec {
eq = x: y: x == y;
+ ne = x: y: x != y;
mod = x: y: x - y * (x / y);
From d6ded00d012d4fb2a2a0a824604b25dac35ee349 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:32:04 +0100
Subject: [PATCH 04/70] tv retiolum: init
---
tv/1systems/cd.nix | 11 +----------
tv/1systems/nomic.nix | 10 +---------
tv/1systems/wu.nix | 10 +---------
tv/1systems/xu.nix | 11 +----------
tv/2configs/retiolum.nix | 16 ++++++++++++++++
5 files changed, 20 insertions(+), 38 deletions(-)
create mode 100644 tv/2configs/retiolum.nix
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index b69d7655a..da44f5077 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -17,6 +17,7 @@ with lib;
#../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
+ ../2configs/retiolum.nix
../2configs/urlwatch.nix
{
imports = [ ../2configs/charybdis.nix ];
@@ -77,16 +78,6 @@ with lib;
'');
};
}
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "fastpoke"
- "pigstarter"
- "ire"
- ];
- };
- }
];
networking.interfaces.enp2s1.ip4 = [
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 64fe5a635..b7e77e973 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -11,6 +11,7 @@ with lib;
../2configs/git.nix
../2configs/nginx-public_html.nix
../2configs/pulse.nix
+ ../2configs/retiolum.nix
../2configs/xserver
{
tv.iptables = {
@@ -23,15 +24,6 @@ with lib;
];
};
}
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- ];
- };
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 6dd051210..f52bbc091 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -12,6 +12,7 @@ with lib;
../2configs/mail-client.nix
../2configs/nginx-public_html.nix
../2configs/pulse.nix
+ ../2configs/retiolum.nix
../2configs/xserver
{
environment.systemPackages = with pkgs; [
@@ -135,15 +136,6 @@ with lib;
];
};
}
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- ];
- };
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 409129581..54e16868f 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -12,6 +12,7 @@ with lib;
../2configs/mail-client.nix
../2configs/nginx-public_html.nix
../2configs/pulse.nix
+ ../2configs/retiolum.nix
../2configs/xserver
{
environment.systemPackages = with pkgs; [
@@ -133,16 +134,6 @@ with lib;
];
};
}
- {
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "cd"
- "gum"
- "pigstarter"
- ];
- };
- }
];
boot.initrd.luks = {
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
new file mode 100644
index 000000000..91fe81d69
--- /dev/null
+++ b/tv/2configs/retiolum.nix
@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+ krebs.retiolum = {
+ enable = true;
+ connectTo = filter (ne config.krebs.build.host.name) [
+ "gum"
+ "prism"
+ "echelon"
+ "cd"
+ "ire"
+ ];
+ };
+}
From bb1dbae8187601cea2ddfbdcdc9baa456bc5b4ab Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:40:25 +0100
Subject: [PATCH 05/70] tv: open ssh port by default
---
tv/1systems/cd.nix | 4 ----
tv/1systems/nomic.nix | 1 -
tv/1systems/wu.nix | 1 -
tv/1systems/xu.nix | 1 -
tv/2configs/default.nix | 5 +++++
5 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index da44f5077..6db78ca89 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -41,7 +41,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "ssh"
"tinc"
"smtp"
"xmpp-client"
@@ -58,10 +57,7 @@ with lib;
"cgit.cd.krebsco.de"
"cgit.cd.viljetic.de"
];
- }
- {
# TODO make public_html also available to cd, cd.retiolum (AKA default)
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
krebs.nginx.servers.public_html = {
server-names = singleton "cd.viljetic.de";
locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index b7e77e973..f176a5f23 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -17,7 +17,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "ssh"
"http"
"tinc"
"smtp"
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index f52bbc091..16709052b 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -129,7 +129,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "ssh"
"http"
"tinc"
"smtp"
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 54e16868f..c6f1a393e 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -127,7 +127,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "ssh"
"http"
"tinc"
"smtp"
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 310077021..abe9d3de8 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -162,6 +162,10 @@ with lib;
};
}
+ {
+ tv.iptables.enable = true;
+ }
+
{
services.openssh = {
enable = true;
@@ -169,6 +173,7 @@ with lib;
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
+ tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
}
{
From b172630f894362dc32cb6af7d5c9d44902ec5752 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:44:19 +0100
Subject: [PATCH 06/70] tv retiolum: open tinc port
---
tv/1systems/cd.nix | 1 -
tv/1systems/nomic.nix | 1 -
tv/1systems/wu.nix | 1 -
tv/1systems/xu.nix | 1 -
tv/2configs/retiolum.nix | 1 +
5 files changed, 1 insertion(+), 4 deletions(-)
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 6db78ca89..783d23ca9 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -41,7 +41,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "tinc"
"smtp"
"xmpp-client"
"xmpp-server"
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index f176a5f23..6f2c41823 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -18,7 +18,6 @@ with lib;
enable = true;
input-internet-accept-new-tcp = [
"http"
- "tinc"
"smtp"
];
};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 16709052b..7635f6162 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -130,7 +130,6 @@ with lib;
enable = true;
input-internet-accept-new-tcp = [
"http"
- "tinc"
"smtp"
];
};
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index c6f1a393e..91b761d24 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -128,7 +128,6 @@ with lib;
enable = true;
input-internet-accept-new-tcp = [
"http"
- "tinc"
"smtp"
];
};
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index 91fe81d69..d2bb9e6cf 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -13,4 +13,5 @@ with lib;
"ire"
];
};
+ tv.iptables.input-internet-accept-new-tcp = singleton "tinc";
}
From d85c70d1d669636fe2fcbb1179dca2c4aecb0802 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:46:33 +0100
Subject: [PATCH 07/70] tv nginx-public_html: open http port
---
tv/1systems/nomic.nix | 1 -
tv/1systems/wu.nix | 1 -
tv/1systems/xu.nix | 1 -
tv/2configs/nginx-public_html.nix | 1 +
4 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 6f2c41823..2b71a974e 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -17,7 +17,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "http"
"smtp"
];
};
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 7635f6162..a51e0e678 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -129,7 +129,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "http"
"smtp"
];
};
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 91b761d24..847b57249 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -127,7 +127,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "http"
"smtp"
];
};
diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix
index 50c623915..dc74f7f8d 100644
--- a/tv/2configs/nginx-public_html.nix
+++ b/tv/2configs/nginx-public_html.nix
@@ -11,4 +11,5 @@ with lib;
'')
];
};
+ tv.iptables.input-internet-accept-new-tcp = singleton "http";
}
From fe025213ea5c15012fd83f1064269a315a2d576a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:50:00 +0100
Subject: [PATCH 08/70] tv exim-retiolum: open smtp port to retiolum
---
tv/1systems/nomic.nix | 8 --------
tv/1systems/wu.nix | 8 --------
tv/1systems/xu.nix | 8 --------
tv/2configs/exim-retiolum.nix | 5 ++++-
4 files changed, 4 insertions(+), 25 deletions(-)
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 2b71a974e..37ef204c7 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -13,14 +13,6 @@ with lib;
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/xserver
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "smtp"
- ];
- };
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index a51e0e678..aef8ca761 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -125,14 +125,6 @@ with lib;
unison
];
}
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "smtp"
- ];
- };
- }
];
boot.initrd.luks = {
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 847b57249..31a8a3e99 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -123,14 +123,6 @@ with lib;
unison
];
}
- {
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "smtp"
- ];
- };
- }
];
boot.initrd.luks = {
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 1af72c28f..aedf25823 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -1,5 +1,8 @@
-{ ... }:
+{ lib, ... }:
+
+with lib;
{
krebs.exim-retiolum.enable = true;
+ tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
}
From b58f37ce3833b7800c0a9ec83367dc888ea571b3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:53:16 +0100
Subject: [PATCH 09/70] tv exim-smarthost: open smtp port
---
tv/1systems/cd.nix | 1 -
tv/2configs/exim-smarthost.nix | 5 ++++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 783d23ca9..1d9457600 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -41,7 +41,6 @@ with lib;
tv.iptables = {
enable = true;
input-internet-accept-new-tcp = [
- "smtp"
"xmpp-client"
"xmpp-server"
];
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index f5f63d284..bcfea7821 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -1,4 +1,6 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
{
krebs.exim-smarthost = {
@@ -34,4 +36,5 @@
{ from = "mirko"; to = "mv"; }
];
};
+ tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
}
From 0c1a2d11b18c73ddc7fdb429e0d09dcffa3906f8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 1 Feb 2016 17:56:10 +0100
Subject: [PATCH 10/70] cd: redistribute iptable rules
---
tv/1systems/cd.nix | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 1d9457600..27e94aef0 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -31,6 +31,10 @@ with lib;
enable = true;
hosts = [ "jabber.viljetic.de" ];
};
+ tv.iptables.input-internet-accept-new-tcp = [
+ "xmpp-client"
+ "xmpp-server"
+ ];
}
{
krebs.github-hosts-sync.enable = true;
@@ -38,19 +42,6 @@ with lib;
singleton config.krebs.github-hosts-sync.port;
}
{
- tv.iptables = {
- enable = true;
- input-internet-accept-new-tcp = [
- "xmpp-client"
- "xmpp-server"
- ];
- input-retiolum-accept-new-tcp = [
- "http"
- ];
- };
- }
- {
- tv.iptables.input-internet-accept-new-tcp = singleton "http";
krebs.nginx.servers.cgit.server-names = [
"cgit.cd.krebsco.de"
"cgit.cd.viljetic.de"
@@ -62,8 +53,6 @@ with lib;
alias /home/$1/public_html$2;
'');
};
- }
- {
krebs.nginx.servers.viljetic = {
server-names = singleton "viljetic.de";
# TODO directly set root (instead via location)
@@ -71,6 +60,7 @@ with lib;
root ${pkgs.viljetic-pages};
'');
};
+ tv.iptables.input-internet-accept-new-tcp = singleton "http";
}
];
From 461fe008e72995a42e8546d5dcc46382ca820000 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 1 Feb 2016 21:58:19 +0100
Subject: [PATCH 11/70] ma 1 filepimp: use by-id fs path, snapraid
---
makefu/1systems/filepimp.nix | 51 +++++++++++++++++++++++++-----------
1 file changed, 36 insertions(+), 15 deletions(-)
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index 2d008cee6..fb9324ee9 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -1,10 +1,14 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
+{ config, pkgs, lib, ... }:
+let
+ byid = dev: "/dev/disk/by-id/" + dev;
+ part1 = disk: disk + "-part1";
+ rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
+ jDisk0 = byid "ata-ST4000DM000-1F2168_Z303HVSG";
+ jDisk1 = byid "ata-ST4000DM000-1F2168_Z3040NEA";
+ jDisk2 = byid "ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E0621363";
+ jDisk3 = byid "ata-TOSHIBA_MD04ACA400_156GK89OFSBA";
+ allDisks = [ rootDisk jDisk0 jDisk1 jDisk2 jDisk3 ];
+in {
imports =
[ # Include the results of the hardware scan.
../2configs/fs/single-partition-ext4.nix
@@ -12,16 +16,9 @@
../2configs/smart-monitor.nix
];
krebs.build.host = config.krebs.hosts.filepimp;
- services.smartd.devices = [
- { device = "/dev/sda"; }
- { device = "/dev/sdb"; }
- { device = "/dev/sdc"; }
- { device = "/dev/sdd"; }
- { device = "/dev/sde"; }
- ];
# AMD N54L
boot = {
- loader.grub.device = "/dev/sde";
+ loader.grub.device = rootDisk;
initrd.availableKernelModules = [
"ahci"
@@ -40,4 +37,28 @@
zramSwap.enable = true;
zramSwap.numDevices = 2;
+
+ makefu.snapraid = let
+ toMedia = name: "/media/" + name;
+ in {
+ enable = true;
+ # todo combine creation when enabling the mount point
+ disks = map toMedia [ "j0" "j1" "j2" ];
+ parity = toMedia "par0";
+ };
+ # TODO: refactor, copy-paste from omo
+ services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
+ powerManagement.powerUpCommands = lib.concatStrings (map (disk: ''
+ ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk}
+ ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk}
+ ${pkgs.hdparm}/sbin/hdparm -y ${disk}
+ '') allDisks);
+ fileSystems = let
+ xfsmount = name: dev:
+ { "/media/${name}" = { device = dev; fsType = "xfs"; }; };
+ in
+ (xfsmount "j0" (part1 jDisk0))
+ // (xfsmount "j1" (part1 jDisk1))
+ // (xfsmount "j2" (part1 jDisk2))
+ // (xfsmount "par0" (part1 jDisk3));
}
From 40b13f240888be643e19939ceef79483aeb07ca5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 1 Feb 2016 21:58:54 +0100
Subject: [PATCH 12/70] ma 1 gum: host update.connector.one
---
makefu/1systems/gum.nix | 1 +
.../2configs/nginx/update.connector.one.nix | 26 +++++++++++++++++++
2 files changed, 27 insertions(+)
create mode 100644 makefu/2configs/nginx/update.connector.one.nix
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index ac7524506..c4dfbf4b7 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -15,6 +15,7 @@ in {
../2configs/git/cgit-retiolum.nix
../2configs/mattermost-docker.nix
../2configs/nginx/euer.test.nix
+ ../2configs/nginx/update.connector.one.nix
../2configs/exim-retiolum.nix
../2configs/urlwatch.nix
diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix
new file mode 100644
index 000000000..eb39a1668
--- /dev/null
+++ b/makefu/2configs/nginx/update.connector.one.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ hostname = config.krebs.build.host.name;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+in {
+ krebs.nginx = {
+ enable = mkDefault true;
+ servers = {
+ omo-share = {
+ listen = [ "${external-ip}:80" ];
+ server-names = [
+ "update.connector.one"
+ "firmware.connector.one"
+ ];
+ locations = singleton (nameValuePair "/" ''
+ autoindex on;
+ root /var/www/update.connector.one;
+ sendfile on;
+ gzip on;
+ '');
+ };
+ };
+ };
+}
From 44e0c5153ca6a65ee130f30ea8466906deedcada Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 1 Feb 2016 22:01:41 +0100
Subject: [PATCH 13/70] ma 1 omo: add shares
---
makefu/1systems/omo.nix | 30 +-------------------
makefu/2configs/{nginx => }/omo-share.nix | 34 +++++++++++++++++++++++
2 files changed, 35 insertions(+), 29 deletions(-)
rename makefu/2configs/{nginx => }/omo-share.nix (51%)
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 19183fea8..e9c51f485 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -28,7 +28,7 @@ in {
../2configs/smart-monitor.nix
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
- ../2configs/nginx/omo-share.nix
+ ../2configs/omo-share.nix
../3modules
];
networking.firewall.trustedInterfaces = [ "enp3s0" ];
@@ -42,34 +42,6 @@ in {
# services.openssh.allowSFTP = false;
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
- # samba share /media/crypt1/share
- users.users.smbguest = {
- name = "smbguest";
- uid = config.ids.uids.smbguest;
- description = "smb guest user";
- home = "/var/empty";
- };
- services.samba = {
- enable = true;
- shares = {
- winshare = {
- path = "/media/crypt1/share";
- "read only" = "no";
- browseable = "yes";
- "guest ok" = "yes";
- };
- };
- extraConfig = ''
- guest account = smbguest
- map to guest = bad user
- # disable printing
- load printers = no
- printing = bsd
- printcap name = /dev/null
- disable spoolss = yes
- '';
- };
-
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
diff --git a/makefu/2configs/nginx/omo-share.nix b/makefu/2configs/omo-share.nix
similarity index 51%
rename from makefu/2configs/nginx/omo-share.nix
rename to makefu/2configs/omo-share.nix
index ce85e0442..1e0975e1d 100644
--- a/makefu/2configs/nginx/omo-share.nix
+++ b/makefu/2configs/omo-share.nix
@@ -31,4 +31,38 @@ in {
};
};
};
+
+ # samba share /media/crypt1/share
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ winshare = {
+ path = "/media/crypt1/share";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ usenet = {
+ path = "/media/crypt0/usenet/dst";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
}
From 07fa0d989609faca2e9f9847165db61428206ef7 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 01:35:19 +0100
Subject: [PATCH 14/70] nixpkgs: symlink upstream-nixpkgs/{default.nix,lib}
---
nixpkgs/default.nix | 2 +-
nixpkgs/lib | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
mode change 100644 => 120000 nixpkgs/default.nix
create mode 120000 nixpkgs/lib
diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
deleted file mode 100644
index 92da82c35..000000000
--- a/nixpkgs/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-import <upstream-nixpkgs>
diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
new file mode 120000
index 000000000..74e9d7633
--- /dev/null
+++ b/nixpkgs/default.nix
@@ -0,0 +1 @@
+../upstream-nixpkgs/default.nix
\ No newline at end of file
diff --git a/nixpkgs/lib b/nixpkgs/lib
new file mode 120000
index 000000000..2284ef489
--- /dev/null
+++ b/nixpkgs/lib
@@ -0,0 +1 @@
+../upstream-nixpkgs/lib
\ No newline at end of file
From 2497533b90ce901a39d6642923738b2a337ad9aa Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 01:53:38 +0100
Subject: [PATCH 15/70] krebs/populate.nix -> krebs/v2 populate
---
Makefile | 13 +++++++++----
krebs/{populate.nix => v2/default.nix} | 6 +++++-
2 files changed, 14 insertions(+), 5 deletions(-)
rename krebs/{populate.nix => v2/default.nix} (98%)
diff --git a/Makefile b/Makefile
index a35d6d128..d7534e1f3 100644
--- a/Makefile
+++ b/Makefile
@@ -33,15 +33,20 @@ deploy2: export target-host = $(target)
else
deploy2: export target-host = $(system)
endif
+deploy2: export source = \
+ with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
+ assert source-version == 2; \
+ source
deploy2:;@
target=$${target-$$system}
result=$$(nix-instantiate \
- --json \
--eval \
- krebs/populate.nix \
- --arg source 'with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; assert source-version == 2; source' \
+ --json \
+ --arg source "$$source" \
--argstr target-host "$$target" \
- --argstr target-path /var/src)
+ --argstr target-path /var/src \
+ -A populate \
+ krebs/v2)
script=$$(echo "$$result" | jq -r .)
echo "$$script" | sh
ssh root@$$target nixos-rebuild switch -I /var/src
diff --git a/krebs/populate.nix b/krebs/v2/default.nix
similarity index 98%
rename from krebs/populate.nix
rename to krebs/v2/default.nix
index 13270c8a7..7eb60103f 100644
--- a/krebs/populate.nix
+++ b/krebs/v2/default.nix
@@ -9,7 +9,11 @@ with import ~/stockholm/krebs/4lib {
};
with builtins;
let
- out = ''
+ out = {
+ inherit populate;
+ };
+
+ populate = ''
#! /bin/sh
set -efu
From b849e3525edfe884a2e004e6497aad9995c093bd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:19:20 +0100
Subject: [PATCH 16/70] make {deploy2 -> populate, rebuild}
---
Makefile | 51 +++++++++++++++++++++++++++------------------------
1 file changed, 27 insertions(+), 24 deletions(-)
diff --git a/Makefile b/Makefile
index d7534e1f3..ecfc7e50d 100644
--- a/Makefile
+++ b/Makefile
@@ -27,30 +27,6 @@ deploy infest:;@
script=$$(make -s eval)
echo "$$script" | sh
-.PHONY: deploy2
-ifdef target
-deploy2: export target-host = $(target)
-else
-deploy2: export target-host = $(system)
-endif
-deploy2: export source = \
- with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
- assert source-version == 2; \
- source
-deploy2:;@
- target=$${target-$$system}
- result=$$(nix-instantiate \
- --eval \
- --json \
- --arg source "$$source" \
- --argstr target-host "$$target" \
- --argstr target-path /var/src \
- -A populate \
- krebs/v2)
- script=$$(echo "$$result" | jq -r .)
- echo "$$script" | sh
- ssh root@$$target nixos-rebuild switch -I /var/src
-
.PHONY: eval
eval:
@
@@ -73,6 +49,33 @@ endif
$${target+--argstr target "$$target"})
echo "$$result" | filter
+ifndef target
+export target = $(system)
+endif
+
+# usage: make populate system=foo [target=bar]
+.PHONY: populate
+populate: export source = \
+ with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
+ assert source-version == 2; \
+ source
+populate:;@
+ result=$$(nix-instantiate \
+ --eval \
+ --json \
+ --arg source "$$source" \
+ --argstr target-host "$$target" \
+ --argstr target-path /var/src \
+ -A populate \
+ krebs/v2)
+ script=$$(echo "$$result" | jq -r .)
+ echo "$$script" | sh
+
+# usage: make rebuild system=foo [target=bar] [operation=switch]
+.PHONY: rebuild
+rebuild: populate ;@
+ ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src
+
else
$(error unbound variable: system[s])
endif
From 8e219cd0a2446e8f141e0f2403413a9bd3f0b061 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:20:29 +0100
Subject: [PATCH 17/70] Makefile,krebs/v2: verbosity++
---
Makefile | 2 +-
krebs/v2/default.nix | 28 +++++++++++++++++++++++-----
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index ecfc7e50d..f81666ae3 100644
--- a/Makefile
+++ b/Makefile
@@ -73,7 +73,7 @@ populate:;@
# usage: make rebuild system=foo [target=bar] [operation=switch]
.PHONY: rebuild
-rebuild: populate ;@
+rebuild: populate ;@set -x
ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src
else
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
index 7eb60103f..78e990d1c 100644
--- a/krebs/v2/default.nix
+++ b/krebs/v2/default.nix
@@ -15,26 +15,34 @@ let
populate = ''
#! /bin/sh
- set -efu
+ set -eu
+
+ verbose() {
+ printf '+' >&2
+ printf ' %q' "$@" >&2
+ printf '\n'
+ "$@"
+ }
echo ${shell.escape git-script} \
| ssh ${shell.escape "${target-user}@${target-host}"} -T
- tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
+ unset tmpdir
trap '
- set +f
rm "$tmpdir"/*
rmdir "$tmpdir"
trap - EXIT INT QUIT
' EXIT INT QUIT
+ tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
chmod 0755 "$tmpdir"
+
${concatStringsSep "\n"
(mapAttrsToList
(name: spec: let dst = removePrefix "symlink:" (get-url spec); in
- "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
+ "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
symlink-specs)}
- proot \
+ verbose proot \
-b $tmpdir:${shell.escape target-path} \
${concatStringsSep " \\\n "
(mapAttrsToList
@@ -77,6 +85,15 @@ let
filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
git-script = ''
+ #! /bin/sh
+ set -efu
+
+ verbose() {
+ printf '+' >&2
+ printf ' %q' "$@" >&2
+ printf '\n'
+ }
+
fetch_git() {(
dst_dir=$1
src_url=$2
@@ -109,6 +126,7 @@ let
${concatStringsSep "\n"
(mapAttrsToList
(name: spec: toString (map shell.escape [
+ "verbose"
"fetch_git"
"${target-path}/${name}"
spec.url
From 1b67c62f15e1c92aa1ccdf392fcdfe85488e3f48 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:29:42 +0100
Subject: [PATCH 18/70] make populate: define and pass lib to krebs/v2
---
Makefile | 6 +++++-
krebs/v2/default.nix | 9 +++------
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/Makefile b/Makefile
index f81666ae3..c4f5cd398 100644
--- a/Makefile
+++ b/Makefile
@@ -55,14 +55,18 @@ endif
# usage: make populate system=foo [target=bar]
.PHONY: populate
+populate: export lib = \
+ let nlib = import <nixpkgs/lib>; in \
+ nlib // import krebs/4lib { lib = nlib; } // builtins
populate: export source = \
- with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \
+ with (import ./. {}).users.$(LOGNAME).$(system).config.krebs.build; \
assert source-version == 2; \
source
populate:;@
result=$$(nix-instantiate \
--eval \
--json \
+ --arg lib "$$lib" \
--arg source "$$source" \
--argstr target-host "$$target" \
--argstr target-path /var/src \
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
index 78e990d1c..ac1c13e72 100644
--- a/krebs/v2/default.nix
+++ b/krebs/v2/default.nix
@@ -1,13 +1,10 @@
-{ source
+{ lib
+, source
, target-user ? "root"
, target-host
, target-path ? "/var/src"
}:
-with import <nixpkgs/lib>;
-with import ~/stockholm/krebs/4lib {
- lib = import <nixpkgs/lib>;
-};
-with builtins;
+with lib;
let
out = {
inherit populate;
From 942511acb1ca0d3c6ef1e59694e888c7d4665aee Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:51:22 +0100
Subject: [PATCH 19/70] make {populate,rebuild}: use $target_{host,user,path}
---
Makefile | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/Makefile b/Makefile
index c4f5cd398..501dfbe83 100644
--- a/Makefile
+++ b/Makefile
@@ -49,36 +49,39 @@ endif
$${target+--argstr target "$$target"})
echo "$$result" | filter
-ifndef target
-export target = $(system)
-endif
+export target_host ?= $(system)
+export target_user ?= root
+export target_path ?= /var/src
-# usage: make populate system=foo [target=bar]
+# usage: make populate system=foo [target_host=bar]
.PHONY: populate
populate: export lib = \
let nlib = import <nixpkgs/lib>; in \
nlib // import krebs/4lib { lib = nlib; } // builtins
populate: export source = \
- with (import ./. {}).users.$(LOGNAME).$(system).config.krebs.build; \
- assert source-version == 2; \
- source
+ with builtins; \
+ with (import ./. {}).users.$${getEnv "LOGNAME"}.$${getEnv "system"}; \
+ assert config.krebs.build.source-version == 2; \
+ config.krebs.build.source
populate:;@
result=$$(nix-instantiate \
--eval \
--json \
--arg lib "$$lib" \
--arg source "$$source" \
- --argstr target-host "$$target" \
- --argstr target-path /var/src \
+ --argstr target-user "$$target_user" \
+ --argstr target-host "$$target_host" \
+ --argstr target-path "$$target_path" \
-A populate \
krebs/v2)
script=$$(echo "$$result" | jq -r .)
echo "$$script" | sh
-# usage: make rebuild system=foo [target=bar] [operation=switch]
+# usage: make rebuild system=foo [target_host=bar] [operation=switch]
.PHONY: rebuild
rebuild: populate ;@set -x
- ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src
+ ssh "$$target_user@$$target_host" \
+ nixos-rebuild "$${operation-switch}" -I "$$target_path"
else
$(error unbound variable: system[s])
From 74120066f0387339bc4b3c02b30ed303a90de5da Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 03:57:32 +0100
Subject: [PATCH 20/70] krebs/v2: simplify verbose
---
krebs/v2/default.nix | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
index ac1c13e72..cba7a75ff 100644
--- a/krebs/v2/default.nix
+++ b/krebs/v2/default.nix
@@ -15,9 +15,7 @@ let
set -eu
verbose() {
- printf '+' >&2
- printf ' %q' "$@" >&2
- printf '\n'
+ printf '+%s\n' "$(printf ' %q' "$@")" >&2
"$@"
}
@@ -86,9 +84,8 @@ let
set -efu
verbose() {
- printf '+' >&2
- printf ' %q' "$@" >&2
- printf '\n'
+ printf '+%s\n' "$(printf ' %q' "$@")" >&2
+ "$@"
}
fetch_git() {(
From 0414f344d9abec821883dcdc77acc6b1d7b8f0ae Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 04:01:55 +0100
Subject: [PATCH 21/70] nixpkgs/nixos/lib -> upstream-nixpkgs/nixos/lib
---
nixpkgs/nixos/lib | 1 +
1 file changed, 1 insertion(+)
create mode 120000 nixpkgs/nixos/lib
diff --git a/nixpkgs/nixos/lib b/nixpkgs/nixos/lib
new file mode 120000
index 000000000..eb942f88b
--- /dev/null
+++ b/nixpkgs/nixos/lib
@@ -0,0 +1 @@
+../../upstream-nixpkgs/nixos/lib
\ No newline at end of file
From 5ce588fb8172ba4d91cfa31c9e043fa1799be9ae Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 13:21:59 +0100
Subject: [PATCH 22/70] nixpkgs/pkgs -> upstream-nixpkgs/pkgs
---
nixpkgs/pkgs | 1 +
1 file changed, 1 insertion(+)
create mode 120000 nixpkgs/pkgs
diff --git a/nixpkgs/pkgs b/nixpkgs/pkgs
new file mode 120000
index 000000000..ce5f5448b
--- /dev/null
+++ b/nixpkgs/pkgs
@@ -0,0 +1 @@
+../upstream-nixpkgs/pkgs
\ No newline at end of file
From 11371608c1c6b5fc661d1c0a1f825226dfd9f599 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 15:29:40 +0100
Subject: [PATCH 23/70] with-tmpdir: init at 1
---
krebs/5pkgs/with-tmpdir/default.nix | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
create mode 100644 krebs/5pkgs/with-tmpdir/default.nix
diff --git a/krebs/5pkgs/with-tmpdir/default.nix b/krebs/5pkgs/with-tmpdir/default.nix
new file mode 100644
index 000000000..517e46310
--- /dev/null
+++ b/krebs/5pkgs/with-tmpdir/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, fetchgit, coreutils, dash, ... }:
+
+stdenv.mkDerivation {
+ name = "with-tmpdir-1";
+
+ src = fetchgit {
+ url = http://cgit.cd.krebsco.de/with-tmpdir;
+ rev = "3243c02ed8cd27a04c080bd39560204980f6c16a";
+ sha256 = "80ee6cafb2c337999ddcd1e41747d6256b7cfcea605358c2046eb7e3729555c6";
+ };
+
+ phases = [
+ "unpackPhase"
+ "installPhase"
+ ];
+
+ installPhase = ''
+ mkdir -p $out/bin
+
+ { echo '#! ${dash}/bin/dash'
+ echo 'OLDPATH=$PATH'
+ echo 'PATH=${coreutils}/bin'
+ sed '$s/^/#/' ./with-tmpdir
+ echo '(PATH=$OLDPATH; exec "$@")'
+ } > $out/bin/with-tmpdir
+
+ chmod +x $out/bin/with-tmpdir
+ '';
+}
From 7dbfc126fb329a67d68b32803e866ba9f0e7b2f0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 15:34:22 +0100
Subject: [PATCH 24/70] tv git public-repos += with-tmpdir
---
tv/2configs/git.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 800deff1b..5e0f95c15 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -39,6 +39,7 @@ let
stockholm = {
desc = "take all the computers hostage, they'll love you!";
};
+ with-tmpdir = {};
} // mapAttrValues (setAttr "section" "2. Haskell libraries") {
blessings = {};
mime = {};
From 03e5d03c129190451e1431fac6aae70f745812f9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 19:17:19 +0100
Subject: [PATCH 25/70] tv config: use null for dummy secrets
---
tv/2configs/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index abe9d3de8..777cd4ea3 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -12,6 +12,7 @@ with lib;
source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix";
nixpkgs = symlink:stockholm-nixpkgs;
+ null = "/home/tv/stockholm/null";
secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
secrets-common = "/home/tv/secrets/common";
stockholm-krebs = "/home/tv/stockholm/krebs";
@@ -101,7 +102,7 @@ with lib;
};
environment.variables = {
- NIX_PATH = mkForce "/var/src";
+ NIX_PATH = mkForce "secrets=/var/src/null:/var/src";
};
programs.bash = {
From 28382e43e0df74a6b10bfcf23465d8415fa86460 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 19:51:01 +0100
Subject: [PATCH 26/70] tv: RIP consul
---
tv/1systems/cd.nix | 1 -
tv/1systems/mkdir.nix | 1 -
tv/1systems/rmdir.nix | 1 -
tv/2configs/consul-client.nix | 9 ---
tv/2configs/consul-server.nix | 21 ------
tv/3modules/consul.nix | 118 ----------------------------------
tv/3modules/default.nix | 1 -
7 files changed, 152 deletions(-)
delete mode 100644 tv/2configs/consul-client.nix
delete mode 100644 tv/2configs/consul-server.nix
delete mode 100644 tv/3modules/consul.nix
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 27e94aef0..e42d5750a 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -14,7 +14,6 @@ with lib;
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- #../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
../2configs/retiolum.nix
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 9d8a0bcfa..79e5f73b9 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -22,7 +22,6 @@ in
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
{
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 1f1d975c9..6fd79c596 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -23,7 +23,6 @@ in
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
- ../2configs/consul-server.nix
../2configs/exim-smarthost.nix
../2configs/git.nix
{
diff --git a/tv/2configs/consul-client.nix b/tv/2configs/consul-client.nix
deleted file mode 100644
index 0a8bf4d75..000000000
--- a/tv/2configs/consul-client.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-
-{
- imports = [ ./consul-server.nix ];
-
- tv.consul = {
- server = pkgs.lib.mkForce false;
- };
-}
diff --git a/tv/2configs/consul-server.nix b/tv/2configs/consul-server.nix
deleted file mode 100644
index d10f9ea75..000000000
--- a/tv/2configs/consul-server.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, ... }:
-
-{
- tv.consul = rec {
- enable = true;
-
- self = config.krebs.build.host;
- inherit (self) dc;
-
- server = true;
-
- hosts = with config.krebs.hosts; [
- # TODO get this list automatically from each host where tv.consul.enable is true
- cd
- mkdir
- nomic
- rmdir
- #wu
- ];
- };
-}
diff --git a/tv/3modules/consul.nix b/tv/3modules/consul.nix
deleted file mode 100644
index 5c955fdb5..000000000
--- a/tv/3modules/consul.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# if quorum gets lost, then start any node with a config that doesn't contain bootstrap_expect
-# but -bootstrap
-# TODO consul-bootstrap HOST that actually does is
-# TODO tools to inspect state of a cluster in outage state
-
-with lib;
-let
- cfg = config.tv.consul;
-
- out = {
- options.tv.consul = api;
- config = mkIf cfg.enable (mkMerge [
- imp
- { tv.iptables.input-retiolum-accept-new-tcp = [ "8300" "8301" ]; }
- # TODO udp for 8301
- ]);
- };
-
- api = {
- enable = mkEnableOption "tv.consul";
-
- dc = mkOption {
- type = types.label;
- };
- hosts = mkOption {
- type = with types; listOf host;
- };
- encrypt-file = mkOption {
- type = types.str; # TODO path (but not just into store)
- default = toString <secrets/consul-encrypt.json>;
- };
- data-dir = mkOption {
- type = types.str; # TODO path (but not just into store)
- default = "/var/lib/consul";
- };
- self = mkOption {
- type = types.host;
- };
- server = mkOption {
- type = types.bool;
- default = false;
- };
- GOMAXPROCS = mkOption {
- type = types.int;
- default = cfg.self.cores;
- };
- };
-
- consul-config = {
- datacenter = cfg.dc;
- data_dir = cfg.data-dir;
- log_level = "INFO";
- #node_name =
- server = cfg.server;
- enable_syslog = true;
- retry_join =
- # TODO allow consul in other nets than retiolum [maybe]
- concatMap (host: host.nets.retiolum.addrs)
- (filter (host: host.name != cfg.self.name) cfg.hosts);
- leave_on_terminate = true;
- } // optionalAttrs cfg.server {
- bootstrap_expect = length cfg.hosts;
- leave_on_terminate = false;
- };
-
- imp = {
- environment.systemPackages = with pkgs; [
- consul
- ];
-
- systemd.services.consul = {
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- path = with pkgs; [
- consul
- ];
- environment = {
- GOMAXPROCS = toString cfg.GOMAXPROCS;
- };
- serviceConfig = {
- PermissionsStartOnly = "true";
- SyslogIdentifier = "consul";
- User = user.name;
- PrivateTmp = "true";
- Restart = "always";
- ExecStartPre = pkgs.writeScript "consul-init" ''
- #! /bin/sh
- mkdir -p ${cfg.data-dir}
- chown ${user.name}: ${cfg.data-dir}
- install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json
- '';
- ExecStart = pkgs.writeScript "consul-service" ''
- #! /bin/sh
- set -euf
- exec >/dev/null
- exec consul agent \
- -config-file=${toFile "consul.json" (toJSON consul-config)} \
- -config-file=/tmp/encrypt.json
- '';
- #-node=${cfg.self.fqdn} \
- #ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D";
- };
- };
-
- users.extraUsers = singleton {
- inherit (user) name uid;
- };
- };
-
- user = rec {
- name = "consul";
- uid = genid name;
- };
-
-in
-out
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index bb10d8261..f7889b245 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -2,7 +2,6 @@ _:
{
imports = [
- ./consul.nix
./ejabberd.nix
./iptables.nix
];
From d341d1ad1006d49299007c2210dfd8f9903ae21a Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:01:28 +0100
Subject: [PATCH 27/70] tv vim: drop noise
---
tv/2configs/vim.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index bab949270..83cc6e117 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -7,11 +7,6 @@ let
vim
];
- # Nano really is just a stupid name for Vim.
