diff options
| author | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
| commit | 0430fbbbfeef5f7d6188ec70d7f084ffa1cb1a46 (patch) | |
| tree | 38daa64159448bc750de5b3c6692c7e2027ed4c7 /krebs | |
| parent | 39fba33bed71c7553da47e56c5e34a0389950c71 (diff) | |
| parent | bb2f8b9b920287df33e194a3b62d86669d8e6ddd (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
42 files changed, 494 insertions, 820 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 916073375..f68c8ce50 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -21,5 +21,4 @@ boot.isContainer = true; networking.useDHCP = false; - environment.variables.NIX_REMOTE = "daemon"; } diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index e12367b7c..0f00cd381 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import <stockholm/lib>; let - gunicorn = pkgs.pythonPackages.gunicorn; + gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; - gevent = pkgs.pythonPackages.gevent; - python = pkgs.pythonPackages.python; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.krebs.bepasty; out = { diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9c2f53cbe..567c077eb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -48,6 +48,7 @@ let ./rtorrent.nix ./secret.nix ./setuid.nix + ./syncthing.nix ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1f80906f8..c9715cb85 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -299,6 +299,33 @@ in { }; }; }; + toastbrot = { + owner = config.krebs.users.jan; + nets = { + retiolum = { + ip4.addr = "10.243.117.12"; + aliases = [ + "toastbrot.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP + 2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc + yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj + DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3 + r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT + PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY + Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO + IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g + fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH + Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3 + uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B + 4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop @@ -411,6 +438,9 @@ in { mail = "dickbutt@excogitation.de"; pubkey = ssh-for "exco"; }; + jan = { + mail = "jan.heidbrink@posteo.de"; + }; kmein = { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 4a8af435b..9f5b1bd6a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -47,42 +47,6 @@ in { }; }; }; - reagenzglas = { - nets = { - retiolum = { - ip4.addr = "10.243.27.27"; - aliases = [ - "reagenzglas.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P - bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 - utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO - 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 - hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u - mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW - 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 - aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw - pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu - 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ - lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 - +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz - 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli - PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 - ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn - GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE - hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 - ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX - vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe - G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 - 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x - Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; enklave = { nets = rec { internet = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 630c14f18..a3b8cab39 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -106,6 +106,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU"; }; archprism = { cores = 1; @@ -204,6 +205,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; + syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; }; shodan = { cores = 2; @@ -270,6 +272,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; }; daedalus = { cores = 2; @@ -324,10 +327,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "5ce7"; + aliases = [ + "skynet.w" + ]; + wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; }; littleT = { cores = 2; @@ -365,10 +376,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "771e"; + aliases = [ + "littleT.w" + ]; + wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; }; red = { monitoring = false; @@ -474,7 +493,48 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; + + green = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.66"; + ip6.addr = r6 "12ee"; + aliases = [ + "green.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk + uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx + ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477 + n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI + hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6 + m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6 + BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1 + pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy + 2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk + UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA + udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT + 3MVh92sFyMVYkJcL7SISk80CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "12ee"; + aliases = [ + "green.w" + ]; + wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk="; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 "; + syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; + }; + phone = { nets = { wiregrill = { @@ -482,11 +542,12 @@ in { aliases = [ "phone.w" ]; - wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM="; }; }; external = true; ci = false; + syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB"; }; morpheus = { cores = 1; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index 3d35b76e4..675ba8df2 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e60bbee70..b38c9104f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,442 +5,104 @@ with import <stockholm/lib>; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ - owner = config.krebs.users.makefu; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; - }); + hostDefaults = hostName: host: foldl' recursiveUpdate {} [ + { + owner = config.krebs.users.makefu; + } + # Retiolum defaults + (let + pubkey-path = ./retiolum + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.retiolum = { + tinc.pubkey = readFile pubkey-path; + aliases = [ + "${hostName}.r" + ]; + ip6.addr = + (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + }; + }) + # Wiregrill defaults + (let + pubkey-path = ./wiregrill + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.wiregrill = { + aliases = [ + "${hostName}.w" + ]; + ip6.addr = + (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; + wireguard.pubkey = readFile pubkey-path; + }; + }) + # SSHD defaults + (let + pubkey-path = ./sshd + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + ssh.pubkey = readFile pubkey-path; + # We assume that if the sshd pubkey exits then there must be a privkey in + # the screts store as well + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + }) + host + ]; pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); - + w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address; in { hosts = mapAttrs hostDefaults { cake = rec { cores = 4; ci = false; nets = { - retiolum = { - ip4.addr = "10.243.136.236"; - aliases = [ - "cake.