diff options
Diffstat (limited to 'krebs')
50 files changed, 900 insertions, 197 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index ea73e4bd2..6493c6df4 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -14,7 +14,13 @@ <stockholm/krebs/2configs/news.nix> <stockholm/krebs/2configs/news-spam.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> + <stockholm/krebs/2configs/shack/prometheus/server.nix> + <stockholm/krebs/2configs/shack/prometheus/unifi.nix> <stockholm/krebs/2configs/shack/gitlab-runner.nix> + + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 9ae65466c..e47c43fe1 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; - influx-host = "127.0.0.1"; ext-if = "et0"; external-mac = "52:54:b0:0b:af:fe"; @@ -39,56 +38,44 @@ in # mobile.lounge.mpd.shack <stockholm/krebs/2configs/shack/mobile.mpd.nix> + + # hass.shack + <stockholm/krebs/2configs/shack/glados> + # connect to git.shackspace.de as group runner for rz <stockholm/krebs/2configs/shack/gitlab-runner.nix> - # Statistics collection and visualization - <stockholm/krebs/2configs/graphite.nix> + # Statistics collection and visualization + <stockholm/krebs/2configs/shack/graphite.nix> ## Collect data from mqtt.shack and store in graphite database <stockholm/krebs/2configs/shack/mqtt_sub.nix> ## Collect radioactive data and put into graphite <stockholm/krebs/2configs/shack/radioactive.nix> ## mqtt.shack <stockholm/krebs/2configs/shack/mqtt.nix> - ## Collect local statistics via collectd and send to collectd - <stockholm/krebs/2configs/stats/wolf-client.nix> + ## influx.shack + <stockholm/krebs/2configs/shack/influx.nix> - { services.influxdb.enable = true; } + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> <stockholm/krebs/2configs/shack/netbox.nix> - <stockholm/krebs/2configs/shack/prometheus/server.nix> + # prometheus.shack + #<stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> - <stockholm/krebs/2configs/shack/prometheus/unifi.nix> - <stockholm/krebs/2configs/collectd-base.nix> # home-assistant - { services.influxdb.enable = true; } + #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> + # grafana.shack + <stockholm/krebs/2configs/shack/grafana.nix> ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; - services.grafana = { - enable = true; - addr = "0.0.0.0"; - users.allowSignUp = true; - users.allowOrgCreate = true; - users.autoAssignOrg = true; - auth.anonymous.enable = true; - security = import <secrets/grafana_security.nix>; - }; - nix = { - # use the up to date prism cache - binaryCaches = [ - "https://cache.nixos.org/" - ]; - binaryCachePublicKeys = [ - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" - ]; - }; networking = { firewall.enable = false; @@ -133,23 +120,27 @@ in swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - # fallout of ipv6calypse - networking.extraHosts = '' - hass.shack 10.42.2.191 - ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users."0x4A6F".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey - config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci ]; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; time.timeZone = "Europe/Berlin"; sound.enable = false; + + # avahi + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = [ pkgs.avahi ]; + } diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 8771c0e1d..d7d6fbf37 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -14,18 +14,13 @@ with import <stockholm/lib>; ]; krebs.announce-activation.enable = true; krebs.enable = true; - krebs.tinc.retiolum.enable = true; + krebs.tinc.retiolum.enable = mkDefault true; krebs.build.user = mkDefault config.krebs.users.krebs; networking.hostName = config.krebs.build.host.name; nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; nix.useSandbox = true; environment.systemPackages = with pkgs; [ @@ -39,8 +34,6 @@ with import <stockholm/lib>; defaultLocale = lib.mkForce "C"; }; - - programs.ssh.startAgent = false; services.openssh = { @@ -55,18 +48,13 @@ with import <stockholm/lib>; users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO config.krebs.users.jeschli-brauerei.pubkey config.krebs.users.lass.pubkey config.krebs.users.lass-mors.pubkey config.krebs.users.makefu.pubkey - # TODO HARDER: - config.krebs.users.makefu-omo.pubkey config.krebs.users.tv.pubkey ]; - # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; - } diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix new file mode 100644 index 000000000..dc345cc4e --- /dev/null +++ b/krebs/2configs/shack/glados/default.nix @@ -0,0 +1,139 @@ +{ config, pkgs, lib, ... }: +let + shackopen = import ./multi/shackopen.nix; + wasser = import ./multi/wasser.nix; +in { + services.nginx.virtualHosts."hass.shack" = { + serverAliases = [ "glados.shack" ]; + locations."/" = { + proxyPass = "http://localhost:8123"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_buffering off; + ''; + }; + }; + services.home-assistant = let + dwd_pollen = pkgs.fetchFromGitHub { + owner = "marcschumacher"; + repo = "dwd_pollen"; + rev = "0.1"; + sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; + }; + in { + enable = true; + package = (pkgs.home-assistant.overrideAttrs (old: { + # TODO: find correct python package + installCheckPhase = '' + echo LOLLLLLLLLLLLLLL + ''; + postInstall = '' + cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen + ''; + })).override { + extraPackages = ps: with ps; [ + python-forecastio jsonrpc-async jsonrpc-websocket mpd2 + (callPackage ./deps/gtts-token.nix { }) + (callPackage ./deps/pyhaversion.nix { }) + ]; + }; + autoExtraComponents = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + latitude = "48.8265"; + longitude = "9.0676"; + elevation = 303; + auth_providers = [ + { type = "homeassistant";} + { type = "legacy_api_password";} + { type = "trusted_networks"; + # allow_bypass_login = true; + } + ]; + }; + # https://www.home-assistant.io/components/influxdb/ + influxdb = { + database = "hass"; + tags = { + instance = "wolf"; + source = "hass"; + }; + }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "glados/hass/status/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "glados/hass/status/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; + switch = wasser.switch; + light = []; + media_player = [ + { platform = "mpd"; + host = "lounge.mpd.shack"; + } + ]; + + sensor = + [{ platform = "version"; }] + ++ (import ./sensors/hass.nix) + ++ (import ./sensors/power.nix) + ++ shackopen.sensor; + + binary_sensor = shackopen.binary_sensor; + + camera = []; + + frontend = { }; + http = { + # TODO: https://github.com/home-assistant/home-assistant/issues/16149 + base_url = "http://hass.shack"; + use_x_forwarded_for = true; + trusted_proxies = "127.0.0.1"; + api_password = "shackit"; + trusted_networks = [ + "127.0.0.1/32" + "10.42.0.0/16" + "::1/128" + "fd00::/8" + ]; + }; + conversation = {}; + history = {}; + logbook = {}; + tts = [ + { platform = "google"; + language = "de"; + } + { platform = "picotts"; + language = "de-DE"; + } + ]; + recorder = {}; + sun = {}; + + automation = wasser.automation; + device_tracker = []; + }; + }; +} diff --git a/krebs/2configs/shack/glados/deps/dwd_pollen.nix b/krebs/2configs/shack/glados/deps/dwd_pollen.nix new file mode 100644 index 000000000..39d9c3069 --- /dev/null +++ b/krebs/2configs/shack/glados/deps/dwd_pollen.nix @@ -0,0 +1,32 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, python +, voluptuous +}: + +buildPythonPackage rec { + format = "other"; + pname = "dwd_pollen"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "marcschumacher"; + repo = "dwd_pollen"; + rev = version; + sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; + }; + propagatedBuildInputs = [ + voluptuous + ]; + installPhase = '' + install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen * + ''; + + meta = with lib; { + description = "Home Assistant component to retrieve Pollen data from DWD (Germany)"; + homepage = https://github.com/marcschumacher/dwd_pollen; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix new file mode 100644 index 000000000..69640f03d --- /dev/null +++ b/krebs/2configs/shack/glados/deps/gtts-token.nix @@ -0,0 +1,27 @@ +{ lib +, buildPythonPackage +, fetchPypi +, requests +}: + +buildPythonPackage rec { + pname = "gtts-token"; + version = "1.1.3"; + + src = fetchPypi { + pname = "gTTS-token"; + inherit version; + sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; + }; + + propagatedBuildInputs = [ + requests + ]; + + meta = with lib; { + description = "Calculates a token to run the Google Translate text to speech"; + homepage = https://github.com/boudewijn26/gTTS-token; + license = licenses.mit; + # maintainers = [ maintainers. ]; + }; +} diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix new file mode 100644 index 000000000..a75c6a976 --- /dev/null +++ b/krebs/2configs/shack/glados/deps/pyhaversion.nix @@ -0,0 +1,33 @@ +{ lib +, buildPythonPackage +, fetchpatch +, fetchPypi +, aiohttp +, async-timeout +}: + +buildPythonPackage rec { + pname = "pyhaversion"; + version = "2.2.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; + }; + patches = [ + (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; + sha256 = + "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) + ]; + doCheck = false; + propagatedBuildInputs = [ + aiohttp + async-timeout + ]; + + meta = with lib; { + description = ""; + homepage = https://github.com/ludeeus/pyhaversion; + # maintainers = [ maintainers. ]; + }; +} diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix new file mode 100644 index 000000000..354405d06 --- /dev/null +++ b/krebs/2configs/shack/glados/multi/shackopen.nix @@ -0,0 +1,23 @@ +{ + binary_sensor = [ + { platform = "mqtt"; + name = "Portal Lock"; + device_class = "door"; + state_topic = "portal/gateway/status"; + availability_topic = "portal/gateway/lwt"; + payload_on = "open"; + payload_off = "closed"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + sensor = [ + { platform = "mqtt"; + name = "Keyholder"; + state_topic = "portal/gateway/keyholder"; + availability_topic = "portal/gateway/lwt"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; +} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix new file mode 100644 index 000000000..578bb0750 --- /dev/null +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -0,0 +1,66 @@ +let + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "sonoff/stat/${topic}/POWER1"; + command_topic = "sonoff/cmnd/${topic}/POWER1"; + availability_topic = "sonoff/tele/${topic}/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = false; + qos = 1; + }; + seconds = 20; +in +{ + switch = [ + (tasmota_plug "Wasser" "plug") + ]; + automation = + [ + { alias = "Water the plant for ${toString seconds} seconds"; + trigger = [ + { # trigger at 20:00 no matter what + # TODO: retry or run only if switch.wasser is available + platform = "time"; + at = "20:00:00"; + } + ]; + action = + [ + { + service = "homeassistant.turn_on"; + entity_id = [ + "switch.wasser" + ]; + } + { delay.seconds = seconds; } + { + service = "homeassistant.turn_off"; + entity_id = [ + "switch.wasser" + ]; + } + ]; + } + { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; + trigger = [ + { + platform = "state"; + entity_id = "switch.wasser"; + to = "on"; + for.seconds = seconds*2; + } + ]; + action = + [ + { + service = "homeassistant.turn_off"; + entity_id = [ "switch.wasser" ]; + } + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix new file mode 100644 index 000000000..634758701 --- /dev/null +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -0,0 +1,22 @@ +let + esphome_temp = name: + { platform = "mqtt"; + name = "${name} Temperature"; + device_class = "temperature"; + state_topic = "glados/${name}/sensor/temperature/state"; + availability_topic = "glados/${name}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + esphome_hum = name: + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} Humidity"; + state_topic = "glados/${name}/sensor/humidity/state"; + availability_topic = "glados/${name}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; +in + (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix new file mode 100644 index 000000000..1aa250a19 --- /dev/null +++ b/krebs/2configs/shack/glados/sensors/power.nix @@ -0,0 +1,27 @@ +let + power_x = name: phase: + { platform = "mqtt"; + name = "${phase} ${name}"; + # device_class = "power"; + state_topic = "/power/total/${phase}/${name}"; + availability_topic = "/power/lwt"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + power_consumed = + { platform = "mqtt"; + name = "Power Consumed"; + #device_class = "power"; + state_topic = "/power/total/consumed"; + availability_topic = "/power/lwt"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + power_volt = power_x "Voltage"; + power_watt = power_x "Power"; + power_curr = power_x "Current"; +in + (map power_volt [ "L1" "L2" "L3" ]) +++ (map power_watt [ "L1" "L2" "L3" ]) +++ (map power_curr [ "L1" "L2" "L3" ]) +++ [ power_consumed ] diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix new file mode 100644 index 000000000..adf0a4bc3 --- /dev/null +++ b/krebs/2configs/shack/grafana.nix @@ -0,0 +1,19 @@ +let + port = 3000; +in { + + networking.firewall.allowedTCPPorts = [ port ]; # legacy + services.nginx.virtualHosts."grafana.shack" = { + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + services.grafana = { + enable = true; + port = port; + addr = "0.0.0.0"; + users.allowSignUp = true; + users.allowOrgCreate = true; + users.autoAssignOrg = true; + auth.anonymous.enable = true; + security = import <secrets/grafana_security.nix>; + }; +} diff --git a/krebs/2configs/graphite.nix b/krebs/2configs/shack/graphite.nix index 64222e43a..1c8ec6a8b 100644 --- a/krebs/2configs/graphite.nix +++ b/krebs/2configs/shack/graphite.nix @@ -1,16 +1,22 @@ { config, lib, pkgs, ... }: +# hostname: graphite.shack + # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) - -# TODO: krebs.graphite.minimal.enable -# TODO: configure firewall -with import <stockholm/lib>; -{ - imports = [ ]; - +let + port = 8080; +in { + networking.firewall.allowedTCPPorts = [ 2003 port ]; + networking.firewall.allowedUDPPorts = [ 2003 ]; + services.nginx.virtualHosts."graphite.shack" = { + locations."/" = { + proxyPass = "http://localhost:${toString port}/"; + }; + }; services.graphite = { api = { + inherit port; enable = true; listenAddress = "0.0.0.0"; }; diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix new file mode 100644 index 000000000..92cb24bf3 --- /dev/null +++ b/krebs/2configs/shack/influx.nix @@ -0,0 +1,33 @@ +{pkgs, ... }: # hostname: influx.shack +let + port = 8086; + collectd-port = 25826; + db = "collectd_db"; +in +{ + networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications + networking.firewall.allowedUDPPorts = [ collectd-port ]; + services.nginx.virtualHosts."influx.shack" = { + locations."/" = { + proxyPass = "http://localhost:${toString port}/"; + }; + }; + services.influxdb = { + enable = true; + extraConfig = { + http.bind-address = "0.0.0.0:${toString port}"; + http.log-enabled = false; + http.write-tracing = false; + http.suppress-write-log = true; + data.trace-logging-enabled = false; + data.query-log-enabled = false; + monitoring.enabled = false; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + bind-address = ":${toString collectd-port}"; + }]; + }; + }; +} diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix index 8e5438db2..e78f0f974 100644 --- a/krebs/2configs/shack/mqtt.nix +++ b/krebs/2configs/shack/mqtt.nix @@ -1,3 +1,4 @@ +# hostname: mqtt.shack { networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.allowedUDPPorts = [ 1883 ]; diff --git a/krebs/2configs/shack/mqtt_sub.nix b/krebs/2configs/shack/mqtt_sub.nix index a8427dde4..bd0b6df85 100644 --- a/krebs/2configs/shack/mqtt_sub.nix +++ b/krebs/2configs/shack/mqtt_sub.nix @@ -29,6 +29,8 @@ in { User = "nobody"; ExecStart = "${pkg}/bin/sub-new"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 19768cb2e..33f6b8c89 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -33,9 +33,10 @@ in { chown nobody /tmp/tell.json ''; ExecStart = "${pkg}/bin/call-muell --cfg /tmp/tell.json --mode mpd loop 60"; - Restart = "always"; PrivateTmp = true; PermissionsStartOnly = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 39d49918d..a41dbc977 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -26,8 +26,9 @@ in { WorkingDirectory = home; PermissionsStartOnly = true; ExecStart = "${pkg}/bin/muell_mail"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index 1e6843bdf..9168c9ba7 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -36,8 +36,9 @@ in { ''; WorkingDirectory = home; ExecStart = "${pkg}/bin/muellshack"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 63772f182..8cf0007b8 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -46,8 +46,9 @@ in { ''; WorkingDirectory = home; ExecStart = "${pkg}/bin/node-light"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index af3f129c1..4118e7a72 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -22,8 +22,9 @@ in { serviceConfig = { User = "powermeter"; ExecStart = "${pkg}/bin/powermeter-serial2mqtt"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; @@ -33,8 +34,9 @@ in { serviceConfig = { User = "powermeter"; ExecStart = "${pkg}/bin/powermeter-mqtt2socket"; - Restart = "always"; PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; }; }; diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index c936f2531..12f757e89 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -3,18 +3,23 @@ { networking = { firewall.allowedTCPPorts = [ - 3000 # grafana 9090 # prometheus 9093 # alertmanager ]; - useDHCP = true; }; - services = { + nginx.virtualHosts = { + "prometheus.shack" = { + locations."/".proxyPass = "http://localhost:9090"; + }; + "alert.prometheus.shack" = { + locations."/".proxyPass = "http://localhost:9093"; + }; + }; prometheus = { enable = true; extraFlags = [ - "-storage.local.retention 8760h" + "-storage.local.retention 720h" "-storage.local.series-file-shrink-ratio 0.3" "-storage.local.memory-chunks 2097152" "-storage.local.max-chunks-to-persist 1048576" diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix index 566146d6e..286a73aae 100644 --- a/krebs/2configs/shack/radioactive.nix +++ b/krebs/2configs/shack/radioactive.nix @@ -27,9 +27,10 @@ in { serviceConfig = { User = "nobody"; # TODO separate user ExecStart = "${pkg}/bin/radioactive-add-many loop 60"; - Restart = "always"; PrivateTmp = true; PermissionsStartOnly = true; + Restart = "always"; + RestartSec = "15"; }; }; } diff --git a/krebs/2configs/stats/wolf-client.nix b/krebs/2configs/stats/shack-client.nix index 0412eba9a..5131b0f78 100644 --- a/krebs/2configs/stats/wolf-client.nix +++ b/krebs/2configs/stats/shack-client.nix @@ -17,6 +17,8 @@ Interface "lo" Interface "vboxnet*" Interface "virbr*" + Interface "veth*" + Interface "br-*" IgnoreSelected true </Plugin> @@ -53,15 +55,7 @@ LoadPlugin network <Plugin "network"> - Server "stats.makefu.r" "25826" - </Plugin> - - LoadPlugin curl - <Plugin curl> - <Page "smarthome"> - URL "http://smarthome.shack/"; - MeasureResponseTime true - </Page> + Server "influx.shack" "25826" </Plugin> ''; }; diff --git a/krebs/2configs/collectd-base.nix b/krebs/2configs/stats/shack-debugging.nix index 71a00be3a..b5a0cf05e 100644 --- a/krebs/2configs/collectd-base.nix +++ b/krebs/2configs/stats/shack-debugging.nix @@ -9,7 +9,7 @@ let ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" Import "collectd_connect_time" <Module collectd_connect_time> - target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de" + target "localhost:22" "google.com" "google.de" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de""10.0.1.3" "10.0.0.3:22" "10.0.0.4:22" interval 10 </Module> </Plugin> @@ -18,7 +18,7 @@ let LoadPlugin write_graphite <Plugin "write_graphite"> <Carbon> - Host "wolf.r" + Host "graphite.shack" Port "2003" Prefix "retiolum." EscapeCharacter "_" diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 94a509520..4892a8723 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -164,7 +164,7 @@ let client_max_body_size 32M; ''; locations = { - "/".extraConfig = "proxy_set_header Host $http_host;"; + "/".extraConfig = "proxy_set_header Host $host;"; "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock"; "/static/".extraConfig = '' alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 244de1a0d..cbf24effe 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,7 +27,7 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 + ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2 json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 10a33d5d7..c770391c7 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -104,6 +104,7 @@ let { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } { krebs = import ./mb { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index aac67f2e3..1546cac62 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -229,6 +229,32 @@ in { }; }; }; + jongepad = { + owner = config.krebs.users.jonge; + nets = { + retiolum = { + ip4.addr = "10.243.5.6"; + aliases = [ + "jongepad.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtJsF5jL/M72PCptLFC5iIEt0qAL544H/VLijvZEG9gnoqbs94aNJ + MM5Sr3yMB01WkcT1Lph3r4dxV0/QECu3Ca4xxuUntu42tFXhkikQGcZLuo2h4zr4 + +wReudCCc7VqMcJDxriyyoW3i7smZnQGzo36gpKHbZfil8dJo0QE8mnujqkQCA0G + hjR7xdG+/usDgRUarfpNgoHKyZfLcomQLUuR8I3aHsdaCLgMJ8v5DjGymp2bIswT + puPx3IEZSXH8y6MZoISvLn+hwcWat34Bj1PF7vfgldivqHaDFpifpXvjbCmxcel9 + WVZRSEvLSVT4FnpaJ7JkAaUpG+GOHVlPWARq9t9AZXKR1Zex9MIkHzWi/TIIkawj + wJNvUwvBYJ1UCuCby4/3nKlY7zWjj23YM6dTJDGMhJKR5m2SHp9SC0m0QdfSjN5z + 8sJauCigGZ6rlmxkO4/2BBGshY8jWDl/z2oFiQfo7R2oZkJdWNHLGKtTZtqQQ3e6 + SAE/HQvipiv35rMzHw3E9AJBhhQqT3vTLLZvMTBS6BRFvpqDNhXik1aFenNV4tjZ + XeYU1eXI4XzQqoW/avPTuLt8O0Ya/nziLXCaIy+hlx5Hd49hkGb+1saQ5yPUgoEt + wE9sy5+9b5ebn8B+N0yw7wnUYN8V8dmPmRwLt71IuBwHn/aAoXyWwFsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rose = { owner = config.krebs.users.Mic92; nets = rec { @@ -400,20 +426,19 @@ in { ip4.addr = "10.243.29.175"; aliases = [ "qubasa.