- nixpkgs.config.packageOverrides = pkgs: {
- nano = pkgs.vim;
- };
-
environment.etc.vimrc.source = vimrc;
environment.variables.EDITOR = mkForce "vim";
From ef0ce9065f312140cbcb51fc5102c4c5d4e80568 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:02:01 +0100
Subject: [PATCH 28/70] tv nix.vim: let b:current_syntax
---
tv/2configs/vim.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 83cc6e117..23f90af05 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -105,6 +105,8 @@ let
syn match String /"\([^\\"]\|\\.\)*"/
syn match Comment /\(^\|\s\)#.*/
+
+ let b:current_syntax = "nix"
''}
au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile
From ba4bfed2715cb3973f9dbaa6f0a6010c59121a54 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:05:12 +0100
Subject: [PATCH 29/70] wu: selectively allowUnfree nvidia-x11
---
tv/1systems/wu.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index aef8ca761..2fa0e8ab7 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -157,7 +157,7 @@ with lib;
nixpkgs.config.chromium.enablePepperFlash = true;
- nixpkgs.config.allowUnfree = true;
+ nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
hardware.bumblebee.enable = true;
hardware.bumblebee.group = "video";
hardware.enableAllFirmware = true;
From 34dcaa692382072889e7e796461933ff129d5a13 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:06:15 +0100
Subject: [PATCH 30/70] xu: don't unconditionally allowUnfree
---
tv/1systems/xu.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 31a8a3e99..8c4af2bd3 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -155,7 +155,6 @@ with lib;
nixpkgs.config.chromium.enablePepperFlash = true;
- nixpkgs.config.allowUnfree = true;
#hardware.bumblebee.enable = true;
#hardware.bumblebee.group = "video";
hardware.enableAllFirmware = true;
From 44b9f90b2c70c997399afcc550dac2fff155af6b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:12:06 +0100
Subject: [PATCH 31/70] tv config: allowUnfree = false
---
tv/2configs/default.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 777cd4ea3..ee1d9521d 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -70,6 +70,9 @@ with lib;
nix.useChroot = true;
}
+ {
+ nixpkgs.config.allowUnfree = false;
+ }
{
environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
From afd09edbd3ec1739fb95eaab664a2400386ce7a0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 2 Feb 2016 20:17:10 +0100
Subject: [PATCH 32/70] tv: cleanup allowUnfree
---
tv/2configs/hw/AO753.nix | 9 ++++-----
tv/2configs/hw/x220.nix | 1 -
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index acd9ee32b..72a40819f 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -1,4 +1,6 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
{
imports = [
@@ -39,8 +41,5 @@
HandleSuspendKey=ignore
'';
- nixpkgs.config = {
- allowUnfree = false;
- allowUnfreePredicate = (x: pkgs.lib.hasPrefix "broadcom-sta-" x.name);
- };
+ nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "broadcom-sta-" pkg.name;
}
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 8549311e7..7cec670fa 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -14,7 +14,6 @@
networking.wireless.enable = true;
#hardware.enableAllFirmware = true;
- #nixpkgs.config.allowUnfree = true;
#zramSwap.enable = true;
#zramSwap.numDevices = 2;
From 68655d1ddf078eb1bb3a48ba7e6e9376d913985e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Feb 2016 11:32:58 +0100
Subject: [PATCH 33/70] krebs.git: remove trailing spaces
---
krebs/3modules/git.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index e6267d7e6..0fa6b240b 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -27,7 +27,7 @@ let
description = ''
Enable cgit.
Cgit is an attempt to create a fast web interface for the git version
- control system, using a built in cache to decrease pressure on the
+ control system, using a built in cache to decrease pressure on the
git server.
cgit in this module is being served via fastcgi nginx.This module
deploys a http://cgit.<hostname> nginx configuration and enables nginx
@@ -127,7 +127,7 @@ let
git-imp = {
system.activationScripts.git-init = "${init-script}";
-
+
# TODO maybe put all scripts here and then use PATH?
environment.etc."${etc-base}".source =
scriptFarm "git-ssh-authorizers" {
@@ -136,7 +136,7 @@ let
(map getName (ensureList repo))
(map getName perm.allow-commands)
]) cfg.rules);
-
+
authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [
(map getName (ensureList user))
(map getName (ensureList repo))
@@ -144,7 +144,7 @@ let
(map getName perm.allow-receive-modes)
]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
};
-
+
users.extraUsers = singleton rec {
description = "Git repository hosting user";
name = "git";
From cdb590be5072712c9552a98f8979aa94288dcbc8 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Feb 2016 13:36:54 +0100
Subject: [PATCH 34/70] krebs.git.rules: specify type
---
krebs/3modules/git.nix | 193 ++++++++++++++++++++++++++++++-----------
tv/2configs/git.nix | 4 +-
2 files changed, 142 insertions(+), 55 deletions(-)
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 0fa6b240b..7b28ffca8 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -44,48 +44,8 @@ let
default = "/etc/git";
};
repos = mkOption {
- type = types.attrsOf (types.submodule ({
- options = {
- desc = mkOption {
- type = types.nullOr types.str;
- default = null;
- description = ''
- Repository description.
- '';
- };
- section = mkOption {
- type = types.nullOr types.str;
- default = null;
- description = ''
- Repository section.
- '';
- };
- name = mkOption {
- type = types.str;
- description = ''
- Repository name.
- '';
- };
- hooks = mkOption {
- type = types.attrsOf types.str;
- default = {};
- description = ''
- Repository-specific hooks.
- '';
- };
- public = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Allow everybody to read the repository via HTTP if cgit enabled.
- '';
- # TODO allow every configured user to fetch the repository via SSH.
- };
- };
- }));
-
+ type = types.attrsOf subtypes.repo;
default = {};
-
example = literalExample ''
{
testing = {
@@ -99,7 +59,6 @@ let
testing2 = { name = "testing2"; };
}
'';
-
description = ''
Repositories.
'';
@@ -121,28 +80,156 @@ let
'';
};
rules = mkOption {
- type = types.unspecified;
+ type = types.listOf subtypes.rule;
+ default = [];
+ example = literalExample ''
+ singleton {
+ user = [ config.krebs.users.tv ];
+ repo = [ testing ]; # see literal example of repos
+ perm = push "refs/*" (with lib.git; [
+ non-fast-forward create delete merge
+ ]);
+ }
+ '';
+ description = ''
+ Rules.
+ '';
};
};
+ # TODO put into krebs/4lib/types.nix?
+ subtypes = {
+ repo = types.submodule ({
+ options = {
+ collaborators = mkOption {
+ type = types.listOf types.user;
+ default = [];
+ description = ''
+ List of users that should be able to fetch from this repo.
+
+ This option is currently not used by krebs.git but instead can be
+ used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for
+ an example.
+ '';
+ };
+ desc = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Repository description.
+ '';
+ };
+ section = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Repository section.
+ '';
+ };
+ name = mkOption {
+ type = types.str;
+ description = ''
+ Repository name.
+ '';
+ };
+ hooks = mkOption {
+ type = types.attrsOf types.str;
+ default = {};
+ description = ''
+ Repository-specific hooks.
+ '';
+ };
+ public = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Allow everybody to read the repository via HTTP if cgit enabled.
+ '';
+ # TODO allow every configured user to fetch the repository via SSH.
+ };
+ };
+ });
+ rule = types.submodule ({ config, ... }: {
+ options = {
+ user = mkOption {
+ type = types.listOf types.user;
+ description = ''
+ List of users this rule should apply to.
+ Checked by authorize-command.
+ '';
+ };
+ repo = mkOption {
+ type = types.listOf subtypes.repo;
+ description = ''
+ List of repos this rule should apply to.
+ Checked by authorize-command.
+ '';
+ };
+ perm = mkOption {
+ type = types.submodule {
+ # TODO generate enum argument from krebs/4lib/git.nix
+ options = {
+ allow-commands = mkOption {
+ type = types.listOf (types.enum (with git; [
+ git-receive-pack
+ git-upload-pack
+ ]));
+ default = [];
+ description = ''
+ List of commands the rule's users are allowed to execute.
+ Checked by authorize-command.
+ '';
+ };
+ allow-receive-ref = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = ''
+ Ref that can receive objects.
+ Checked by authorize-push.
+ '';
+ };
+ allow-receive-modes = mkOption {
+ type = types.listOf (types.enum (with git; [
+ fast-forward
+ non-fast-forward
+ create
+ delete
+ merge
+ ]));
+ default = [];
+ description = ''
+ List of allowed receive modes.
+ Checked by pre-receive hook.
+ '';
+ };
+ };
+ };
+ description = ''
+ Permissions granted.
+ '';
+ };
+ };
+ });
+ };
+
git-imp = {
system.activationScripts.git-init = "${init-script}";
# TODO maybe put all scripts here and then use PATH?
environment.etc."${etc-base}".source =
scriptFarm "git-ssh-authorizers" {
- authorize-command = makeAuthorizeScript (map ({ repo, user, perm }: [
- (map getName (ensureList user))
- (map getName (ensureList repo))
- (map getName perm.allow-commands)
+ authorize-command = makeAuthorizeScript (map (rule: [
+ (map getName (ensureList rule.user))
+ (map getName (ensureList rule.repo))
+ (map getName rule.perm.allow-commands)
]) cfg.rules);
- authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [
- (map getName (ensureList user))
- (map getName (ensureList repo))
- (ensureList perm.allow-receive-ref)
- (map getName perm.allow-receive-modes)
- ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
+ authorize-push = makeAuthorizeScript (map (rule: [
+ (map getName (ensureList rule.user))
+ (map getName (ensureList rule.repo))
+ (ensureList rule.perm.allow-receive-ref)
+ (map getName rule.perm.allow-receive-modes)
+ ]) (filter (rule: rule.perm.allow-receive-ref != null) cfg.rules));
};
users.extraUsers = singleton rec {
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 5e0f95c15..01dc7de9b 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -9,7 +9,7 @@ let
enable = true;
root-title = "public repositories at ${config.krebs.build.host.name}";
root-desc = "keep calm and engage";
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ repos = repos;
rules = rules;
};
};
@@ -99,7 +99,7 @@ let
repo = [ repo ];
perm = fetch;
} ++
- optional (length (repo.collaborators or []) > 0) {
+ optional (repo.collaborators or [] != []) {
user = repo.collaborators;
repo = [ repo ];
perm = fetch;
From 5bc7523bb54e960f5ac00492b16519b1bce21007 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 3 Feb 2016 19:39:00 +0100
Subject: [PATCH 35/70] cac-1.0.3 -> cac-api-1.1.0
---
krebs/5pkgs/{cac => cac-api}/default.nix | 18 +++++------
.../5pkgs/test/infest-cac-centos7/default.nix | 4 +--
krebs/5pkgs/test/infest-cac-centos7/notes | 32 +++++++++----------
tv/1systems/wu.nix | 2 +-
tv/2configs/git.nix | 4 +--
5 files changed, 29 insertions(+), 31 deletions(-)
rename krebs/5pkgs/{cac => cac-api}/default.nix (56%)
diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac-api/default.nix
similarity index 56%
rename from krebs/5pkgs/cac/default.nix
rename to krebs/5pkgs/cac-api/default.nix
index 4d39ce2fb..2a32bb096 100644
--- a/krebs/5pkgs/cac/default.nix
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -1,12 +1,12 @@
{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
stdenv.mkDerivation {
- name = "cac-1.0.3";
+ name = "cac-api-1.1.0";
src = fetchgit {
- url = http://cgit.cd.retiolum/cac;
- rev = "22acc1b990ac7d97c16344fbcbc2621e24cdf915";
- sha256 = "135b740617c983b3f46a1983d4744be17340d5146a0a0de0dff4bb7a53688f2f";
+ url = http://cgit.cd.krebsco.de/cac-api;
+ rev = "0809fae379239687ed1170e04311dc2880ef0aba";
+ sha256 = "357ced27c9ed88028967c934178a1d230bf38617a7494cd4632fabdd2a04fcdd";
};
phases = [
@@ -29,11 +29,9 @@ stdenv.mkDerivation {
in
''
mkdir -p $out/bin
-
- sed < ./cac > $out/bin/cac '
- s;^_cac_main .*;PATH=${path}''${PATH+:$PATH} &;
- '
-
- chmod +x $out/bin/cac
+ cp cac-api $out/bin/cac-api
+ sed -i '
+ s;^_cac_cli_main .*;PATH=${path}''${PATH+:$PATH} &;
+ ' $out/bin/cac-api
'';
}
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 7f2e3f231..ebea5ae1c 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cacpanel, gnumake, gnused, jq, openssh, ... }:
stdenv.mkDerivation rec {
name = "${shortname}-${version}";
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
path = stdenv.lib.makeSearchPath "bin" [
coreutils
- cac
+ cac-api
cacpanel
gnumake
gnused
diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes
index 6bfb6906e..7b9cbb46f 100755
--- a/krebs/5pkgs/test/infest-cac-centos7/notes
+++ b/krebs/5pkgs/test/infest-cac-centos7/notes
@@ -1,6 +1,6 @@
#! /bin/sh
-# nix-shell -p gnumake jq openssh cac cacpanel
+# nix-shell -p gnumake jq openssh cac-api cacpanel
set -eufx
# 2 secrets are required:
@@ -47,15 +47,15 @@ export cac_secrets=$sec_file
cac-cli --config $krebs_cred panel add-api-ip
# test login:
-cac update
-cac servers
+cac-api update
+cac-api servers
# preserve old trap
old_trapstr=$(clear_defer)
while true;do
# Template 26: CentOS7
- # TODO: use cac templates to determine the real Centos7 template in case it changes
- out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1)
+ # TODO: use cac-api templates to determine the real Centos7 template in case it changes
+ out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1)
if name=$(echo "$out" | jq -r .servername);then
id=servername:$name
echo "got a working machine, id=$id"
@@ -67,15 +67,15 @@ while true;do
fi
clear_defer >/dev/null
- defer "cac delete $id"
+ defer "cac-api delete $id"
# TODO: timeout?
wait_login_cac(){
# we wait for 30 minutes
for t in `seq 180`;do
- # now we have a working cac server
- if cac ssh $1 -o ConnectTimeout=10 \
+ # now we have a working cac-api server
+ if cac-api ssh $1 -o ConnectTimeout=10 \
cat /etc/redhat-release | \
grep CentOS ;then
return 0
@@ -87,7 +87,7 @@ while true;do
# die on timeout
if ! wait_login_cac $id;then
echo "unable to boot a working system within time frame, retrying..." >&2
- echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)"
+ echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)"
eval "$(clear_defer | sed 's/;exit//')"
sleep 15
else
@@ -96,17 +96,17 @@ while true;do
fi
done
clear_defer >/dev/null
-defer "cac delete $id;$old_trapstr"
+defer "cac-api delete $id;$old_trapstr"
mkdir -p shared/2configs/temp
-cac generatenetworking $id > \
+cac-api generatenetworking $id > \
shared/2configs/temp/networking.nix
# new temporary ssh key we will use to log in after infest
ssh-keygen -f $krebs_ssh -N ""
cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv
# we override the directories for secrets and stockholm
# additionally we set the ssh key we generated
-ip=$(cac getserver $id | jq -r .ip)
+ip=$(cac-api getserver $id | jq -r .ip)
cat > shared/2configs/temp/dirs.nix <<EOF
_: {
@@ -123,18 +123,18 @@ EOF
LOGNAME=shared make eval get=krebs.infest \
target=derp system=test-centos7 filter=json \
- | sed -e "s#^ssh.*<<#cac ssh $id<<#" \
- -e "/^rsync/a -e 'cac ssh $id' \\\\" \
+ | sed -e "s#^ssh.*<<#cac-api ssh $id<<#" \
+ -e "/^rsync/a -e 'cac-api ssh $id' \\\\" \
-e "s#root.derp:#:#" > $krebs_secrets/infest
sh -x $krebs_secrets/infest
# TODO: generate secrets directory $krebs_secrets for nix import
-cac powerop $id reset
+cac-api powerop $id reset
wait_login(){
# timeout
for t in `seq 90`;do
- # now we have a working cac server
+ # now we have a working cac-api server
if ssh -o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
-i $krebs_ssh \
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 2fa0e8ab7..29e6de08b 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -43,7 +43,7 @@ with lib;
# tv
bc
bind # dig
- cac
+ cac-api
dic
file
get
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 01dc7de9b..b8180085f 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -22,8 +22,8 @@ let
public-repos = mapAttrs make-public-repo ({
} // mapAttrValues (setAttr "section" "1. Miscellaneous") {
- cac = {
- desc = "CloudAtCost command line interface";
+ cac-api = {
+ desc = "CloudAtCost API command line interface";
};
get = {};
hack = {};
From a350db5ce9e3fcf27678a2b9bb6685358b63742a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 3 Feb 2016 21:17:46 +0100
Subject: [PATCH 36/70] cacpanel 0.2.3 -> cac-panel 0.4.4
---
krebs/5pkgs/cac-panel/default.nix | 18 ++++++++++++++++++
krebs/5pkgs/cacpanel/default.nix | 18 ------------------
2 files changed, 18 insertions(+), 18 deletions(-)
create mode 100644 krebs/5pkgs/cac-panel/default.nix
delete mode 100644 krebs/5pkgs/cacpanel/default.nix
diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix
new file mode 100644
index 000000000..fd4799535
--- /dev/null
+++ b/krebs/5pkgs/cac-panel/default.nix
@@ -0,0 +1,18 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+ name = "cac-panel-${version}";
+ version = "0.4.4";
+
+ src = pkgs.fetchurl {
+ url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
+ sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
+ };
+
+ propagatedBuildInputs = with python3Packages; [
+ docopt
+ requests2
+ beautifulsoup4
+ ];
+}
+
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
deleted file mode 100644
index 3df4dffed..000000000
--- a/krebs/5pkgs/cacpanel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
- name = "cacpanel-${version}";
- version = "0.2.3";
-
- src = pkgs.fetchurl {
- url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
- sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8";
- };
-
- propagatedBuildInputs = with python3Packages; [
- docopt
- requests2
- beautifulsoup4
- ];
-}
-
From fdc4fa5c98aaabfb31be7e7f219ca2b134172cf9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 3 Feb 2016 21:17:46 +0100
Subject: [PATCH 37/70] cacpanel 0.2.3 -> cac-panel 0.4.4
---
krebs/5pkgs/cac-panel/default.nix | 18 ++++++++++++++++++
krebs/5pkgs/cacpanel/default.nix | 18 ------------------
2 files changed, 18 insertions(+), 18 deletions(-)
create mode 100644 krebs/5pkgs/cac-panel/default.nix
delete mode 100644 krebs/5pkgs/cacpanel/default.nix
diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix
new file mode 100644
index 000000000..fd4799535
--- /dev/null
+++ b/krebs/5pkgs/cac-panel/default.nix
@@ -0,0 +1,18 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+ name = "cac-panel-${version}";
+ version = "0.4.4";
+
+ src = pkgs.fetchurl {
+ url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
+ sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
+ };
+
+ propagatedBuildInputs = with python3Packages; [
+ docopt
+ requests2
+ beautifulsoup4
+ ];
+}
+
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
deleted file mode 100644
index 3df4dffed..000000000
--- a/krebs/5pkgs/cacpanel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
- name = "cacpanel-${version}";
- version = "0.2.3";
-
- src = pkgs.fetchurl {
- url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
- sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8";
- };
-
- propagatedBuildInputs = with python3Packages; [
- docopt
- requests2
- beautifulsoup4
- ];
-}
-
From 48381bd8dd9607d54a936c644964ab5bac90e4a9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:20:03 +0100
Subject: [PATCH 38/70] cac-api: don't GET broken listtasks + use complete cert
---
krebs/5pkgs/cac-api/cac.pem | 88 +++++++++++++++++++++++++++++++++
krebs/5pkgs/cac-api/default.nix | 47 ++++++++++--------
2 files changed, 114 insertions(+), 21 deletions(-)
create mode 100644 krebs/5pkgs/cac-api/cac.pem
diff --git a/krebs/5pkgs/cac-api/cac.pem b/krebs/5pkgs/cac-api/cac.pem
new file mode 100644
index 000000000..9d02b6bcf
--- /dev/null
+++ b/krebs/5pkgs/cac-api/cac.pem
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
+YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
+ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
+IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
+Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
+LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
+YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
+6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
+A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
+lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
+L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
+L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
+LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
+bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
+hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
+D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
+HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
+LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
+DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
+dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
+1VE7rIcEbw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
+oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
+IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
+llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
+7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
+RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
+PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
+AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
+VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
+bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
+AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
+dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
+AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
+3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
+tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
+ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
+9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
+kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
+GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
+QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
+3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
+AeKCINT+b72x
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
index 2a32bb096..331b0853f 100644
--- a/krebs/5pkgs/cac-api/default.nix
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
+{ stdenv, fetchgit, bc, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
stdenv.mkDerivation {
name = "cac-api-1.1.0";
@@ -14,24 +14,29 @@ stdenv.mkDerivation {
"installPhase"
];
- installPhase =
- let
- path = stdenv.lib.makeSearchPath "bin" [
- bc
- coreutils
- curl
- gnused
- inotifyTools
- jq
- ncurses
- sshpass
- ];
- in
- ''
- mkdir -p $out/bin
- cp cac-api $out/bin/cac-api
- sed -i '
- s;^_cac_cli_main .*;PATH=${path}''${PATH+:$PATH} &;
- ' $out/bin/cac-api
- '';
+ installPhase = ''
+ mkdir -p $out/bin
+ { cat <<\EOF
+ #! ${dash}/bin/dash
+ export PATH=${stdenv.lib.makeSearchPath "bin" [
+ bc
+ coreutils
+ curl
+ gnused
+ inotifyTools
+ jq
+ ncurses
+ openssh
+ sshpass
+ ]}
+ EOF
+ # [1]: Disable fetching tasks; listtasks is currently broken:
+ # Unknown column 'iod.apitask.cid' in 'field list'
+ sed '
+ /^\s*tasks \\$/d; # [1]
+ s|\<_cac_exec curl|<${./cac.pem} & --cacert /dev/stdin|
+ ' cac-api
+ } > $out/bin/cac-api
+ chmod +x $out/bin/cac-api
+ '';
}
From bbfef6bd25b4647d9587f891f9b7cb358fabfc87 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:32:38 +0100
Subject: [PATCH 39/70] Reaktor: use upstream lentil
---
krebs/5pkgs/Reaktor/plugins.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix
index 7490be4ca..0f61688e3 100644
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@@ -82,7 +82,7 @@ rec {
};
stockholm-issue = buildSimpleReaktorPlugin "stockholm-issue" {
script = ./scripts/random-issue.sh;
- path = with pkgs; [ git gnused lentil ];
+ path = with pkgs; [ git gnused haskellPackages.lentil ];
env = { "origin" = "http://cgit.gum/stockholm"; };
};
From f095b0267a94e7b8b5ff9acbf54ce11df4a40d8f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:59:40 +0100
Subject: [PATCH 40/70] test: cacpanel -> cac-panel
---
krebs/5pkgs/test/infest-cac-centos7/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index f7b2a5a08..7adb09ca9 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac-api, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }:
stdenv.mkDerivation rec {
name = "${shortname}-${version}";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
path = stdenv.lib.makeSearchPath "bin" [
coreutils
cac-api
- cacpanel
+ cac-panel
gnumake
gnused
jq
From 1745d3efa0be1687d482077c75942cf9d6a5ecc2 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 01:55:59 +0100
Subject: [PATCH 41/70] cac-cert: init
---
krebs/5pkgs/cac-api/default.nix | 4 +-
krebs/5pkgs/{cac-api => cac-cert}/cac.pem | 0
.../5pkgs/test/infest-cac-centos7/default.nix | 22 ++---
.../panel.cloudatcost.com.crt | 88 -------------------
4 files changed, 13 insertions(+), 101 deletions(-)
rename krebs/5pkgs/{cac-api => cac-cert}/cac.pem (100%)
delete mode 100644 krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
index 331b0853f..9ab6ac8b2 100644
--- a/krebs/5pkgs/cac-api/default.nix
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchgit, bc, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
+{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
stdenv.mkDerivation {
name = "cac-api-1.1.0";
@@ -34,7 +34,7 @@ stdenv.mkDerivation {
# Unknown column 'iod.apitask.cid' in 'field list'
sed '
/^\s*tasks \\$/d; # [1]
- s|\<_cac_exec curl|<${./cac.pem} & --cacert /dev/stdin|
+ s|\<_cac_exec curl|<${cac-cert} & --cacert /dev/stdin|
' cac-api
} > $out/bin/cac-api
chmod +x $out/bin/cac-api
diff --git a/krebs/5pkgs/cac-api/cac.pem b/krebs/5pkgs/cac-cert/cac.pem
similarity index 100%
rename from krebs/5pkgs/cac-api/cac.pem
rename to krebs/5pkgs/cac-cert/cac.pem
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 7adb09ca9..3be4b1c41 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, ... }:
stdenv.mkDerivation rec {
name = "${shortname}-${version}";
@@ -10,6 +10,7 @@ stdenv.mkDerivation rec {
phases = [
"installPhase"
];
+
buildInputs = [ makeWrapper ];
path = stdenv.lib.makeSearchPath "bin" [
@@ -22,16 +23,15 @@ stdenv.mkDerivation rec {
openssh
];
- installPhase =
- ''
- mkdir -p $out/bin
- cp ${src} $out/bin/${shortname}
- chmod +x $out/bin/${shortname}
- wrapProgram $out/bin/${shortname} \
- --prefix PATH : ${path} \
- --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \
- --set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt}
- '';
+ installPhase = ''
+ mkdir -p $out/bin
+ cp ${src} $out/bin/${shortname}
+ chmod +x $out/bin/${shortname}
+ wrapProgram $out/bin/${shortname} \
+ --prefix PATH : ${path} \
+ --set REQUESTS_CA_BUNDLE ${cac-cert} \
+ --set SSL_CERT_FILE ${cac-cert}
+ '';
meta = with stdenv.lib; {
homepage = http://krebsco.de;
description = "Krebs CI Scripts";
diff --git a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
deleted file mode 100644
index 9d02b6bcf..000000000
--- a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
+++ /dev/null
@@ -1,88 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
-YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
-ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
-IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
-Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
-LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
-YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
-6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
-A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
-lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
-KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
-L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
-L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
-LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
-bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
-hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
-D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
-HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
-LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
-DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
-dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
-1VE7rIcEbw==
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
-b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
-oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
-IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
-llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
-7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
-RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
-PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
-AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
-VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
-bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
-AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
-dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
-AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
-3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
-tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
-ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
-9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
-kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
-GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
-QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
-3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
-AeKCINT+b72x
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
-dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
-FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
-5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
-x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
-2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
-OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
-sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
-GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
-WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
-FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
-rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
-nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
-tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
-sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
-pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
-zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
-ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
-7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
-LaZRfyHBNVOFBkpdn627G190
------END CERTIFICATE-----
From f7d979b21fc0a705105adbbc708645f94af6629c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 02:48:28 +0100
Subject: [PATCH 42/70] s 1 wolf: provide cgit mirror
---
krebs/3modules/shared/default.nix | 1 +
shared/1systems/wolf.nix | 1 +
shared/2configs/cgit-mirror.nix | 41 +++++++++++++++++++++++++++++++
3 files changed, 43 insertions(+)
create mode 100644 shared/2configs/cgit-mirror.nix
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 518e46587..91d92857b 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -50,6 +50,7 @@ in {
addrs6 = ["42:0:0:0:0:0:77:1"];
aliases = [
"wolf.retiolum"
+ "cgit.wolf.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 8cf5be71c..e45195487 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,6 +12,7 @@ in
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
../2configs/buildbot-standalone.nix
+ ../2configs/cgit-mirror.nix
# ../2configs/graphite.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
new file mode 100644
index 000000000..5bcfc5818
--- /dev/null
+++ b/shared/2configs/cgit-mirror.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ rules = with git;[{
+ # user = git-sync;
+ user = git-sync;
+ repo = [ stockholm-mirror ];
+ perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+ }];
+
+ stockholm-mirror = {
+ public = true;
+ name = "stockholm-mirror";
+ desc = "mirror for all stockholm branches";
+ hooks = {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.networking.hostName;
+ verbose = false;
+ channel = "#retiolum";
+ server = "cd.retiolum";
+ };
+ };
+ };
+
+ git-sync = {
+ name = "git-sync";
+ mail = "spam@krebsco.de";
+ # TODO put git-sync pubkey somewhere more appropriate
+ pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync'';
+ };
+
+in {
+ krebs.git = {
+ enable = true;
+ root-title = "Shared Repos";
+ root-desc = "keep on krebsing";
+ inherit rules;
+ repos.stockholm-mirror = stockholm-mirror;
+ };
+}
From cc1a230fd2742b6ccadd0837d9cf569f246375aa Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 02:55:28 +0100
Subject: [PATCH 43/70] k 5 test: cac -> cac-api, cacpanel -> cac-panel
---
.../5pkgs/test/infest-cac-centos7/default.nix | 6 ++---
krebs/5pkgs/test/infest-cac-centos7/notes | 26 +++++++++----------
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 886e250e2..7adb09ca9 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }:
stdenv.mkDerivation rec {
name = "${shortname}-${version}";
@@ -14,8 +14,8 @@ stdenv.mkDerivation rec {
path = stdenv.lib.makeSearchPath "bin" [
coreutils
- cac
- cacpanel
+ cac-api
+ cac-panel
gnumake
gnused
jq
diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes
index 6bfb6906e..793ef3560 100755
--- a/krebs/5pkgs/test/infest-cac-centos7/notes
+++ b/krebs/5pkgs/test/infest-cac-centos7/notes
@@ -1,6 +1,6 @@
#! /bin/sh
-# nix-shell -p gnumake jq openssh cac cacpanel
+# nix-shell -p gnumake jq openssh cac-api cac-panel
set -eufx
# 2 secrets are required:
@@ -40,22 +40,22 @@ defer "rm -r $krebs_secrets"
cat > $sec_file <<EOF
cac_login="$(jq -r .email $krebs_cred)"
-cac_key="$(cac-cli --config $krebs_cred panel settings | jq -r .apicode)"
+cac_key="$(cac-panel --config $krebs_cred settings | jq -r .apicode)"
EOF
export cac_secrets=$sec_file
-cac-cli --config $krebs_cred panel add-api-ip
+cac-panel --config $krebs_cred add-api-ip
# test login:
-cac update
-cac servers
+cac-api update
+cac-api servers
# preserve old trap
old_trapstr=$(clear_defer)
while true;do
# Template 26: CentOS7
# TODO: use cac templates to determine the real Centos7 template in case it changes
- out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1)
+ out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1)
if name=$(echo "$out" | jq -r .servername);then
id=servername:$name
echo "got a working machine, id=$id"
@@ -87,7 +87,7 @@ while true;do
# die on timeout
if ! wait_login_cac $id;then
echo "unable to boot a working system within time frame, retrying..." >&2
- echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)"
+ echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)"
eval "$(clear_defer | sed 's/;exit//')"
sleep 15
else
@@ -96,17 +96,17 @@ while true;do
fi
done
clear_defer >/dev/null
-defer "cac delete $id;$old_trapstr"
+defer "cac-api delete $id;$old_trapstr"
mkdir -p shared/2configs/temp
-cac generatenetworking $id > \
+cac-api generatenetworking $id > \
shared/2configs/temp/networking.nix
# new temporary ssh key we will use to log in after infest
ssh-keygen -f $krebs_ssh -N ""
cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv
# we override the directories for secrets and stockholm
# additionally we set the ssh key we generated
-ip=$(cac getserver $id | jq -r .ip)
+ip=$(cac-api getserver $id | jq -r .ip)
cat > shared/2configs/temp/dirs.nix <<EOF
_: {
@@ -123,13 +123,13 @@ EOF
LOGNAME=shared make eval get=krebs.infest \
target=derp system=test-centos7 filter=json \
- | sed -e "s#^ssh.*<<#cac ssh $id<<#" \
- -e "/^rsync/a -e 'cac ssh $id' \\\\" \
+ | sed -e "s#^ssh.*<<#cac-api ssh $id<<#" \
+ -e "/^rsync/a -e 'cac-api ssh $id' \\\\" \
-e "s#root.derp:#:#" > $krebs_secrets/infest
sh -x $krebs_secrets/infest
# TODO: generate secrets directory $krebs_secrets for nix import
-cac powerop $id reset
+cac-api powerop $id reset
wait_login(){
# timeout
From fb734eded558aad5a728eb1b1b350235a921d541 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 03:07:47 +0100
Subject: [PATCH 44/70] stockholm: stockholm-path -> ./.