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu - jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ - MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq - 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 - 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP - MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.136.236"; }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; }; crapi = rec { # raspi1 cores = 1; ci = false; nets = { - retiolum = { - ip4.addr = "10.243.136.237"; - aliases = [ - "crapi.r" - ]; - tinc.pubkey = '' - Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 - OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L - R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk - OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME - di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl - bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.136.237"; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; }; - drop = rec { - ci = false; - cores = 1; + firecracker = { + cores = 4; nets = { - retiolum = { - ip4.addr = "10.243.177.9"; - aliases = [ - "drop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl - 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI - GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW - 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C - Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT - F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.12.12"; }; }; + studio = rec { ci = false; cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; nets = { - retiolum = { - ip4.addr = "10.243.227.163"; - aliases = [ - "studio.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti - cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk - GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI - jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 - 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu - 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.227.163"; }; }; - fileleech = rec { ci = false; cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; nets = { - retiolum = { - ip4.addr = "10.243.113.98"; - aliases = [ - "fileleech.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF - 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K - YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait - nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z - e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V - UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - latte = rec { - ci = false; - cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; - nets = { - internet = { - ip4.addr = "185.215.224.160"; - aliases = [ - "latte.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.80.249"; - aliases = [ - "latte.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU - 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo - r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf - 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 - GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 - vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - pnp = { - ci = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.210"; - aliases = [ - "pnp.r" - "cgit.pnp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g - Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V - pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR - SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T - TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr - Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - darth = { - ci = false; - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.0.84"; - aliases = [ - "darth.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq - qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX - yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi - 3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8 - q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE - u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - siem = { - ip4.addr = "10.8.10.2"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "darth.siem" - ]; - tinc.pubkey = '' - Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK - -----BEGIN RSA PUBLIC KEY----- - MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW - TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb - fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS - Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21 - kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh - rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE= - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - ossim = { # vm on darth - nets = { - siem = { - ip4.addr = "10.8.10.6"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "ossim.siem" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl - RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL - cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand - mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd - dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL - WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - honeydrive = { # vm on darth - nets = { - internet = { # via shoney - ip4.addr = "64.137.234.232"; - aliases = [ - "honeydrive.i" - ]; - }; + retiolum.ip4.addr = "10.243.113.98"; }; }; tsp = { ci = true; cores = 1; nets = { - retiolum = { - ip4.addr = "10.243.0.212"; - aliases = [ - "tsp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi - HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 - mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ - n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG - R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr - Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi - aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo - ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE - KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v - XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ - teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.0.212"; }; }; x = { ci = true; cores = 4; nets = { - retiolum = { - ip4.addr = "10.243.0.91"; - aliases = [ - "x.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG - RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA - kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD - JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2 - 2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf - +h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - siem = { - ip4.addr = "10.8.10.4"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "makefu.siem" - ]; - tinc.pubkey = '' - Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI - -----BEGIN RSA PUBLIC KEY----- - MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p - XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y - ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O - vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm - t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR - 56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE= - -----END RSA PUBLIC KEY----- - ''; - }; - #wiregrill = { - # aliases = [ - # "x.w" - # ]; - # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - #}; - }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x"; - - }; - - vbob = { - ci = true; - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.1.91"; - aliases = [ - "vbob.