diff options
| author | jeschli <jeschli@gmail.com> | 2018-12-16 20:28:28 +0100 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2018-12-16 20:28:28 +0100 |
| commit | 8605ac91ae3a3859ab906a5fa2e9b0e3dfcd6e1e (patch) | |
| tree | 77618847347d2526897e94da744ab57588947567 /krebs | |
| parent | 5030b74cc5c578bb82619a24592504a6008f1a10 (diff) | |
| parent | 8705b4dbc8e8cf0c4e09c114daad3f96026520ab (diff) | |
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/2configs/binary-cache/prism.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/cache.nsupdate.info.nix | 8 | ||||
| -rw-r--r-- | krebs/2configs/news-spam.nix | 310 | ||||
| -rw-r--r-- | krebs/3modules/Reaktor.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/bepasty-server.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/cachecache.nix | 20 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/external/default.nix | 306 | ||||
| -rw-r--r-- | krebs/3modules/fetchWallpaper.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/git.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/jeschli/default.nix | 19 | ||||
| -rw-r--r-- | krebs/3modules/krebs/default.nix | 26 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 464 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 102 | ||||
| -rw-r--r-- | krebs/3modules/makefu/ssh/ulrich.pub | 2 | ||||
| -rw-r--r-- | krebs/3modules/tinc_graphs.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 22 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/cabal-read.nix | 35 |
18 files changed, 713 insertions, 617 deletions
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 46b386e14..51b4a1afc 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index 056667d8c..74f345614 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -1,4 +1,4 @@ -{lib, ... }: +{ pkgs, lib, ... }: with lib; let domain = "cache.nsupdate.info"; @@ -17,9 +17,13 @@ in { }; krebs.cachecache = { enable = true; - enableSSL = false; # disable letsencrypt for testing + enableSSL = true; # disable letsencrypt for testing cacheDir = "/var/cache/nix-cache-cache"; maxSize = "10g"; + indexFile = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html"; + sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0"; + }; # assumes that the domain is reachable from the internet virtualHost = domain; diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 88b7e1072..a8c658858 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -4,161 +4,161 @@ krebs.newsbot-js.news-spam = { urlShortenerHost = "go.lassul.us"; feeds = pkgs.writeText "feeds" '' - [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews - [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews - [SPAM]antirez|http://antirez.com/rss|#snews - [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews - [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews - [SPAM]augustl|http://augustl.com/atom.xml|#snews - [SPAM]bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews - [SPAM]bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews - [SPAM]bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews - [SPAM]bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews - [SPAM]bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews - [SPAM]bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews - [SPAM]cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews - [SPAM]carta|http://feeds2.feedburner.com/carta-standard-rss|#snews - [SPAM]catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews - [SPAM]cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews - [SPAM]cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews - [SPAM]cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews - [SPAM]cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews - [SPAM]cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews - [SPAM]ccc|http://www.ccc.de/rss/updates.rdf|#snews - [SPAM]chan_biz|http://boards.4chan.org/biz/index.rss|#snews - [SPAM]chan_g|http://boards.4chan.org/g/index.rss|#snews - [SPAM]chan_int|http://boards.4chan.org/int/index.rss|#snews - [SPAM]chan_sci|http://boards.4chan.org/sci/index.rss|#snews - [SPAM]chan_x|http://boards.4chan.org/x/index.rss|#snews - [SPAM]c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews - [SPAM]cryptogon|http://www.cryptogon.com/?feed=rss2|#snews - [SPAM]csm|http://rss.csmonitor.com/feeds/csm|#snews - [SPAM]csm_world|http://rss.csmonitor.com/feeds/world|#snews - [SPAM]danisch|http://www.danisch.de/blog/feed/|#snews - [SPAM]dod|http://www.defense.gov/news/afps2.xml|#snews - [SPAM]dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews - [SPAM]ecat|http://ecat.com/feed|#snews - [SPAM]eia_press|http://www.eia.gov/rss/press_rss.xml|#snews - [SPAM]eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews - [SPAM]embargowatch|https://embargowatch.wordpress.com/feed/|#snews - [SPAM]ethereum-comments|http://blog.ethereum.org/comments/feed|#snews - [SPAM]ethereum|http://blog.ethereum.org/feed|#snews - [SPAM]europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews - [SPAM]eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews - [SPAM]exploitdb|http://www.exploit-db.com/rss.xml|#snews - [SPAM]fars|http://www.farsnews.com/rss.php|#snews #test - [SPAM]faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews - [SPAM]faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews - [SPAM]faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews - [SPAM]fbi|https://www.fbi.gov/news/rss.xml|#snews - [SPAM]fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews - [SPAM]fefe|http://blog.fefe.de/rss.xml|#snews - [SPAM]forbes|http://www.forbes.com/forbes/feed2/|#snews - [SPAM]forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews - [SPAM]fox|http://feeds.foxnews.com/foxnews/latest|#snews - [SPAM]geheimorganisation|http://geheimorganisation.org/feed/|#snews - [SPAM]GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews - [SPAM]gmanet|http://www.gmanetwork.com/news/rss/news|#snews - [SPAM]golem|http://rss.golem.de/rss.php|#snews - [SPAM]google|http://news.google.com/?output=rss|#snews - [SPAM]greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews - [SPAM]guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews - [SPAM]gulli|http://ticker.gulli.com/rss/|#snews - [SPAM]hackernews|https://news.ycombinator.com/rss|#snews - [SPAM]handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews - [SPAM]heise|https://www.heise.de/newsticker/heise-atom.xml|#snews - [SPAM]hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews - [SPAM]hindu|http://www.thehindu.com/?service=rss|#snews - [SPAM]ign|http://feeds.ign.com/ign/all|#snews - [SPAM]independent|http://www.independent.com/rss/headlines/|#snews - [SPAM]indymedia|https://de.indymedia.org/rss.xml|#snews - [SPAM]info_libera|http://www.informationliberation.com/rss.xml|#snews - [SPAM]klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews - [SPAM]korea_herald|http://www.koreaherald.com/rss_xml.php|#snews - [SPAM]linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews - [SPAM]lisp|http://planet.lisp.org/rss20.xml|#snews - [SPAM]liveleak|http://www.liveleak.com/rss|#snews - [SPAM]lolmythesis|http://lolmythesis.com/rss|#snews - [SPAM]LtU|http://lambda-the-ultimate.org/rss.xml|#snews - [SPAM]lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews - [SPAM]mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews - [SPAM]mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews - [SPAM]nds|http://www.nachdenkseiten.de/?feed=atom|#snews - [SPAM]netzpolitik|https://netzpolitik.org/feed/|#snews - [SPAM]newsbtc|http://newsbtc.com/feed/|#snews - [SPAM]nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews - [SPAM]npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews - [SPAM]npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews - [SPAM]npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews - [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews - [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei - [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews - [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews - [SPAM]phys|http://phys.org/rss-feed/|#snews - [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews - [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews - [SPAM]presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews - [SPAM]presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews - [SPAM]prisonplanet|http://prisonplanet.com/feed.rss|#snews - [SPAM]rawstory|http://www.rawstory.com/rs/feed/|#snews - [SPAM]reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews - [SPAM]reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews - [SPAM]reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews - [SPAM]reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews - [SPAM]reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews - [SPAM]reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews - [SPAM]reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews - [SPAM]reddit_sci|http://www.reddit.com/r/science/.rss|#snews - [SPAM]reddit_tech|http://www.reddit.com/r/technology/.rss|#snews - [SPAM]reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews - [SPAM]reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews - [SPAM]r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews - [SPAM]reuters|http://feeds.reuters.com/Reuters/worldNews|#snews - [SPAM]reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews - [SPAM]rt|http://rt.com/rss/news/|#snews - [SPAM]schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews - [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews - [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews - [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - [SPAM]shackspace|http://shackspace.de/atom.xml|#snews - [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews - [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews - [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews - [SPAM]sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews - [SPAM]sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews - [SPAM]sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews - [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews - [SPAM]slate|http://feeds.slate.com/slate|#snews - [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews - [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews - [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews - [SPAM]stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews - [SPAM]sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews - [SPAM]sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews - [SPAM]sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews - [SPAM]tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews - [SPAM]taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews - [SPAM]telegraph|http://www.telegraph.co.uk/rss.xml|#snews - [SPAM]telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews - [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews - [SPAM]tigsource|http://www.tigsource.com/feed/|#snews - [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews - [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews - [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews - [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews - [SPAM]travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews - [SPAM]un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews - [SPAM]un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews - [SPAM]un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews - [SPAM]un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews - [SPAM]un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews - [SPAM]un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews - [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews - [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews - [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews - [SPAM]xkcd|https://xkcd.com/rss.xml|#snews - [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews + _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews + _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews + _antirez|http://antirez.com/rss|#snews + _archlinux|http://www.archlinux.org/feeds/news/|#snews + _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews + _augustl|http://augustl.com/atom.xml|#snews + _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews + _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews + _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews + _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews + _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews + _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews + _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews + _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews + _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews + _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews + _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews + _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews + _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews + _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews + _ccc|http://www.ccc.de/rss/updates.rdf|#snews + _chan_biz|http://boards.4chan.org/biz/index.rss|#snews + _chan_g|http://boards.4chan.org/g/index.rss|#snews + _chan_int|http://boards.4chan.org/int/index.rss|#snews + _chan_sci|http://boards.4chan.org/sci/index.rss|#snews + _chan_x|http://boards.4chan.org/x/index.rss|#snews + _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews + _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews + _csm|http://rss.csmonitor.com/feeds/csm|#snews + _csm_world|http://rss.csmonitor.com/feeds/world|#snews + _danisch|http://www.danisch.de/blog/feed/|#snews + _dod|http://www.defense.gov/news/afps2.xml|#snews + _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews + _ecat|http://ecat.com/feed|#snews + _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews + _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews + _embargowatch|https://embargowatch.wordpress.com/feed/|#snews + _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews + _ethereum|http://blog.ethereum.org/feed|#snews + _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews + _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews + _exploitdb|http://www.exploit-db.com/rss.xml|#snews + _fars|http://www.farsnews.com/rss.php|#snews #test + _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews + _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews + _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews + _fbi|https://www.fbi.gov/news/rss.xml|#snews + _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews + _fefe|http://blog.fefe.de/rss.xml|#snews + _forbes|http://www.forbes.com/forbes/feed2/|#snews + _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews + _fox|http://feeds.foxnews.com/foxnews/latest|#snews + _geheimorganisation|http://geheimorganisation.org/feed/|#snews + _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews + _gmanet|http://www.gmanetwork.com/news/rss/news|#snews + _golem|http://rss.golem.de/rss.php|#snews + _google|http://news.google.com/?output=rss|#snews + _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews + _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews + _gulli|http://ticker.gulli.com/rss/|#snews + _hackernews|https://news.ycombinator.com/rss|#snews + _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews + _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews + _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews + _hindu|http://www.thehindu.com/?service=rss|#snews + _ign|http://feeds.ign.com/ign/all|#snews + _independent|http://www.independent.com/rss/headlines/|#snews + _indymedia|https://de.indymedia.org/rss.xml|#snews + _info_libera|http://www.informationliberation.com/rss.xml|#snews + _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews + _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews + _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews + _lisp|http://planet.lisp.org/rss20.xml|#snews + _liveleak|http://www.liveleak.com/rss|#snews + _lolmythesis|http://lolmythesis.com/rss|#snews + _LtU|http://lambda-the-ultimate.org/rss.xml|#snews + _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews + _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews + _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews + _nds|http://www.nachdenkseiten.de/?feed=atom|#snews + _netzpolitik|https://netzpolitik.org/feed/|#snews + _newsbtc|http://newsbtc.com/feed/|#snews + _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews + _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews + _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews + _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews + _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews + _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei + _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews + _painload|https://github.com/krebs/painload/commits/master.atom|#snews + _phys|http://phys.org/rss-feed/|#snews + _piraten|https://www.piratenpartei.de/feed/|#snews + _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews + _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews + _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews + _prisonplanet|http://prisonplanet.com/feed.rss|#snews + _rawstory|http://www.rawstory.com/rs/feed/|#snews + _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews + _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews + _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews + _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews + _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews + _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews + _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews + _reddit_sci|http://www.reddit.com/r/science/.rss|#snews + _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews + _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews + _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews + _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews + _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews + _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews + _rt|http://rt.com/rss/news/|#snews + _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews + _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews + _scmp|http://www.scmp.com/rss/91/feed|#snews + _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews + _shackspace|http://shackspace.de/atom.xml|#snews + _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews + _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews + _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews + _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews + _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews + _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews + _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews + _slate|http://feeds.slate.com/slate|#snews + _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews + _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews + _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews + _stern|http://www.stern.de/feed/standard/all/|#snews + _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews + _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews + _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews + _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews + _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews + _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews + _telegraph|http://www.telegraph.co.uk/rss.xml|#snews + _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews + _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews + _tigsource|http://www.tigsource.com/feed/|#snews + _tinc|http://tinc-vpn.org/news/index.rss|#snews + _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews + _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews + _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews + _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews + _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews + _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews + _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews + _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews + _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews + _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews + _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews + _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews + _weechat|http://dev.weechat.org/feed/atom|#snews + _xkcd|https://xkcd.com/rss.xml|#snews + _zdnet|http://www.zdnet.com/news/rss.xml|#snews ''; }; } diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 677b6f7b8..669483f3c 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -8,7 +8,7 @@ let out = { options.krebs.Reaktor = api; - config = imp; + config = mkIf (cfg != {}) imp; }; api = mkOption { diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index dd29a4e17..e12367b7c 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -143,12 +143,12 @@ let ) cfg.servers; users.extraUsers.bepasty = { - uid = genid "bepasty"; + uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; }; users.extraGroups.bepasty = { - gid = genid "bepasty"; + gid = genid_uint31 "bepasty"; }; }; diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index 989320480..2c2d07ff5 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ pkgs, config, lib, ... }: # fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b @@ -59,15 +59,6 @@ in ''; }; - # webRoot = mkOption { - # type = types.str; - # default = "/"; - # description = '' - # Directory on virtual host that serves the cache. Must end in - # <literal>/</literal>. - # ''; - # }; - resolver = mkOption { type = types.str; description = "Address of DNS resolver."; @@ -82,6 +73,13 @@ in Where nginx should store cached data. ''; }; + indexFile = mkOption { + type = types.path; + default = pkgs.writeText "myindex" "<html>hello world</html>"; + description = '' + Path to index.html file. + ''; + }; maxSize = mkOption { type = types.str; @@ -98,6 +96,7 @@ in systemd.services.nginx.preStart = '' mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + ln -fs ${cfg.indexFile} /srv/www/nix-cache-cache/index.html chown ${nginxCfg.user}:${nginxCfg.group} \ ${cfg.cacheDir} /srv/www/nix-cache-cache ''; @@ -143,6 +142,7 @@ in locations."/" = { root = "/srv/www/nix-cache-cache"; + index = "index.html"; extraConfig = '' expires max; add_header Cache-Control $nix_cache_cache_header always; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 24cbd9cc9..2e7c61fb5 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -109,6 +109,7 @@ let }; imp = lib.mkMerge [ + { krebs = import ./external { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } @@ -121,6 +122,7 @@ let shack = "hosts"; i = "hosts"; r = "hosts"; + w = "hosts"; }; krebs.users = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix new file mode 100644 index 000000000..02d28ddc8 --- /dev/null +++ b/krebs/3modules/external/default.nix @@ -0,0 +1,306 @@ +with import <stockholm/lib>; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); + +in { + hosts = mapAttrs hostDefaults { + sokrateslaptop = { + owner = config.krebs.users.sokratess; + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + kruck = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.29.201"; + aliases = [ + "kruck.