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z - f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm - 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 - aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs - KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v - aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j - kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 - 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB - 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz - k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV - Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v - vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA65g1Xql+S+Dd90uDpSVxzGRTL8n4DHc1p9T8u9h7ioytC9B+e2dQ + RU/y3gdJ0gXxrbth36MhTANuUonnqpHvsWwUDCQRbxLEFh8avlzLsecWvwrIt3zL + 102EaVurRySUa83D6TK8ZsDa2+ADY7tEzfFMJhT53g7MpBNIeOquB0rR6hVYBbHc + 3B+QtwdM8dx1gO/5+FsPYhJbR7ARczYHsj7Eyb8NbdzthEO0ICDgwzmcXTJfVHGR + qfT7DUolXsu7uSPMLB+Pe/leI7XcQ2VFukpVGP0fZv0mSMxavFlcFVkLgdbAEd2H + DPEBEcJpLR4Hw3HlO1kPPufaUdoeNhUmTkIp76mkCbanS1P/aFNFFcVB+a/+tpdK + z5pG8K3qANg5txp6sAatPchvkeQelIg11lvT9luc+nFsTEW6Ky5nDLo60luZVFnn + i1bdVeOojXR0u7M2gMqQZcSuscvy8APe48S8vPsqoiob1l/r77B7iNrWDwH8IutW + u8fpC64CbhlR76Orp3xTZPmJQCRT8XYpKDDoq5Z7prdlAEz3U6wEfVckVv+f1dmU + odG0zDTsmyKhkWWmZbPgPrOEUvAVoSpSLSQQxPR+UHArlgYe+2dAf8IHYqrgmhuO + D4Lga4nNwTyVbCZ8vUu5b/lnGCLpNcVj22WVQTdAJzNsCVTdIM2V5hcCAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; @@ -685,6 +710,9 @@ in { jan = { mail = "jan.heidbrink@posteo.de"; }; + jonge = { + mail = "jacek.galowicz@gmail.com"; + }; kmein = { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; @@ -695,6 +723,7 @@ in { }; qubasa = { mail = "luis.nixos@gmail.com"; + pubkey = ssh-for "qubasa"; }; raute = { mail = "macxylo@gmail.com"; diff --git a/krebs/3modules/external/ssh/qubasa.pub b/krebs/3modules/external/ssh/qubasa.pub new file mode 100644 index 000000000..e9e1e6a29 --- /dev/null +++ b/krebs/3modules/external/ssh/qubasa.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos + diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a8314e11c..dc5c9ca3c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -602,45 +602,54 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; - morpheus = { + hilum = { cores = 1; nets = { retiolum = { - ip4.addr = "10.243.0.19"; - ip6.addr = r6 "012f"; + ip4.addr = "10.243.20.123"; + ip6.addr = r6 "005b"; aliases = [ - "morpheus.r" + "hilum.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY - T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN - /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh - S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz - Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR - bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI - Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz - sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ - VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j - 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA - U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb + pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi + V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c + SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh + 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE + saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz + vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY + 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ + wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3 + RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh + Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl + 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ== + -----END PUBLIC KEY----- ''; }; wiregrill = { - ip6.addr = w6 "012f"; + ip6.addr = w6 "005b"; aliases = [ - "morpheus.w" + "hilum.w" ]; - wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; + wireguard.pubkey = '' + 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw= + ''; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; + syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; }; }; users = rec { lass = lass-blue; + lass-yubikey = { + mail = lass.mail; + pubkey = builtins.readFile ./ssh/yubikey.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; + }; lass-blue = { mail = "lass@blue.r"; pubkey = builtins.readFile ./ssh/blue.rsa; diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp new file mode 100644 index 000000000..0c7791ce8 --- /dev/null +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy +aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog +3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P +rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw +xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru +eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m +28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj +iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD +dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX +yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g +S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB +tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG +Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK +CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad +WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ +SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9 +z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC +KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N +YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf +4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO +To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf +PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd +p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY +ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC +DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh +SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE +SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+ +c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4 ++1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au +FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E +F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs +N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs +8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 +bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr +s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE +cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ +EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA +CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2 +ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP +ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h +UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L +4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5 +c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz +efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv +aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S +LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D +MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE +P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl +Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z +7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj +8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa +QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc +Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d +7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL +5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont +2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut +senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw +dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE +5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML +yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS +lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am +ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd +e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF +8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T +ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/ +qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk +5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A +ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo +VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW +kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb +zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke +D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj +nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs +dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk +Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E +i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f +06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P +60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc +0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV +u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/ +MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ +z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97 +rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV +qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk +L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a +6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l +PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize +buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh +pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV +X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh +81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN +6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO +Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN +dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP +/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF +rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3 +Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+ +VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk +EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty +keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw +uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB +vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw +JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4 +gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx +z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq +=U2Jf +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/yubikey.rsa b/krebs/3modules/lass/ssh/yubikey.rsa new file mode 100644 index 000000000..349bb4aab --- /dev/null +++ b/krebs/3modules/lass/ssh/yubikey.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9581712fb..f9e8d485c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -184,11 +184,12 @@ in { nixos.unstable IN CNAME krebscode.github.io. o.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} + pigstarter IN CNAME makefu.github.io. share.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} + bookmark.euer IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. mediengewitter IN CNAME over.dose.io. ''; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..1531a2c89 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,111 @@ +{ config, ... }: + +with import <stockholm/lib>; + +{ + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.nin; + ci = true; + }) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + axon= { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.134.66"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; + aliases = [ + "axon.