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr - 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI - AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP - hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o - Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s - AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB - -----END RSA PUBLIC KEY----- - ''; + retiolum.ip4.addr = "10.243.0.91"; + wiregrill = { + # defaults }; }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos"; - }; - pigstarter = rec { - cores = 1; - extraZones = { - "krebsco.de" = '' - euer IN MX 1 aspmx.l.google.com. - nixos.unstable IN CNAME krebscode.github.io. - boot IN A ${nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "192.40.56.122"; - ip6.addr = "2604:2880::841f:72c"; - aliases = [ - "pigstarter.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.0.153"; - aliases = [ - "pigstarter.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ - 9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv - 3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG - 4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE - DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv - sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - wry = rec { - ci = false; - cores = 1; - extraZones = { - "krebsco.de" = '' - wry IN A ${nets.internet.ip4.addr} - tinc IN A ${nets.internet.ip4.addr} - ''; - }; - nets = rec { - internet = { - ip4.addr = "104.233.87.86"; - aliases = [ - "wry.i" - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.169"; - aliases = [ - "wry.r" - "graph.wry.r" - "paste.wry.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn - U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms - ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA - 7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2 - 8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ - j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF - TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw - RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC - zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack - 86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT - Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { ci = false; @@ -452,22 +114,7 @@ in { "filepimp.lan" ]; }; - retiolum = { - ip4.addr = "10.243.153.102"; - aliases = [ - "filepimp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg - 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS - wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR - oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X - UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB - 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.153.102"; }; }; @@ -489,68 +136,27 @@ in { "dcpp.omo.r" "torrent.omo.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM - ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn - sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm - s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 - GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 - 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH"; }; wbob = rec { ci = true; cores = 4; nets = { - siem = { - ip4.addr = "10.8.10.7"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ "display.siem" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5 - 6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J - +1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7 - FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg - LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW - LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB - -----END RSA PUBLIC KEY----- - -----BEGIN ED25519 PUBLIC KEY----- - 3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO - -----END ED25519 PUBLIC KEY----- - ''; - }; retiolum = { ip4.addr = "10.243.214.15"; aliases = [ "wbob.r" "hydra.wbob.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e - QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal - cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 - khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs - rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 - TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { ci = true; extraZones = { "krebsco.de" = '' + boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} @@ -558,6 +164,7 @@ in { dl.euer IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} + euer IN MX 1 aspmx.l.google.com. ghook IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} @@ -566,6 +173,7 @@ in { iso.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} netdata.euer IN A ${nets.internet.ip4.addr} + nixos.unstable IN CNAME krebscode.github.io. o.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} @@ -586,17 +194,21 @@ in { "nextgum.i" ]; }; - #wiregrill = { - # via = internet; - # aliases = [ - # "gum.w" - # ]; - # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; - #}; + wiregrill = { + via = internet; + ip6.addr = w6 "1"; + wireguard = { + subnets = [ + (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + ]; + }; + }; retiolum = { via = internet; ip4.addr = "10.243.0.213"; aliases = [ + "gum.r" "backup.makefu.r" "blog.gum.r" "blog.makefu.r" @@ -605,7 +217,6 @@ in { "dcpp.gum.r" "dcpp.nextgum.r" "graph.r" - "gum.r" "logs.makefu.r" "netdata.makefu.r" "nextgum.r" @@ -617,91 +228,15 @@ in { "wiki.gum.r" "wiki.makefu.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; - shoney = rec { - ci = false; - cores = 1; - nets = rec { - siem = { - via = internet; - ip4.addr = "10.8.10.1"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "shoney.siem" - "graph.siem" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu - 74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU - l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB - CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4 - fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z - L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.port = 1655; - }; - internet = { - ip4.addr = "64.137.234.215"; - aliases = [ - "shoney.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.205.131"; - aliases = [ - "shoney.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL - ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4 - okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht - M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO - +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 - uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; sdev = rec { ci = true; cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev"; nets = { - retiolum = { - ip4.addr = "10.243.83.237"; - aliases = [ - "sdev.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+ - LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4 - XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428 - ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+ - f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD - nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.83.237"; }; }; @@ -725,19 +260,6 @@ in { }; retiolum = { ip4.addr = "10.243.211.172"; - aliases = [ - "flap.