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh + QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA + EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U + uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ + /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR + 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s + qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH + gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj + jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs + fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 + TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + scardanelli = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + homeros = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eddie.nets.retiolum.ip4.addr + config.krebs.hosts.eddie.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.170"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; + }; + }; + }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.eve.nets.retiolum.ip4.addr + config.krebs.hosts.eve.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.174"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + users = { + Mic92 = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; + mail = "joerg@higgsboson.tk"; + }; + kmein = { + }; + palo = { + }; + sokratess = { + }; + }; +} + diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 5a5065565..e89b86e32 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -53,7 +53,7 @@ let imp = { users.users.fetchWallpaper = { name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; + uid = genid_uint31 "fetchWallpaper"; description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index f6b4e3c69..895d9b3b6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -427,7 +427,7 @@ let system.activationScripts.cgit = '' mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} chmod 0770 ${cfg.cgit.settings.cache-root} - chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} + chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root} ''; services.nginx.virtualHosts.cgit = { diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 4bae31b31..9f5b1bd6a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -1,17 +1,20 @@ -{ config, ... }: - with import <stockholm/lib>; +{ config, ... }: let -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.jeschli; + hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = true; - }) { + owner = config.krebs.users.jeschli; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; + }); + +in { + hosts = mapAttrs hostDefaults { brauerei = { nets = { retiolum = { ip4.addr = "10.243.27.29"; - ip6.addr = "42::29"; aliases = [ "brauerei.r" ]; @@ -55,7 +58,6 @@ with import <stockholm/lib>; retiolum = { via = internet; ip4.addr = "10.243.27.30"; - ip6.addr = "42::30"; aliases = [ "enklave.r" "cgit.enklave.r" @@ -94,7 +96,6 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.27.31"; - ip6.addr = "42::31"; aliases = [ "bolide.r" ]; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 889ee2817..72c16711c 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -1,20 +1,24 @@ -{ config, ... }: - with import <stockholm/lib>; -let +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.krebs; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address; + }); + testHosts = genAttrs [ "test-arch" "test-centos6" "test-centos7" "test-all-krebs-modules" ] (name: { - owner = config.krebs.users.krebs; inherit name; cores = 1; nets = { retiolum = { ip4.addr = "10.243.73.57"; - ip6.addr = "42:0:0:0:0:0:0:7357"; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd @@ -29,14 +33,12 @@ let }; }); in { - hosts = { + hosts = mapAttrs hostDefaults ({ hotdog = { ci = true; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.77.3"; - ip6.addr = "42:0:0:0:0:0:77:3"; aliases = [ "hotdog.r" "build.r" @@ -61,11 +63,9 @@ in { }; onebutton = { cores = 1; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.0.101"; - ip6.addr = "42:0:0:0:0:0:0:101"; aliases = [ "onebutton.r" ]; @@ -92,11 +92,9 @@ in { }; puyak = { ci = true; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.77.2"; - ip6.addr = "42:0:0:0:0:0:77:2"; aliases = [ "puyak.r" "build.puyak.r" @@ -120,7 +118,6 @@ in { }; wolf = { ci = true; - owner = config.krebs.users.krebs; nets = { shack = { ip4.addr = "10.42.2.150" ; @@ -135,7 +132,6 @@ in { }; retiolum = { ip4.addr = "10.243.77.1"; - ip6.addr = "42:0:0:0:0:0:77:1"; aliases = [ "wolf.r" "build.wolf.r" @@ -157,7 +153,7 @@ in { ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; - } // testHosts; + } // testHosts); users = { krebs = { pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 12345a20a..1117dc61c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,16 +1,20 @@ -{ config, ... }: - with import <stockholm/lib>; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host { + ci = true; + monitoring = true; + owner = config.krebs.users.lass; + }; + + r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; -{ +in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.lass; - ci = true; - monitoring = true; - }) { + hosts = mapAttrs hostDefaults { prism = rec { cores = 4; extraZones = { @@ -50,7 +54,7 @@ with import <stockholm/lib>; retiolum = { via = internet; ip4.addr = "10.243.0.103"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; + ip6.addr = r6 "1"; aliases = [ "prism.r" "cache.prism.r" @@ -85,11 +89,22 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + via = internet; + ip4.addr = "10.244.1.1"; + ip6.addr = w6 "1"; + aliases = [ + "prism.w" + ]; + wireguard = { + pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; + subnets = [ "10.244.1.0/24" "42:1::/32" ]; + }; + }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - archprism = { cores = 1; nets = rec { @@ -103,7 +118,6 @@ with import <stockholm/lib>; retiolum = { via = internet; ip4.addr = "10.243.0.123"; - ip6.addr = "42:0:0:0:0:0:0:123"; aliases = [ "archprism.r" ]; @@ -129,32 +143,13 @@ with import <stockholm/lib>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - domsen-nas = { - ci = false; - monitoring = false; - external = true; - nets = rec { - internet = { - aliases = [ - "domsen-nas.internet" - ]; - ip4.addr = "87.138.180.167"; - ssh.port = 2223; - }; - }; - }; uriel = { monitoring = false; cores = 1; nets = { - gg23 = { - ip4.addr = "10.23.1.12"; - aliases = ["uriel.