From a2b8571c5e39e4a8b5adf6be91a661332a0103df Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Nov 2018 23:02:21 +0100 Subject: ma: fix ssh key of ulrich --- krebs/3modules/makefu/ssh/ulrich.pub | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub index 88313ee7c..8ac69004c 100644 --- a/krebs/3modules/makefu/ssh/ulrich.pub +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -1 +1 @@ -AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de -- cgit v1.2.3 From 91e05287a7a37e960a14144a5abcb4e39cba500c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Nov 2018 23:15:36 +0100 Subject: k binary-cache: use https://cache.krebsco.de --- krebs/2configs/binary-cache/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 46b386e14..51b4a1afc 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" -- cgit v1.2.3 From 5782a4de2e5b5f4843a421bac7456e83790950d1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 09:20:14 +0100 Subject: cache.nixos.org: provide index.html --- krebs/2configs/cache.nsupdate.info.nix | 8 ++++++-- krebs/3modules/cachecache.nix | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 12 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index 056667d8c..db221686f 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -1,4 +1,4 @@ -{lib, ... }: +{ pkgs, lib, ... }: with lib; let domain = "cache.nsupdate.info"; @@ -17,9 +17,13 @@ in { }; krebs.cachecache = { enable = true; - enableSSL = false; # disable letsencrypt for testing + enableSSL = true; # disable letsencrypt for testing cacheDir = "/var/cache/nix-cache-cache"; maxSize = "10g"; + indexFile = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html"; + sha256 = "0n9lji4rpi2wpfik3dvl92mmpfrywyp33iwsw7d8qmykk7l0hfp8"; + }; # assumes that the domain is reachable from the internet virtualHost = domain; diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index 989320480..2c2d07ff5 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ pkgs, config, lib, ... }: # fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b @@ -59,15 +59,6 @@ in ''; }; - # webRoot = mkOption { - # type = types.str; - # default = "/"; - # description = '' - # Directory on virtual host that serves the cache. Must end in - # /. - # ''; - # }; - resolver = mkOption { type = types.str; description = "Address of DNS resolver."; @@ -82,6 +73,13 @@ in Where nginx should store cached data. ''; }; + indexFile = mkOption { + type = types.path; + default = pkgs.writeText "myindex" "hello world"; + description = '' + Path to index.html file. + ''; + }; maxSize = mkOption { type = types.str; @@ -98,6 +96,7 @@ in systemd.services.nginx.preStart = '' mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + ln -fs ${cfg.indexFile} /srv/www/nix-cache-cache/index.html chown ${nginxCfg.user}:${nginxCfg.group} \ ${cfg.cacheDir} /srv/www/nix-cache-cache ''; @@ -143,6 +142,7 @@ in locations."/" = { root = "/srv/www/nix-cache-cache"; + index = "index.html"; extraConfig = '' expires max; add_header Cache-Control $nix_cache_cache_header always; -- cgit v1.2.3 From 176883b37dd48c52c500c2159c00914c39b36250 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:45:56 +0100 Subject: bepasty-server: use genid_uint31 --- krebs/3modules/bepasty-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index dd29a4e17..e12367b7c 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -143,12 +143,12 @@ let ) cfg.servers; users.extraUsers.bepasty = { - uid = genid "bepasty"; + uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; }; users.extraGroups.bepasty = { - gid = genid "bepasty"; + gid = genid_uint31 "bepasty"; }; }; -- cgit v1.2.3 From dec7956b534673d76848f617657b62d46f4de769 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:46:09 +0100 Subject: fetchWallpaper: use genid_uint31 --- krebs/3modules/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 5a5065565..e89b86e32 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -53,7 +53,7 @@ let imp = { users.users.fetchWallpaper = { name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; + uid = genid_uint31 "fetchWallpaper"; description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; -- cgit v1.2.3 From 692271b2b9bf5de258d3d8424f273a517abaea2a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 09:46:19 +0100 Subject: tinc_graphs: use genid_uint31 --- krebs/3modules/tinc_graphs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 8390eccbb..486a0c9cc 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -124,7 +124,7 @@ let }; users.extraUsers.tinc_graphs = { - uid = genid "tinc_graphs"; + uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; services.nginx = mkIf cfg.nginx.enable { -- cgit v1.2.3 From 63798eb150e5d572ad887b2e6e6ce287fb187a48 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 3 Dec 2018 09:51:38 +0100 Subject: cabal-read: init --- krebs/5pkgs/simple/cabal-read.