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy - 2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM - 8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn - 3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL - hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr - Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; @@ -747,108 +269,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.231.219"; - aliases = [ - "nukular.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/ - gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97 - gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP - H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4 - tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P - meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - heidi = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.124.21"; - aliases = [ - "heidi.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx - 1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ - jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY - ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA - q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo - w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - - lariat = rec { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.64.7"; - aliases = [ - "lariat.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX - eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA - 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ - unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv - d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o - yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - soundflower = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.69.184"; - aliases = [ - "soundflower.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN - H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb - Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l - FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6 - lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+ - 8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - falk = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.120.19"; - aliases = [ - "falk.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+ - 4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA - 9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI - 2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9 - 0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb - FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; @@ -858,91 +278,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.189.130"; - aliases = [ - "filebitch.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d - fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs - e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1 - KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99 - oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf - wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - bridge = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.26.29"; - aliases = [ - "excobridge.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d - VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm - UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB - oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b - /hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg - lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - horisa = rec { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.226.213"; - aliases = [ - "horisa.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40 - Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn - XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT - +EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP - sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo - M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - tahoe = rec { - cores = 1; - nets = { - internet = { - ip4.addr = "148.251.47.69"; - aliases = [ - "wooki.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.57.85"; - aliases = [ - "wooki.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y - QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8 - dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH - 9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6 - hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p - egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; @@ -952,43 +287,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.163"; - aliases = [ - "senderechner.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7 - lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X - rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL - inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT - BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO - OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - tcac-0-1 = rec { - cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1 - "; - nets = { - retiolum = { - ip4.addr = "10.243.144.142"; - aliases = [ - "tcac-0-1.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j - 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs - zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO - Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs - QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl - HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB - -----END RSA PUBLIC KEY----- - ''; }; }; }; diff --git a/krebs/3modules/makefu/retiolum/cake.pub b/krebs/3modules/makefu/retiolum/cake.pub new file mode 100644 index 000000000..8a1e4b933 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/cake.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu +jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ +MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq +6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 +36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP +MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub new file mode 100644 index 000000000..2b6104468 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/crapi.pub @@ -0,0 +1,9 @@ +Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 +OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L +R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk +OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME +di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl +bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub new file mode 100644 index 000000000..fe31accda --- /dev/null +++ b/krebs/3modules/makefu/retiolum/filebitch.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d +fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs +e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1 +KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99 +oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf +wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/fileleech.pub b/krebs/3modules/makefu/retiolum/fileleech.pub new file mode 100644 index 000000000..1dc6a5b1f --- /dev/null +++ b/krebs/3modules/makefu/retiolum/fileleech.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF +8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K +YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait +nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z +e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V +UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/filepimp.pub b/krebs/3modules/makefu/retiolum/filepimp.pub new file mode 100644 index 000000000..007806230 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/filepimp.