---
default.nix | 3 +--
tv/2configs/default.nix | 11 +++++------
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/default.nix b/default.nix
index 1637aa464..b2b57ea4c 100644
--- a/default.nix
+++ b/default.nix
@@ -17,8 +17,7 @@ let stockholm = {
nlib = import <nixpkgs/lib>;
klib = import (slib.kpath "4lib") { lib = nlib; };
slib = rec {
- stockholm-path = ./.;
- nspath = ns: p: stockholm-path + "/${ns}/${p}";
+ nspath = ns: p: ./. + "/${ns}/${p}";
kpath = nspath "krebs";
upath = nspath current-user-name;
};
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index ee1d9521d..46320b738 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -10,14 +10,13 @@ with lib;
target = mkDefault "root@${config.krebs.build.host.name}";
source-version = 2;
source = mapAttrs (_: mkDefault) ({
- nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix";
- nixpkgs = symlink:stockholm-nixpkgs;
- null = "/home/tv/stockholm/null";
+ nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
+ nixpkgs = symlink:stockholm/nixpkgs;
+ null = "symlink:stockholm/null";
secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
secrets-common = "/home/tv/secrets/common";
- stockholm-krebs = "/home/tv/stockholm/krebs";
- stockholm-nixpkgs = "/home/tv/stockholm/nixpkgs";
- stockholm-private = "/home/tv/stockholm/tv";
+ stockholm = "/home/tv/stockholm";
+ stockholm-user = "symlink:stockholm/tv";
upstream-nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "77f8f35d57618c1ba456d968524f2fb2c3448295";
From db0e7dfe82fbed065afb16f41b46900767d69a96 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:23:10 +0100
Subject: [PATCH 45/70] cac-cert: add default.nix
---
krebs/5pkgs/cac-cert/default.nix | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 krebs/5pkgs/cac-cert/default.nix
diff --git a/krebs/5pkgs/cac-cert/default.nix b/krebs/5pkgs/cac-cert/default.nix
new file mode 100644
index 000000000..d99019dca
--- /dev/null
+++ b/krebs/5pkgs/cac-cert/default.nix
@@ -0,0 +1,2 @@
+{ writeText, ... }:
+writeText "cac.pem" (builtins.readFile ./cac.pem)
From 8e3d27a9499bb70d5d033e4fd007aa53dea70b18 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:35:39 +0100
Subject: [PATCH 46/70] stockholm: add slib.npath
---
default.nix | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/default.nix b/default.nix
index b2b57ea4c..9dd18a235 100644
--- a/default.nix
+++ b/default.nix
@@ -14,12 +14,12 @@ let stockholm = {
krebs = import ./krebs (args // { inherit lib stockholm; });
lib = let
- nlib = import <nixpkgs/lib>;
+ nlib = import (slib.npath "lib");
klib = import (slib.kpath "4lib") { lib = nlib; };
slib = rec {
- nspath = ns: p: ./. + "/${ns}/${p}";
- kpath = nspath "krebs";
- upath = nspath current-user-name;
+ npath = p: <nixpkgs> + "/${p}";
+ kpath = p: ./. + "/krebs/${p}";
+ upath = p: ./. + "/${current-user-name}/${p}";
};
ulib = let p = slib.upath "4lib"; in
nlib.optionalAttrs (klib.dir.has-default-nix p)
@@ -44,7 +44,7 @@ let stockholm = {
in kpkgs // upkgs;
};
- eval = config: import <nixpkgs/nixos/lib/eval-config.nix> {
+ eval = config: import (lib.npath "nixos/lib/eval-config.nix") {
specialArgs = {
inherit lib;
};
From 65977c6108d9517d58a6bd6ce8676c6a7b97615e Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:44:26 +0100
Subject: [PATCH 47/70] RIP current-date
---
Makefile | 1 -
default.nix | 3 +--
krebs/default.nix | 9 +--------
shared/2configs/buildbot-standalone.nix | 2 --
4 files changed, 2 insertions(+), 13 deletions(-)
diff --git a/Makefile b/Makefile
index 501dfbe83..a1559b48c 100644
--- a/Makefile
+++ b/Makefile
@@ -42,7 +42,6 @@ endif
-A "$$get" \
-I stockholm="$$PWD" \
'<stockholm>' \
- --argstr current-date "$$(date -Is)" \
--argstr current-host-name "$$HOSTNAME" \
--argstr current-user-name "$$LOGNAME" \
$${system+--argstr system "$$system"} \
diff --git a/default.nix b/default.nix
index 9dd18a235..4a5e4ea2c 100644
--- a/default.nix
+++ b/default.nix
@@ -1,5 +1,4 @@
-{ current-date ? abort "current-date not defined"
-, current-host-name ? abort "current-host-name not defined"
+{ current-host-name ? abort "current-host-name not defined"
, current-user-name ? builtins.getEnv "LOGNAME"
, StrictHostKeyChecking ? "yes"
}@args:
diff --git a/krebs/default.nix b/krebs/default.nix
index df2d95483..e9ee71b34 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,5 +1,4 @@
-{ current-date
-, current-host-name
+{ current-host-name
, current-user-name
, lib
, stockholm
@@ -21,7 +20,6 @@ let out = {
config = get-config system;
in ''
#! /bin/sh
- # ${current-date} ${current-user-name}@${current-host-name}
# krebs.deploy
set -efu
(${populate args})
@@ -39,7 +37,6 @@ let out = {
config = get-config system;
in ''
#! /bin/sh
- # ${current-date} ${current-user-name}@${current-host-name}
# krebs.infest
set -efu
@@ -64,7 +61,6 @@ let out = {
config = get-config system;
in ''
#! /bin/sh
- # ${current-date} ${current-user-name}@${current-host-name}
# krebs.init
set -efu
@@ -100,7 +96,6 @@ let out = {
}@args: let
in ''
#! /bin/sh
- # ${current-date} ${current-user-name}@${current-host-name}
# krebs.nixos-install
(${populate (args // { root = "/mnt"; })})
@@ -196,7 +191,6 @@ let out = {
nix-env \
--show-trace \
-f '<stockholm>' \
- --argstr current-date ${lib.shell.escape current-date} \
--argstr current-host-name ${lib.shell.escape current-host-name} \
--argstr current-user-name ${lib.shell.escape current-user-name} \
--profile ${lib.shell.escape config.krebs.build.profile} \
@@ -216,7 +210,6 @@ let out = {
}@args:
let out = ''
#! /bin/sh
- # ${current-date} ${current-user-name}@${current-host-name}
set -efu
${lib.concatStringsSep "\n"
(lib.concatMap
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index c614bd3c1..9982dd915 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -86,7 +86,6 @@
-I stockholm=. \
--show-trace \
-I secrets=. '<stockholm>' \
- --argstr current-date lol \
--argstr current-user-name shared \
--argstr current-host-name lol \
--strict --json"])
@@ -98,7 +97,6 @@
-I stockholm=. \
-I secrets=. '<stockholm>' \
--show-trace \
- --argstr current-date lol \
--argstr current-user-name shared \
--argstr current-host-name lol \
--strict --json"])
From 89d6f319d0909b127a603fd825e3a1143b14260b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 04:47:58 +0100
Subject: [PATCH 48/70] stockholm: guess current-{host,user}-name harder
---
default.nix | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/default.nix b/default.nix
index 4a5e4ea2c..656a7f4b3 100644
--- a/default.nix
+++ b/default.nix
@@ -1,5 +1,9 @@
-{ current-host-name ? abort "current-host-name not defined"
-, current-user-name ? builtins.getEnv "LOGNAME"
+{ current-host-name ?
+ let v = builtins.getEnv "HOSTNAME"; in
+ if v != "" then v else builtins.readFile /proc/sys/kernel/hostname
+, current-user-name ?
+ let v = builtins.getEnv "LOGNAME"; in
+ if v != "" then v else abort "undefined variable: LOGNAME"
, StrictHostKeyChecking ? "yes"
}@args:
From b857a48632128be0324c68be95bee16fb0f1b15f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 05:40:26 +0100
Subject: [PATCH 49/70] krebs.build.populate: init and drop support for v1
---
Makefile | 108 +++++++------------
default.nix | 16 ++-
krebs/3modules/build.nix | 220 +++++++++++++++++++++++++-------------
krebs/default.nix | 95 +---------------
krebs/v2/default.nix | 132 -----------------------
nixpkgs/krebs | 0
nixpkgs/nixos/default.nix | 66 +-----------
nixpkgs/nixos/lib | 2 +-
nixpkgs/nixos/modules | 2 +-
root | 1 +
tv/2configs/default.nix | 4 +-
11 files changed, 204 insertions(+), 442 deletions(-)
delete mode 100644 krebs/v2/default.nix
create mode 100644 nixpkgs/krebs
create mode 120000 root
diff --git a/Makefile b/Makefile
index a1559b48c..87a636e72 100644
--- a/Makefile
+++ b/Makefile
@@ -1,87 +1,51 @@
-#
-# usage:
-# make infest system=foo [target=bar]
-# make [deploy] system=foo [target=bar]
-# make [deploy] systems='foo bar'
-# make eval get=users.tv.wu.config.time.timeZone [filter=json]
-#
-
.ONESHELL:
.SHELLFLAGS := -eufc
-ifdef systems
-$(systems):
- @
- unset target
- parallel \
- --line-buffer \
- -j0 \
- --no-notice \
- --tagstring {} \
- -q make -s systems= system={} ::: $(systems)
-else ifdef system
-.PHONY: deploy infest
-deploy infest:;@
- export get=krebs.$@
- export filter=json
- script=$$(make -s eval)
- echo "$$script" | sh
-
-.PHONY: eval
-eval:
- @
-ifeq ($(filter),json)
- extraArgs='--json --strict'
- filter() { jq -r .; }
-else
- filter() { cat; }
+ifndef system
+$(error unbound variable: system)
endif
- result=$$(nix-instantiate \
- $${extraArgs-} \
- --eval \
- -A "$$get" \
- -I stockholm="$$PWD" \
- '<stockholm>' \
- --argstr current-host-name "$$HOSTNAME" \
- --argstr current-user-name "$$LOGNAME" \
- $${system+--argstr system "$$system"} \
- $${target+--argstr target "$$target"})
- echo "$$result" | filter
export target_host ?= $(system)
export target_user ?= root
export target_path ?= /var/src
+# usage: make deploy system=foo [target_host=bar]
+.PHONY: deploy
+deploy: populate ;@set -x
+ ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
+
# usage: make populate system=foo [target_host=bar]
.PHONY: populate
-populate: export lib = \
- let nlib = import <nixpkgs/lib>; in \
- nlib // import krebs/4lib { lib = nlib; } // builtins
-populate: export source = \
- with builtins; \
- with (import ./. {}).users.$${getEnv "LOGNAME"}.$${getEnv "system"}; \
- assert config.krebs.build.source-version == 2; \
- config.krebs.build.source
populate:;@
- result=$$(nix-instantiate \
- --eval \
- --json \
- --arg lib "$$lib" \
- --arg source "$$source" \
- --argstr target-user "$$target_user" \
- --argstr target-host "$$target_host" \
- --argstr target-path "$$target_path" \
- -A populate \
- krebs/v2)
- script=$$(echo "$$result" | jq -r .)
- echo "$$script" | sh
-
-# usage: make rebuild system=foo [target_host=bar] [operation=switch]
-.PHONY: rebuild
-rebuild: populate ;@set -x
- ssh "$$target_user@$$target_host" \
- nixos-rebuild "$${operation-switch}" -I "$$target_path"
+ result=$$(make -s eval get=config.krebs.build.populate filter=json)
+ echo "$$result" | sh
+# usage: make eval system=foo get=config.krebs.build [LOGNAME=tv] [filter=json]
+.PHONY: eval
+eval:;@
+ifeq ($(filter),json)
+ extraArgs='--json --strict'
+ filter() { echo "$$1" | jq -r .; }
else
-$(error unbound variable: system[s])
+ filter() { echo "$$1"; }
endif
+ result=$$(nix-instantiate \
+ $${extraArgs-} \
+ --show-trace \
+ --readonly-mode \
+ --eval \
+ -A "$$get" \
+ --arg configuration "<stockholm/$$LOGNAME/1systems/$$system.nix>")
+ filter "$$result"
+
+## usage: make install system=foo target=
+#.PHONY: install
+#install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+#install:;@set -x
+# $(ssh) "$$target_user@$$target_host" \
+# env target_path=/var/src \
+# sh -s prepare < krebs/4lib/infest/prepare.sh
+# make -s populate target_path=/mnt"$$target_path"
+# $(ssh) "$$target_user@$$target_host" \
+# env NIXOS_CONFIG=/var/src/nixos-config \
+# nixos-install
diff --git a/default.nix b/default.nix
index 656a7f4b3..278f1d14d 100644
--- a/default.nix
+++ b/default.nix
@@ -1,9 +1,15 @@
-{ current-host-name ?
+{ configuration ? import (nixpkgs-path + "/nixos/lib/from-env.nix") "NIXOS_CONFIG" <nixos-config>
+, system ? builtins.currentSystem
+, current-host-name ?
let v = builtins.getEnv "HOSTNAME"; in
if v != "" then v else builtins.readFile /proc/sys/kernel/hostname
, current-user-name ?
let v = builtins.getEnv "LOGNAME"; in
if v != "" then v else abort "undefined variable: LOGNAME"
+, nixpkgs-path ?
+ if (builtins.tryEval <nixpkgs/krebs>).success
+ then <upstream-nixpkgs>
+ else <nixpkgs>
, StrictHostKeyChecking ? "yes"
}@args:
@@ -11,7 +17,8 @@ let stockholm = {
inherit krebs;
inherit users;
inherit lib;
- inherit pkgs;
+ inherit config options pkgs;
+ system = config.system.build.toplevel;
};
krebs = import ./krebs (args // { inherit lib stockholm; });
@@ -20,7 +27,7 @@ let stockholm = {
nlib = import (slib.npath "lib");
klib = import (slib.kpath "4lib") { lib = nlib; };
slib = rec {
- npath = p: <nixpkgs> + "/${p}";
+ npath = p: nixpkgs-path + "/${p}";
kpath = p: ./. + "/krebs/${p}";
upath = p: ./. + "/${current-user-name}/${p}";
};
@@ -29,7 +36,7 @@ let stockholm = {
(import p { lib = nlib // klib; });
in nlib // klib // slib // ulib // builtins;
- inherit (eval {}) pkgs;
+ inherit (eval configuration) config options pkgs;
base-module = { config, ... }: {
imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [
@@ -48,6 +55,7 @@ let stockholm = {
};
eval = config: import (lib.npath "nixos/lib/eval-config.nix") {
+ inherit system;
specialArgs = {
inherit lib;
};
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 0f8aec89d..00142acdd 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -28,81 +28,157 @@ let
type = types.user;
};
- options.krebs.build.source-version = mkOption {
- type = types.enum [ 1 2 ];
- default = 1;
- };
-
- options.krebs.build.source = getAttr "v${toString config.krebs.build.source-version}" {
- v1 = {
- dir = mkOption {
- type = let
- default-host = config.krebs.current.host;
- in types.attrsOf (types.submodule ({ config, ... }: {
- options = {
- host = mkOption {
- type = types.host;
- default = default-host;
- };
- path = mkOption {
- type = types.str;
- };
- target-path = mkOption {
- type = types.str;
- default = "/root/${config._module.args.name}";
- };
- url = mkOption {
- type = types.str;
- default = "file://${config.host.name}${config.path}";
- };
- };
- }));
- default = {};
- };
-
- git = mkOption {
- type = with types; attrsOf (submodule ({ config, ... }: {
- options = {
- url = mkOption {
- type = types.str; # TODO must be shell safe
- };
- rev = mkOption {
- type = types.str;
- };
- target-path = mkOption {
- type = types.str;
- default = "/root/${config._module.args.name}";
- };
- };
- }));
- default = {};
- };
- };
-
- v2 = let
- raw = types.either types.str types.path;
- url = types.submodule {
- options = {
- url = mkOption {
- type = types.str;
- };
- rev = mkOption {
- type = types.str;
- };
- dev = mkOption {
- type = types.str;
- };
+ options.krebs.build.source = let
+ raw = types.either types.str types.path;
+ url = types.submodule {
+ options = {
+ url = mkOption {
+ type = types.str;
+ };
+ rev = mkOption {
+ type = types.str;
+ };
+ dev = mkOption {
+ type = types.str;
};
};
- in mkOption {
- type = types.attrsOf (types.either types.str url);
- apply = let f = mapAttrs (_: value: {
- string = value;
- path = toString value;
- set = f value;
- }.${typeOf value}); in f;
- default = {};
};
+ in mkOption {
+ type = types.attrsOf (types.either types.str url);
+ apply = let f = mapAttrs (_: value: {
+ string = value;
+ path = toString value;
+ set = f value;
+ }.${typeOf value}); in f;
+ default = {};
+ };
+
+ options.krebs.build.populate = mkOption {
+ type = types.str;
+ default = let
+ source = config.krebs.build.source;
+ target-user = maybeEnv "target_user" "root";
+ target-host = maybeEnv "target_host" config.krebs.build.host.name;
+ target-path = maybeEnv "target_path" "/var/src";
+ out = ''
+ #! /bin/sh
+ set -eu
+
+ verbose() {
+ printf '+%s\n' "$(printf ' %q' "$@")" >&2
+ "$@"
+ }
+
+ echo ${shell.escape git-script} \
+ | ssh ${shell.escape "${target-user}@${target-host}"} -T
+
+ unset tmpdir
+ trap '
+ rm "$tmpdir"/*
+ rmdir "$tmpdir"
+ trap - EXIT INT QUIT
+ ' EXIT INT QUIT
+ tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
+ chmod 0755 "$tmpdir"
+
+ ${concatStringsSep "\n"
+ (mapAttrsToList
+ (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
+ "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
+ symlink-specs)}
+
+ verbose proot \
+ -b $tmpdir:${shell.escape target-path} \
+ ${concatStringsSep " \\\n "
+ (mapAttrsToList
+ (name: spec:
+ "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}")
+ file-specs)} \
+ rsync \
+ -f ${shell.escape "P /*"} \
+ ${concatMapStringsSep " \\\n "
+ (name: "-f ${shell.escape "R /${name}"}")
+ (attrNames file-specs)} \
+ --delete \
+ -vFrlptD \
+ ${shell.escape target-path}/ \
+ ${shell.escape "${target-user}@${target-host}:${target-path}"}
+ '';
+
+ get-schema = uri:
+ if substring 0 1 uri == "/"
+ then "file"
+ else head (splitString ":" uri);
+
+ has-schema = schema: uri: get-schema uri == schema;
+
+ get-url = spec: {
+ string = spec;
+ path = toString spec;
+ set = get-url spec.url;
+ }.${typeOf spec};
+
+ git-specs =
+ filterAttrs (_: spec: has-schema "https" (get-url spec)) source //
+ filterAttrs (_: spec: has-schema "http" (get-url spec)) source //
+ filterAttrs (_: spec: has-schema "git" (get-url spec)) source;
+
+ file-specs =
+ filterAttrs (_: spec: has-schema "file" (get-url spec)) source;
+
+ symlink-specs =
+ filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
+
+ git-script = ''
+ #! /bin/sh
+ set -efu
+
+ verbose() {
+ printf '+%s\n' "$(printf ' %q' "$@")" >&2
+ "$@"
+ }
+
+ fetch_git() {(
+ dst_dir=$1
+ src_url=$2
+ src_ref=$3
+
+ if ! test -e "$dst_dir"; then
+ git clone "$src_url" "$dst_dir"
+ fi
+
+ cd "$dst_dir"
+
+ if ! url=$(git config remote.origin.url); then
+ git remote add origin "$src_url"
+ elif test "$url" != "$src_url"; then
+ git remote set-url origin "$src_url"
+ fi
+
+ # TODO resolve src_ref to commit hash
+ hash=$src_ref
+
+ if ! test "$(git log --format=%H -1)" = "$hash"; then
+ git fetch origin
+ git checkout "$hash" -- "$dst_dir"
+ git checkout "$hash"
+ fi
+
+ git clean -dxf
+ )}
+
+ ${concatStringsSep "\n"
+ (mapAttrsToList
+ (name: spec: toString (map shell.escape [
+ "verbose"
+ "fetch_git"
+ "${target-path}/${name}"
+ spec.url
+ spec.rev
+ ]))
+ git-specs)}
+ '';
+ in out;
};
};
diff --git a/krebs/default.nix b/krebs/default.nix
index e9ee71b34..17c035896 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,3 +1,5 @@
+assert false;
+
{ current-host-name
, current-user-name
, lib
@@ -6,30 +8,11 @@
}:
let out = {
- inherit deploy;
inherit infest;
inherit init;
inherit nixos-install;
- inherit populate;
};
- deploy =
- { system ? current-host-name
- , target ? system
- }@args: let
- config = get-config system;
- in ''
- #! /bin/sh
- # krebs.deploy
- set -efu
- (${populate args})
- ${rootssh target ''
- ${nix-install args}
- ${config.krebs.build.profile}/bin/switch-to-configuration switch
- ''}
- echo OK
- '';
-
infest =
{ system ? current-host-name
, target ? system
@@ -45,9 +28,6 @@ let out = {
${builtins.readFile ./4lib/infest/install-nix.sh}
''}
- # Prepare target source via bind-mounting
-
-
(${nixos-install args})
${rootssh target ''
@@ -169,9 +149,7 @@ let out = {
get-config = system: let
config = stockholm.users.${current-user-name}.${system}.config
or (abort "unknown system: ${system}, user: ${current-user-name}");
- in
- assert config.krebs.build.source-version == 1;
- config;
+ in config;
nix-install =
{ system ? current-host-name
@@ -203,73 +181,6 @@ let out = {
])}
'';
- populate =
- { system ? current-host-name
- , target ? system
- , root ? ""
- }@args:
- let out = ''
- #! /bin/sh
- set -efu
- ${lib.concatStringsSep "\n"
- (lib.concatMap
- (type: lib.mapAttrsToList (_: methods.${type})
- config.krebs.build.source.${type})
- ["dir" "git"])}
- '';
-
-
- config = get-config system;
-
- current-host = config.krebs.hosts.${current-host-name};
- current-user = config.krebs.users.${current-user-name};
-
- methods.dir = config:
- let
- can-push = config.host.name == current-host.name;
- target-path = root + config.target-path;
- push-method = ''
- rsync \
- --exclude .git \
- --exclude .graveyard \
- --exclude old \
- --exclude tmp \
- --rsync-path='mkdir -p ${target-path} && rsync' \
- --delete-excluded \
- -vrlptD \
- ${config.path}/ \
- root@${target}:${target-path}
- '';
- in
- if can-push then push-method else
- let dir = "file://${config.host.name}${config.path}"; in
- # /!\ revise this message when using more than just push-method
- throw "No way to push ${dir} from ${current-host.name} to ${target}";
-
- methods.git = config:
- let target-path = root + config.target-path;
- in rootssh target ''
- mkdir -p ${target-path}
- cd ${target-path}
- if ! test -e .git; then
- git init
- fi
- if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
- git remote add origin ${config.url}
- elif test "$cur_url" != ${config.url}; then
- git remote set-url origin ${config.url}
- fi
- if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then
- git fetch origin
- git checkout ${config.rev} -- .
- git checkout -q ${config.rev}
- git submodule init
- git submodule update
- fi
- git clean -dxf
- '';
- in out;
-
rootssh = target: script:
let
flags = "-o StrictHostKeyChecking=${StrictHostKeyChecking}";
diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix
deleted file mode 100644
index cba7a75ff..000000000
--- a/krebs/v2/default.nix
+++ /dev/null
@@ -1,132 +0,0 @@
-{ lib
-, source
-, target-user ? "root"
-, target-host
-, target-path ? "/var/src"
-}:
-with lib;
-let
- out = {
- inherit populate;
- };
-
- populate = ''
- #! /bin/sh
- set -eu
-
- verbose() {
- printf '+%s\n' "$(printf ' %q' "$@")" >&2
- "$@"
- }
-
- echo ${shell.escape git-script} \
- | ssh ${shell.escape "${target-user}@${target-host}"} -T
-
- unset tmpdir
- trap '
- rm "$tmpdir"/*
- rmdir "$tmpdir"
- trap - EXIT INT QUIT
- ' EXIT INT QUIT
- tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
- chmod 0755 "$tmpdir"
-
- ${concatStringsSep "\n"
- (mapAttrsToList
- (name: spec: let dst = removePrefix "symlink:" (get-url spec); in
- "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}")
- symlink-specs)}
-
- verbose proot \
- -b $tmpdir:${shell.escape target-path} \
- ${concatStringsSep " \\\n "
- (mapAttrsToList
- (name: spec:
- "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}")
- file-specs)} \
- rsync \
- -f ${shell.escape "P /*"} \
- ${concatMapStringsSep " \\\n "
- (name: "-f ${shell.escape "R /${name}"}")
- (attrNames file-specs)} \
- --delete \
- -vFrlptD \
- ${shell.escape target-path}/ \
- ${shell.escape "${target-user}@${target-host}:${target-path}"}
- '';
-
- get-schema = uri:
- if substring 0 1 uri == "/"
- then "file"
- else head (splitString ":" uri);
-
- has-schema = schema: uri: get-schema uri == schema;
-
- get-url = spec: {
- string = spec;
- path = toString spec;
- set = get-url spec.url;
- }.${typeOf spec};
-
- git-specs =
- filterAttrs (_: spec: has-schema "https" (get-url spec)) source //
- filterAttrs (_: spec: has-schema "http" (get-url spec)) source //
- filterAttrs (_: spec: has-schema "git" (get-url spec)) source;
-
- file-specs =
- filterAttrs (_: spec: has-schema "file" (get-url spec)) source;
-
- symlink-specs =
- filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source;
-
- git-script = ''
- #! /bin/sh
- set -efu
-
- verbose() {
- printf '+%s\n' "$(printf ' %q' "$@")" >&2
- "$@"
- }
-
- fetch_git() {(
- dst_dir=$1
- src_url=$2
- src_ref=$3
-
- if ! test -e "$dst_dir"; then
- git clone "$src_url" "$dst_dir"
- fi
-
- cd "$dst_dir"
-
- if ! url=$(git config remote.origin.url); then
- git remote add origin "$src_url"
- elif test "$url" != "$src_url"; then
- git remote set-url origin "$src_url"
- fi
-
- # TODO resolve src_ref to commit hash
- hash=$src_ref
-
- if ! test "$(git log --format=%H -1)" = "$hash"; then
- git fetch origin
- git checkout "$hash" -- "$dst_dir"
- git checkout "$hash"
- fi
-
- git clean -dxf
- )}
-
- ${concatStringsSep "\n"
- (mapAttrsToList
- (name: spec: toString (map shell.escape [
- "verbose"
- "fetch_git"
- "${target-path}/${name}"
- spec.url
- spec.rev
- ]))
- git-specs)}
- '';
-
-in out
diff --git a/nixpkgs/krebs b/nixpkgs/krebs
new file mode 100644
index 000000000..e69de29bb
diff --git a/nixpkgs/nixos/default.nix b/nixpkgs/nixos/default.nix
index 6c5adf365..4fe08efd2 100644
--- a/nixpkgs/nixos/default.nix
+++ b/nixpkgs/nixos/default.nix
@@ -1,65 +1 @@
-{ configuration ? import <upstream-nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>
-, system ? builtins.currentSystem
-}:
-
-let
- eval-config = modules: import <upstream-nixpkgs/nixos/lib/eval-config.nix> {
- inherit system;
- modules = modules ++ [({ config, lib, ... }: with lib; {
- imports = filter dir.has-default-nix (concatLists [
- (map (p: p + "/2configs") [ <stockholm-private> ])
- (map (p: p + "/3modules") [ <stockholm-krebs> <stockholm-private> ])
- ]);
-
- krebs.current = {
- enable = true;
- host = config.krebs.hosts.${readFile /proc/sys/kernel/hostname};
- user = config.krebs.users.${getEnv "LOGNAME"};
- };
-
- nixpkgs.config.packageOverrides = pkgs: let
- kpkgs = import <stockholm-krebs/5pkgs> { inherit lib pkgs; };
- upkgs = import <stockholm-private/5pkgs> { inherit lib; pkgs = pkgs // kpkgs; };
- in kpkgs // upkgs;
- })];
- specialArgs = {
- lib = let
- nlib = import <upstream-nixpkgs/lib> // builtins;
- klib = nlib // import <stockholm-krebs/4lib> { lib = nlib; };
- ulib = klib // (with klib; let p = <stockholm-private> + "/4lib"; in
- optionalAttrs (dir.has-default-nix p)
- (import p { lib = klib; }));
- in ulib;
- };
- };
-
- eval = eval-config [
- configuration
- ];
-
- # This is for `nixos-rebuild build-vm'.