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.81.176"; - ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; + ip6.addr = r6 "1e1"; aliases = [ "uriel.r" "cgit.uriel.r" @@ -178,14 +173,9 @@ with import <stockholm/lib>; mors = { cores = 2; nets = { - gg23 = { - ip4.addr = "10.23.1.11"; - aliases = ["mors.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.0.2"; - ip6.addr = "42:0:0:0:0:0:0:dea7"; + ip6.addr = r6 "dea7"; aliases = [ "mors.r" "cgit.mors.r" @@ -201,6 +191,13 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "dea7"; + aliases = [ + "mors.w" + ]; + wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -211,7 +208,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.0.4"; - ip6.addr = "42:0:0:0:0:0:0:50d4"; + ip6.addr = r6 "50da"; aliases = [ "shodan.r" "cgit.shodan.r" @@ -227,6 +224,13 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "50da"; + aliases = [ + "shodan.w" + ]; + wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -237,7 +241,7 @@ with import <stockholm/lib>; nets = rec { retiolum = { ip4.addr = "10.243.133.114"; - ip6.addr = "42:0:0:0:0:0:01ca:1205"; + ip6.addr = r6 "1205"; aliases = [ "icarus.r" "cgit.icarus.r" @@ -253,6 +257,13 @@ with import <stockholm/lib>; -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "1205"; + aliases = [ + "icarus.w" + ]; + wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -263,7 +274,7 @@ with import <stockholm/lib>; nets = rec { retiolum = { ip4.addr = "10.243.133.115"; - ip6.addr = "42:0:0:0:0:0:daed:a105"; + ip6.addr = r6 "dead"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -289,7 +300,7 @@ with import <stockholm/lib>; nets = rec { retiolum = { ip4.addr = "10.243.133.116"; - ip6.addr = "42:0:0:0:0:0:0:1101"; + ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" "cgit.skynet.r" @@ -315,7 +326,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.133.77"; - ip6.addr = "42:0:0:0:0:0:717:7137"; + ip6.addr = r6 "771e"; aliases = [ "littleT.r" ]; @@ -351,306 +362,13 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - iso = { - monitoring = false; - ci = false; - cores = 1; - }; - sokrateslaptop = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.142.104"; - ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; - aliases = [ - "sokrateslaptop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 - t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ - rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW - egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 - aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V - VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - kruck = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.201"; - ip6.addr = "42:4234:6a6d:600::1"; - aliases = [ - "kruck.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh - QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA - EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U - uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ - /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR - 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s - qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH - gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj - jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs - fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 - TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - turingmachine = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.168"; - ip6.addr = "42:4992:6a6d:600::1"; - aliases = [ - "turingmachine.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.170"; - ip6.addr = "42:4992:6a6d:700::1"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - rock = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - ip6.addr = "42:4992:6a6d:800::1"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - dpdkm = { - monitoring = false; - ci = false; - external = true; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - ip6.addr = "42:4992:6a6d:900::1"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eve = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; - aliases = [ "eve.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.174"; - ip6.addr = "42:4992:6a6d:a00::1"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - xerxes = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.3"; - ip6.addr = "42::1:3"; - aliases = [ - "xerxes.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U - MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk - gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W - /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb - mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO - X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj - +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim - hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 - 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 - H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 - JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 - hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe - SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo - 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe - vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 - Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO - scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv - jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ - Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u - /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 - bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ - sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; - }; red = { monitoring = false; cores = 1; nets = { retiolum = { ip4.addr = "10.243.0.13"; - ip6.addr = "42:0:0:0:0:0:0:12ed"; + ip6.addr = r6 "12ed"; aliases = [ "red.r" ]; @@ -680,7 +398,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.0.14"; - ip6.addr = "42:0:0:0:0:0:0:14"; + ip6.addr = r6 "3110"; aliases = [ "yellow.r" ]; @@ -701,6 +419,13 @@ with import <stockholm/lib>; -----END PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "3110"; + aliases = [ + "yellow.w" + ]; + wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU="; + }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; @@ -710,7 +435,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.0.77"; - ip6.addr = "42:0:0:0:0:0:0:77"; + ip6.addr = r6 "b1ce"; aliases = [ "blue.r" ]; @@ -731,10 +456,67 @@ with import <stockholm/lib>; -----END PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "b1ce"; + aliases = [ + "blue.w" + ]; + wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; + }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; }; + phone = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.2"; + ip6.addr = w6 "a"; + aliases = [ + "phone.w" + ]; + wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + }; + }; + external = true; + ci = false; + }; + morpheus = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.19"; + ip6.addr = r6 "012f"; + aliases = [ + "morpheus.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY + T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN + /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh + S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz + Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR + bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI + Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz + sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ + VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j + 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA + U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "012f"; + aliases = [ + "morpheus.w" + ]; + wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + }; }; users = rec { lass = lass-blue; @@ -786,14 +568,8 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; - sokratess = { - }; wine-mors = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842"; }; - Mic92 = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; - mail = "joerg@higgsboson.tk"; - }; }; } diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 188fbc461..befec2156 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,20 +1,27 @@ -{ config, ... }: - -with import <stockholm/lib>; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -let + +with import <stockholm/lib>; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.makefu; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + }); + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); + in { - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + hosts = mapAttrs hostDefaults { cake = rec { cores = 4; ci = false; nets = { retiolum = { ip4.addr = "10.243.136.236"; - ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; aliases = [ "cake.r" ]; @@ -39,7 +46,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.136.237"; - ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2"; aliases = [ "crapi.r" ]; @@ -65,7 +71,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.177.9"; - ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; aliases = [ "drop.r" ]; @@ -90,7 +95,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.227.163"; - ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; aliases = [ "studio.r" ]; @@ -116,7 +120,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.113.98"; - # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -147,7 +150,6 @@ in { }; retiolum = { ip4.addr = "10.243.80.249"; - ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; aliases = [ "latte.r" ]; @@ -171,7 +173,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.210"; - ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001"; aliases = [ "pnp.r" "cgit.pnp.r" @@ -195,7 +196,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.84"; - ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"; aliases = [ "darth.r" ]; @@ -267,7 +267,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.212"; - ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002"; aliases = [ "tsp.r" ]; @@ -295,7 +294,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.91"; - ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ "x.r" ]; @@ -329,7 +327,6 @@ in { ''; }; #wiregrill = { - # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db"; # aliases = [ # "x.w" # ]; @@ -347,7 +344,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.1.91"; - ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400"; aliases = [ "vbob.r" ]; @@ -386,7 +382,6 @@ in { }; retiolum = { ip4.addr = "10.243.0.153"; - ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110"; aliases = [ "pigstarter.r" ]; @@ -422,7 +417,6 @@ in { retiolum = { via = internet; ip4.addr = "10.243.29.169"; - ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" "graph.wry.r" @@ -460,7 +454,6 @@ in { }; retiolum = { ip4.addr = "10.243.153.102"; - ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.r" ]; @@ -491,7 +484,6 @@ in { }; retiolum = { ip4.addr = "10.243.0.89"; - ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" "dcpp.omo.r" @@ -536,7 +528,6 @@ in { }; retiolum = { ip4.addr = "10.243.214.15"; - # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" "hydra.wbob.r" @@ -560,27 +551,28 @@ in { ci = true; extraZones = { "krebsco.de" = '' + boot.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} - wg.euer IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} + netdata.euer IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; @@ -596,7 +588,6 @@ in { }; #wiregrill = { # via = internet; - # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3"; # aliases = [ # "gum.w" # ]; @@ -605,26 +596,26 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.213"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ - "nextgum.r" - "graph.r" - "cache.gum.r" - "logs.makefu.r" - "stats.makefu.r" "backup.makefu.r" + "blog.gum.r" + "blog.makefu.r" + "cache.gum.r" + "cgit.gum.r" + "dcpp.gum.r" "dcpp.nextgum.r" + "graph.r" "gum.r" - "cgit.gum.r" + "logs.makefu.r" + "netdata.makefu.r" + "nextgum.r" "o.gum.r" - "tracker.makefu.r" "search.makefu.r" - "wiki.makefu.r" - "wiki.gum.r" - "blog.makefu.r" - "blog.gum.r" - "dcpp.gum.r" + "stats.makefu.r" "torrent.gum.r" + "tracker.makefu.r" + "wiki.gum.r" + "wiki.