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg +3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS +wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR +oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X +UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB +8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/firecracker.pub b/krebs/3modules/makefu/retiolum/firecracker.pub new file mode 100644 index 000000000..6f7907829 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/firecracker.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuZaPnN4pQVpKWKG1Yylx +JghzOphuQMuzstedqKFo3MTUtgra27ul8IyqljJxVH+hnpObhDwzYS3Zz1BAp/WF +SFAslLbpPEG7UrwmvZHa3jqE4m/uIMtgYK65iIfB8bs17lkvRchfTfzTvwdtPSkM +zbgjq4HttI2aMoNggadfMSGdzv7hEhxFpRBAiXxJHOFTNa//ov/DehrW88blYQ3l +lSS2ZR+WHNVYfRPvfejDnstGenNCJXkpMYPe5YD9CZa0sy639ejTGs+nluU5+uId +lp+0QW5i8E3JvZDiIu9NF9cT+GZhKcgWyvwoA/yRFqRVWHUcK7w8MN1hmbExXFub +pS3GW2/f50USjT2jvK6zg2/KzTio2yEfd/FpQwTmyzAUJbwBkJNyD1YmFGv54tWS +/xDyn3+OsKT4VztfTPrH59MVZZd12WMavB3Y0VIEkVHhrK2BNIoMuJ9e96VDFZ14 +9N6ouRAchIydQweESiBzHr0DUXeZO1jNLlNM0q8+aaS/bONkiFzRrKkYnbqB6ION +Ln6pg+5NtrZ/Cb7/UWwSNeooiiOnjzVLsZv3mEzt3IjcJO5iW3IOZhT29S9E3CwG +0rqK7CiByJJXPB/LqwKZdN3WtZgCfPJ48abmzobHhEKTsVG230G4jMF/dLpV3sZT +tIsbd9vYVSSP0Rg/K4hmsOMCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/flap.pub b/krebs/3modules/makefu/retiolum/flap.pub new file mode 100644 index 000000000..8906e659b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/flap.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy +2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM +8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn +3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL +hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr +Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/gum.pub b/krebs/3modules/makefu/retiolum/gum.pub new file mode 100644 index 000000000..73f8563d0 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/gum.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY +BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 +i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 +09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS +u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa +OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/nukular.pub b/krebs/3modules/makefu/retiolum/nukular.pub new file mode 100644 index 000000000..eb5891b1b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/nukular.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/ +gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97 +gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP +H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4 +tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P +meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/omo.pub b/krebs/3modules/makefu/retiolum/omo.pub new file mode 100644 index 000000000..ce558d10a --- /dev/null +++ b/krebs/3modules/makefu/retiolum/omo.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM +ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn +sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm +s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 +GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 +5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/sdev.pub b/krebs/3modules/makefu/retiolum/sdev.pub new file mode 100644 index 000000000..be500bbab --- /dev/null +++ b/krebs/3modules/makefu/retiolum/sdev.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+ +LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4 +XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428 +ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+ +f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD +nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/senderechner.pub b/krebs/3modules/makefu/retiolum/senderechner.pub new file mode 100644 index 000000000..a6cbabc28 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/senderechner.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7 +lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X +rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL +inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT +BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO +OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/studio.pub b/krebs/3modules/makefu/retiolum/studio.pub new file mode 100644 index 000000000..b8fe8ee23 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/studio.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti +cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk +GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI +jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 +78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu +8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/tsp.pub b/krebs/3modules/makefu/retiolum/tsp.pub new file mode 100644 index 000000000..48533da58 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/tsp.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi +HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 +mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ +n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG +R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr +Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi +aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo +ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE +KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v +XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ +teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/wbob.pub b/krebs/3modules/makefu/retiolum/wbob.pub new file mode 100644 index 000000000..8abfa34d4 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/wbob.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e +QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal +cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8 +khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs +rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9 +TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/x.pub b/krebs/3modules/makefu/retiolum/x.pub new file mode 100644 index 000000000..da6482eed --- /dev/null +++ b/krebs/3modules/makefu/retiolum/x.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG +RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA +kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD +JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2 +2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf ++h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/sshd/cake.pub b/krebs/3modules/makefu/sshd/cake.pub new file mode 100644 index 000000000..8eab57ab7 --- /dev/null +++ b/krebs/3modules/makefu/sshd/cake.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake diff --git a/krebs/3modules/makefu/sshd/crapi.pub b/krebs/3modules/makefu/sshd/crapi.pub new file mode 100644 index 000000000..5361111a5 --- /dev/null +++ b/krebs/3modules/makefu/sshd/crapi.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi diff --git a/krebs/3modules/makefu/sshd/fileleech.pub b/krebs/3modules/makefu/sshd/fileleech.pub new file mode 100644 index 000000000..22a3c7534 --- /dev/null +++ b/krebs/3modules/makefu/sshd/fileleech.