- vm = eval-config [
- configuration
- <upstream-nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- ];
-
- # This is for `nixos-rebuild build-vm-with-bootloader'.
- vm-with-bootloader = eval-config [
- configuration
- <upstream-nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- { virtualisation.useBootLoader = true; }
- ];
-in
-
-{
- inherit (eval) config options;
-
- system = eval.config.system.build.toplevel;
-
- vm = vm.config.system.build.vm;
-
- vmWithBootLoader = vm-with-bootloader.config.system.build.vm;
-
- # The following are used by nixos-rebuild.
- nixFallback = eval.pkgs.nixUnstable;
-}
+import <stockholm>
diff --git a/nixpkgs/nixos/lib b/nixpkgs/nixos/lib
index eb942f88b..9e69d1a67 120000
--- a/nixpkgs/nixos/lib
+++ b/nixpkgs/nixos/lib
@@ -1 +1 @@
-../../upstream-nixpkgs/nixos/lib
\ No newline at end of file
+../../../upstream-nixpkgs/nixos/lib
\ No newline at end of file
diff --git a/nixpkgs/nixos/modules b/nixpkgs/nixos/modules
index 8fbc4373e..8aa24885c 120000
--- a/nixpkgs/nixos/modules
+++ b/nixpkgs/nixos/modules
@@ -1 +1 @@
-../../upstream-nixpkgs/nixos/modules
\ No newline at end of file
+../../../upstream-nixpkgs/nixos/modules
\ No newline at end of file
diff --git a/root b/root
new file mode 120000
index 000000000..1cd18253d
--- /dev/null
+++ b/root
@@ -0,0 +1 @@
+../stockholm-user
\ No newline at end of file
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 46320b738..57c4620c4 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -8,11 +8,9 @@ with lib;
krebs.build = {
user = config.krebs.users.tv;
target = mkDefault "root@${config.krebs.build.host.name}";
- source-version = 2;
source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
nixpkgs = symlink:stockholm/nixpkgs;
- null = "symlink:stockholm/null";
secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
secrets-common = "/home/tv/secrets/common";
stockholm = "/home/tv/stockholm";
@@ -104,7 +102,7 @@ with lib;
};
environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/null:/var/src";
+ NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
};
programs.bash = {
From 307e0afe851654e07e0c3fca25adf60ada3d974d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 05:52:06 +0100
Subject: [PATCH 50/70] make eval: use ./.
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 87a636e72..e82e39c7e 100644
--- a/Makefile
+++ b/Makefile
@@ -35,7 +35,7 @@ endif
--readonly-mode \
--eval \
-A "$$get" \
- --arg configuration "<stockholm/$$LOGNAME/1systems/$$system.nix>")
+ --arg configuration "./$$LOGNAME/1systems/$$system.nix")
filter "$$result"
## usage: make install system=foo target=
From a91803319b3d340ab9a879c11669e3e60d564572 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 07:12:56 +0100
Subject: [PATCH 51/70] stockholm: bring back nspath
---
default.nix | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/default.nix b/default.nix
index 278f1d14d..b0ad60d8a 100644
--- a/default.nix
+++ b/default.nix
@@ -27,9 +27,10 @@ let stockholm = {
nlib = import (slib.npath "lib");
klib = import (slib.kpath "4lib") { lib = nlib; };
slib = rec {
+ nspath = ns: p: ./. + "/${ns}/${p}";
npath = p: nixpkgs-path + "/${p}";
- kpath = p: ./. + "/krebs/${p}";
- upath = p: ./. + "/${current-user-name}/${p}";
+ kpath = nspath "krebs";
+ upath = nspath current-user-name;
};
ulib = let p = slib.upath "4lib"; in
nlib.optionalAttrs (klib.dir.has-default-nix p)
From 07a1e29b32f1c507380a252092ff85b1e69dec08 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:32:13 +0100
Subject: [PATCH 52/70] make eval: add some more awesome
---
Makefile | 40 +++++++++++++++-------------------------
1 file changed, 15 insertions(+), 25 deletions(-)
diff --git a/Makefile b/Makefile
index e82e39c7e..958629055 100644
--- a/Makefile
+++ b/Makefile
@@ -9,34 +9,24 @@ export target_host ?= $(system)
export target_user ?= root
export target_path ?= /var/src
+evaluate = \
+ nix-instantiate \
+ --arg configuration "./$$LOGNAME/1systems/$$system.nix" \
+ --eval \
+ --readonly-mode \
+ --show-trace \
+ $(1)
+
+execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
+
# usage: make deploy system=foo [target_host=bar]
-.PHONY: deploy
-deploy: populate ;@set -x
+deploy:
+ $(call execute,populate)
ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
-# usage: make populate system=foo [target_host=bar]
-.PHONY: populate
-populate:;@
- result=$$(make -s eval get=config.krebs.build.populate filter=json)
- echo "$$result" | sh
-
-# usage: make eval system=foo get=config.krebs.build [LOGNAME=tv] [filter=json]
-.PHONY: eval
-eval:;@
-ifeq ($(filter),json)
- extraArgs='--json --strict'
- filter() { echo "$$1" | jq -r .; }
-else
- filter() { echo "$$1"; }
-endif
- result=$$(nix-instantiate \
- $${extraArgs-} \
- --show-trace \
- --readonly-mode \
- --eval \
- -A "$$get" \
- --arg configuration "./$$LOGNAME/1systems/$$system.nix")
- filter "$$result"
+# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
+eval eval.:;@$(call evaluate)
+eval.%:;@$(call evaluate,-A $*)
## usage: make install system=foo target=
#.PHONY: install
From 0939b8b37601fbbd509f88f95f7cab30b906a383 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:54:00 +0100
Subject: [PATCH 53/70] make deploy: properly print ssh target
---
Makefile | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 958629055..886a26f89 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,3 @@
-.ONESHELL:
-.SHELLFLAGS := -eufc
-
ifndef system
$(error unbound variable: system)
endif
@@ -22,7 +19,7 @@ execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
# usage: make deploy system=foo [target_host=bar]
deploy:
$(call execute,populate)
- ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
+ @set -x; ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path"
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
eval eval.:;@$(call evaluate)
@@ -33,7 +30,7 @@ eval.%:;@$(call evaluate,-A $*)
#install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
#install:;@set -x
# $(ssh) "$$target_user@$$target_host" \
-# env target_path=/var/src \
+# env target_path="$target_path" \
# sh -s prepare < krebs/4lib/infest/prepare.sh
# make -s populate target_path=/mnt"$$target_path"
# $(ssh) "$$target_user@$$target_host" \
From 8682f49ed7ba2687f65e8d11f1b943777896a228 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 11:57:47 +0100
Subject: [PATCH 54/70] Makefile execute: don't try to run failed evaluations
:D
---
Makefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 886a26f89..e61d16b75 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,10 @@ evaluate = \
--show-trace \
$(1)
-execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh
+execute = \
+ result=$$($(call evaluate,-A config.krebs.build.$(1) --json)) && \
+ script=$$(echo "$$result" | jq -r .) && \
+ echo "$$script" | sh
# usage: make deploy system=foo [target_host=bar]
deploy:
From c9cfaa010dabbd37a329a9690debf7cf7ef5e3ba Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 12:02:11 +0100
Subject: [PATCH 55/70] ma: finish merge of new sources v2, nixos compatibility
---
makefu/2configs/default.nix | 12 ++++--------
makefu/2configs/wwan.nix | 1 -
2 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index a98393e2b..2b4e31119 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -20,10 +20,10 @@ with lib;
build = {
target = mkDefault "root@${config.krebs.build.host.name}";
user = config.krebs.users.makefu;
- source = {
+ source = mapAttrs (_: mkDefault) {
upstream-nixpkgs = {
- url = mkDefault https://github.com/nixos/nixpkgs;
- rev = mkDefault "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
+ url = https://github.com/nixos/nixpkgs;
+ rev = "93d8671e2c6d1d25f126ed30e5e6f16764330119"; # unstable @ 2015-01-03, tested on filepimp
};
secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/";
stockholm = "/home/makefu/stockholm";
@@ -80,11 +80,7 @@ with lib;
];
environment.variables = {
- NIX_PATH = with config.krebs.build.source; with dir; with git;
- mkForce (concatStringsSep ":" [
- "nixpkgs=${nixpkgs.target-path}"
- "${nixpkgs.target-path}"
- ]);
+ NIX_PATH = mkForce "/var/src";
EDITOR = mkForce "vim";
};
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix
index 1e76cd28a..0eb0c97d7 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/wwan.nix
@@ -1,7 +1,6 @@
_:
{
- imports = [ ../3modules ];
makefu.umts = {
enable = true;
modem-device = "/dev/serial/by-id/usb-Lenovo_H5321_gw_2D5A51BA0D3C3A90-if01";
From d739448ab940da4ed5bdf9be5398f6b93b854412 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 4 Feb 2016 12:46:09 +0100
Subject: [PATCH 56/70] krebs.build.populate: cleanup (less) harder
---
krebs/3modules/build.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 00142acdd..0da5dd38a 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -74,7 +74,7 @@ let
unset tmpdir
trap '
- rm "$tmpdir"/*
+ rm -f "$tmpdir"/*
rmdir "$tmpdir"
trap - EXIT INT QUIT
' EXIT INT QUIT
From e402c8ce1d2786abafc1efdc64adca84d174a756 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 13:07:47 +0100
Subject: [PATCH 57/70] k 3 git.nix: flesh out rules description
---
krebs/3modules/git.nix | 2 +-
makefu/1systems/omo.nix | 1 -
makefu/1systems/vbob.nix | 19 -------------------
3 files changed, 1 insertion(+), 21 deletions(-)
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 7b28ffca8..11cf21b5f 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -92,7 +92,7 @@ let
}
'';
description = ''
- Rules.
+ access and permission rules for git repositories.
'';
};
};
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index d15cc2779..34d5a394d 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -29,7 +29,6 @@ in {
../2configs/mail-client.nix
../2configs/share-user-sftp.nix
../2configs/omo-share.nix
- ../3modules
];
networking.firewall.trustedInterfaces = [ "enp3s0" ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 6c8f5ca26..f4a22d720 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -18,25 +18,6 @@
tinc = pkgs.tinc_pre;
};
- makefu.buildbot.master = {
- enable = false;
- irc = {
- enable = true;
- server = "cd.retiolum";
- channel = "retiolum";
- allowForce = true;
- };
- };
- # services.logstash.enable = true;
- makefu.buildbot.slave = {
- enable = false;
- masterhost = "localhost";
- username = "testslave";
- password = "krebspass";
- packages = with pkgs;[ git nix ];
- extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
- };
-
krebs.build.source.nixpkgs = {
# url = https://github.com/nixos/nixpkgs;
# HTTP Everywhere + libredir
From 5be8920fb0262ff703f23ef484c59f4b55a9b015 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 14:36:48 +0100
Subject: [PATCH 58/70] s 2 base: new paths, cosmetics
---
shared/2configs/base.nix | 18 +++++++-----------
shared/2configs/cgit-mirror.nix | 7 +++----
2 files changed, 10 insertions(+), 15 deletions(-)
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index 5e6072661..dd698ba97 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -16,20 +16,16 @@ with lib;
# TODO rename shared user to "krebs"
krebs.build.user = mkDefault config.krebs.users.shared;
krebs.build.source = {
- git.nixpkgs = {
+ upstream-nixpkgs = mkDefault {
url = https://github.com/NixOS/nixpkgs;
rev = "d0e3cca";
- target-path = "/var/src/nixpkgs";
- };
- dir.secrets = {
- host = config.krebs.current.host;
- path = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- host = config.krebs.current.host;
- path = mkDefault "${getEnv "HOME"}/stockholm";
- target-path = "/var/src/stockholm";
};
+ secrets = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}";
+ stockholm = mkDefault "${getEnv "HOME"}/stockholm";
+
+ nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix";
+ nixpkgs = symlink:stockholm/nixpkgs;
+ stockholm-user = "symlink:stockholm/${config.krebs.build.user.name}";
};
networking.hostName = config.krebs.build.host.name;
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
index 5bcfc5818..4ff1902f9 100644
--- a/shared/2configs/cgit-mirror.nix
+++ b/shared/2configs/cgit-mirror.nix
@@ -2,12 +2,11 @@
with lib;
let
- rules = with git;[{
- # user = git-sync;
- user = git-sync;
+ rules = with git; singleton {
+ user = [ git-sync ];
repo = [ stockholm-mirror ];
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
- }];
+ };
stockholm-mirror = {
public = true;
From 4c23e33dea4d9901b64bf287983c43862f4990f2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 4 Feb 2016 16:38:21 +0100
Subject: [PATCH 59/70] ma 1: refactor buildbot config, add documentation
---
shared/1systems/wolf.nix | 2 +-
...bot-standalone.nix => shared-buildbot.nix} | 26 +++++++++----------
2 files changed, 13 insertions(+), 15 deletions(-)
rename shared/2configs/{buildbot-standalone.nix => shared-buildbot.nix} (84%)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index e45195487..bcfbd6810 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -11,7 +11,7 @@ in
../2configs/collectd-base.nix
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
- ../2configs/buildbot-standalone.nix
+ ../2configs/shared-buildbot.nix
../2configs/cgit-mirror.nix
# ../2configs/graphite.nix
];
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/shared-buildbot.nix
similarity index 84%
rename from shared/2configs/buildbot-standalone.nix
rename to shared/2configs/shared-buildbot.nix
index 9982dd915..50b279036 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/shared-buildbot.nix
@@ -1,5 +1,9 @@
{ lib, config, pkgs, ... }:
+# The buildbot config is seilf-contained and provides a way to test "shared"
+# configuration (infrastructure to be used by every krebsminister).
+# You can add your own test, test steps as required. Deploy the config on a
+# shared host like wolf and everything should be fine.
{
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
krebs.buildbot.master = {
@@ -59,7 +63,10 @@
"(import <stockholm> {}).pkgs.test.infest-cac-centos7" ]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
- nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ]
+ nixshell = ["nix-shell",
+ "-I", "stockholm=.",
+ "-I", "nixpkgs=/var/src/upstream-nixpkgs",
+ "-p" ] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
@@ -69,14 +76,9 @@
fast-tests = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- addShell(f,name="deploy-eval-centos7",env=env,
- command=nixshell + ["make -s eval get=krebs.deploy filter=json system=test-centos7"])
-
- addShell(f,name="deploy-eval-wolf",env=env,
- command=nixshell + ["make -s eval get=krebs.deploy filter=json system=wolf"])
-
- addShell(f,name="deploy-eval-cross-check",env=env,
- command=nixshell + ["! make eval get=krebs.deploy filter=json system=test-failing"])
+ for i in [ "test-centos7", "wolf", "test-failing" ]:
+ addShell(f,name="populate-{}".format(i),env=env,
+ command=nixshell + ["set -o pipefail;{}( nix-instantiate --arg configuration shared/1systems/{}.nix --eval --readonly-mode --show-trace -A config.krebs.build.populate --strict | jq -r .)".format("!" if "failing" in i else "",i)])
addShell(f,name="instantiate-test-all-modules",env=env,
command=nixshell + \
@@ -86,8 +88,6 @@
-I stockholm=. \
--show-trace \
-I secrets=. '<stockholm>' \
- --argstr current-user-name shared \
- --argstr current-host-name lol \
--strict --json"])
addShell(f,name="instantiate-test-minimal-deploy",env=env,
@@ -97,8 +97,6 @@
-I stockholm=. \
-I secrets=. '<stockholm>' \
--show-trace \
- --argstr current-user-name shared \
- --argstr current-host-name lol \
--strict --json"])
bu.append(util.BuilderConfig(name="fast-tests",
@@ -145,6 +143,6 @@
password = "krebspass";
packages = with pkgs;[ git nix ];
# all nix commands will need a working nixpkgs installation
- extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
+ extraEnviron = { NIX_PATH="/var/src"; };
};
}
From cb264dfb9119de4fb6d081171473e4276cdbb9d5 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2016 15:11:22 +0100
Subject: [PATCH 60/70] urlwatch: 2.0 -> 2.1
---
krebs/5pkgs/urlwatch/default.nix | 23 ++++++-----------------
1 file changed, 6 insertions(+), 17 deletions(-)
diff --git a/krebs/5pkgs/urlwatch/default.nix b/krebs/5pkgs/urlwatch/default.nix
index d9b595314..780ad24f5 100644
--- a/krebs/5pkgs/urlwatch/default.nix
+++ b/krebs/5pkgs/urlwatch/default.nix
@@ -1,29 +1,18 @@
{ stdenv, fetchurl, python3Packages }:
python3Packages.buildPythonPackage rec {
- name = "urlwatch-2.0";
+ name = "urlwatch-2.1";
src = fetchurl {
url = "https://thp.io/2008/urlwatch/${name}.tar.gz";
- sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b";
+ sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6";
};
propagatedBuildInputs = with python3Packages; [
- pyyaml
keyring
- (python3Packages.buildPythonPackage rec {
- name = "minidb-2.0.1";
- src = fetchurl {
- url = "https://thp.io/2010/minidb/${name}.tar.gz";
- sha256 = "1x958zr9jc26vaqij451qb9m2l7apcpz34ir9fwfjg4fwv24z2dy";
- };
- meta = {
- description = "A simple SQLite3-based store for Python objects";
- homepage = https://thp.io/2010/minidb/;
- license = stdenv.lib.licenses.isc;
- maintainers = [ stdenv.lib.maintainers.tv ];
- };
- })
+ minidb
+ pyyaml
+ requests2
];
postFixup = ''
@@ -36,4 +25,4 @@ python3Packages.buildPythonPackage rec {
license = stdenv.lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.tv ];
};
-}#
+}
From b2303e081fb1ccc9a0b88f538736045fb2fba14f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 5 Feb 2016 15:18:28 +0100
Subject: [PATCH 61/70] cd: use default upstream-nixpkgs
---
tv/1systems/cd.nix | 5 -----
1 file changed, 5 deletions(-)
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index e42d5750a..8297a56df 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -6,11 +6,6 @@ with lib;
krebs.build.host = config.krebs.hosts.cd;
krebs.build.target = "root@cd.internet";
- krebs.build.source.upstream-nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "b7ff030";
- };
-
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
From 23c7c10f5a5ed83dca001d7382e5b89981277f8c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:11:30 +0100
Subject: [PATCH 62/70] krebs.retiolum.hosts: change type to attrsOf host
---
krebs/3modules/retiolum.nix | 46 +++++++++++++-------------
krebs/4lib/types.nix | 16 +++++----
krebs/Zhosts/Styx | 10 ------
krebs/Zhosts/ThinkArmageddon | 9 -----
krebs/Zhosts/TriBot | 11 ------
krebs/Zhosts/ach | 11 ------
krebs/Zhosts/air | 11 ------
krebs/Zhosts/alarmpi | 11 ------
krebs/Zhosts/albi10 | 11 ------
krebs/Zhosts/albi7 | 10 ------
krebs/Zhosts/almoehi | 11 ------
krebs/Zhosts/alphalabs | 10 ------
krebs/Zhosts/apfull | 11 ------
krebs/Zhosts/bitchctl | 11 ------
krebs/Zhosts/bitchextend | 11 ------
krebs/Zhosts/bitchtop | 11 ------
krebs/Zhosts/bobby | 11 ------
krebs/Zhosts/box | 10 ------
krebs/Zhosts/bridge | 12 -------
krebs/Zhosts/c2ft | 10 ------
krebs/Zhosts/c2fthome | 10 ------
krebs/Zhosts/casino | 11 ------
krebs/Zhosts/cat1 | 11 ------
krebs/Zhosts/cband | 11 ------
krebs/Zhosts/cd | 17 ----------
krebs/Zhosts/cloudkrebs | 12 -------
krebs/Zhosts/darth | 12 -------
krebs/Zhosts/dei | 11 ------
krebs/Zhosts/destroy | 11 ------
krebs/Zhosts/devstar | 11 ------
krebs/Zhosts/echelon | 12 -------
krebs/Zhosts/eigenserv | 11 ------
krebs/Zhosts/elvis | 12 -------
krebs/Zhosts/eulerwalk | 11 ------
krebs/Zhosts/exile | 9 -----
krebs/Zhosts/exitium_mobilis | 10 ------
krebs/Zhosts/falk | 11 ------
krebs/Zhosts/fastpoke | 12 -------
krebs/Zhosts/filebitch | 11 ------
krebs/Zhosts/filepimp | 11 ------
krebs/Zhosts/flap | 12 -------
krebs/Zhosts/foobar | 11 ------
krebs/Zhosts/fuerkrebs | 10 ------
krebs/Zhosts/gum | 15 ---------
krebs/Zhosts/heidi | 11 ------
krebs/Zhosts/horisa | 12 -------
krebs/Zhosts/horreum_magnus | 15 ---------
krebs/Zhosts/incept | 13 --------
krebs/Zhosts/ire | 12 -------
krebs/Zhosts/ire2 | 9 -----
krebs/Zhosts/irkel | 12 -------
krebs/Zhosts/juhulian | 11 ------
krebs/Zhosts/k2 | 28 ----------------
krebs/Zhosts/kabinett | 11 ------
krebs/Zhosts/kaepsele | 11 ------
krebs/Zhosts/kalle | 11 ------
krebs/Zhosts/karthus | 10 ------
krebs/Zhosts/kebsco | 11 ------
krebs/Zhosts/khackplug | 11 ------
krebs/Zhosts/kheurop | 12 -------
krebs/Zhosts/kiosk | 12 -------
krebs/Zhosts/krebsplug | 10 ------
krebs/Zhosts/kvasir | 11 ------
krebs/Zhosts/laqueus | 11 ------
krebs/Zhosts/linuxatom | 11 ------
krebs/Zhosts/luminos | 11 ------
krebs/Zhosts/machine | 11 ------
krebs/Zhosts/makalu | 11 ------
krebs/Zhosts/mako | 11 ------
krebs/Zhosts/miefda0 | 10 ------
krebs/Zhosts/minikrebs | 10 ------
krebs/Zhosts/mkdir | 11 ------
krebs/Zhosts/monitor | 11 ------
krebs/Zhosts/mors | 10 ------
krebs/Zhosts/motor | 12 -------
krebs/Zhosts/mu | 10 ------
krebs/Zhosts/muhbaasu | 13 --------
krebs/Zhosts/nomic | 10 ------
krebs/Zhosts/nomic2 | 10 ------
krebs/Zhosts/nukular | 11 ------
krebs/Zhosts/omo | 9 -----
krebs/Zhosts/pic | 11 ------
krebs/Zhosts/pigstarter | 13 --------
krebs/Zhosts/pike | 11 ------
krebs/Zhosts/pnp | 11 ------
krebs/Zhosts/pornocauster | 10 ------
krebs/Zhosts/prism | 12 -------
krebs/Zhosts/radiotuxmini | 11 ------
krebs/Zhosts/random | 10 ------
krebs/Zhosts/raspafari | 11 ------
krebs/Zhosts/reimae | 12 -------
krebs/Zhosts/rmdir | 11 ------
krebs/Zhosts/robchina | 11 ------
krebs/Zhosts/rockit | 11 ------
krebs/Zhosts/rtjure_debian_oder_so | 11 ------
krebs/Zhosts/rtjure_ras | 11 ------
krebs/Zhosts/rtjure_rdrlab_linkstation | 11 ------
krebs/Zhosts/rubus | 9 -----
krebs/Zhosts/senderechner | 10 ------
krebs/Zhosts/serenity | 11 ------
krebs/Zhosts/seruundroid | 12 -------
krebs/Zhosts/sir_krebs_a_lot | 11 ------
krebs/Zhosts/skirfir | 11 ------
krebs/Zhosts/sleipnir | 12 -------
krebs/Zhosts/smove | 9 -----
krebs/Zhosts/sokrates | 11 ------
krebs/Zhosts/sokrateslaptop | 11 ------
krebs/Zhosts/soundflower | 10 ------
krebs/Zhosts/steve | 10 ------
krebs/Zhosts/stro | 10 ------
krebs/Zhosts/tahoe | 12 -------
krebs/Zhosts/taschenkrebs | 11 ------
krebs/Zhosts/terrapi | 11 ------
krebs/Zhosts/thomasDOTde | 9 -----
krebs/Zhosts/tincdroid | 9 -----
krebs/Zhosts/tmpd | 11 ------
krebs/Zhosts/tpsw | 11 ------
krebs/Zhosts/tsp | 16 ---------
krebs/Zhosts/ufo | 11 ------
krebs/Zhosts/uriel | 11 ------
krebs/Zhosts/vault | 10 ------
krebs/Zhosts/vbob | 9 -----
krebs/Zhosts/voyager | 17 ----------
krebs/Zhosts/wbob | 10 ------
krebs/Zhosts/wolf | 10 ------
krebs/Zhosts/wooktop | 11 ------
krebs/Zhosts/wry | 16 ---------
krebs/Zhosts/wu | 10 ------
krebs/Zhosts/xu | 13 --------
krebs/Zhosts/ytart | 9 -----
krebs/Zhosts/zombiecancer | 11 ------
lass/2configs/retiolum.nix | 1 -
makefu/1systems/repunit.nix | 1 -
makefu/1systems/vbob.nix | 1 -
134 files changed, 32 insertions(+), 1479 deletions(-)
delete mode 100644 krebs/Zhosts/Styx
delete mode 100644 krebs/Zhosts/ThinkArmageddon
delete mode 100644 krebs/Zhosts/TriBot
delete mode 100644 krebs/Zhosts/ach
delete mode 100644 krebs/Zhosts/air
delete mode 100644 krebs/Zhosts/alarmpi
delete mode 100644 krebs/Zhosts/albi10
delete mode 100644 krebs/Zhosts/albi7
delete mode 100644 krebs/Zhosts/almoehi
delete mode 100644 krebs/Zhosts/alphalabs
delete mode 100644 krebs/Zhosts/apfull
delete mode 100644 krebs/Zhosts/bitchctl
delete mode 100644 krebs/Zhosts/bitchextend
delete mode 100644 krebs/Zhosts/bitchtop
delete mode 100644 krebs/Zhosts/bobby
delete mode 100644 krebs/Zhosts/box
delete mode 100644 krebs/Zhosts/bridge
delete mode 100644 krebs/Zhosts/c2ft
delete mode 100644 krebs/Zhosts/c2fthome
delete mode 100644 krebs/Zhosts/casino
delete mode 100644 krebs/Zhosts/cat1
delete mode 100644 krebs/Zhosts/cband
delete mode 100644 krebs/Zhosts/cd
delete mode 100644 krebs/Zhosts/cloudkrebs
delete mode 100644 krebs/Zhosts/darth
delete mode 100644 krebs/Zhosts/dei
delete mode 100644 krebs/Zhosts/destroy
delete mode 100644 krebs/Zhosts/devstar
delete mode 100644 krebs/Zhosts/echelon
delete mode 100644 krebs/Zhosts/eigenserv
delete mode 100644 krebs/Zhosts/elvis
delete mode 100644 krebs/Zhosts/eulerwalk
delete mode 100644 krebs/Zhosts/exile
delete mode 100644 krebs/Zhosts/exitium_mobilis
delete mode 100644 krebs/Zhosts/falk
delete mode 100644 krebs/Zhosts/fastpoke
delete mode 100644 krebs/Zhosts/filebitch
delete mode 100644 krebs/Zhosts/filepimp
delete mode 100644 krebs/Zhosts/flap
delete mode 100644 krebs/Zhosts/foobar
delete mode 100644 krebs/Zhosts/fuerkrebs
delete mode 100644 krebs/Zhosts/gum
delete mode 100644 krebs/Zhosts/heidi
delete mode 100644 krebs/Zhosts/horisa
delete mode 100644 krebs/Zhosts/horreum_magnus
delete mode 100644 krebs/Zhosts/incept
delete mode 100644 krebs/Zhosts/ire
delete mode 100644 krebs/Zhosts/ire2
delete mode 100644 krebs/Zhosts/irkel
delete mode 100644 krebs/Zhosts/juhulian
delete mode 100644 krebs/Zhosts/k2
delete mode 100644 krebs/Zhosts/kabinett
delete mode 100644 krebs/Zhosts/kaepsele
delete mode 100644 krebs/Zhosts/kalle
delete mode 100644 krebs/Zhosts/karthus
delete mode 100644 krebs/Zhosts/kebsco
delete mode 100644 krebs/Zhosts/khackplug
delete mode 100644 krebs/Zhosts/kheurop
delete mode 100644 krebs/Zhosts/kiosk
delete mode 100644 krebs/Zhosts/krebsplug
delete mode 100644 krebs/Zhosts/kvasir
delete mode 100644 krebs/Zhosts/laqueus
delete mode 100644 krebs/Zhosts/linuxatom
delete mode 100644 krebs/Zhosts/luminos
delete mode 100644 krebs/Zhosts/machine
delete mode 100644 krebs/Zhosts/makalu
delete mode 100644 krebs/Zhosts/mako
delete mode 100644 krebs/Zhosts/miefda0
delete mode 100644 krebs/Zhosts/minikrebs
delete mode 100644 krebs/Zhosts/mkdir
delete mode 100644 krebs/Zhosts/monitor
delete mode 100644 krebs/Zhosts/mors
delete mode 100644 krebs/Zhosts/motor
delete mode 100644 krebs/Zhosts/mu
delete mode 100644 krebs/Zhosts/muhbaasu
delete mode 100644 krebs/Zhosts/nomic
delete mode 100644 krebs/Zhosts/nomic2
delete mode 100644 krebs/Zhosts/nukular
delete mode 100644 krebs/Zhosts/omo
delete mode 100644 krebs/Zhosts/pic
delete mode 100644 krebs/Zhosts/pigstarter
delete mode 100644 krebs/Zhosts/pike
delete mode 100644 krebs/Zhosts/pnp
delete mode 100644 krebs/Zhosts/pornocauster
delete mode 100644 krebs/Zhosts/prism
delete mode 100644 krebs/Zhosts/radiotuxmini
delete mode 100644 krebs/Zhosts/random
delete mode 100644 krebs/Zhosts/raspafari
delete mode 100644 krebs/Zhosts/reimae
delete mode 100644 krebs/Zhosts/rmdir
delete mode 100644 krebs/Zhosts/robchina
delete mode 100644 krebs/Zhosts/rockit
delete mode 100644 krebs/Zhosts/rtjure_debian_oder_so
delete mode 100644 krebs/Zhosts/rtjure_ras
delete mode 100644 krebs/Zhosts/rtjure_rdrlab_linkstation
delete mode 100644 krebs/Zhosts/rubus
delete mode 100644 krebs/Zhosts/senderechner
delete mode 100644 krebs/Zhosts/serenity
delete mode 100644 krebs/Zhosts/seruundroid
delete mode 100644 krebs/Zhosts/sir_krebs_a_lot
delete mode 100644 krebs/Zhosts/skirfir
delete mode 100644 krebs/Zhosts/sleipnir
delete mode 100644 krebs/Zhosts/smove
delete mode 100644 krebs/Zhosts/sokrates
delete mode 100644 krebs/Zhosts/sokrateslaptop
delete mode 100644 krebs/Zhosts/soundflower
delete mode 100644 krebs/Zhosts/steve
delete mode 100644 krebs/Zhosts/stro
delete mode 100644 krebs/Zhosts/tahoe
delete mode 100644 krebs/Zhosts/taschenkrebs
delete mode 100644 krebs/Zhosts/terrapi
delete mode 100644 krebs/Zhosts/thomasDOTde
delete mode 100644 krebs/Zhosts/tincdroid
delete mode 100644 krebs/Zhosts/tmpd
delete mode 100644 krebs/Zhosts/tpsw
delete mode 100644 krebs/Zhosts/tsp
delete mode 100644 krebs/Zhosts/ufo
delete mode 100644 krebs/Zhosts/uriel
delete mode 100644 krebs/Zhosts/vault
delete mode 100644 krebs/Zhosts/vbob
delete mode 100644 krebs/Zhosts/voyager
delete mode 100644 krebs/Zhosts/wbob
delete mode 100644 krebs/Zhosts/wolf
delete mode 100644 krebs/Zhosts/wooktop
delete mode 100644 krebs/Zhosts/wry
delete mode 100644 krebs/Zhosts/wu
delete mode 100644 krebs/Zhosts/xu
delete mode 100644 krebs/Zhosts/ytart
delete mode 100644 krebs/Zhosts/zombiecancer
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index e0e2692a8..08ac96461 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }:
-
-with builtins;
with lib;
let
cfg = config.krebs.retiolum;
@@ -40,7 +38,7 @@ let
'';
};
- network = mkOption {
+ netname = mkOption {
type = types.str;
default = "retiolum";
description = ''
@@ -65,10 +63,13 @@ let
};
hosts = mkOption {
- type = with types; either package path;
- default = ../Zhosts;
+ type = with types; attrsOf host;
+ default =
+ filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts;
description = ''
- If a path is given, then it will be used to generate an ad-hoc package.