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo + glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj + KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH + L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j + VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY + PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN + X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh + m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp + OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT + LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H + /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK + MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w + 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm + ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 + 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF + 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt + 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj + FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl + buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p + hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG + yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi + ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; + }; + onondaga = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.132.55"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; + aliases = [ + "onondaga.r" + "cgit.onondaga.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR + OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu + htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH + xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO + kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn + hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; + }; + + }; + users = { + nin = { + mail = "nin@axon.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; + }; + nin_h = { + mail = "nin@hiawatha.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index 78f2b8ebd..71e2b541a 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -16,7 +16,7 @@ let default = "BAT0"; }; user = mkOption { - type = types.string; + type = types.str; default = "power-action"; }; startAt = mkOption { diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 24eac7158..ed00d187c 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -110,8 +110,12 @@ let hostsArchive = mkOption { type = types.package; default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' - ${pkgs.coreutils}/bin/ln -s ${tinc.config.hostsPackage} hosts - ${pkgs.gnutar}/bin/tar -hcjf $out hosts + cp \ + --no-preserve=mode \ + --recursive \ + ${tinc.config.hostsPackage} \ + hosts + ${pkgs.gnutar}/bin/tar -cjf $out hosts ''; readOnly = true; }; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 61ee72e74..43535b08f 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -75,10 +75,7 @@ let ]; apply = map (x: getAttr (typeOf x) { set = x; - string = { - url = x; - filter = null; - }; + string.url = x; }); }; verbose = mkOption { @@ -96,7 +93,7 @@ let hooksFile = cfg.hooksFile; - configFile = pkgs.writeText "urlwatch.yaml" (toJSON { + configFile = pkgs.writeJSON "urlwatch.yaml" { display = { error = true; new = true; @@ -132,7 +129,7 @@ let line_length = 75; }; }; - }); + }; imp = { systemd.timers.urlwatch = { @@ -210,8 +207,13 @@ let type = types.str; }; filter = mkOption { + default = null; type = with types; nullOr str; # TODO nullOr subtypes.filter }; + ignore_cached = mkOption { + default = null; + type = with types; nullOr bool; + }; }; }; in out diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix index 55f2d17d0..b0e81fdc1 100644 --- a/krebs/5pkgs/haskell/blessings.nix +++ b/krebs/5pkgs/haskell/blessings.nix @@ -6,19 +6,10 @@ with import <stockholm/lib>; version = "1.1.0"; sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1"; }; - "18.09" = { - version = "2.2.0"; - sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; - }; - "19.03" = { - version = "2.2.0"; - sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; - }; - "19.09" = { - version = "2.2.0"; - sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; - }; - }.${versions.majorMinor version}; + }.${versions.majorMinor version} or { + version = "2.2.0"; + sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1"; + }; in mkDerivation { pname = "blessings"; diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index 8b7165860..572a8029c 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -10,22 +10,11 @@ with import <stockholm/lib>; rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8"; sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59"; }; - "18.09" = { - version = "0.4.1-tv1"; - rev = "refs/tags/v${cfg.version}"; - sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; - }; - "19.03" = { - version = "0.4.1-tv1"; - rev = "refs/tags/v${cfg.version}"; - sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; - }; - "19.09" = { - version = "0.4.1-tv1"; - rev = "refs/tags/v${cfg.version}"; - sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; - }; - }.${versions.majorMinor version}; + }.