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech diff --git a/krebs/3modules/makefu/sshd/firecracker.pub b/krebs/3modules/makefu/sshd/firecracker.pub new file mode 100644 index 000000000..8e9ef5a37 --- /dev/null +++ b/krebs/3modules/makefu/sshd/firecracker.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGk+QqJEPoBNP9KbPiivCI5YJ9psAKnujRrUL4bNqxwe firecracker diff --git a/krebs/3modules/makefu/sshd/gum.pub b/krebs/3modules/makefu/sshd/gum.pub new file mode 100644 index 000000000..c79e3cbee --- /dev/null +++ b/krebs/3modules/makefu/sshd/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum diff --git a/krebs/3modules/makefu/sshd/omo.pub b/krebs/3modules/makefu/sshd/omo.pub new file mode 100644 index 000000000..63bbbc709 --- /dev/null +++ b/krebs/3modules/makefu/sshd/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH diff --git a/krebs/3modules/makefu/sshd/sdev.pub b/krebs/3modules/makefu/sshd/sdev.pub new file mode 100644 index 000000000..972e9b6d4 --- /dev/null +++ b/krebs/3modules/makefu/sshd/sdev.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev diff --git a/krebs/3modules/makefu/sshd/studio.pub b/krebs/3modules/makefu/sshd/studio.pub new file mode 100644 index 000000000..be5a4e6d3 --- /dev/null +++ b/krebs/3modules/makefu/sshd/studio.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio diff --git a/krebs/3modules/makefu/sshd/wbob.pub b/krebs/3modules/makefu/sshd/wbob.pub new file mode 100644 index 000000000..8b1789f21 --- /dev/null +++ b/krebs/3modules/makefu/sshd/wbob.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr diff --git a/krebs/3modules/makefu/sshd/x.pub b/krebs/3modules/makefu/sshd/x.pub new file mode 100644 index 000000000..085f7f490 --- /dev/null +++ b/krebs/3modules/makefu/sshd/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub new file mode 100644 index 000000000..4a5f666cc --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/gum.pub @@ -0,0 +1 @@ +yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo= diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/krebs/3modules/makefu/wiregrill/x.pub new file mode 100644 index 000000000..cfa9eb254 --- /dev/null +++ b/krebs/3modules/makefu/wiregrill/x.pub @@ -0,0 +1 @@ +fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g= diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index f405482de..78f2b8ebd 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -1,7 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; - +with lib; let cfg = config.krebs.power-action; diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix new file mode 100644 index 000000000..bfbac1db9 --- /dev/null +++ b/krebs/3modules/syncthing.nix @@ -0,0 +1,161 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.krebs.syncthing; + + devices = mapAttrsToList (name: peer: { + name = name; + deviceID = peer.id; + addresses = peer.addresses; + }) cfg.peers; + + folders = map (folder: { + inherit (folder) path id type; + devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; + rescanIntervalS = folder.rescanInterval; + fsWatcherEnabled = folder.watch; + fsWatcherDelayS = folder.watchDelay; + ignorePerms = folder.ignorePerms; + }) cfg.folders; + + getApiKey = pkgs.writeDash "getAPIKey" '' + ${pkgs.libxml2}/bin/xmllint \ + --xpath 'string(configuration/gui/apikey)'\ + ${config.services.syncthing.dataDir}/config.xml + ''; + + updateConfig = pkgs.writeDash "merge-syncthing-config" '' + set -efu + # wait for service to restart + ${pkgs.untilport}/bin/untilport localhost 8384 + API_KEY=$(${getApiKey}) + CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config) + echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * { + "devices": ${builtins.toJSON devices}, + "folders": ${builtins.toJSON folders} + }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @- + ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST + ''; + +in + +{ + options.krebs.syncthing = { + + enable = mkEnableOption "syncthing-init"; + + id = mkOption { + type = types.str; + default = config.krebs.build.host.name; + }; + + cert = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + key = mkOption { + type = types.nullOr types.absolute-pathname; + default = null; + }; + + peers = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ + options = { + + # TODO make into addr + port submodule + addresses = mkOption { + type = types.listOf types.str; + default = []; + }; + + #TODO check + id = mkOption { + type = types.str; + }; + + }; + })); + }; + + folders = mkOption { + default = []; + type = types.listOf (types.submodule ({ config, ... }: { + options = { + + path = mkOption { + type = types.absolute-pathname; + }; + + id = mkOption { + type = types.str; + default = config.path; + }; + + peers = mkOption { + type = types.listOf types.str; + default = []; + }; + + rescanInterval = mkOption { + type = types.int; + default = 3600; + }; + + type = mkOption { + type = types.enum [ "sendreceive" "sendonly" "receiveonly" ]; + default = "sendreceive"; + }; + + watch = mkOption { + type = types.bool; + default = true; + }; + + watchDelay = mkOption { + type = types.int; + default = 10; + }; + + ignorePerms = mkOption { + type = types.bool; + default = true; + }; + + }; + })); + }; + }; + + config = (mkIf cfg.enable) { + + systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { + preStart = '' + ${optionalString (cfg.cert != null) '' + cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem + chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ''} + ${optionalString (cfg.key != null) '' + cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem + chmod 400 ${config.services.syncthing.dataDir}/key.pem + ''} + ''; + }; + + systemd.services.syncthing-init = { + after = [ "syncthing.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = config.services.syncthing.user; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = updateConfig; + }; + }; + }; +} diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index f730cc72b..c35706ebf 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -10,6 +10,10 @@ with import <stockholm/lib>; version = "2.2.0"; sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; }; + "19.03" = { + version = "2.2.0"; + sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index 4049168c1..6689f1d2c 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -15,6 +15,11 @@ with import <stockholm/lib>; rev = "refs/tags/v${cfg.version}"; sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; }; + "19.03" = { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; }.${versions.majorMinor nixpkgsVersion}; in mkDerivation { diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 2fd2839b9..de6403bd0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "b01a89d58f117c485f16c97a388da6227d8f0103", - "date": "2019-02-08T10:50:49+01:00", - "sha256": "1s2jdfvqjviiiq897sd6fkmc8ffyca7agmxynp4w873rfjdz10yi", + "rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81", + "date": "2019-04-09T21:48:56+02:00", + "sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip", "fetchSubmodules": false } diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh index 7f24cd31a..08354357a 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-channel.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-18.09' \ + --rev refs/heads/nixos-19.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" |