+ Hosts which should be part of the tinc configuration.
+ Note that these hosts must have a correspondingly named network
+ configured, see <literal>config.krebs.retiolum.netname</literal>.
'';
};
@@ -104,7 +105,7 @@ let
};
imp = {
- environment.systemPackages = [ tinc hosts iproute ];
+ environment.systemPackages = [ tinc iproute ];
networking.extraHosts = retiolumExtraHosts;
@@ -140,17 +141,16 @@ let
tinc = cfg.tincPackage;
- hosts = getAttr (typeOf cfg.hosts) {
- package = cfg.hosts;
- path = pkgs.stdenv.mkDerivation {
- name = "custom-retiolum-hosts";
- src = cfg.hosts;
- installPhase = ''
- mkdir $out
- find . -name .git -prune -o -type f -print0 \
- | xargs -0 cp --target-directory $out
- '';
- };
+ tinc-hosts = pkgs.stdenv.mkDerivation {
+ name = "${cfg.netname}-tinc-hosts";
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir $out
+ ${concatStrings (mapAttrsToList (_: host: ''
+ echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \
+ > $out/${shell.escape host.name}
+ '') cfg.hosts)}
+ '';
};
iproute = cfg.iproutePackage;
@@ -159,7 +159,7 @@ let
{ }
''
generate() {
- (cd ${hosts}
+ (cd ${tinc-hosts}
printf \'\'
for i in `ls`; do
names=$(hostnames $i)
@@ -180,11 +180,11 @@ let
generate
;;
long)
- hostnames() { echo "$1.${cfg.network}"; }
+ hostnames() { echo "$1.${cfg.netname}"; }
generate
;;
both)
- hostnames() { echo "$1.${cfg.network} $1"; }
+ hostnames() { echo "$1.${cfg.netname} $1"; }
generate
;;
*)
@@ -203,12 +203,12 @@ let
mkdir -p $out
- ln -s ${hosts} $out/hosts
+ ln -s ${tinc-hosts} $out/hosts
cat > $out/tinc.conf <<EOF
Name = ${cfg.name}
Device = /dev/net/tun
- Interface = ${cfg.network}
+ Interface = ${cfg.netname}
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
${cfg.extraConfig}
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index c596d0f9d..6c396a132 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -119,16 +119,18 @@ types // rec {
default = {};
};
tinc = mkOption {
- type = let net-config = config; in nullOr (submodule ({ config, ... }: {
+ type = let net = config; in nullOr (submodule ({ config, ... }: {
options = {
config = mkOption {
type = str;
- default = ''
- ${optionalString (net-config.via != null)
- (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)}
- ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs}
- ${config.pubkey}
- '';
+ default = concatStringsSep "\n" (
+ (optionals (net.via != null)
+ (map (a: "Address = ${a}") net.via.addrs))
+ ++
+ (map (a: "Subnet = ${a}") net.addrs)
+ ++
+ [config.pubkey]
+ );
};
pubkey = mkOption {
type = str;
diff --git a/krebs/Zhosts/Styx b/krebs/Zhosts/Styx
deleted file mode 100644
index fad453168..000000000
--- a/krebs/Zhosts/Styx
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.42/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4jbOi+HZIGOGNm4aBSwnq4m3Vg3IXHmYUbJx1AzP4a/yvEgswfk6
-MP5FXvoY/hZ0NQ0IRzbbJxGbcUdulz0WSjX1C+8uQUZstz+lvYZ4FeCXcdE5cuFM
-ROKAbA4qxO3WOFhPAs4G+K6srDqswmmBSfgPAfOBexEZxHweoBQLOYKUPnBCWf5q
-I1gKWgMVWv6KY/pgYxloarycb8gEd2GsNZcNwoNhRd2G/Tn6idh1qRBI96eaasbV
-P24FEVkPVFVgIGrvFZCICCeQzA4g+Sn4TmgxnTWLQxG4hAHOZQX/ld8u7NHTU9Qm
-PwmjESwfas9Z8UjknrbcaZvuqKrnMp7JwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ThinkArmageddon b/krebs/Zhosts/ThinkArmageddon
deleted file mode 100644
index e51e1c92b..000000000
--- a/krebs/Zhosts/ThinkArmageddon
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.137/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1EAiyBWICkyB1zHE31fHSbGR1nJJmXSfnrqm9yXRZSGweIKrbsof
-QVcRzM4vsFBRUMBeKW7fzlGcvgXULFRnGelvEl4GRiBMO9odBlBI3t8CjZW7X2N7
-JqCMkB+CRuiHbNYQdRFTozQEfPq+DNh8accD5LjUM6gF0dKUdby5qNeHCfZSxU4v
-YZDRqq/haO4up6m8/S6YhnHPOSaIAu7R7hFaUeB/FPT+s5irKk6WtAiWnIdXb22q
-0zxT4+t9sWFb4V9u/MImggYQVWjk+TfF5KpihBOvExEQsSR8JJcRUJAtN4W0w2Pc
-S4/j9ArKcBj5Wf2qHcJMN5MbwUFW1oMkGwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/TriBot b/krebs/Zhosts/TriBot
deleted file mode 100644
index 821046f5d..000000000
--- a/krebs/Zhosts/TriBot
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.117.163
-Subnet = 42:ff05:504f:f27a:3534:9be1:4343:5e95
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAz8pZtvSqDEKo/8IHt71GzWa2oTqZPUv2kRoipUXbJGv3eWpkbd4n
-OpaLuY7MjUveZ39m830t5RAkgB9iChU5wurszgfLrxJ15uibJe+yFJl9O6kuYJr1
-69s12F/v/pPno5eWuXWJ+CdMW8srZB1I/ZIL1/GaptuDoMxu7uBnDbL/NJrpPBSr
-JxCJGHET8jh2++B3cqsBWNGkQjQTM8NwwAup6HQjBrbOQYOAQbcOTMmalc/9JFfO
-LUz63LrCPk5pIeLi+876IdAJBuJsVWwmTbl/D9R6D34Z8bYHIv9mDmO/omckcxX2
-JJgEq5/xlLb2gHt/qfUunbYHIstp/s2bSwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ach b/krebs/Zhosts/ach
deleted file mode 100644
index 7774f17c4..000000000
--- a/krebs/Zhosts/ach
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.32.89
-Subnet = 42:6bb3:0a07:6777:9aa5:e39c:e140:cb68
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsTyjNQ5aO2aIKXgkgZSiUb0POtEVoAPFrIkSv5Ci+7AYv+CLXsIr
-TKBfFIg474KZ4MCrX0oA3Z66s9d2UW6mcH5JufW8siRPJvdydqaANyF6Fvk++59R
-+GMKR0MGdPGfcxjaw64ChemOZx1T6ODHF7KTgaWRI+Aiz+jWsvVCSKutSwVDJTgJ
-4lub95/gbWckRY6fchkh7rSTfNXXYevbysQYdZaAR/qgquUNt23/ewlagF7uqgZt
-CQx7MHMU2quEdvIfZuUPFWe0yHBb1bZCHYxKXo6XG8I7WdUAFRuwFLTjqgSYPD1j
-EpUyU0+xxfyXB3vWrM/jcw8XKzi04wWHuQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/air b/krebs/Zhosts/air
deleted file mode 100644
index f27106f0e..000000000
--- a/krebs/Zhosts/air
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.99
-Subnet = 42:32d7:b589:8ae8:57a5:4cde:f49e:851d/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1yNqMyy9C1O031M518kzLYLh+Ox0D2r9UgVSSb9OgpQ85ZJgl7Kb
-SUzlZLbC9CX4O+PmtWvZwtPfLjua9VbVOtUJTB6zTB9Oqe4hTmX0oKIgheGf1rKS
-ylOaLfSz7PaPR3zGms17F4ovLDUBG2rpOyoHJM54T9LyJbPny/t7v/fjAFqu6atK
-1RgER3j3s5oPaRPw0pYR0kiGXayZRL6q7Qc6AXMlMi22sdRI9e1YCMCyC4u1oU6U
-grw7khyPWoEaue9B7fKfG5PixRHHlrsVDdwXEVvH87+/X2IU3H3C1/pslenAQ98i
-qGNJOl2eJ9FHInQjI1cDMgFURcT6i8mGpQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/alarmpi b/krebs/Zhosts/alarmpi
deleted file mode 100644
index 205b0d838..000000000
--- a/krebs/Zhosts/alarmpi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.187
-Subnet = 42:2de9:fab6:7460:2fee:9199:fa1d:70ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAunQOFP1mnEmsmnMYjCwbWdbGe0/hHQs2bxIdwO1RXngXgw/TBBhN
-Xlp75LzPiT0ELF5WBPVclqskT+bl+FOOITH9XDkYzm22jzeLHq3bs3YiZhwzidkO
-Xhq5pwGY4HL4o3SfFtfOHse688qqLXefoc9CfyAIKMCRRAxlzpqNVuZEg1eUcuUJ
-z6gugJj+YyA4V3JGq7GuJDiPPOMrGel0rITMlWtYYtm0jf6deYBPjo+ZogDESlez
-tBmPKNCXynSxb6cV39StUsbUQbLvHgPBrA01T+Hw1DV5eHmWoycvD4IfJqXdfMbc
-BOqRHOlErXGTG5m2EUoU0VSj75zl06gW6wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/albi10 b/krebs/Zhosts/albi10
deleted file mode 100644
index 9bcca7ccd..000000000
--- a/krebs/Zhosts/albi10
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 74.122.198.15
-Subnet = 10.243.0.10
-Subnet = 42:aaa9:4ba3:8c43:bdd8:2cc8:29a0:e8e6/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0Jz5rQ7NpIQWwhDsrZHlJYAnC1k1onl2ln/6CJbdV9t3gG2hlx/9
-0SEARo6sq9fftyzzZd3iY4WK7+zRXJFXHsLmDa6mq8Mme7Yv+YHZoHPTm9c3tN3v
-laiV/qAdoi/sv43DCo7JywI2lTW1pPxuitXuud2ajd7GXuCoRqFRqLtaURorVKkW
-4j9UGpMKrEa+CV9wP5jZ57RSPQ7aMq8D4GiMqKDgUeCZnvXxpYWDOEdGNlpuUcWt
-/erC6u50/vnjUkkHx66OmkZe5AX5MmwNp2q4zC4sTh/BRhqk27AmNl5wbp0kL7/B
-hg+r0F8ckrdLc21sSU36lUIeeFa/S+A06QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/albi7 b/krebs/Zhosts/albi7
deleted file mode 100644
index 32cf0dc84..000000000
--- a/krebs/Zhosts/albi7
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.7/32
-Subnet = 42:6c61:6962:6137:626c:3769:000a:1337/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+SwdWv1anjIaKSnvel9d23tgqye5RguIVfgMnjpMsqOYpFklLIa8
-4wREhVvpiArnIsoTXbKzdeCFgaAbMS6aQ701Pyv7QriVy8m3iUlgqvB/znogxN8U
-z1fqL0jAHLkQkoyZ2a6mUgHpByvUqZNcq6istYLwGnXO3JQrS7U54hHPpXbxwFY5
-0/Wli9OueG4fWaZ9skDa2Faq4c/Lngku+Iv1gBBgII1EDSsgedNWw3YBTmHDFNTZ
-SsORj2ho5nQgdvw42qEINbxpU01jK8XB+jmVEO+ixZZCsWlOeCjl9Zym4MZDRePg
-euTLTbgs/809ElM8V+EzRKSPNR2k6FrBXwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/almoehi b/krebs/Zhosts/almoehi
deleted file mode 100644
index d856f682f..000000000
--- a/krebs/Zhosts/almoehi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.239.66
-Subnet = 42:0730:2eed:2bb9:9d4b:eeb1:641c:0fe6
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtyfcqaDrDmsBVh5w4CksDI1Hn/jDcZVyNWZlqxQojjB2SsxH1VyD
-VcpmwyzDSE87CCZPN4xjIbrc+KgjiOVSAu+8Ax4dLqVrP96s5lJUIunVcwd3lQVi
-D7Ol2zDredbXuNi3jb0qBU+/qiK9mp1vTcEXhXmCSTiXIHz0d7vkv9S0h+YgKGMJ
-xBQsyCsEI9uAeGghVwrLcwY0ea6ZJuYz0miIn9+g4D5PROxImBAJV6uvbG0cP8QG
-rLY85YYByk2qKPIXrpec4uc1A/P1+1DSl5I+GEkBBhSmQB71UYCDULfuL4Eu6mFN
-AFAPsSCk8DFo5//lULky24CEkxTtp4rcPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/alphalabs b/krebs/Zhosts/alphalabs
deleted file mode 100644
index e5f98d692..000000000
--- a/krebs/Zhosts/alphalabs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:a1fa/128
-Subnet = 10.243.1.10/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvUAbMmmOFn+4kOvJAvmi0R/XCQa1YBlkjUvC6Pmt0Q8gV1DodXjB
-DgwP8yhLcxaVy2Hk82aJvNTUrfMeB2sdt1RJHQiEPQkHthdp8Spm0Px4uTiMjmFB
-ev91xi00eCCGIKsXdh/qso1K7EDHt9MEVHOvSlkawWzoyJ6AaHStW1ElwDdGjZpl
-0YWrhx4Gk5X7pCp3LKkQJFfGtqoqGOVg2JjqK3qMsAdRo6QvYDqjFzARed/D0k55
-kcKXjBJAVxoU/CqGfS/Lr0fL8tdYgXaAXvPO9dbr1t0KyOUY2KRNBePeSvRp/etb
-H0LBPsO9F7PQiPI3DBoWCYgsuj/hBXapvwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/apfull b/krebs/Zhosts/apfull
deleted file mode 100644
index c64750b84..000000000
--- a/krebs/Zhosts/apfull
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.138.112
-Subnet = 42:0707:afc5:96a3:8215:305e:0474:02fb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxNnJB29djjUFUZqM7EQ8kj+IRx/a+2fA0ZdNoUm4ar6t7kTmOc40
-GzGr0zE+QPqQ3abDk7eTmZbU3yUNiAUDzDMD+iqwKAVJnMb8pjXlGmcpdvMuxwbz
-bHeTEaVqBmF4seXlwUKL+waa2Yr1t0YsynCUte8dbcauaD9CY61QjDUP7TQBglmk
-eKq+qbFNKjzIjLQf2iXsl2+dzuFqg4OUaUD0zZJVzjNpKSz24uEK2mD9fSmS3oYF
-yzsNaOKaXr/j+1Xlosxy9Rde/o54UbtZTPYsNdhNgnXmBan4zTv/QnI67Uf9RqiK
-PHsSAkfCj/K7iAOKE/A30xYbd8eV2tPANwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchctl b/krebs/Zhosts/bitchctl
deleted file mode 100644
index 8f188a2ae..000000000
--- a/krebs/Zhosts/bitchctl
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.104.101
-Subnet = 42:5ac9:c698:4d1d:6ec5:45b9:647b:a8ee
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuxd4ZU3y1ZgvI+/7mQkWBlF6VvX6ty8+iKYwmjsSUCclxz3O5DB+
-clps9k+0tQvtKlsxG3lnFQz9fd4Pj0GIuWsAdHRH/hpnb9nYSRePKWy0RBjAZRr4
-8rXqI8NOdkQiIQT8gWw3ujzw/Mau/bV6AWqi+CbeExm+J0bPW/QZlAZ4BEKFvuqK
-U8yOQ38p9s3Dpe4S5JZ3cu54j5f5JygXTZgk2ZW3frJ/JS+lRHfFlIW0ZAuTqn/u
-GD5ahHLbRZPGsG5aSR+agfOVIAHLBnDoFx6AQUr09m4zyMgPEC+Xq/DvdP/Hvuas
-RYRol9qHtNeFJViWIUOQPHypTw2a4Ev7fQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchextend b/krebs/Zhosts/bitchextend
deleted file mode 100644
index 82d8ffa43..000000000
--- a/krebs/Zhosts/bitchextend
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.141.142
-Subnet = 42:f8a6:9f59:381d:eedf:d90d:8611:4a9e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA02Zp9aYkEn5yLSaOhrmuFzObpmWdZfT5OWzE11LUeoCu4rsEZY9T
-DB93iliJpxKYuLnmI49vGfSSzqGs6B2yoh6Y60OsrYrvBSQ2Li3aTOqUTL8GpR6Y
-GivInlr6F5/T+6BEg8paau/1rwRE/r2cJ78AvG1nd+JtRL9Hl4tYPakOVIbRk3D9
-4qDtWDWZS5BdirbaO66wvYxS8ps14LRvyVkjiT7IPMXf8p6rxumXPIr3JtJ6QC/K
-DKuP95v0vztZm3U32hO92NB+mDb0XjGSOaspEl2HX45phad6GnGBPqhGpSv47xDa
-HprcO9uxkGcEhyQtCALWD8THX1SNoNHh0QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bitchtop b/krebs/Zhosts/bitchtop
deleted file mode 100644
index 975575efa..000000000
--- a/krebs/Zhosts/bitchtop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.12.178
-Subnet = 42:4119:cdae:6fb4:0b58:59c6:a993:17ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3NJmRzOn5e8FwhlcdvjIwZSvCL2eJ/lJ6E3/m/BOy7qUneMwfotE
-DarxHFxd6ccMLK8yH0fUuTC9zKVud6bw5Xfaw8BnFm8QXTr3eSwol3Lq1I8+k06I
-PZ5a3tkdK7bQxOi+v70jGyR9E/Q1D7fP6L/q9L3W2RmNivlvS5qi5LgfxiEkFvgM
-EO1FPfXwTKhBCB5LqFY4e+viyGxjZ+nK55QgacU7MMNEJN0ntvSp4pLepL29q7ZN
-wSRAjZC3PJX5QZtOOtCYAJ0QqsUv8vZPhaObwPfLvGHku2vl9E8TH+HY0DWjvrte
-E9ZjPn19RWRFExiK2KpbfTJezFULhaAQaQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bobby b/krebs/Zhosts/bobby
deleted file mode 100644
index aac6e377b..000000000
--- a/krebs/Zhosts/bobby
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.111.112/32
-Subnet = 42:0:0:0:0:0:111:112/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
-uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
-Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
-0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
-jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
-cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/box b/krebs/Zhosts/box
deleted file mode 100644
index e02f8ca67..000000000
--- a/krebs/Zhosts/box
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.43.43
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvUMfRZOPb/zKvALZTyxKQuzowqqJ/HW2lm/RIOKL2uoTUgVX1DJB
-fCLf66e2fHnjnStXuaMDNs1kq2gi4EyK5Q50RxVBq7XayXYqfnFwzTE+Iqape542
-vYSWKLdrxljln8a2EYU7njtcWkTpW+cJIwSHEUkDLAowF87ElQ0gBmyX4p107pow
-jg7zcYierVdQXkI7mO4g2zWsywfhwscbu5hdCp1Fw3wHFDatgyhPj1pJruKe+O3c
-AebF5yQOAsCxAk8ZcwGLmmF5xK7lAeux2Qzu1B4Pkfxi97g1GVLnX+so7PR+vvkQ
-+OMzQGIWXtaOqov5q2O1N5RJzng/kCjC/QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/bridge b/krebs/Zhosts/bridge
deleted file mode 100644
index db75113be..000000000
--- a/krebs/Zhosts/bridge
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.26.29
-Subnet = 42:927a:3d59:1cb3:29d6:1a08:78d3:812e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
-VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
-UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
-oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
-/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
-lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/c2ft b/krebs/Zhosts/c2ft
deleted file mode 100644
index 8ce0539e2..000000000
--- a/krebs/Zhosts/c2ft
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:e674:8a82:7fe4:fa51:d305:192e:846b/128
-Subnet = 42.221.17.214/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqS+nvuQnAlhsGHgjKRz0nq2nj9HWwzrA96xnng6UCmkTpFyprM7b
-20vQ5wqcHFAbuZh1dOOb9G2qqsZYE6V1452YLZZLMsnxiJD8kSorHrF6kJid5JjH
-xyyqSvkXaHClQItVjo7rIn5P/Tl+BMt64KaPxpu/4GBVHkCE1apLtaVRnEq5t2DG
-htZuUqzhuLN4TQiSVC++7qY1UQotjLbAQpYxf67np5sKWMOqg5UA+ghuLeO9jpqL
-qKoh2TMzotGwlYBMXVA0jJtQu5Sq/IWKWAyk9zca2LT0W0ZZWYiTl+Ai5urbJgCV
-GvWeJCoBKteIKUHRVNK1RLDFl6/ITOu9XQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/c2fthome b/krebs/Zhosts/c2fthome
deleted file mode 100644
index a8eaabc97..000000000
--- a/krebs/Zhosts/c2fthome
+++ /dev/null
@@ -1,10 +0,0 @@
-Address = samularity.mine.nu
-Subnet = 42.44.64.126/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4ADumWibheOOocw3diK27ww4xfyptLZzlPcih5BJFUPOljXN33th
-1rbFwBr0QyRSad5U+/w1qlTCCqadjNdu+0RPGxbCrEqE3bUlrbES3Fw1ZtyIeuRH
-v6yTQuOzJXyceGGYJpK4JjFgFOggSH35dURDa1+x3pJECyWUAVDknWE5CS7HNufW
-bcREh18LoTUi7SGPeWauDLvVb/eeuDNJkoFj+HWpNqupFXpXUD7vQ+FBTtKO9FZu
-vd/QGYv7gkRGQfma3+2XW9fWgIfE1oS0qf4UfbycaEKMFS5Tn7li3tzCcH9Da4iB
-SsyWm1Hg1UYXccBdDYWYo+vdG59hIjmh8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/casino b/krebs/Zhosts/casino
deleted file mode 100644
index e35691c3c..000000000
--- a/krebs/Zhosts/casino
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.233
-Subnet = 42:3c1f:ea16:e181:7ab2:c51a:8892:7fb7/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzmZ7x4HVpW8RC3ZkwmNKY/6VGlMKQbpBQtmrUzV1XFxKWZRhH3VI
-NOqlfVpTEaRTorht7R8F1aw9psDDUcg7yuQFcUdoXxBJxwbc1h0FKyZZr5kAIfpS
-ObE0rbBRRqJVAWgztpQAalWC95D73y/+tpHnQ+LRFq9IWeX5+QobaSym1oG4Y0Jz
-STSbw2ksjH8CuWHS5TjZr50Nyx6cH99HABDnadxhLBtQriJPSYRYdWyp7tYrW3jd
-As28mxkyFj0sFV3IJ/bYfZD9KSGg1KjQu+c73xKOBUhNtSHFjUzN5myYGd/nWCw8
-0PUReLrWC1ZHYPzqiwelTHcNJ3UcojpO9wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cat1 b/krebs/Zhosts/cat1
deleted file mode 100644
index 1a9dd2fea..000000000
--- a/krebs/Zhosts/cat1
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.244.32
-Subnet = 42:86cf:a3fb:16b4:edbb:df13:a7a9:cd61
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyjmB9IyBYexahK+fxSzVNrVxMXroXMc4Fyx16+XOt9hugn24Suht
-06kQwwbpkwjWfIEONzr0UPAbsOWG/Qj3w+dqiC5iqHZWFW/NdBgwunF5+INnEamj
-eIIqei1230C/NNpTph9u3UsT+ZgZnc+r4usEmTpZslvtkVwg20jwT4w3Vq1ws1Jc
-8Ccy8vk4FjgBP88zuvqzjBtTGQMrDgBd68XlGVKOhrvxCebHknbcHWpUz4cN8TX7
-bRNpSUTCSGd2taY6g4cUxiegbTeK2LDVvW/6XtISvJqVVllLD/p661W6gRUlkspv
-phLJc+zNLRxOC624JRivt+Ag5iBI4YP4SQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cband b/krebs/Zhosts/cband
deleted file mode 100644
index 51c51e9c9..000000000
--- a/krebs/Zhosts/cband
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.7.76
-Subnet = 42:c293:090f:df44:0926:c7af:5012:7cd8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA11kwqXkkDRmxmoZNFDqtUsxK6d/HzTdFC/v1V3fttePuYFiEOhZl
-rLBS3+Eei4CsQrOwnaRBhHdnoOZGEdxJmq3YXDWGoVAn4bEgommCddzssVzWtVMf
-hIntuCExczEMIY+MGzM3QupYxUgRRVjFtvxoC9kKOSlaq0BhkdJiWygzN/NUfqpv
-HgDufoAcORLQInTpmQYEkZO+XmXejcCY/C+VD0MENqj3SijGw9tm2YmInwSwZnwX
-Zjh2xn96QbV9O7bpfGHcLxWhsUyyRC46knbbBXuAdbDsa2TUdzT5D7nb/TLfP412
-agIhk+cwFM24y/ChHdfoUBakKF4wZI3l4wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cd b/krebs/Zhosts/cd
deleted file mode 100644
index d65814f46..000000000
--- a/krebs/Zhosts/cd
+++ /dev/null
@@ -1,17 +0,0 @@
-Address = 162.219.7.216
-Subnet = 10.243.113.222
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af3
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
-rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
-e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
-sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
-CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
-PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
-LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
-DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
-ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
-jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
-Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/cloudkrebs b/krebs/Zhosts/cloudkrebs
deleted file mode 100644
index 3886371ff..000000000
--- a/krebs/Zhosts/cloudkrebs
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 104.167.113.104
-Subnet = 10.243.206.102
-Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f762
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
-OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
-QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
-3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
-sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
-TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/darth b/krebs/Zhosts/darth
deleted file mode 100644
index bcabc5f58..000000000
--- a/krebs/Zhosts/darth
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.0.84
-Subnet = 42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyx5x0jzfhex8EBSFLlOIkP1yJ5cSPLQ3hpPMvN0J7QdVbypU6a9C
-fzGpzBph1sRwXnaqCMe0og5VT3EdFtngbmm6t/CyMhBojkxMQI08m71JT5c07+1U
-OSSLXBXYHcN6cAEYEsvTiSuvP9RoAbUeQQbZryI4wpzzQ7ET1l7k/3eeXAwqRKR6
-xiqn/4597U09QYmllqfplJUBv2pIAIcFlm/KHvNTZGEZS83udfnECwDwgU63PMns
-38yiCpI79kagXyTOGCbkUatt0KNTzGNLAm0CyeFd1AdgUrj8fVg2jQLQlBrze+Gx
-jkphgkVEgMtVMTz8WKfz+Dro3jBfQstIjQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/dei b/krebs/Zhosts/dei
deleted file mode 100644
index 0d401b019..000000000
--- a/krebs/Zhosts/dei
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.247.164
-Subnet = 42:d702:e261:bf4d:2f5f:00e8:bf56:4d50
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAva8pJ7H+ebQFEpqLZhr6hE6OlCRhSlPQwEoWtQLHT/zsgmUEhXcw
-9045IAAgALc1Wf6lVWKwNEBNyLNULUgmkXzgjCG1OuLAn7jWtaNQZT+b6ZM/b2Qn
-hrGdHCcpvW1kpIfho3zMts4dVx28Z85JJlI4ZqfFZWwiuCj+x8OELdqtm2IYryiu
-6dHRR+4WkgEvqL+1YF2RRxXIcSW2wFdZOggjXYobzC2wl9zWkTBPC6lKQjlKlSrV
-ZZBKRwuHloHPt7HJTjWZTX28CbC/P+3l5NyMhfmqtFPZuhC4p7EAWwcXXDz1Gkxl
-w5EbcTz01pePFj5oVfK5aUoi1JFZ9GSZFQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/destroy b/krebs/Zhosts/destroy
deleted file mode 100644
index 8b5f7f5ab..000000000
--- a/krebs/Zhosts/destroy
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:9277:1f1e:7599:ae4b:7cca:b4a3:fe47/128
-Subnet = 10.243.0.31/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAofIF/j4ddJEG0sOJJNp6hVXqLpj9FPw6a1vLLqZsn/NuZi3QCZ/w
-xj1nIsQbc1TnPLluHhpn5kuvzb0lThqmPJvX2uXnbq7WH6OvRyN/FV/Gn40txdni
-MFWD53zGlAle1/Jdt+to/+0mvRP8U+dKuggemGljX2nrUxaJgVRVzynvkys5l6vZ
-2oMeO/LnFcAt9ZkMFoqDfKB/RPOqTD9k6Sz8xubVtasQ4ufpQl8Uv6zcYl1PnV7C
-9Pj5MMtQVtRRV8hljImqpERunU6ZsXhyqI9O/cVw9+QkWf7Qh5E0vUKTT9FISyTV
-nmQ9v8JGV2zPDVMmwP1ewyA1W9YhGiFd7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/devstar b/krebs/Zhosts/devstar
deleted file mode 100644
index 875f62e2a..000000000
--- a/krebs/Zhosts/devstar
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.133
-Subnet = 42:2be0:92f5:3546:5f0f:8f22:6244:25f4/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwkkmkhGMnI0x5VIgdLwV2SvXO9Bw3Sy1U5AToZiG2dSB+OiwwLir
-JIrTHv4r73lMLROJjQhznq06VMmNviC82178H7/DZqgSqlGU7d9p1Okd5XCs6LI3
-eaL5mYTXFuA+PMHVvYqQ5fDQRQ4KoWmlSV65XUPejPlxtl3FXqOSHVuuBSbka+St
-qLyWLAh9d8AfWjxbAIv41fl6WOyw2IuDc05K36aT/TwzA3ykl+ekNObAjvpI0cxI
-+d3j8H8JY5jDcg1hvWT06JqpUcTJRkWLL7BBdQvWySaBcET1Flfo8eYVqVQDK4kU
-XV/tA1ax7YPFBQ7Lh3Ru9nEC45Gv6R4HbwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon
deleted file mode 100644
index de4366875..000000000
--- a/krebs/Zhosts/echelon
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 104.233.84.57
-Subnet = 10.243.206.103
-Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
-oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
-MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
-4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
-n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
-do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/eigenserv b/krebs/Zhosts/eigenserv
deleted file mode 100644
index f59667940..000000000
--- a/krebs/Zhosts/eigenserv
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:c9d8:ab9e:c7fe:43ff:0268:f862:42f7/128
-Subnet = 10.243.0.32/32
-Compression = 9
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyy060LWeo6Z+Kp2h5LtyMx+KGdxL9/WjWfc1yf/YZ8lhZutNb+Kd
-u9AHbnrqTRWRslP+toNiC55aJ/KlTBFQA5nBu2DC1KdG71AX5th7bRvUMfEAEG1+
-7MpcyuC8Owvleg/b4Ihr+/kQNbIPPhAraPJU780Oy173jnt+PCIYY+aTnEuO3UBh
-yt3oPhfwMa2ssPL8GfF3YL9Pvh4UEbUu1E7zSOqzCOzH3od5I/G/TjvfHl3u4tEr
-6kWHVqOYaKMJlqYvb7tnw7QjJNFhVneBJN6eMaWfcmTp2G9S+SwOppW3P4yRxrar
-GLWPgEU6to1wduAktecWU/oWambgXb/hUQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/elvis b/krebs/Zhosts/elvis
deleted file mode 100644
index c98ce7865..000000000
--- a/krebs/Zhosts/elvis
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 94.79.154.86
-Subnet = 10.243.228.181
-Subnet = 42:42a3:7ad4:f156:906f:f6f3:943b:7b1d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAv7wpfzpazvXzKJsDkJ8J9zsTZRoI6LnpSIcO8hLQcHNk6LTWjBy1
-xdnsSe3eQYxNmZPKi28PdbMo4YQlFdewLSB69PP6ZX5ISNXVlCZ5Cend/kfU1fXV
-tcZ4JQCl/adHqg8niLAODfnXhwVjMpllgq6gCg5mVPILy+CZ08OM6Ij7Q5d+3Jr4
-1zMvAXyeuNQcL+MkBveblKC6j/e9fqaK86sUh/4unfgmkB7GWjqFwmoHZepR83o9
-HTBmKxEIDKYjLWVXV1Wph3/JN/65igTtju26cVarUmTtGIhU44NzCi+94+wKuJMU
-Bbjk/CnuWQoU2ABPsxtW3r6m4pSDhypNZQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/eulerwalk b/krebs/Zhosts/eulerwalk
deleted file mode 100644
index b6dbf43e0..000000000
--- a/krebs/Zhosts/eulerwalk
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.176.249
-Subnet = 42:7429:4e08:14cf:fb5d:9c17:76e5:ddcb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAv0GyX62KaykRkN9f6ZgtAOPk1rr+ZFG6Il24crrkIJgx0He+VVjr
-XgXE7EaVwNjNm/7nIhGGWbCzravDIrRzQXzY+IQIzXwSPKv0WZkqFHZj122SIt9L
-QKtkGnECA136uH3AqbXoxhsz2FnuDunZ6gKAi6XIlq5Qr2Nyv0qKKaM0zTZZ4pI5
-PqsNfV6r2gc3jo/tOuxVgG86dMAEHLMdwjdBE6/49daGXyhsGG7Gh93c8UlyFKyt
-r6LC+4Oc1MCMtCbxsmE/iZWJtpUHAcQDzTcAynP916xg1PBLhczfWFCPR0LXOQGe
-MYSv34G0gZqPmkNJryi1MEFZ61zo/SiO9wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/exile b/krebs/Zhosts/exile
deleted file mode 100644
index 25d68ca4c..000000000
--- a/krebs/Zhosts/exile
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42.116.243.248/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0H+DslKV6EDCZWBCJs+MFyvTR9Ej0yWthIHKzFrA4qI8rxskrGGP
-xhb16keQLPCAgBVVVmikh3pQVMq1K6ry5Of0uM7rU7crBzRfJ8zpGZXfYlBDFDAd
-Vg8wwDvEYsYCAKrZbYIKb88WR0mT7K47ipTbXd9utzmoWGa/SuGtPkYOigcWYMRN
-4QClPDLdICQvdohVvfd7/LXRNuwrWOJcmtLitTEZY9lo2hhv+ZKs7PBrmpTBhTMY
-N2Et69tVPQh1t7cljf3Esij5AUczv979C9Lvukj8Kb51Et0T9qcGAs/M3b64X7FO
-KjWVVQttj3AkjgLZ5OdYlm7uRRmYmKQ95wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/exitium_mobilis b/krebs/Zhosts/exitium_mobilis
deleted file mode 100644