${versions.majorMinor version} or { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; in mkDerivation { pname = "email-header"; diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix new file mode 100644 index 000000000..704831823 --- /dev/null +++ b/krebs/5pkgs/override/default.nix @@ -0,0 +1,12 @@ +with import <stockholm/lib>; +self: super: { + + exim = super.exim.overrideAttrs (old: rec { + name = warnOldVersion old.name "exim-4.92.2"; + src = self.fetchurl { + url = "https://ftp.exim.org/pub/exim/exim4/${name}.tar.xz"; + sha256 = "0m56jsh2fzvwj4rdpcc3pkd5vsi40cjrpzalis7l1zq33m4axmq1"; + }; + }); + +} diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix deleted file mode 100644 index c01b87d6b..000000000 --- a/krebs/5pkgs/simple/bitlbee-discord/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }: - -with stdenv.lib; -stdenv.mkDerivation rec { - name = "bitlbee-discord-2017-12-27"; - - src = fetchFromGitHub { - rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182"; - owner = "sm00th"; - repo = "bitlbee-discord"; - sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95"; - }; - - nativeBuildInputs = [ autoreconfHook pkgconfig ]; - buildInputs = [ bitlbee glib ]; - - preConfigure = '' - export BITLBEE_PLUGINDIR=$out/lib/bitlbee - ./autogen.sh - ''; - - meta = { - description = "Bitlbee plugin for Discord"; - - homepage = https://github.com/sm00th/bitlbee-discord; - license = licenses.gpl2Plus; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/krebs/5pkgs/simple/cholerab/default.nix b/krebs/5pkgs/simple/cholerab/default.nix index 94514fe44..007776164 100644 --- a/krebs/5pkgs/simple/cholerab/default.nix +++ b/krebs/5pkgs/simple/cholerab/default.nix @@ -1,7 +1,16 @@ -{ fetchgit, callPackage }: let - src = fetchgit { - url = "https://github.com/krebs/cholerab"; +{ stdenv, fetchFromGitHub, pandoc }: +stdenv.mkDerivation { + name = "cholerab"; + src = fetchFromGitHub { + owner = "krebs"; + repo = "cholerab"; rev = "25d7ef051d6fc74d99b155e768b3c650296a230c"; sha256 = "1pymw7v2ql42iq825ccx98s4fp9jsz5b2hjr1qad6bamfc6i7yy9"; }; -in callPackage src {} + phases = [ "buildPhase" ]; + buildPhase = '' + mkdir -p $out/share/man/man1 + ${pandoc}/bin/pandoc -s -t man $src/thesauron.md -o $out/share/man/man1/thesauron.1 + ${pandoc}/bin/pandoc -s -t man $src/enterprise-patterns.md -o $out/share/man/man1/enterprise-patterns.1 + ''; +} diff --git a/krebs/5pkgs/simple/go-shortener/default.nix b/krebs/5pkgs/simple/go-shortener/default.nix index 4d1bef2be..5e734553b 100644 --- a/krebs/5pkgs/simple/go-shortener/default.nix +++ b/krebs/5pkgs/simple/go-shortener/default.nix @@ -1,11 +1,11 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs }: with lib; let nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-8_x; + nodejs = nodejs-12_x; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; @@ -34,7 +34,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ - nodejs-8_x + nodejs-12_x makeWrapper ]; @@ -43,7 +43,7 @@ in stdenv.mkDerivation { cp index.js $out/ cat > $out/go << EOF - ${nodejs-8_x}/bin/node $out/index.js + ${nodejs-12_x}/bin/node $out/index.js EOF chmod +x $out/go diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix index cc362b86a..055e6b476 100644 --- a/krebs/5pkgs/simple/newsbot-js/default.nix +++ b/krebs/5pkgs/simple/newsbot-js/default.nix @@ -1,11 +1,11 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-8_x, pkgs, icu }: +{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }: with lib; let nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-8_x; + nodejs = nodejs-12_x; libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; }; @@ -36,7 +36,7 @@ in stdenv.mkDerivation { ]; buildInputs = [ - nodejs-8_x + nodejs-12_x makeWrapper ]; @@ -45,7 +45,7 @@ in stdenv.mkDerivation { cp newsbot.js $out/ cat > $out/newsbot << EOF - ${nodejs-8_x}/bin/node $out/newsbot.js + ${nodejs-12_x}/bin/node $out/newsbot.js EOF chmod +x $out/newsbot diff --git a/krebs/5pkgs/simple/nix-prefetch-github.nix b/krebs/5pkgs/simple/nix-prefetch-github.nix new file mode 100644 index 000000000..14096c33f --- /dev/null +++ b/krebs/5pkgs/simple/nix-prefetch-github.nix @@ -0,0 +1,25 @@ +{ curl, jq, nix, writeDashBin }: + +writeDashBin "nix-prefetch-github" '' + # usage: nix-prefetch-github OWNER REPO [REF] + set -efu + + owner=$1 + repo=$2 + ref=''${3-master} + + info_url=https://api.github.com/repos/$owner/$repo/commits/$ref + info=$(${curl}/bin/curl -fsS "$info_url") + rev=$(printf %s "$info" | ${jq}/bin/jq -r .sha) + + name=$owner-$repo-$ref + url=https://github.com/$owner/$repo/tarball/$rev + sha256=$(${nix}/bin/nix-prefetch-url --name "$name" --unpack "$url") + + export owner repo rev sha256 + ${jq}/bin/jq -n ' + env | { + owner, repo, rev, sha256 + } + ' +'' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json new file mode 100644 index 000000000..5f8f0c771 --- /dev/null +++ b/krebs/nixpkgs-unstable.json @@ -0,0 +1,7 @@ +{ + "url": "https://github.com/NixOS/nixpkgs-channels", + "rev": "d484f2b7fc0834a068e8ace851faa449a03963f5", + "date": "2019-09-20T22:58:43+02:00", + "sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn", + "fetchSubmodules": false +} diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index fd73bd142..01230b439 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e02148563af765625be323465fb7a1d22072d88c", - "date": "2019-08-26T07:58:15-04:00", - "sha256": "1fa84bf9gpd5n1lc0ifxda44hbdkg8ka720yxsg6h8plsqjjxzs8", + "rev": "7952807791daf3c60c99f10f371f732d897e3de8", + "date": "2019-10-13T01:14:01+02:00", + "sha256": "1h9wg0arazbyj8xfgvfhzn2gw6ya8sgcxscy1n5j182b5xri1xdk", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh new file mode 100755 index 000000000..068da5f6f --- /dev/null +++ b/krebs/update-nixpkgs-unstable.sh @@ -0,0 +1,9 @@ +#!/bin/sh +dir=$(dirname $0) +oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ + --url https://github.com/NixOS/nixpkgs-channels \ + --rev refs/heads/nixos-unstable' \ +> $dir/nixpkgs-unstable.json +newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev" diff --git a/krebs/update-channel.sh b/krebs/update-nixpkgs.sh index 08354357a..9b5d7ccd8 100755 --- a/krebs/update-channel.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-19.03' \ + --rev refs/heads/nixos-19.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" |