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -673,7 +664,6 @@ in { }; retiolum = { ip4.addr = "10.243.205.131"; - ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; aliases = [ "shoney.r" ]; @@ -698,7 +688,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.83.237"; - ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; aliases = [ "sdev.r" ]; @@ -736,7 +725,6 @@ in { }; retiolum = { ip4.addr = "10.243.211.172"; - ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d"; aliases = [ "flap.r" ]; @@ -759,7 +747,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.231.219"; - ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"; aliases = [ "nukular.r" ]; @@ -782,7 +769,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.124.21"; - ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e"; aliases = [ "heidi.r" ]; @@ -872,7 +858,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.189.130"; - ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d"; aliases = [ "filebitch.r" ]; @@ -895,7 +880,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.26.29"; - ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e"; aliases = [ "excobridge.r" ]; @@ -918,7 +902,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.226.213"; - ip6.addr = "42:432e:2379:0cd2:8486:f3b5:335a:5d83"; aliases = [ "horisa.r" ]; @@ -947,7 +930,6 @@ in { }; retiolum = { ip4.addr = "10.243.57.85"; - ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"; aliases = [ "wooki.r" ]; @@ -970,7 +952,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.163"; - ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda"; aliases = [ "senderechner.r" ]; @@ -995,7 +976,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.144.142"; - ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; aliases = [ "tcac-0-1.r" ]; @@ -1025,7 +1005,6 @@ in { }; retiolum = { ip4.addr = "10.243.139.184"; - ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb"; aliases = [ "muhbaasu.r" ]; @@ -1048,7 +1027,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.183.236"; - ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; aliases = [ "tpsw.r" ]; diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub index 88313ee7c..8ac69004c 100644 --- a/krebs/3modules/makefu/ssh/ulrich.pub +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -1 +1 @@ -AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 8390eccbb..486a0c9cc 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -124,7 +124,7 @@ let }; users.extraUsers.tinc_graphs = { - uid = genid "tinc_graphs"; + uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; services.nginx = mkIf cfg.nginx.enable { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 71670d336..0683492bc 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,19 +1,24 @@ -{ config, ... }: - with import <stockholm/lib>; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.tv; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; + }); -{ +in { dns.providers = { "viljetic.de" = "regfish"; }; - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) { + hosts = mapAttrs hostDefaults { alnus = { ci = true; cores = 2; nets = { retiolum = { ip4.addr = "10.243.21.1"; - ip6.addr = "42::2101"; aliases = [ "alnus.r" ]; @@ -38,7 +43,6 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.20.1"; - ip6.addr = "42::2001"; aliases = [ "mu.r" ]; @@ -79,7 +83,6 @@ with import <stockholm/lib>; retiolum = { via = config.krebs.hosts.ni.nets.internet; ip4.addr = "10.243.113.223"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af4"; aliases = [ "ni.r" "cgit.ni.r" @@ -114,7 +117,6 @@ with import <stockholm/lib>; }; retiolum = { ip4.addr = "10.243.0.110"; - ip6.addr = "42:2d5:733f:d6da:c0f5:2bb7:2b18:9ec"; aliases = [ "nomic.r" "cgit.nomic.r" @@ -158,7 +160,6 @@ with import <stockholm/lib>; }; retiolum = { ip4.addr = "10.243.13.37"; - ip6.addr = "42::1337"; aliases = [ "wu.r" "cgit.wu.r" @@ -185,7 +186,6 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.22.22"; - ip6.addr = "42::2222"; aliases = [ "querel.r" ]; @@ -226,7 +226,6 @@ with import <stockholm/lib>; }; retiolum = { ip4.addr = "10.243.13.38"; - ip6.addr = "42::1338"; aliases = [ "xu.r" "cgit.xu.r" @@ -261,7 +260,6 @@ with import <stockholm/lib>; }; retiolum = { ip4.addr = "10.243.13.40"; - ip6.addr = "42::1340"; aliases = [ "zu.r" ]; diff --git a/krebs/5pkgs/simple/cabal-read.nix b/krebs/5pkgs/simple/cabal-read.nix new file mode 100644 index 000000000..f8fc71e05 --- /dev/null +++ b/krebs/5pkgs/simple/cabal-read.nix @@ -0,0 +1,35 @@ +{ writeHaskellPackage }: + +# Because `sed -n 's/.*\<ghc-options:\s\+\(.*\)/\1/p'` is too simple. +writeHaskellPackage "cabal-read" { + executables.ghc-options = { + extra-depends = ["Cabal"]; + text = /* haskell */ '' + module Main (main) where + import Data.List + import Data.Maybe + import Distribution.Compiler + import Distribution.PackageDescription.Parsec + import Distribution.Types.BuildInfo + import Distribution.Types.CondTree + import Distribution.Types.Executable + import Distribution.Types.GenericPackageDescription + import Distribution.Types.UnqualComponentName + import Distribution.Verbosity + import System.Environment + main :: IO () + main = do + [path, name] <- getArgs + + desc <- readGenericPackageDescription normal path + + case lookup (mkUnqualComponentName name) (condExecutables desc) of + Just exe -> + putStrLn . intercalate " " . fromMaybe [] . lookup GHC + . options . buildInfo . condTreeData $ exe + + Nothing -> + error ("executable " <> name <> " not found in " <> path) + ''; + }; +} |