index 3b112a0f7..000000000
--- a/krebs/Zhosts/exitium_mobilis
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:AFFF/128
-Subnet = 42.127.75.187/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1zv7tkHIUxJX2FIFcfakvZZYuI3VH56nkQYlpTUzO9WscMF1BgoH
-WKOvHy9QzxAJgqmceroZKbV2PIws/PZgwk7vNGPmmZtzkTuNS+RXd2y1WwKTHpxT
-IZ5TKo9AGuU4dcMLAR2xheCJzTRNoxj4UrUgN1WkAqdKhN0Dysglfb+FuUiMdbop
-rbzsKhJZKnJOnS00Z9K7ZrTWkYQR6nhMuZ0EMggc+pa5NesHfIoeitXQxB7tz9M4
-6O7xE8ZkECdKXmRBGhSU2ghnCqiomDj9l6L6S6Ms8Q0ElPM78RTh1a32Euj9Ffob
-v4gQuzI0fUKe+pbm3VC6B+9awkdd8n1AzwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/falk b/krebs/Zhosts/falk
deleted file mode 100644
index a8c9e2f21..000000000
--- a/krebs/Zhosts/falk
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.120.19
-Subnet = 42:845f:0432:a816:c623:fa89:8485:8700
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
-4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
-9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
-2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
-0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
-FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/fastpoke b/krebs/Zhosts/fastpoke
deleted file mode 100644
index c897a97bc..000000000
--- a/krebs/Zhosts/fastpoke
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 193.22.164.36
-Subnet = 10.243.253.152
-Subnet = 42:422a:194f:ff3b:e196:2f82:5cf5:bc00
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
-DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
-FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
-ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
-EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
-rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/filebitch b/krebs/Zhosts/filebitch
deleted file mode 100644
index 64c88cb0d..000000000
--- a/krebs/Zhosts/filebitch
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.189.130
-Subnet = 42:c64e:011f:9755:31e1:c3e6:73c0:af2d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
-fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
-e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
-KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
-oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
-wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/filepimp b/krebs/Zhosts/filepimp
deleted file mode 100644
index c689c8852..000000000
--- a/krebs/Zhosts/filepimp
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.153.102
-Subnet = 42:4b0b:d990:55ba:8da8:630f:dc0e:aae0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
-3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
-wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
-oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
-UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
-8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/flap b/krebs/Zhosts/flap
deleted file mode 100644
index 94e6bdc75..000000000
--- a/krebs/Zhosts/flap
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.211.172
-Subnet = 10.243.211.172 53
-Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
-2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
-8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
-3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
-hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
-Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/foobar b/krebs/Zhosts/foobar
deleted file mode 100644
index 2c77b79c4..000000000
--- a/krebs/Zhosts/foobar
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.135.219
-Subnet = 42:edd1:d518:f7d8:ada3:1ce3:f4f5:a986
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsCu6xC0OctUKu0UsscOWfyQlMtMrD0Pt/wB+IDOnkEgDKqcTYGXW
-h6VqMqE2cQhV3ThoxqeIPnQzwiMuVd0n2q3ZDexfYvHmqTZoaMrQZJlgY4rDx8jC
-USFqnvtkJbOxFBiS3c5yjOIybGSGDXrAaxmn80xewNIsdSqaY1/2FxKwx1Fn+Kf2
-hIQOEYkdLhwPso+HyNGUwVKjsRVCSWdJSzBHB38cPZRoPpcmRHOTs/Jtx0b4RXQr
-tVYW8i+Jq6hCt9sDLJexP9unPGl30Gn052noj1t4DRCPFpOYSLJFcGU4n/OzYbzY
-O8VB5DjgGK0eyEXvtByxvWYPnuRwSLaH3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/fuerkrebs b/krebs/Zhosts/fuerkrebs
deleted file mode 100644
index 35bbcf181..000000000
--- a/krebs/Zhosts/fuerkrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0f19:8a1e:7865:721b:2378:bef7:1159/128
-Subnet = 10.243.0.144/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1HoKqh7HvXCKybe2FNBI/wuOvkZuftL0/DDZfZtPlCRtdcOA4XFj
-hQng5+VE3NG0yKcRs59U8iHSeN9b7Is1YF4q0RtM9YQTDhvS/vfpHDq42ftjMs/e
-MIFvYBGr2WIOzOYPiACURRcaMmoAViqK2Bwda45jORPUGo1afibH9UcDs76lFuaI
-f3mUZvLlqdJEtG040WoT1douGWtUWkCB6/pVUgLAurncOz/XiSI3GFzkMUY+0pT6
-0G34AcYqvdQyxH3x0ebclFlfY2aPStf6bGMejcpRJm4M02xF809DVYlUL3mG6krF
-MdWP85dCQ4V/RL0HdZ9PEjlVhgNOF1aQowIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
deleted file mode 100644
index 7a1a305d6..000000000
--- a/krebs/Zhosts/gum
+++ /dev/null
@@ -1,15 +0,0 @@
-Address= 195.154.108.70
-Address= 195.154.108.70 53
-Address= 195.154.108.70 21031
-
-Subnet = 10.243.0.211
-Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
-BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
-i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
-09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
-u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
-OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/heidi b/krebs/Zhosts/heidi
deleted file mode 100644
index c8af51b04..000000000
--- a/krebs/Zhosts/heidi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.21
-Subnet = 42:9898:a8be:ce56:0ee3:b99c:42c5:109e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
-1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
-jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
-ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
-q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
-w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/horisa b/krebs/Zhosts/horisa
deleted file mode 100644
index ac4ed6dab..000000000
--- a/krebs/Zhosts/horisa
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.226.213
-Subnet = 42:432e:2379:0cd2:8486:f3b5:335a:5d83
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
-Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
-XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
-+EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
-sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
-M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/horreum_magnus b/krebs/Zhosts/horreum_magnus
deleted file mode 100644
index 3019e9cf5..000000000
--- a/krebs/Zhosts/horreum_magnus
+++ /dev/null
@@ -1,15 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:affe/128
-Subnet = 42.35.89.21/32
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEA4PcEqnw1ZrBgPl0yNO7eQ9aJpV4HKlENVhc/cobLh3dQgbmpw2Qr
-MQODR5qPxY+WmyZiQeU5sh8WutfpVn6xBCmR7QDqA+xpPhe/Y6uqWGDjxNftnetz
-gphYv/nPGj0Dv5mo2HGPFK1VG+kp9k+vlZb3r+03OVFrIVHsUg6qE4e8o7pN4OmF
-O10i85csMyKvSfA/rNHC7RdYP0tVLZTw4ZMTQh5t6zr/foHMr5KPXGVM/hjUWXW+
-ujSxUam6JxS1wk1zFp72Vd3X+JQH1eaDHidm3BBVAvCynyhUyaQh7nSjIDWZdGqQ
-GmBcj0M05o1tVGV/7sgQUTNHiLaX6vE35hQoq0Jr2bhfIzjhESLl7HuBMpvDntLE
-Tv+c/R3qryTNBBHFZOvYU0qx7I0cq5NLx4BqUXd6EykQvLZ53TyjFlINGQuEZXsj
-LOtyAj4n2EEg6WmSUhrB+tyowqumdT8ltemuhZ2zDmimep9EvMiZOVns8VkTqmBw
-lRzatTHS5tv6NieDzWTBuMqZiWjgpK8GILUn5e/ecIT2xTSVvo0jzIBwKtFpwf+X
-CkBB0tNlYYmDmHJxiKWBsgw27BFmQI59h3wGHXHSDRgShLBjNH62Lm6omDwivDJQ
-CJaTYPIsL8sdoCglCIV9NwUkj8tM+cvxZiZjvB3zizNxL57ZqpAcNGsCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/incept b/krebs/Zhosts/incept
deleted file mode 100644
index 348e44b1b..000000000
--- a/krebs/Zhosts/incept
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 77.95.224.63
-#Address = incept.krebsco.de
-Address = 2a00:7b80:3008:3::fafc:241
-Subnet = 10.243.0.174
-Subnet = 42:a2fc:1c89:65c7:6e60:1f62:eaf9:e9b6/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvy4J8CewsXeFkFOLqDwiTN+3fF0yjmP5ZVtrLrPJn7Ux75elTdn3
-iLcJYTgaO1/dmw8fPD5DkNnb3wiadZiFGXpsTd1jD69mHcn/6RY/0Fcne9qDiqgp
-vafpUD5UP7/7S+l5kkD6n7HVRblLXJIJk6Z8RCRN8OGyfjMM1IKeoR8kR1+85fpf
-C28fnU3Nz3YJDazOaMD7aGiyGZDRyY+wRjbWtMXE/NH8ydN148ZpFaMvBjM7fl/B
-q8XS5Rs9lFlW2jpex+W2DNq5t4QRMUDrLgD0gug0UiYCYw4IJg7OiI3g6vwjSDtq
-hRxpQ4nq3avmTR/NWzZ97PP4eXTCIQhiQQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ire b/krebs/Zhosts/ire
deleted file mode 100644
index db4f9808c..000000000
--- a/krebs/Zhosts/ire
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 198.147.22.115
-Subnet = 10.243.231.66
-Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7
-rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt
-6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU
-1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K
-LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu
-nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ire2 b/krebs/Zhosts/ire2
deleted file mode 100644
index 6b9d0a79c..000000000
--- a/krebs/Zhosts/ire2
+++ /dev/null
@@ -1,9 +0,0 @@
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwXkn0H/+BUiARYSzZCpjqEwGeDZsbRHoWcRNlmlP6XjPMbKKQBHf
-gdERPevhoGaNtQdW6SEA5xb1cJDHZILHZtpJ63hs6999gB9x/n4x7eR6C9d7HPDD
-rGv+tBdwo8QWOIQIVnSAr6WdduSg2CyZbHd6d2Xd12vrfqJxnODSUHibrUusEc/D
-XBK2n1un3znzk7P+KT0xXMtNPU2678tGuwsvSIOoDfDx9+2xuxGANeqvEOeSAgg/
-SUH5CbcAFI2/4AKWP4e/yxM26YoKdz1Fu/hx7WqKwYmPERrgcr8ienx4WFGG83AJ
-CmiYwO23L4qSp1KZT8SbGDh2YpamZg2BZwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/irkel b/krebs/Zhosts/irkel
deleted file mode 100644
index b197e5d29..000000000
--- a/krebs/Zhosts/irkel
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.253.117
-Subnet = 42:1970:cb1b:d9e2:4603:c1fe:ee00:8145
-Address = 2a01:4f8:140:21cb::5
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1i2XcUold9p5aa4qGv2o3hMwlIt4+CBxuOwnzMOp4WjJyGWBrQiM
-Lw9qpwvc0W6c/MYTAUzkq42766jlYRzA/yse0/DeKJvF5BrCk36eH9R2okK1A7K5
-tk725pTf6D37mkjbiupo7FFfHNGjFdSH7174ZpK/N81YWgrGo1cQUU8JJKGgFv6S
-XZWiWbJWKnLW/a4zyg7wnkH3KlvOAthSNgyrVqZazi6gTJ12kZTg9DGg+Q7iTdi5
-oXc4hilymCdF2fDfmG7M3naaRQKntjlpJmc2Au7wTVXj3525c3Ms+1k//HlX8DQK
-a93ZJA25nfpoYznx73lz/IASO2n/jn/3mwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/juhulian b/krebs/Zhosts/juhulian
deleted file mode 100644
index d9da75aa0..000000000
--- a/krebs/Zhosts/juhulian
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.38
-Subnet = 42:449f:b00a:e973:514c:3e9f:97ed:aac2/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnNyOsNItOzNQndheZ3ppOMWvIOuO1wgLXArINS1ORcgIAJmLpqDI
-whsZFCVifwAXsdeBJyyZOPZrc2PQ4F3KB9ByX6PQ9jqAhun1aE9SDDqp+woOrTlP
-BtJ/8zAmRhrfak61TxpeTndLk95xOLaCwvS2P4SJLIcyutTbbFdBCqpu7cFUGOOP
-qCKLX7/mv2L+GNmQAnWZ5HwXQzBS6gNaNIcQ8mPCUAIZgRU2T83x/tnyH1RlATK2
-lYUWRM0ie+dRMhiDcwmmZrwYl8wzyvuBPEr/p8ZBM2tua8GlQzJUJl44AiAcx3w9
-0EB5MIRL5Qb0yBvXD0yR+bDizqvhd40LvQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/k2 b/krebs/Zhosts/k2
deleted file mode 100644
index 588f96cc3..000000000
--- a/krebs/Zhosts/k2
+++ /dev/null
@@ -1,28 +0,0 @@
-Subnet = 10.243.97.72
-Subnet = 42:717e:2a17:e7ff:eb6f:b760:5af4:7da9
-
-
------BEGIN RSA PUBLIC KEY-----
-MIIECgKCBAEA53djolgdUlLom7SDi+x1jscvLduf+fzPNlVRk0c6UtR54iHpzVrg
-7OT+PZEAirhWrHyhQQIRoKRK6vRKMwm0PfrMjQXo+1zhBVD/JiPzVGSBfETqVI8E
-jeCS7EaKsZ8gRdWZ4QkDfaQhdWA2RrvVcwpVVxMkjYsHj3EtaHkWGcJs1JAuOsK5
-Zo8ZbxpzgcNz3tiFR4PSp+N3ARE7t2sj8U6z2lk/0TIff3To56u8rDasUGAKf3Rp
-okQmG0EGgTN+qJs/dwIdeKtxcZrRCVd68shphiYE9wC4WXELgJJ8jo4tIiZRu7n4
-lXRn9zQYY2lax4OlBZSkRiaPEISwv5Vv48/H+I1vRaEhx02QL/PnODWSlqMNGiic
-wMBh+DdvQIXRm1W0xxlsY2YOo7GdCywJyLDue6v7ykmQBFgYqP/gVrsoR1y68IdS
-3/dT0lYhrNL+PwKjI0iXPBvA018yw0Dvdgup681C9nzdyvd7y9NorxjeE9Gl9/yd
-X6W8ZE2WIAsli2wGsZLuedcn0mZ25flXbFn6OhrPhP++Kub5IBid/iT60KvxY6H1
-l/DEBJJmFJBsBvFPyFXoEkPJSD/Uc/2veMlb/ues4ur0eBMVML1ZaiK0EzdBYfCv
-kgnVwQG6c5+0XkMk3x5kQ93E0Mr5whILK2upI2tBygAN/SpTsoNXvOFIHw/Ksmcl
-Eqly4P7DtQ9Lu+1DkoLa4ltcejZj0Jjy1j3AI59v0p3Ygx2OWHFv4H5GVjq1T2Pk
-1IAU8X2UTNmcQw5UReJxkNdREOw/XI2pNSBKBDOCMKXH4+a7P3GwheadQiVU5z/Z
-ie/wbsAtp8MGd67aN/i2nrTQfk7RZzIec/UG1XhlQPmJAVIfS5QnFnw+cTAMtYeU
-wHHe4Q3m2+bikBFoqdhJo93Ut5ywGeueKXSyJX6I5AXiiiWnme+IHuNH0G5568yO
-bA9OwDLt4C2U6BFEQtHBA0I8Hh2RT9ObrLUVBUK1aAujLvGvfPhq8QYCcWDJsvxm
-/uAJGb8UdPScTEjftYTWIc1/jikIpK70qOeKiQfxT91hQEBw5mgMCRnAy4m9OjCI
-ntVpHGpylesZWM/na8gZe4lo2dXI7tc2urpqyOThkbpYXNdlNG4F/QcuP90QmiV1
-hyriyHPjbSwIRM3aX7Y/WKwzky0swW+J6mW78yqa5Gt4SzDQxd3KHDAP5lZuFgEM
-aHLOkmOoYlOxWi8eOIWByoH77GFyudeH0EMZV8pwCOTw3GUa1ehhOUlDD6i3CH1/
-gJOQjoKC/ndny8Qz/S+tCLjRHIpQAx36yLME3AvXoKXctuZsZy/9CAsLt9tLZJI5
-AqC/vsOcurKsk1i4GtwuCFnu3qr4OvhwywIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kabinett b/krebs/Zhosts/kabinett
deleted file mode 100644
index e434d4190..000000000
--- a/krebs/Zhosts/kabinett
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.213.120
-Subnet = 42:e792:1d5c:c89f:f932:e954:6ada:1dbf
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA1sVtqyeCdKB1nabs0FOC62J+J+grP5B/3/s1cuAxcJmER+NaT/Kv
-rvQeB13BmrIjfJTBaezdR+wp0RiPB7s/aMPjWwS5rzh3KhSFk2SFpnLjB2WIpKqs
-N9TQEf2xB0TBWHqcpSqSthjP3SOGNP7gt5l0D13QIHkRQ2xX1PqYikkYi07cQLO4
-rwXrlEBOY8Dn0GR37NA0k+zt0AIdJ78zXHNjVn5hRj8aLGKB0q/FOtdMNRYEGD40
-An82Y2sW+b7U6Tnrw43TOO+AP/OrclEjmNDTRqYLiVAeFHXKjwbCsSlof0qmoipZ
-H+nbsB3qkFpNEy1cA9c/pqHfSpqV3WihRQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kaepsele b/krebs/Zhosts/kaepsele
deleted file mode 100644
index fc8bf4587..000000000
--- a/krebs/Zhosts/kaepsele
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.166.2
-Subnet = 42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
-Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
-rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
-y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
-yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
-FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kalle b/krebs/Zhosts/kalle
deleted file mode 100644
index 8238887c8..000000000
--- a/krebs/Zhosts/kalle
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.154.218
-Subnet = 42:05bb:0d2f:4f25:2c6c:1217:6264:dee0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtILSBsb+ISWiyUjJHWN5JWNY7Z5hxxxFADQbK/1ZdlCdeIorQI2j
-gDHdWgck9NasXXa04I+5jw2eDLjU26+r+T1vP/fdOg5yLOgnknL4jkHFVCb/ScRM
-2JZAEXLSAz6g33ks2snQzuyAPTEvZhp49+PN9VmX0JBr/ErKGZzFKVVU+gREVRKa
-fOC4+daKrmRzZWg9DFaH5DIrIEiXidixuX/boHprJeULdp81NbnymXxhc929UWbV
-5g8BnuTlKqDDM7stJC4dwKizrv6wXuH6GD0OsDiU8JcoxV3jvM16NmgtAe9BKH1q
-tg1fIY6f67eIihr3Lnjb3UPw3UqwFXosGQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/karthus b/krebs/Zhosts/karthus
deleted file mode 100644
index 75a8d15d6..000000000
--- a/krebs/Zhosts/karthus
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.42.13
-Subnet = 42:42:42:42:23:23:23:23
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtGL2Gu8Dw/NsgJNcu4XY9eWUM8prL0JC1UfnACXuOCPns+Bdm/dG
-uVTHdejjxv6y4FjWNCoD+45lP31QfBIqIOtUsfz/4ox9bvyTOUWQCe0NtBs2SMyO
-O1eWSD4cnNfskYdyOHQbD+KSSiksyzaZdcqqx9FgWo1VT0f+oElnZ4nLBKRNBguN
-GwVLjreE0GSxhcV2r6oHsaT+udvQ/PlQgn/zia2tKT+OI54WDJGXsKEvwRRnaRz5
-33Di58g3dffo0i7B3S889sa5B7l1kh229cw24Gc0AOtmm8Vacle6iTw3Eg0uLzxM
-nKpOma0+K7CoE4IqSZy350iTgheHwq+y0QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kebsco b/krebs/Zhosts/kebsco
deleted file mode 100644
index 2fd1c5f42..000000000
--- a/krebs/Zhosts/kebsco
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.212.68
-Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0dEwTZh2uzJpP9GL7YRyiLuezJqYiJ8/4Bl4IPshJnuO9IGbEcto
-0cFm9uM9gxxqggfaCi96DsIQNlyqff2vDfEj3mdIu9T3tkRROByQF8y1NWX29NyH
-zZEX8Ri8u4U2KdYTEzPXEFxBEl0GQX9mMtlvwzCq7V4ueCcWB1xDA+DtJjpd894z
-3FOw0rIxYmfYhLAL5B3rzF74bcHFGV30f4JWq11wLBkyR6/Q5gxgZzkKYGwdZ/SN
-C6gg86abKdp65/Wq5P331IbwPBal1ZhGbaAo1y7JpjpLvZytI2jboXeQuPZ8P5hU
-L3zKKceAibPKrw9+y8lb+IKoYLF7I1KYIwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/khackplug b/krebs/Zhosts/khackplug
deleted file mode 100644
index c149d93b1..000000000
--- a/krebs/Zhosts/khackplug
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.217.107
-Subnet = 42:ebe3:90b0:539a:6ef0:0910:b724:00b1
- │
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvytShP1vgYLDYJhiC26Vc1/cVJOptUnuyTc8Id9vkCkgHZRpKs3T
-jO2KRaQMDWMXfXkMfVp84/2Q85hpUzYqXQHaNzitg9nHGR2n+a6zfwNKWAm6n2WK
-AMsPf1weamzs6EfCm5WztqenoHKNUxpzXVyLJES/WK6e5ba7FEpszZx+ydoc5GjL
-kezqch5p+U/J2JoUx3aIpQuWvc0i/4KYOuGzlWgUYLNyqL1m3gBkahiPuOtzf9Ul
-EP8QY/GQa1HTFuhLS0Y5nVjZvWnjVVEloXbq9SD2I2fc4GD4+F8wtFMsJyEF2qxY
-XfSLTlpHaJbSBNiopQyWG62RZda/p0yq3QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kheurop b/krebs/Zhosts/kheurop
deleted file mode 100644
index bbe93fe0f..000000000
--- a/krebs/Zhosts/kheurop
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 91.250.101.180
-Subnet = 10.243.78.78
-Subnet = 42:bcd9:7340:9628:9604:7068:5061:4976
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqIFB0Nk2eSg/K/dJGOEegtezhn5P1RUi1ZgxoZoTR6K4T/tSbD2u
-gjPU53mhRN622lLayMMXtWVKdhO4IUu3mKfemA/8/fy7Qu9T51UUS+NXu/4g5X3W
-Jg2a37TrnQUrsqNud7QQhPTGF8L0+UT2mHlfRYggtAO1J2pSWtsqDiMAOD+89zvg
-Gta8aMdaFPhdkfboaHH6mVJBFOkrjQJE4RiUzwZS24PKh6gRJV4cENdcNRYdVwhv
-dOM+SWzPZXDTAVyG6HptvSdfDUKi4hJY4yS+TIf9j7yR0YpUie3CsbN4a9jP2KVt
-/NhzZ9nNaEv6O8Nk+7Zu8OaxUPgctEFYfQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kiosk b/krebs/Zhosts/kiosk
deleted file mode 100644
index 8f53a08fe..000000000
--- a/krebs/Zhosts/kiosk
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 2003:6a:674e:1001:211:25ff:fe05:a54d/64
-Subnet = 10.243.232.122
-Subnet = 42:1ad1:b481:00f5:aab8:f8cc:51fe:4b87
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwohazY/T/cp5Na3zLEWhz9Lnz78PladH7CMN+1TLzNXgK96bPvrN
-6ktxIFc0s4m/jWW1AZOjxxGZGmwvaGag9XH8NLMmaqtd2NpASI4c801wEVLuNpss
-gqPAIhDdDWV0WmiDiHe96qQuBVNGv7jlHTuNghwlmgLF0csRDiZZDHn5Bq7plAJB
-0kQSspvq7UpBzVHVlDefIIe15/Yyt9IC21S1o746ZIZ8RYCG63Mnbcs4vfShVxJX
-NnD9++HJV39NA9ozR0bDQUw6s0rVHH/n5iWaktJZ23r2TG3O+7ZZj4QHmkng/Xow
-pgIjcpIWlaqfG29Gl43SWgsVnphemvyP3QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/krebsplug b/krebs/Zhosts/krebsplug
deleted file mode 100644
index ab9c966c1..000000000
--- a/krebs/Zhosts/krebsplug
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.182
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAyd4FnOIEcUDQDudDOhU4wwKT+lqV4RJMfg9QgZC2O3xTGvzsFeRG
-aSMIDMkPzhJ/ggIWAzC+IM2kBv+YCRhu4zOnzWIo5IaC8Me2TZ1JhZ0nZN1YzEGD
-LmBsnngO5L1VnWLYSKRALa5Kv6wQHHz0T6PlsvBQ8SWDG3IKIe/gOFz7eh1Z+ss/
-5XaiYeLMmukEuuilOJZhfDiZPmYOeFI5w7YTM+8Iz/oZRyf8P57pjN21R3feoyTm
-WusgHUuRLRqSUHdYu/E36EyZ9Oc0WPk5yLUhstkPaS1Y35xMEhZfQQpIruQxOst1
-fgiOQg/gKmizzgzdCbfAf13dknkWsqoc0wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/kvasir b/krebs/Zhosts/kvasir
deleted file mode 100644
index 470172528..000000000
--- a/krebs/Zhosts/kvasir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.103.166
-Subnet = 42:c039:e082:3c01:2577:a367:7097:6824
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4Jp39vupT7tRf+o6H/ucM01lUwgd0UBCqnapUHZhWKVSAde91lxU
-Z49unHxUrfQMzuJkY3MgsS/fyIC9eBHexwRpLnhc56p7d+tmLk1WZ2ysLifNi/k+
-AOvyBcwT3u/59VJGDcAyJwXeoX6CvX9nxUshGqQ2mkVUwbZEt5lLwtiDMnp2K5rg
-dqQK6tBrmzup/yzppPPRSPwMfGi9Gv8T5OrWqwr78I7WiVkH9LBpudJqJHPFVreF
-TTsN9a/4OWJGZ01M23IGcO6eCnynOIP7gxsmUEwSSxK7MEy2kxBKi/2+OtsCUOpT
-QQRFu/MTVEFXl/cl5XyXOMQadMZEB6MjwwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/laqueus b/krebs/Zhosts/laqueus
deleted file mode 100644
index 0bdef307e..000000000
--- a/krebs/Zhosts/laqueus
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:1a1a/128
-Subnet = 10.243.0.12/32
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAy9lnH4qDSYeNbpzpcQyq2LzzxkVy2N1vGgKkVttzx0cgMvyRm3aX
-wlacS+3ILBZ3tw+JuCKR9gjRluwKkqoReEINcAam/GbubJ6QBpV54goYm7YGOIuf
-GkbWVk7Kts67KWWhZDzEL30GRv94K6e+m8e7rhnqrTgPyPk3oSwHzvPy1oaf6bTI
-Y/aDQjohFVvQZxF8joKhAE8JrzjKAn8yXmX8VlGW53XBXAb88Ggkr5raMZ24Rcc4
-pdkOc7sFfVImH/ASwkcPi2xX0adlz937lD7rkn5/Q9B9AwsHb1yQKJgWEeYWOQ8C
-F0SzpZiwHz5qB+eg3wMT0ZnvPJKitshyjQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/linuxatom b/krebs/Zhosts/linuxatom
deleted file mode 100644
index dfd09b514..000000000
--- a/krebs/Zhosts/linuxatom
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.173.58
-Subnet = 42:1c07:1a24:1a26:c799:3b44:a8f5:59ea
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvGy172meTuwHfGZLVHi04+7jb+GRumqNRowffrmMOxFAq6wiL1E6
-7NfJFSc2/wmLZdTCnAtScVicVFZ8UEK2Uv/WMdevJWP63LxUOXpSFtoxNAlpSk9e
-rzwxWj3VxHru7EZA6gu45ff4/seApy/jDy+hceOmOiG5z8VudoRYWe98IoO1ua0E
-rtz415WP0xN+Mb4mGU48JSLYZkOHVIvkf+VVF5jXFbbnH+w0kkTuRMMp6Z7ETvdZ
-RU9nKJ55sflkPhs1/ttU4cYkci55YPVGl7GCCr6Xw4oerIz/jHnzBGroh/wDpEXm
-6RxpsC6DnVQUW3zw0DXuSKoAy0UoQPYqQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/luminos b/krebs/Zhosts/luminos
deleted file mode 100644
index fe04b33da..000000000
--- a/krebs/Zhosts/luminos
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 42:23:42:23:42:23:42:23
-Subnet = 10.243.42.129
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuxgY9SfSCyCuTw2bPtC/He2/NZDYQOcGd8+5Bo6h1/h2pU+qKPQB
-0digU617dG2NVMaT0qmzEz86e2avr0PQsyfhmHO8JNOTqwjyQzKcv3iA+B0jU7Gh
-F/PaW+e+0O+a3LO27FCA0uuxEHyWaXqk53a3wKmjo4fuVy1QKOOoiaFaYLaaTgmm
-8OJG+AKWR/ArihpopgAHFjiqB89xWVw5CgxHDwfzVcmI9SOAaEuTfL065XM4uoH/
-LnbtoyT8zN+He1AlaEJMUaWdo8SWfjBFyVrT1zRQ+0S47tlTCW8Neb0KKs+m9d0G
-rAdv6+iFmQzpv76cgYQw2+AkqkUF8Y8xSwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/machine b/krebs/Zhosts/machine
deleted file mode 100644
index 4927fc847..000000000
--- a/krebs/Zhosts/machine
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.60.31
-Subnet = 42:698d:4e02:4d70:b080:acdd:513d:70aa
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvkLboZ6wRALd++ntUXfyzCT9G1pWSJNJhrdut8dPfz/+IIbx4thz
-tbq5apWQRaHj6IILMiQqpfUkhbfz3WS2YP62f8nAzKLKB0zzRAJ1lQjoZOXQseQJ
-Ydyf9dEDhRtnSnOwsmSDEch/2KhgCj+fdMcnbcoAg3PYJGzsz2ykEtoh80Rv1IQa
-tW285CP2GooRp1gwy3WKL6at/uW6D4/tTIimHML5JbLKj7mH+3nOyrhRGyZP1b9s
-XtdkePuaQKrIjmv4rEIYx2taFmmQp7XpC2m4Vdoy7WdIzR3WTgWo546IOygY1KIW
-fDOH+3UoG5oI6y4hNNa7+NH8DpmdtzXYnQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/makalu b/krebs/Zhosts/makalu
deleted file mode 100644
index 3d080ca52..000000000
--- a/krebs/Zhosts/makalu
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.90.132
-Subnet = 42:5ee8:8626:f03e:bdf1:562d:94d1:f395
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArFuedyPX7kDeH2GwYD3UcRoFjGpTBJXjJzm3LoleyXOeYSdkZZ3d
-ljIeEq9alf6UtqEvYH2HfX8m9fEcHxwFMmJ1CPEwkDZI2IgbLOYV0x2MWLShEvtC
-vGeNyPt+TdiDqDhN8EyRvhB/KzEXdbCUZ79htf8lRonNLYPSRNh58CTZ18T/+3iF
-vy6igdpj4JiLGzdXEggO0KToW5ZVCRjuEaH65BlXdjkCM0dk28FJGh/oakv7hjlZ
-M6c3HJY5RAygO4uLWOyB37j38GDAseDYnNwnLt4jCk7gO48SnsS77efEghEMVVXK
-qnSKbX0KCSvVOJbrvVyP/16o2521eGl3MQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mako b/krebs/Zhosts/mako
deleted file mode 100644
index 0488bcaae..000000000
--- a/krebs/Zhosts/mako
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.7.19
-Subnet = 42:4522:2222:2222:2222:2222:fefe:fefe
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0FQq5EDxcRUfquoDottz1urpT72PB7pReCSZ1fLGqK5z8+DLW4m9
-YB36xW4jJ8pct9iD6kKnX1JCNt11h19QZvc8GI/9pELV3nNaliz+PI1SQNhOrwM+
-Lza/lnddpmvQmJvF6TTLtuGqTANEZcJ7MUpLJ5x/XEFwIcZb9L30EDIaQQNeRyIs
-xJbuAxHquKrb2Wpanm4hWNYqknV1W7lNbcvmONZ/GupQ411XBhXs4EIAA7fqBEcp
-7FAgjgHIxiAT07Z1hBclv6CPDjFT4ieJAq6giCR/gc484x0UNwSpHBkalK558m4e
-icDuVgajrCZ0ShIAQXgtrSpSM3Y53GUhnwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/miefda0 b/krebs/Zhosts/miefda0
deleted file mode 100644
index acf001249..000000000
--- a/krebs/Zhosts/miefda0
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.8.1
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqrYc7LfSPjKpgnbfENU3oeAoFIRnG1CKHi0r4Tvy34anMBRHA4yY
-olPC/IWiNoEadnCvlAEGtcFFh/xncNm+rW+BhO1WPLuo0wDe5fxJrkApuuhwP/lk
-DMNrKtPOH6PV18yuQTtWgmiLo9gT15rRTDs8SaEf9eyTEV6zWVRDFDiFqwuY77iJ
-GihKSlKGDYCUdT8TdaguUQ8akdAUhfXk0F33fAqTYwT25BDAXJdeldTLTb/5EADx
-UMhnY0CsWgDYz9fpL5UNUDe3Gu53GghFS5RWvApasbzmlbrCwCF7MFDfc/yJFCrE
-lF3Nm+GVqU6Uu6cNJ9VYHCu+uxk4PIU5GQIDAQAB
------END RSA PUBLIC KEY-----
-ECDSAPublicKey = DEwsTd8tdaQLx/o0EgIOl9l+d0MqDRLEVWnBT9imfRyuzXWatwgXotADc723HxhZ4NXlvuOu+er7PdWstif3nS9/qC
diff --git a/krebs/Zhosts/minikrebs b/krebs/Zhosts/minikrebs
deleted file mode 100644
index b0d605583..000000000
--- a/krebs/Zhosts/minikrebs
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.1.1/32
-#Subnet = 42:0:0:0:0:0:1:1/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0fu8F+XJ6hHsIj8QtdSZIhE+Ae2sEIY4dHcnHbCOeHJlOQQDJrme
-frmG65BX4BMcClUyhvvMwlZIerFwsJoEwa39lB3/Y58OwSS9cNCZTShQPbyVy5wo
-oS97tVUyQENMELXgodg7CUNaloVXGOyXgCOkfYOb5CpWi8NXNsSE1CjZc1XZNI2Q
-2dFBzp6FtRcKc5x5xWuUMnw1Ll2upW2uHZWfgRtgv+pzxVTiNvDqACu8Klwj0bls
-B87DEYeUmiC+CioOtyhiQimUGE8lU1aMaqCyfSsqeBEclSvOCnpaEQu4j6aiY8SE
-5Gm+rteYWKfK2LYV2NOg7n9AUR6d0v8P2wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mkdir b/krebs/Zhosts/mkdir
deleted file mode 100644
index 2233fd5b5..000000000
--- a/krebs/Zhosts/mkdir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.113.223
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af4
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
-dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
-voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
-2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
-Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
-3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/monitor b/krebs/Zhosts/monitor
deleted file mode 100644
index 8584f70b1..000000000
--- a/krebs/Zhosts/monitor
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.227.145
-Subnet = 42:2ae3:6ed3:a317:d0be:022f:6343:1de8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAlNDrSskoSPInRiO8JW529o178D2kDdHbt3zZklM+jveFZuynDH2/
-WTfxr7wAIUd26jb12/6zLZ/gnEikLd3LpYiTA1J+ZL2c5SvXOoIqTU3Q3dwEecG2
-qwLcZ8UCjjOKiwWmjGHhNgEx/XUF7gpMwXb/m7fqzTGEiQozaCnQ3ZJA4t8GG00Z
-PZnDZHj8xYtXK3c3vOUa11xj9/dOwZb9e+VON0bXJxvxh+C7XkLO3NYTayyRX9qL
-+OOdRLSkzINzoj94+juPepCEQtRusrIbOkSPwCl2u29rKRNfPBkqbAcN3zP1mfDC
-IXNqUobWP8xvSLyBZh5zglcbQbczxMkKiwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/mors b/krebs/Zhosts/mors
deleted file mode 100644
index be9782b10..000000000
--- a/krebs/Zhosts/mors
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0:0:0:0:0:0:dea7/128
-Subnet = 10.243.0.2/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
-H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
-+P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
-1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
-9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
-O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/motor b/krebs/Zhosts/motor
deleted file mode 100644
index 41ff57438..000000000
--- a/krebs/Zhosts/motor
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.167.69
-Subnet = 42:e31e:c798:6192:c408:8520:df6c:9d76
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4xYBdiGtzg77lLeIjbpdXDb6hEfAhcdZgEZeKYWqyeMeu0D5tHod
-3nSPTZu70XhLGgzM3vG1GSmcmg0BeJPQCZkEcyu10RtLN6gvMVqtU54IT57RpoXi
-3MKfMKuHkohzeir0ihlwaN1XF2CbuNiE5q1IaW15lz9IAPE0WuRKcaHs4fc9n6wh
-dk/4pQ74M+/gYHdCNWoxqklpY61tk/QBIS0bAs2wKCSER9rahtLAttAC0Dccgxkq
-vrs3IkJg5omjgJ9pgCo/VeX4JJuVFlrVa9o1D0OMUDssyymt/RjYyXejxvemyeV0
-jbavVMB9GEDIZxD7w2ef18FsvZZnILPQHwIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/mu b/krebs/Zhosts/mu
deleted file mode 100644
index 90bca775b..000000000
--- a/krebs/Zhosts/mu
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.20.01/32
-Subnet = 42:0:0:0:0:0:0:2001/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
-g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
-XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
-o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
-QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
-FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/muhbaasu b/krebs/Zhosts/muhbaasu
deleted file mode 100644
index 490fe3fae..000000000
--- a/krebs/Zhosts/muhbaasu
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 217.160.206.154
-#Address = muhbaasu.de
-Subnet = 10.243.139.184
-Subnet = 42:d568:6106:ba30:753b:0f2a:8225:b1fb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z
-KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul
-5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb
-+rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj
-YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E
-igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nomic b/krebs/Zhosts/nomic
deleted file mode 100644
index f418233c1..000000000
--- a/krebs/Zhosts/nomic
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.110/32
-Subnet = 42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
-qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
-Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
-5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
-OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
-Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nomic2 b/krebs/Zhosts/nomic2
deleted file mode 100644
index 63d83ff54..000000000
--- a/krebs/Zhosts/nomic2
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.111/32
-Subnet = 42:02d5:733f:d6da:c0f5:2bb7:2b18:09ed/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA4RATrMG+MJyNq77+qUqoXkBIpUeytIvUNXT5OdvU5v91Xo2eGI23
-NXiFtILDb1nEPB+L4vVWkUKRuPAy+ThgqgTH1vyugT6jRoRhWWmGmSn2GjaF+UxK
-edTfGJqO0Iwn0kZsIFxXUibkmG5iRbJBoPXXz33VtNxOv2gZZ6klfv/pYWnrxmLm
-RZXkE1H3Y0U2ulQEXvpexzVscfYmlAw7h0Ew4aaY2LK4spLLPjx9RdDgfwZOZdS+
-gi5cmi/qM71/o67/4XippR9+7GQ8YecbeoR4bcZpDNoDy1ri7HPPu/t6CiqsYVyg
-jYGBm+IGbwI9hxGel2bXCVBGLE7gpN51TwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/nukular b/krebs/Zhosts/nukular
deleted file mode 100644
index 27bd2bfd3..000000000
--- a/krebs/Zhosts/nukular
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.231.219
-Subnet = 42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
-gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
-gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
-H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
-tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
-meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/omo b/krebs/Zhosts/omo
deleted file mode 100644
index d2788d28c..000000000
--- a/krebs/Zhosts/omo
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.89/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
-ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
-sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
-s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
-GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
-5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pic b/krebs/Zhosts/pic
deleted file mode 100644
index fb091856d..000000000
--- a/krebs/Zhosts/pic
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.64.210
-Subnet = 42:8115:848f:f56d:4025:49bf:9042:d3b8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA7jWZo6QlyLMW1BK/PxBDgU/qBZajMfSo5nLtp/WUMSMa6cJCjFFO
-ppUSfAKBu4uwzjYUmdzQMoxE2AQKT2+gMc7moxz18sVBTbbWlyueBlsTvhpC1b9k
-YPs3eAJDV6mQPvKb908iubqhardaZAdODDas1S5W4N7DuZZBKryARYOoO7cN6/wd
-+YDTAxf97sV5IuxCDOV1inTuOrNx8XfGU4wVVELqzd9VLCHGuD8kAcz0+emDrI9d
-MSo8ryCL9tbF5owtC1A8HFDo3LM4da7411HrPHpVyOVgjXmX6bjlLIQ23XNDQOC9
-IbyhK2tCc5q+pms7gYEWPByxmy/mb6WBBQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pigstarter b/krebs/Zhosts/pigstarter
deleted file mode 100644
index dd12a0d8e..000000000
--- a/krebs/Zhosts/pigstarter
+++ /dev/null
@@ -1,13 +0,0 @@
-Address = 192.40.56.122
-Address = 2604:2880::841f:72c
-#Address = pigstarter.de
-Subnet = 10.243.0.153
-Subnet = 42:9143:b4c0:f981:6030:7aa2:8bc5:4110/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
-9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
-3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
-4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
-DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
-sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pike b/krebs/Zhosts/pike
deleted file mode 100644
index 1d47a6144..000000000
--- a/krebs/Zhosts/pike
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.97.232
-Subnet = 42:4d6d:8699:99c2:0de9:ea78:8d50:f53a
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0CS28CMhqeUuJxY+JEISeEDzP2I5T5ILFn4/3loEagEtS90QAm/K
-rbMDbvJENrNCnaaOcHuOsG3vS8s31ffY9RM89Na2zjcV9l0QBhBkNebUr/Ol0nQp
-ONWXEgmXV2mCGfFnC4uOHhELkZhnkwJduWfR5kyGPPApjxlBVIbI8pkAV4GFqjoF
-WTTm9qp80G26sD4O2q+Ldv9eIKquPAHN/zMFk0TzhgmAylgQUcc84HdUDZ+g9n1Q
-Ap62VwM8lGcnRy+f03cBaPyWQEEdnA3hG2mMfaaAoVYw4eruBbAz8GGUPMT3UH/E
-rGGNmyVzzUQOKvnOjB4qvyseSI+/mPzGJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pnp b/krebs/Zhosts/pnp
deleted file mode 100644
index 66c99f24d..000000000
--- a/krebs/Zhosts/pnp
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.210
-Subnet = 42:f9f1:0000:0000:0000:0000:0000:0001
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
-Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
-pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
-SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
-TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
-Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/pornocauster b/krebs/Zhosts/pornocauster
deleted file mode 100644
index cc7d89556..000000000
--- a/krebs/Zhosts/pornocauster
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db/128
-Subnet = 10.243.0.91/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
-RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
-kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
-JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
-2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
-+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/prism b/krebs/Zhosts/prism
deleted file mode 100644
index 4c875631f..000000000
--- a/krebs/Zhosts/prism
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 213.239.205.240
-Subnet = 10.243.0.103
-Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
-kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
-JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
-AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
-jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
-anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/radiotuxmini b/krebs/Zhosts/radiotuxmini
deleted file mode 100644
index 96c069314..000000000
--- a/krebs/Zhosts/radiotuxmini
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.185
-Subnet = 42:5553:9d1f:5e66:ed7f:bbd6:b7fd:51b2/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3A0wJPSrNGpb3g98iv1EDTk7s9dgUKSHf7rmqrN2IlW9g21pkGEY
-T3EWz5X8mGEQbDw2im9W8Lm7OSnYuRQjNxacq5WMIN3AGpsiGB6KWEXu73lDWDkE
-hL7dxjSWFSQQMUkbjhduxyaibmLLI748w5npYzhAsjICs4MsrBhcL/ER7tCwVyKm
-AEKUBbLd21tVLGM5dapJslKamZ5NxeHY6TBdtbd2AQZ+67EINKt/WEx9Ruw/t57P
-OAa37NhFrjBbRClQQZVOunbh1Sb0EX3Abj4oZczrtAaBfcDQbA7x2LwbqugZH/EN
-i/oa3sCqOLo7ZcYvuvyxaZgWLK3KB2MEQwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/random b/krebs/Zhosts/random
deleted file mode 100644
index 59a354e93..000000000
--- a/krebs/Zhosts/random
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.134
-Subnet = 42:725b:abec:0922:09c6:b51e:1a33:b93a/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEApgs77ljzQp7I8/9KbqzGjoDdNAA3Bp6dKziIJnHLAIDAHD30yY+o
-UHbRPhaCP9s2M4A39wTDjrakngF75M+0covz4WBIiuGdwZywgVnliRk/9dcnqdZm
-OeCxeRJ0BY3Iy8oMieFaPJW1XgwKYi2p0eSpBeKasBct2xNQwyvh+r+xHBa6NK0P
-vV6rK04OrJu04U/tqklTFMTHGmZfjx1vmuecuPWZlgT39788/5aD9uqg2ldMoenE
-eamrPdU2Vh6qlZc8CyHVy5YZDykbXTauUL5OmW2Om4Qc05pinsNnDXfMTkSSmWpN
-oj6nieBqbp/ExuZ79LC5XxvQcAMQtk7gUwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/raspafari b/krebs/Zhosts/raspafari
deleted file mode 100644
index 1e1b48503..000000000
--- a/krebs/Zhosts/raspafari
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.156
-#Subnet = 42:9571:c499:5adc:f9e1:8982:3cb1:cf91/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA14OlKZwL5+ZMwxoMTuTpt+PLr1Mp6pIlfIdYfkkx1od6c3fuvNi6
-CHLpR0fAWDDec/hDwR55VLzonDrPa/nOj6yHCXCTpHhQXJIdZTazxSPAsUuzzKa+
-TZQcCGZWJKG09Rg8gIceTjS99l7BOVtPQXnVQc7Gfxu8csjynHOHWinZy34JU9FA
-HdcTzKsxrAr297iQCPEht7XPDCJj2hRy+NS5UOzkTF7UGTKveyRdsqVIWx/rMrll
-UlBEwxRpstuhG33bv+tAXKNi2eJn32IvHDhPZtHgrvXE71FT43V6bJLT0+xH2qFc
-SGZCCdjv3/3mO/g7Kkth64mpxMw93NGkEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/reimae b/krebs/Zhosts/reimae
deleted file mode 100644
index 125cde652..000000000
--- a/krebs/Zhosts/reimae
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 193.22.164.39
-Subnet = 10.243.177.212
-Subnet = 42:5965:bb44:aed3:9d3d:29f6:201d:7adf
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA37lXlJpfT4pgxV1XB3VzUiALVjOexrHezJZ3YxgZTVUtTTxOnydl
-urN7S4WaRgFkRPlwATGrp+KzJ6fz5/zeryYwbBUY66kcTEfJBP3+zKgWu3NIqOll
-SCcnpjlEm46FcstJ5dnnuYqhpnp98z8QkTiXHZKMI4rB+yf5NdKnMetAUsSUe2wI
-bXSxJ9lNrSm/IFToaVZ3KPYZwQ0HgzUxSWb5grkCuK5iWtGhqdf0/pqEzMpI1Y1c
-QKepcJkRCUcd2InKb9AdpwT/xygNwbPkvjxIAKj7vK/4rr5LApJAOcFL+HJRz4CT
-lDrM5LDeGtsIr+mIUbSTR6R0onWCn543LQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rmdir b/krebs/Zhosts/rmdir
deleted file mode 100644
index 09dec741b..000000000
--- a/krebs/Zhosts/rmdir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.113.224
-Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af5
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
-i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
-Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
-hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
-59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
-SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/robchina b/krebs/Zhosts/robchina
deleted file mode 100644
index ee67405ae..000000000
--- a/krebs/Zhosts/robchina
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.131.174
-Subnet = 42:c483:5bdb:f54e:dc72:f682:ddd1:14f8
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAxfCyJD9G9BgUtdZoT/t8rr6TzzcNDyUex46D0arMOliJUWTvkP9I
-m7YHzxZNeb4QoWGW3TZwDGq63OuSDLfXcmKbeTAs9hLDFFOcAzuBeACnQzd5SIqW
-sxjWOgI1yn/Thk2GVzjs2YXIKSCFwpRRR9r0d+YjuSF87ByBXkhgMmoIxn9tQYjx
-RqpAd1ELWRqGgi5W6qbN3m3C3R/3g86SsiOvJ/HbJ+MaRy+b9EC2+XoPRoSAJqWg
-XN5MHY01EmDaz2gRB2kAo1j90y6Xi3JdzMn+nl53nOdSGIBWn6dWbm3gd8KBtn5X
-KernecPr3o4YT77C481hRc68hpi+1aff8wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rockit b/krebs/Zhosts/rockit
deleted file mode 100644
index e67272c35..000000000
--- a/krebs/Zhosts/rockit
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.199.33
-Subnet = 42:cec2:0a67:0ebb:7d97:8138:ac9a:8a58
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAnUtx3KPzNmS6/LxpYSolmhmF+Xqsum2po3lvmZszu2aIKdcAeIfb
-B6bwz08zC9UNQjnO+27px5LMTTH9zhzRxo5xP/mcco2mVQFl5V+/73qBW5NnUV+4
-nPvUDi0+IhuVixHc+KlkxiHhgIDLdCN2WvVTkUCgxT2xVlPoESXq1dhdE3/5vvJt
-0tphFUnP0sLCVzV25IYCocul+ELj8PAc/9mP4twifM4V0uwhh+J3AHR0+14QM61r
-9qRhEnNEEkGeToYQPsoromiKPWczerUPBpaQHOpjnjg08Coz4OyrrM7+DXyspPfT
-/862pAygKmeJMuzT2b52JbRlk3NMCxw5wQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_debian_oder_so b/krebs/Zhosts/rtjure_debian_oder_so
deleted file mode 100644
index 3000705b4..000000000
--- a/krebs/Zhosts/rtjure_debian_oder_so
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.124.21
-Subnet = 42:9d30:3845:c822:988b:96c5:39ab:90b7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA6J+B/2Wpr9MKu5fuWg9LSoabBKmWmXEWfN7Bs5KMyux9obSBaM8y
-dUEx0ayGwUOvDxizuhma9YCbys4P9SDGmocxrhFz2yQeyinEj03EB9ZZiPNQSqbI
-Jia39Q/fkxeCescUjr63wR0OY++a+NdefVG5OaSRhNwAmjENZzAxTE/1y5lR7mf4
-U0Pyik/BIARZIc7rnwoYn2TlGgUlu3HX7BxCXIndOFeIjtRzoSG6d+XKhcTXOvvH
-WnBNl2D5i48l+V/mDDbLYcXS0al3lgFAOgqXxVXr9WufCBGtNdxlgWlM4zSTUQZw
-UopJToHcnucM3ofb/NrDs3ygHdQPSRkhhQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_ras b/krebs/Zhosts/rtjure_ras
deleted file mode 100644
index ba44cb020..000000000
--- a/krebs/Zhosts/rtjure_ras
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.212.68
-Subnet = 42:627f:6f2a:b631:26f7:8d69:4c3a:23b0
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvu1ZjElrPpJ/ery0BAYxWPtb/ZLio+PuhrsOy9BBq6b7/FHw/1yf
-GOCDa2fkdE1/pVLhI62KL+j/nDCgpHtVxzupVYKSyKOuZXnNGAS7vAHNM27jaYHp
-3DTI0Npu13v2r5rgraPOm6eGrd/D0u2gr3T9Zq8PRtg5JrXBWMU4Ugt+Kfv0V+xL
-v0lX21xZrUjvhtd0/vTcNkYLWZK5ftfU18/i3D6CimlG+AsKyeAnYe9Nkcmet84s
-65SbgQ6SBr2YyN5c7wC9j1/Ney3k+aTbxsvHqDyQ8bq8WnsDQR2B8JPZGPLd7VHD
-hdPGzus2PmJa84oB7smuUdt/5oAjzgghkQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rtjure_rdrlab_linkstation b/krebs/Zhosts/rtjure_rdrlab_linkstation
deleted file mode 100644
index dfc8c0311..000000000
--- a/krebs/Zhosts/rtjure_rdrlab_linkstation
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.188.107
-Subnet = 42:b859:6e9e:21ee:6884:171e:ebd3:3316
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3nKxW4euCO/XN/0C2H4pvTMRLJAXCbMlsGVR80U9JXFYz85x5yDY
-6UDLJfhROCMPg8JJa1WwG9+jF9uUD315hF/wMmMReqKAX0ct50Uhr5iv5QA0ER/3
-q4eg1dh920K+qZ2LAweCDt2pnJYZYw3pSX2jfiFEu1/DfwZIVUkymEKC27ObC+Zw
-KMderOYU4UPkTmrg4WkAUiHH09PToMVQukL4PLslhNMvFqhdLdGMyY2hqEltK+QP
-6cKFDUCAoZRc/L5JhNtklr7RLqYhwkQ7kgPWqbW50tdi9B8YDJfBbfAT7+QS70gj
-THyNfEm3R4Xc8FrbKw3ju1PO4LDb9KOhUQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/rubus b/krebs/Zhosts/rubus
deleted file mode 100644
index aef8d4b39..000000000
--- a/krebs/Zhosts/rubus
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 42:537a:0c95:6315:6598:e109:74b2:0887/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqudpo1cC1ETPA3d16cNTAwwud195Yetdx32ty5/VkY2KgLnnl672
-XTPZBVhFppG+NU6QIYq2c0+BdUV+42XNnSeTKy79xr49eSMDaAXuWiX4eY8dh4v9
-n7elTWikzTaElS5SI3wcJPz8SdajWclnRkqXbyMY7Pw7uJMgT3svC/chN8tgp1LT
-2s1DdvxaHhnFPef2NQvIWgfgytReLB8dQnSYoAiwIGvNXQT4OXgshJkTAwmok/Sq
-io8K1FeJyOranBM/ZyYbQWMEXuknoJ9PXKPbrGjD+ftS18Gs75ODWqh/Bpj75rpT
-q6HLJv6H6YpToxueTL1iYM00MNW4g/oPZQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/senderechner b/krebs/Zhosts/senderechner
deleted file mode 100644
index 4cce73cab..000000000
--- a/krebs/Zhosts/senderechner
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.0.163
-Subnet = 42:b67b:5752:a730:5f28:d80d:6b37:5bda/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
-lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
-rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
-inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
-BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
-OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/serenity b/krebs/Zhosts/serenity
deleted file mode 100644
index 09c519a00..000000000
--- a/krebs/Zhosts/serenity
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.137.182
-Subnet = 42:7538:6f17:220f:bcc0:2d2d:d6f6:911f
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvVxASw+8nrkQisvliqjYXASQ8O0v4KGlQDHQWx4eBKOfPyQbgJpU
-LOF1nikZTz56SyJAwZY1r7JXpvzycWKXkLK/deqJrHkm83lRbwbzKrExzW8hNaVD
-nO+P4X19uG/gcfxc9+CdPbHxtUPCNQKUhtYfnXrzTu9jiz7WibkJRYMvY1bd4SK1
-rkKGwIfQiWGvA2cLyWZH2XnFptl0YVHulGnIIVp/bvTuPDsba4mTWeuJhi+16ZzP
-PwsR5taxB+dxygESp+kwu00Xmwv5MnmL6QWDlTHYZX19FXkeAV+sHxEO0K4YLFQn
-pucTzUBNiZX68HF3R5SdH7wsg9jsvE8c3wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/seruundroid b/krebs/Zhosts/seruundroid
deleted file mode 100644
index b4f0848e7..000000000
--- a/krebs/Zhosts/seruundroid
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.127.2
-Subnet = 42:81de:f850:152b:0988:1942:265d:dacb
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvNtSbaaacF05L2mAxxA5SYc6DuoZEAkXlhcvLTlpu9f/0vZwUWh7
-175pLn6VqUijVoFb9vyoOwkrs9Uk3aX8mYws+5yJLwXhIje+U3uiVTphowKva+m9
-BzV6waZ5dLbh+3CGimx1TBkFTly3NkdZs886QWSO4aXLdU6lt3jRYsuay0Eop/j0
-eQ0BWg9o0QEcfDRQ7RirXrD0B7TSo6qZC0b4NSAMHTE+dvOMo7c+Z7cIPNLS0B+T
-Am7ju3gF7UU68kKPyczrNSPPPZayEvZYUZE4PHt8dyIsppojoRq0SJqsMr/mOC15
-dg/KnoKezn9nqUWzisRWrrqWStAKITJkjQIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/sir_krebs_a_lot b/krebs/Zhosts/sir_krebs_a_lot
deleted file mode 100644
index f4fffd9d5..000000000
--- a/krebs/Zhosts/sir_krebs_a_lot
+++ /dev/null
@@ -1,11 +0,0 @@
-Address = 84.23.79.81
-Subnet = 42:48bd:f4cd:b2f1:ff6b:865c:d041:def6/128
-Subnet = 42.130.57.249/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzkVF0BSWUEqzdUidLTa6qL4wlNSb8gaxyZperzoAj65d5l25SCqc
-jjqvREcE6p+jM4t1STXoohnNvexubNXW3PVo5Zpew+BsaGjVvow0LkqCJ9k96Rrk
-JzU5lAVH6om3/QYws/Ot0zq1Z/+Xw/0+9JpVKhEipMWLpLgjAvWdvzSW6aBIHVN1
-3E85fkTE5f0azct+XNSNzUebdyIy8wu/EexGmFI9bN+ewIvqjZJdvxP+Ank55MsE
-8P7K9TKwVXw440MGqqoQaOhdaT75TL+2nsAfWYcrNnE3YehMOmCMp9oY+RAvsIkK
-iAYyF5l7ZTi/7KGHNsG7rr0cbytiz2nS6wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/skirfir b/krebs/Zhosts/skirfir
deleted file mode 100644
index 0214e7a1c..000000000
--- a/krebs/Zhosts/skirfir
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.18/32
-Subnet = 42:423b:0f94:6b03:7c3c:593e:67e8:c857/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvQ2yhEbW2a7rOlJGb7pV8OhDMQC00jNffM9LML+sn/BAbIX6jzzi
-XgD9o5qwyW/ktpEViUbYepIB/wBbHdMgHRWux5nPS/WygxnVKcf4mPr846udJ2kx
-/38l40DjHTzMWTV6G+TFm4+Wg7++B/NUonMJczRNjX4zDVwmObZpS+XSjl8bT1DP
-vvNHeUOr06a/IPyOF7b6B/dlr+0pr4YLFw587M1KA+eee8gvJx7YvCdwUMMJP++K
-KX30apeJQ+jpf9CsVvpxGefysMTv0uUB7Rmya3b5jjddnW0ge6lTMwT87TzIF5jz
-e3hIt+dvvq7cHI7nnyyRtKcvcm1hH+ZIaQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sleipnir b/krebs/Zhosts/sleipnir
deleted file mode 100644
index 1c82461de..000000000
--- a/krebs/Zhosts/sleipnir
+++ /dev/null
@@ -1,12 +0,0 @@
-Subnet = 10.243.62.238
-Subnet = 42:d442:7668:e533:cd65:0e50:4714:ad05
-Address = 91.203.214.50
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA155UrbREv8ktrafcK+BMLSnDnTwPdvs70i5fLGJGefiyNc0ZzZVw
-M2+R3TGGYPqtid087zYfl6M1JLEZeDtRIcda3N5S5bxXQe6Dz70DxpVNlE1a59zy
-7xoD4D3hTJbOYzz9DIBj+9Q91+4JGIi+ZLjuulNNbj/AGGbvtzgLOKRPK5f+Gyfl
-beI8xtgD1fLUNbeYGzqz7KDFFTUz+oImWvhkf9fTlsS8riGiA6RketxCaeQGqZ4v
-s8z7S70MFjpiR8He9UyUoFWKODYY7eA+BV1EkQTuSiji1oa/GY8RexjMb83S5cBn
-hnSoQb3Q35hd1oM06Wz9LKcOiL2pczEx+QIDAQAB
------END RSA PUBLIC KEY-----
-
diff --git a/krebs/Zhosts/smove b/krebs/Zhosts/smove
deleted file mode 100644
index fc7e194fa..000000000
--- a/krebs/Zhosts/smove
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.42.42
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzFFj6yAy2qC4gVrUV5vN6PztulRggkyXIMr2oPmPLuB85uxJE9nI
-9uvsQdbgcmmEM++moPM/ASCEXuu1ikUK1Gl+8C3rv2IxF/zhcrWEJV4e4EvHrBWP
-Xt4hSPyFG3LYpaX1OAWL2zmCvGVDmflWp+YkbBRrkMMEyXg0gZMNx+E7yJiNVYFo
-DZ7p4VSncWsAqk0I1varQpkl7BR6p7QcJlMO403Rh2oQT1bPXskkZsfAyXN8wJTP
-ATiTm5vijXiRUao+h9L60oxQTcvi9hcbhg+FpB3HYx2Rq6lWR0SqDO2OiBTTJnFM
-6qvN7Wfdmxim0mLAwaqccRLCWA06iN8b7wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sokrates b/krebs/Zhosts/sokrates
deleted file mode 100644
index 97cf1b478..000000000
--- a/krebs/Zhosts/sokrates
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.97.126
-Subnet = 42:28be:6907:ab4b:5c79:99f5:a4a1:2a25
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0emA0JAong4wHSAEUrLrkh21n8I/+pLtpS4uGTcMHn9ZrS8Tg101
-S2poRE0jZUZu868mDeOwwxZRLmCE+bL0q1OrAUDY7+ricQSAz3CNQAAQB0Sjp7ju
-YXKqLZQEYyOV3M8IJOALS72q4g1VTv5jQrLhGzMsv9vzuRSZV0pEV8tZwb187wLi
-n27rwB6SPZv7uhC3R060x8Ze/pLmfmVfrxb9DwZS3d8X1PwygTrTjSAUTeMaDa69
-NSOzvKLx25fhZ0Gm3BA3pUQDEOiGOze3oT/0l3QJMvZ48TbG1KlSBOVwtL3+f5yM
-gJZLF/JoTsYL0aZM+zHL6NAUmciy9dNXEQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/sokrateslaptop b/krebs/Zhosts/sokrateslaptop
deleted file mode 100644
index e05f24153..000000000
--- a/krebs/Zhosts/sokrateslaptop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.142.104
-Subnet = 42:f8a1:044d:0f75:9d73:56d8:f432:c6cc
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2
-t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ
-rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW
-egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5
-aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V
-VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/soundflower b/krebs/Zhosts/soundflower
deleted file mode 100644
index 4085fd11f..000000000
--- a/krebs/Zhosts/soundflower
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.69.184
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
-H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
-Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
-FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
-lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
-8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/steve b/krebs/Zhosts/steve
deleted file mode 100644
index f86eaa50d..000000000
--- a/krebs/Zhosts/steve
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 42:58a0:e7b1:506e:b09e:1b68:5149:c6e8/128
-Subnet = 42.145.33.57/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2mt6xByDU2eVsQhjG33vT18Byfxqq4TPOvbV8RAyx0RWeolXGWnx
-p+wKHVITCyL5JCYs7fUYQoDC900bQa/waWgcN8dHfiUmUPtiUjcc35UWaNTLkVGs
-XEe47JMpnnB3D8ynXXKHsG8JXFjpxQpan/fnSuUG7nsB6anxjNHstkmsGGp60P1V
-6Xt5GcN+Mw1peH5LhIOcXaMNEHj/DlIjQSubCf3yelcxoSgnZibP5GfiI6JwKXDu
-A3Sv+wfAGTYdTOE6RBsvBI0lTNUSw02WxaMG4Hfe6+19XEnC1bSwg8+7VsqFmeWi
-uoaQeerhP1QD3GIX81Xe8ENvvFGzCdfARwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/stro b/krebs/Zhosts/stro
deleted file mode 100644
index cddab5421..000000000
--- a/krebs/Zhosts/stro
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.111.111/32
-Subnet = 42:0:0:0:0:0:111:111/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
-vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
-FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
-ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
-oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
-XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tahoe b/krebs/Zhosts/tahoe
deleted file mode 100644
index 3e78595d3..000000000
--- a/krebs/Zhosts/tahoe
+++ /dev/null
@@ -1,12 +0,0 @@
-Address = 148.251.47.69
-Subnet = 10.243.57.85
-Subnet = 42:2f06:b899:a3b5:1dcf:51a4:a02b:8731
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
-QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
-dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
-9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
-hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
-egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/taschenkrebs b/krebs/Zhosts/taschenkrebs
deleted file mode 100644
index 94c37eadd..000000000
--- a/krebs/Zhosts/taschenkrebs
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.0.66/32
-Subnet = 42:55bf:5f2b:73f4:f989:910e:ee73:2831/128
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA0YAfK9s29WDjJmiri3Oj0hEyjKui9ylA3mlmWSiTLnk1O2REOwgD
-5DPsdYPbu+bTkW7GdzcxX/mNvHogWgC+2+F70dles1lDiSDUhSQOEHFMlz+rBbvz
-FGY3Xmm3m3qdRYOcpHUXL/ZXN6kBvsl2b5rfEkejRb+Z1OOLjssISEzNe2vPEnp4
-OmY8ZQA5UAjnxsX+GKsH2OBqD+6Xm+/l/XLHDApHfby+X3upXaJRBjUAp8DiOm0T
-hVHfYXEE3iuC8JaCzWSFtG+4qLXf9MJ5xRfwUkuyPqiiTIpeM8GxHQJ+l+QKycNd
-Dk+9AwsQ/WsoXMHqIWHyNmuqhr82wEQo4QIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/terrapi b/krebs/Zhosts/terrapi
deleted file mode 100644
index cf1748eb8..000000000
--- a/krebs/Zhosts/terrapi
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.30.159
-Subnet = 42:b0bd:090e:2a37:2cb4:3314:58e7:20d1
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAtVhVDRBzq0L6JtdVUVEakBzhMP2RjOj7cHZnEUsXzl1TXxuOBhL1
-XOXd3LUuU0jNMMvzxO2VU7K/wM6lX30B6ryqDSfsXKEBM60BiGVzb4Kd+7No76RN
-0NsoLygtvtOm1SmvvT1UCsjomoIE4eGdBDsfQzNKt2PUoh/0rTZBHd6qGJuCZQSX
-F4IRby4jzYvjOsaSi7GVadvhoyETVxbUAi9VquxOltytA+Ud4CXPb/JW25uVmQQK
-RXhoWahWJGJ2WJLGnT1RkTvFQk0zM3XJfPBVItnKCYHuE5HMU/5nnnPvKWiICdsA
-1NNU8+kXtK3IJEHwfpRWe/isMj8rROU37wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/thomasDOTde b/krebs/Zhosts/thomasDOTde
deleted file mode 100644
index ce47b39e8..000000000
--- a/krebs/Zhosts/thomasDOTde
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.42.23/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA3btaQpK89aRDJ66cW8H9RlDIzr4k4WIGiqNCsIAE5MhSGCtjboWO
-elgRWlYP59l54yRzn5FpvABAWeRupbX/AMhG8IiBgU6438+F2kVlZdJM4DP51F7c
-N2Ek2WKSoIJuiv7Aqb1WlHIWlN3ehg/BXcFPLSav+iChWXAD+MkKmMwL8lGEzsus
-MdbpRLxB0g90FUmpwr2f8euanOXYhU6sjnxH+0JY+j9AwWQLfAqtQ1eGO5MK75Dw
-htPM3Pj90bkfnYNjNXvnyjsQScDjYG/cv/zDwqRQWNcsmT3EqsBnmM5q0EL+Djo1
-lsPTacJdRtHsnQne9daNadnHywQPX+t/QwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tincdroid b/krebs/Zhosts/tincdroid
deleted file mode 100644
index c240f3d6b..000000000
--- a/krebs/Zhosts/tincdroid
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.0.11/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwZSgdnymspnwy8NOJ1UKVIbUXxaDUCLWGGtSpYvRt4wrzkIMpeyc
-+Bi2c/85Guy6B5H7X+3hMY7YFzM8AiixVr/FCAlKFwseZOc8ld07PuUPVtqdRN9N
-Dy4dqATaaWvjGL9320AJmccbYvoV0MZGTmWk86ZaA06tgDb0ZihEfYEFhw+5fakE
-7mxpdYmVdzaqScRyKWCF7ogn91/fQ01om/hsl+wzTI/ykqPTUumdNcijBMIK8EtZ
-qJbgOt9NSKulhDBFJ02vJmt3o6hmJSONjKcN7dify/ZotQffGCRMgdaWx0YTQJxY
-VJ1rPLlbZaPWRydsbMm3BTZAdMRXUq3uDwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tmpd b/krebs/Zhosts/tmpd
deleted file mode 100644
index 52db6b258..000000000
--- a/krebs/Zhosts/tmpd
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.235.99
-Subnet = 42:cd60:2f4b:3382:b9ba:74d7:5a13:ceb7
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwSNjd1jYjsx+8JDRUV9QXhyMOrAIOMtKUGo/+Ufr+jHIY7h2BlQS
-6Jy7xjZv6zmHhEenhWs+P4qUCASXJPtZ7URgelA4NgkfVMsbgUQDM6VDZr0JwYXq
-csmp/9vxWRRbaNifG9x5+N50tMh9E5rMmDCV9ySWr3DAvDQckKAjfMtys2EWajW2
-sM02mXtMPAy5QgKNRvSbIVDnRjJyZpCkc5xNhv2rl7k+6RZltcec4IarIlnu5nv5
-f1cTAlPaWwGuyyXZeyFbzD0IAGJeWzCkt8+F8kOobRXJQbgDqYWLdH5BXagxBX4g
-VpDZTwdWU6oGph8m4kCg4vJCW1/XYOU1aQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tpsw b/krebs/Zhosts/tpsw
deleted file mode 100644
index 4e7b2a890..000000000
--- a/krebs/Zhosts/tpsw
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.183.236
-Subnet = 42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ
-Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML
-WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl
-OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM
-0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd
-pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/tsp b/krebs/Zhosts/tsp
deleted file mode 100644
index 314abb3f5..000000000
--- a/krebs/Zhosts/tsp
+++ /dev/null
@@ -1,16 +0,0 @@
-Subnet = 10.243.0.212
-Subnet = 42:f9f1:0000:0000:0000:0000:0000:0002
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
-HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
-mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
-n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
-R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
-Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
-aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
-ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
-KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
-XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
-teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/ufo b/krebs/Zhosts/ufo
deleted file mode 100644
index 7103515b4..000000000
--- a/krebs/Zhosts/ufo
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.223.142
-Subnet = 42:d9d0:64b5:4dc5:21cc:6a57:cbc9:fac6
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuOly18THum73KzUbky8Vwmjz33sLl67bvm338Nacq8nuV1/8RkHz
-O1VWSnPiyUEpwf69jE5VP8GE/v+7gvJJ5WW/7A7K7A1Ox3vRjwDnO8PllCrzfei3
-jKffWRP9PcxwaWOjE7LKK16Y7t6ZM9k2zMyxAJtM+MmSnBvLoyd+14bIltXz+ZEU
-bpFk1g75CXMrqj29SDGfuFPWxbDfjr2bfNuYr3fCLIOKXyfBmHRaLiuPynezbZxQ
-HlLVMtCCZoKCctmlOlHON/JaL0ZHM1ZA1l6n4EaaPAL2nakMTU513LqQiCqTMej5
-r+wxsrjhHxVmWYhtPrJGOPlkQyJx9LiWjwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/uriel b/krebs/Zhosts/uriel
deleted file mode 100644
index f5f6de5f8..000000000
--- a/krebs/Zhosts/uriel
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.81.176
-Subnet = 42:dc25:60cf:94ef:759b:d2b6:98a9:2e56
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
-duJkk8Fj12ftMc+Of1gnwDkFhRcfAKOeH1RSc4CTircWVq99WyecTwEZoaR/goQb
-MND022kIBoG6NQNxv1Y5I1B/h7hfloMFEPym9oFtOAXoGhBY2vVl4g64NNz+RLME
-m1RipLXKANAh6LRNPGPQCUYX4TVY2ZJVxM3CM1XdomUAdOYXJmWFyUg9NcIKaacx
-uRrmuy7J9yFBcihZX5Y7NV361kINrpRmZYxJRf9cr0hb5EkJJ7bMIKQMEFQ5RnYo
-u7MPGKD7aNHa6hLLCeIfJ5u0igVmSLh3pwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/vault b/krebs/Zhosts/vault
deleted file mode 100644
index 7ed3866c6..000000000
--- a/krebs/Zhosts/vault
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.229.17
-Subnet = 42:17ed:1eff:5aab:a541:57a2:7ca2:5c38
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzra4v9cIU8mUeC8Vr1YUTWxir/IexD4FlGc087+i7hu6LLpt7Xi8
-XdwiGMTmQLegohtaVN3yShX1a5YywAboxaZFS1aLFBptmV9VIMtsTJRIgm2dBwMy
-5tFRfu3ElV408JBr8OGwYC967p/SY5hxvSAQRc2cmSeY5duWGxybpzfdKmnjnmLr
-pGfmavBaLAi2DP+KejCFjAu4oWayVlM2BIXtbtxxn90JvZ8HI4gdfHLBbwfxiEHb
-qODqiWbu7wznQ3g4N5SUW2rq8WUqubufcx30Z+096doc0i+Zdxb5JBU79CGTNcbZ
-X6Spc/CtkrLNbsTCjVmXgNvYo6WZeg4+rwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob
deleted file mode 100644
index b233a46b0..000000000
--- a/krebs/Zhosts/vbob
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
-4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
-AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
-hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
-Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
-AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
------END RSA PUBLIC KEY-----
-Subnet = 10.243.1.91/32
diff --git a/krebs/Zhosts/voyager b/krebs/Zhosts/voyager
deleted file mode 100644
index 216d8dff4..000000000
--- a/krebs/Zhosts/voyager
+++ /dev/null
@@ -1,17 +0,0 @@
-Subnet = 10.243.24.5
-Subnet = 42:b434:5bee:21ed:2e99:a4d4:35b1:34cf
-
-
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAvaSESJ+KK+DAVOdj8S7AmBb9Cqepi8VwjrnT+WTUFqbDQJ7Dwwfi
-vbqRZituKbD67xljtYbhv0MOdAXRKYgxhCuO6SO7GRlSL00Lb+lYT5KLR1LeMyMe
-Y0r1FOTSHZIYV5NfrmznMnV7FxsM3IkSiPHBZUAVxDyoJAYyb8L+loTvJyaD6lno
-i8PUNVsyRISE+UXxoIEMnGVtkOQVIhnrdO9k02pRBe/dNNKOKH2tUyPxtyP4TujX
-/A/OEqniwf1RBtGddhmKJOew2SPvNbiqJMBU+PNAs0ACTBn5GdyWg6/i6gvUpPZi
-SX4xlDNt7fmfJr32elD0Mv08r3+/dmeP1+LFGSEMkZM9R70iHTRZyqJf1TKwE8LI
-KRSflzV8EhcOa2znS5gM7YZW60OHdjSgQ8J3Czfp7ig923zxj3JA0sctCuuHtbXp
-BUfi98tb2eMT0E58dtge6TwTn/dAcYYTRN2H+fgVOUCc2NKIwN3Vt03Y+HT7Duaj
-B3klQW5setLz/SZf9Bw2W+mpnIeHjzS5M2EZ+O9gosH+bVAMMs7w2wLhuSaPnJY7
-24kF7hGMI5zHqWpNjLdB7AN+vkqHbzBnfkVLSLyHyrJCBebQCg3in/uW650Zo/D/
-Ad1k/5+a2R9xKHqONF2FUyZb26FkzROnBW1M47K1e4x/r/5N0Vq5mkcCAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wbob b/krebs/Zhosts/wbob
deleted file mode 100644
index 829a59110..000000000
--- a/krebs/Zhosts/wbob
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.214.15/32
-Subnet = 42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
-QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
-cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
-khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
-rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
-TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wolf b/krebs/Zhosts/wolf
deleted file mode 100644
index ded8275bd..000000000
--- a/krebs/Zhosts/wolf
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.77.1/32
-Subnet = 42:0:0:0:0:0:77:1/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
-HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
-apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
-4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
-7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
-8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wooktop b/krebs/Zhosts/wooktop
deleted file mode 100644
index bd0cb9454..000000000
--- a/krebs/Zhosts/wooktop
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.63.202
-Subnet = 42:9f67:f701:81af:b8ba:6183:4f3b:c60e
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAuP6ZaGowomnda2aisQjQ/li58I9C26y6x2W8++CnkrVx+2siSpsg
-M3nNOLc4n2k7hgjFIkeODqiSX4VKb94A0eHJwk6il507ILHrsgwJmheIKMWQJEx0
-44h6o1r6fbpZdsf2dREK6qjIp+wEv1sYZ74sv3fP4V3QbjPVH3WVJ/gW+CDOT5zc
-Ff6+JZNdLWwdRvHq1snQGdnUfAk3jLWpv8FZo2g0xAo1kIGfh9KCuxDgr1sonl0Y
-GcCKI+8tsJhzDT4uo6xJrZH6Hx3pqb9hqTTlAYMGRoJUMTlQAFi/efo5bxNx85Mh
-xz313oHXDnK6eVr0vqq62UcatcxIRwBpVQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wry b/krebs/Zhosts/wry
deleted file mode 100644
index bd55d1792..000000000
--- a/krebs/Zhosts/wry
+++ /dev/null
@@ -1,16 +0,0 @@
-Address = 104.233.87.86
-Subnet = 10.243.29.169
-Subnet = 42:6e1e:cc8a:7cef:827:f938:8c64:baad
------BEGIN RSA PUBLIC KEY-----
-MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn
-U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms
-ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA
-7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2
-8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ
-j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF
-TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw
-RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC
-zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack
-86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT
-Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ==
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/wu b/krebs/Zhosts/wu
deleted file mode 100644
index a63adc7cc..000000000
--- a/krebs/Zhosts/wu
+++ /dev/null
@@ -1,10 +0,0 @@
-Subnet = 10.243.13.37/32
-Subnet = 42:0:0:0:0:0:0:1337/128
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
-M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
-GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
-KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
-4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
-AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/xu b/krebs/Zhosts/xu
deleted file mode 100644
index 688e4a340..000000000
--- a/krebs/Zhosts/xu
+++ /dev/null
@@ -1,13 +0,0 @@
-
-Subnet = 10.243.13.38
-Subnet = 42:0:0:0:0:0:0:1338
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
-uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
-8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
-mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
-4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
-4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
------END RSA PUBLIC KEY-----
-
-
diff --git a/krebs/Zhosts/ytart b/krebs/Zhosts/ytart
deleted file mode 100644
index 09a55f65e..000000000
--- a/krebs/Zhosts/ytart
+++ /dev/null
@@ -1,9 +0,0 @@
-Subnet = 10.243.65.226/32
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2yCCN8nAPmZNL75Jr+FtfP5jmyuqg7IpgfW03L3s8Gg7NB1eTQAg
-UFPh13cj4lZleZOl3Yus7yx4HxMO8tYCptqnRPyP+UXrxvL+kECS4J3rLzjH/eOM
-0oAxuEe+DOa5R9Vj2bRtTouePlEvXDpgZZcDnedutRUYFGLNvkoWxu0RGqfQaJmd
-7KtOk1NJn9efNqwpl6ejPj5A+ivh2T1vAMWherM60JTjjhNGiSP4so0WG8PlBPYc
-GKnmMSQl0u5n10uTvLoVvnSfLj/QvL3d8abTrFV2lRqaCTJy+lxgkS1A5AnsTP1G
-OBbm/Gk9hRuYy2iP6FQ65q64/JfoeoqpPwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/krebs/Zhosts/zombiecancer b/krebs/Zhosts/zombiecancer
deleted file mode 100644
index c073123f5..000000000
--- a/krebs/Zhosts/zombiecancer
+++ /dev/null
@@ -1,11 +0,0 @@
-Subnet = 10.243.226.40
-Subnet = 42:2cb2:77f2:86c1:ffcc:f9ff:fdcb:726f
-
------BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEAwmIAhFzsJb6Pjy8TjAWMECwh8TRYIFaL0sAzGMtoibyAUnIpX6UU
-kYLYUjsd6Wo8HZUn38awjoa0tD1SE43UueyD45OAEk3zYY9/ku0BVBOgGYZahcWO
-cKMkO1BtIle7lI4/+gxyfoSrj+2/0pf56odFIZTIV+kyKtFg+97Mn/eb6o7b46oR
-edhU+Nz02YGLuSs4Pv663GAuIyCUj0OTxhX3F3lYWYyP6Hbj4FW5W8YJrlfw12x3
-f5OUceLLBz2JTk2thBSgd/bXW4hAOFgpuHTu8FWZ4sh7vKFiRmPyTTN0uE7NaVdX
-vSw7x+V9kSeonkW7uPp6A3ngl1ki2xc8AwIDAQAB
------END RSA PUBLIC KEY-----
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index d26a2f4c4..f8a63706e 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -14,7 +14,6 @@
krebs.retiolum = {
enable = true;
- hosts = ../../krebs/Zhosts;
connectTo = [
"prism"
"cloudkrebs"
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index a069cc36f..0c6ba09fb 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -32,7 +32,6 @@
};
krebs.retiolum = {
enable = true;
- hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
"pigstarter"
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index d95362919..e8a2959d0 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -71,7 +71,6 @@
krebs.retiolum = {
enable = true;
extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
- hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
];
From df89fb7e9121d395357885e00a24a616eb1fef57 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:43:24 +0100
Subject: [PATCH 63/70] krebs.retiolum: don't generate extraHosts
---
krebs/3modules/default.nix | 1 -
krebs/3modules/retiolum.nix | 54 ++-----------------------------------
2 files changed, 2 insertions(+), 53 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index ba1f425d9..7418434ea 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -96,7 +96,6 @@ let
retiolum = "hosts";
};
- # XXX This overlaps with krebs.retiolum
networking.extraHosts = concatStringsSep "\n" (flatten (
mapAttrsToList (hostname: host:
mapAttrsToList (netname: net:
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 08ac96461..2bf8aa5db 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -29,22 +29,13 @@ let
'';
};
- generateEtcHosts = mkOption {
- type = types.str;
- default = "both";
- description = ''
- If set to <literal>short</literal>, <literal>long</literal>, or <literal>both</literal>,
- then generate entries in <filename>/etc/hosts</filename> from subnets.
- '';
- };
-
netname = mkOption {
type = types.str;
default = "retiolum";
description = ''
The tinc network name.
- It is used to generate long host entries,
- and name the TUN device.
+ It is used to name the TUN device and to generate the default value for
+ <literal>config.krebs.retiolum.hosts</literal>.
'';
};
@@ -107,8 +98,6 @@ let
imp = {
environment.systemPackages = [ tinc iproute ];
- networking.extraHosts = retiolumExtraHosts;
-
systemd.services.retiolum = {
description = "Tinc daemon for Retiolum";
after = [ "network.target" ];
@@ -155,45 +144,6 @@ let
iproute = cfg.iproutePackage;
- retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts"
- { }
- ''
- generate() {
- (cd ${tinc-hosts}
- printf \'\'
- for i in `ls`; do
- names=$(hostnames $i)
- for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do
- names="$names $(hostnames $j)"
- done
- sed -En '
- s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1 '"$names"'|p
- ' $i
- done | sort
- printf \'\'
- )
- }
-
- case ${cfg.generateEtcHosts} in
- short)
- hostnames() { echo "$1"; }
- generate
- ;;
- long)
- hostnames() { echo "$1.${cfg.netname}"; }
- generate
- ;;
- both)
- hostnames() { echo "$1.${cfg.netname} $1"; }
- generate
- ;;
- *)
- echo '""'
- ;;
- esac > $out
- '');
-
-
confDir = pkgs.runCommand "retiolum" {
# TODO text
executable = true;
From a1f7f5e510ddc7a35bebe4ec7698e19d83d57c3f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 15:57:43 +0100
Subject: [PATCH 64/70] krebs: DRY up shorts of the networking.extraHosts
generator
---
krebs/3modules/default.nix | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 7418434ea..20eb944e2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,10 +103,8 @@ let
aliases = longs ++ shorts;
providers = dns.split-by-provider net.aliases cfg.dns.providers;
longs = providers.hosts;
- shorts =
- map (removeSuffix ".${cfg.search-domain}")
- (filter (hasSuffix ".${cfg.search-domain}")
- longs);
+ shorts = let s = ".${cfg.search-domain}"; in
+ map (removeSuffix s) (filter (hasSuffix s) longs);
in
map (addr: "${addr} ${toString aliases}") net.addrs
) (filterAttrs (name: host: host.aliases != []) host.nets)
From 171df3acbe8ebe97d690bfb386fbf15bc14984cd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:15:25 +0100
Subject: [PATCH 65/70] tv: adopt kaepsele
---
krebs/3modules/tv/default.nix | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 31c1a375a..5f70f8489 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -130,6 +130,35 @@ with lib;
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY";
};
+ kaepsele = {
+ nets = {
+ internet = {
+ addrs4 = ["92.222.10.169"];
+ aliases = [
+ "kaepsele.internet"
+ # TODO "kaepsele.org"
+ ];
+ };
+ retiolum = {
+ addrs4 = ["10.243.166.2"];
+ addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
+ aliases = [
+ "kaepsele.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
+ Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
+ rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
+ y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
+ yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
+ FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
+ };
nomic = {
cores = 2;
dc = "tv"; #dc = "gg23";
From c4655c3baad28525550e7c1d0fb9589e06663a2b Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:21:30 +0100
Subject: [PATCH 66/70] krebs.dns.providers: add i and r
---
krebs/3modules/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 20eb944e2..529506905 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -92,7 +92,9 @@ let
de.krebsco = "zones";
gg23 = "hosts";
shack = "hosts";
+ i = "hosts";
internet = "hosts";
+ r = "hosts";
retiolum = "hosts";
};
From b16bfb9c99e6f1f063c5b7358003149db42b70e3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:18:52 +0100
Subject: [PATCH 67/70] tv: add .i and .r TLDs
---
krebs/3modules/tv/default.nix | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 5f70f8489..7db5c532e 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -24,6 +24,7 @@ with lib;
internet = {
addrs4 = ["162.219.7.216"];
aliases = [
+ "cd.i"
"cd.internet"
"cd.krebsco.de"
"cgit.cd.krebsco.de"
@@ -37,6 +38,7 @@ with lib;
addrs4 = ["10.243.113.222"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
aliases = [
+ "cd.r"
"cd.retiolum"
"cgit.cd.retiolum"
];
@@ -67,6 +69,7 @@ with lib;
internet = {
addrs4 = ["104.167.114.142"];
aliases = [
+ "mkdir.i"
"mkdir.internet"
];
};
@@ -75,6 +78,7 @@ with lib;
addrs4 = ["10.243.113.223"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
aliases = [
+ "mkdir.r"
"mkdir.retiolum"
"cgit.mkdir.retiolum"
];
@@ -104,6 +108,7 @@ with lib;
internet = {
addrs4 = ["198.147.22.115"];
aliases = [
+ "ire.i"
"ire.internet"
"ire.krebsco.de"
];
@@ -113,6 +118,7 @@ with lib;
addrs4 = ["10.243.231.66"];
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
aliases = [
+ "ire.r"
"ire.retiolum"
];
tinc.pubkey = ''
@@ -135,6 +141,7 @@ with lib;
internet = {
addrs4 = ["92.222.10.169"];
aliases = [
+ "kaepsele.i"
"kaepsele.internet"
# TODO "kaepsele.org"
];
@@ -143,6 +150,7 @@ with lib;
addrs4 = ["10.243.166.2"];
addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
aliases = [
+ "kaepsele.r"
"kaepsele.retiolum"
];
tinc.pubkey = ''
@@ -171,6 +179,7 @@ with lib;
addrs4 = ["10.243.0.110"];
addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
aliases = [
+ "nomic.r"
"nomic.retiolum"
"cgit.nomic.retiolum"
];
@@ -205,6 +214,7 @@ with lib;
internet = {
addrs4 = ["167.88.34.182"];
aliases = [
+ "rmdir.i"
"rmdir.internet"
];
};
@@ -213,6 +223,7 @@ with lib;
addrs4 = ["10.243.113.224"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
aliases = [
+ "rmdir.r"
"rmdir.retiolum"
"cgit.rmdir.retiolum"
];
@@ -260,6 +271,7 @@ with lib;
addrs4 = ["10.243.13.37"];
addrs6 = ["42:0:0:0:0:0:0:1337"];
aliases = [
+ "wu.r"
"wu.retiolum"
"cgit.wu.retiolum"
];
@@ -292,6 +304,7 @@ with lib;
addrs4 = ["10.243.13.38"];
addrs6 = ["42:0:0:0:0:0:0:1338"];
aliases = [
+ "xu.r"
"xu.retiolum"
];
tinc.pubkey = ''
From 18784b439d6c58eb4102068a5a31e0e46794ee73 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:30:56 +0100
Subject: [PATCH 68/70] tv: remove stale krebs/Zpubkeys
---
krebs/Zpubkeys/deploy_wu.ssh.pub | 1 -
krebs/Zpubkeys/mv_vod.ssh.pub | 1 -
2 files changed, 2 deletions(-)
delete mode 100644 krebs/Zpubkeys/deploy_wu.ssh.pub
delete mode 100644 krebs/Zpubkeys/mv_vod.ssh.pub
diff --git a/krebs/Zpubkeys/deploy_wu.ssh.pub b/krebs/Zpubkeys/deploy_wu.ssh.pub
deleted file mode 100644
index a54a1ca37..000000000
--- a/krebs/Zpubkeys/deploy_wu.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEieAihh+o208aeCA14fAtjzyZN/nrpOJt2vZ5VYZp69 deploy@wu
diff --git a/krebs/Zpubkeys/mv_vod.ssh.pub b/krebs/Zpubkeys/mv_vod.ssh.pub
deleted file mode 100644
index 7b7d2e260..000000000
--- a/krebs/Zpubkeys/mv_vod.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod
From 9742953ee932b96cafb390f7b61edd68499cec82 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 16:53:35 +0100
Subject: [PATCH 69/70] tv: add cgit.*.r aliases
---
krebs/3modules/tv/default.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 7db5c532e..b7fd1c54c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -40,6 +40,7 @@ with lib;
aliases = [
"cd.r"
"cd.retiolum"
+ "cgit.cd.r"
"cgit.cd.retiolum"
];
tinc.pubkey = ''
@@ -80,6 +81,7 @@ with lib;
aliases = [
"mkdir.r"
"mkdir.retiolum"
+ "cgit.mkdir.r"
"cgit.mkdir.retiolum"
];
tinc.pubkey = ''
@@ -181,6 +183,7 @@ with lib;
aliases = [
"nomic.r"
"nomic.retiolum"
+ "cgit.nomic.r"
"cgit.nomic.retiolum"
];
tinc.pubkey = ''
@@ -225,6 +228,7 @@ with lib;
aliases = [
"rmdir.r"
"rmdir.retiolum"
+ "cgit.rmdir.r"
"cgit.rmdir.retiolum"
];
tinc.pubkey = ''
@@ -273,6 +277,7 @@ with lib;
aliases = [
"wu.r"
"wu.retiolum"
+ "cgit.wu.r"
"cgit.wu.retiolum"
];
tinc.pubkey = ''
From c784d271c5dc8783e5e6308baf4f6dd26430bfca Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 6 Feb 2016 18:38:51 +0100
Subject: [PATCH 70/70] tv: adopt mu
---
krebs/3modules/tv/default.nix | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index b7fd1c54c..9adb0ce11 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -169,6 +169,28 @@ with lib;
};
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
};
+ mu = {
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.20.01"];
+ addrs6 = ["42:0:0:0:0:0:0:2001"];
+ aliases = [
+ "mu.r"
+ "mu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
+ g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
+ XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
+ o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
+ QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
+ FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
nomic = {
cores = 2;
dc = "tv"; #dc = "gg23";