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 krebs/5pkgs/simple/cabal-read.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/cabal-read.nix b/krebs/5pkgs/simple/cabal-read.nix new file mode 100644 index 000000000..f8fc71e05 --- /dev/null +++ b/krebs/5pkgs/simple/cabal-read.nix @@ -0,0 +1,35 @@ +{ writeHaskellPackage }: + +# Because `sed -n 's/.*\ + putStrLn . intercalate " " . fromMaybe [] . lookup GHC + . options . buildInfo . condTreeData $ exe + + Nothing -> + error ("executable " <> name <> " not found in " <> path) + ''; + }; +} -- cgit v1.2.3 From 4d36900c6f0eedb62652d90bc362dca14d6c7b9a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 3 Dec 2018 17:39:34 +0100 Subject: Reaktor: add user only if active --- krebs/3modules/Reaktor.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 677b6f7b8..669483f3c 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -8,7 +8,7 @@ let out = { options.krebs.Reaktor = api; - config = imp; + config = mkIf (cfg != {}) imp; }; api = mkOption { -- cgit v1.2.3 From 42e64be38804bd97c65f009e26a3de3af03d07dc Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 22:06:23 +0100 Subject: cache.nsupdate.info: bump index --- krebs/2configs/cache.nsupdate.info.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index db221686f..74f345614 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -22,7 +22,7 @@ in { maxSize = "10g"; indexFile = pkgs.fetchurl { url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html"; - sha256 = "0n9lji4rpi2wpfik3dvl92mmpfrywyp33iwsw7d8qmykk7l0hfp8"; + sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0"; }; # assumes that the domain is reachable from the internet -- cgit v1.2.3 From a8aa26bab161ef72c061948d78cdf0852cc05807 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 4 Dec 2018 21:32:02 +0100 Subject: l: adopt scardanelli & homeros (kmein) --- krebs/3modules/lass/default.nix | 60 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 12345a20a..44417f006 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -409,6 +409,66 @@ with import ; }; }; }; + scardanelli = { + monitoring = false; + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + ip6.addr = "42:2:5ca:da:3111::1"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + homeros = { + monitoring = false; + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + ip6.addr = "42:2::0:3:05::1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; turingmachine = { monitoring = false; ci = false; -- cgit v1.2.3 From 29998a8a355d7eec2d11801a3775125608d169a9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 09:01:56 +0100 Subject: snews: prefix with _ --- krebs/2configs/news-spam.nix | 310 +++++++++++++++++++++---------------------- 1 file changed, 155 insertions(+), 155 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 88b7e1072..a8c658858 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -4,161 +4,161 @@ krebs.newsbot-js.news-spam = { urlShortenerHost = "go.lassul.us"; feeds = pkgs.writeText "feeds" '' - [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews - [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews - [SPAM]antirez|http://antirez.com/rss|#snews - [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews - [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews - [SPAM]augustl|http://augustl.com/atom.xml|#snews - [SPAM]bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews - [SPAM]bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews - [SPAM]bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews - [SPAM]bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews - [SPAM]bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews - [SPAM]bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews - [SPAM]cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews - [SPAM]carta|http://feeds2.feedburner.com/carta-standard-rss|#snews - [SPAM]catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews - [SPAM]cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews - [SPAM]cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews - [SPAM]cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews - [SPAM]cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews - [SPAM]cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews - [SPAM]ccc|http://www.ccc.de/rss/updates.rdf|#snews - [SPAM]chan_biz|http://boards.4chan.org/biz/index.rss|#snews - [SPAM]chan_g|http://boards.4chan.org/g/index.rss|#snews - [SPAM]chan_int|http://boards.4chan.org/int/index.rss|#snews - [SPAM]chan_sci|http://boards.4chan.org/sci/index.rss|#snews - [SPAM]chan_x|http://boards.4chan.org/x/index.rss|#snews - [SPAM]c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews - [SPAM]cryptogon|http://www.cryptogon.com/?feed=rss2|#snews - [SPAM]csm|http://rss.csmonitor.com/feeds/csm|#snews - [SPAM]csm_world|http://rss.csmonitor.com/feeds/world|#snews - [SPAM]danisch|http://www.danisch.de/blog/feed/|#snews - [SPAM]dod|http://www.defense.gov/news/afps2.xml|#snews - [SPAM]dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews - [SPAM]ecat|http://ecat.com/feed|#snews - [SPAM]eia_press|http://www.eia.gov/rss/press_rss.xml|#snews - [SPAM]eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews - [SPAM]embargowatch|https://embargowatch.wordpress.com/feed/|#snews - [SPAM]ethereum-comments|http://blog.ethereum.org/comments/feed|#snews - [SPAM]ethereum|http://blog.ethereum.org/feed|#snews - [SPAM]europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews - [SPAM]eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews - [SPAM]exploitdb|http://www.exploit-db.com/rss.xml|#snews - [SPAM]fars|http://www.farsnews.com/rss.php|#snews #test - [SPAM]faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews - [SPAM]faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews - [SPAM]faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews - [SPAM]fbi|https://www.fbi.gov/news/rss.xml|#snews - [SPAM]fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews - [SPAM]fefe|http://blog.fefe.de/rss.xml|#snews - [SPAM]forbes|http://www.forbes.com/forbes/feed2/|#snews - [SPAM]forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews - [SPAM]fox|http://feeds.foxnews.com/foxnews/latest|#snews - [SPAM]geheimorganisation|http://geheimorganisation.org/feed/|#snews - [SPAM]GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews - [SPAM]gmanet|http://www.gmanetwork.com/news/rss/news|#snews - [SPAM]golem|http://rss.golem.de/rss.php|#snews - [SPAM]google|http://news.google.com/?output=rss|#snews - [SPAM]greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews - [SPAM]guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews - [SPAM]gulli|http://ticker.gulli.com/rss/|#snews - [SPAM]hackernews|https://news.ycombinator.com/rss|#snews - [SPAM]handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews - [SPAM]heise|https://www.heise.de/newsticker/heise-atom.xml|#snews - [SPAM]hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews - [SPAM]hindu|http://www.thehindu.com/?service=rss|#snews - [SPAM]ign|http://feeds.ign.com/ign/all|#snews - [SPAM]independent|http://www.independent.com/rss/headlines/|#snews - [SPAM]indymedia|https://de.indymedia.org/rss.xml|#snews - [SPAM]info_libera|http://www.informationliberation.com/rss.xml|#snews - [SPAM]klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews - [SPAM]korea_herald|http://www.koreaherald.com/rss_xml.php|#snews - [SPAM]linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews - [SPAM]lisp|http://planet.lisp.org/rss20.xml|#snews - [SPAM]liveleak|http://www.liveleak.com/rss|#snews - [SPAM]lolmythesis|http://lolmythesis.com/rss|#snews - [SPAM]LtU|http://lambda-the-ultimate.org/rss.xml|#snews - [SPAM]lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews - [SPAM]mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews - [SPAM]mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews - [SPAM]nds|http://www.nachdenkseiten.de/?feed=atom|#snews - [SPAM]netzpolitik|https://netzpolitik.org/feed/|#snews - [SPAM]newsbtc|http://newsbtc.com/feed/|#snews - [SPAM]nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews - [SPAM]npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews - [SPAM]npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews - [SPAM]npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews - [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews - [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei - [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews - [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews - [SPAM]phys|http://phys.org/rss-feed/|#snews - [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews - [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews - [SPAM]presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews - [SPAM]presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews - [SPAM]prisonplanet|http://prisonplanet.com/feed.rss|#snews - [SPAM]rawstory|http://www.rawstory.com/rs/feed/|#snews - [SPAM]reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews - [SPAM]reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews - [SPAM]reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews - [SPAM]reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews - [SPAM]reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews - [SPAM]reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews - [SPAM]reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews - [SPAM]reddit_sci|http://www.reddit.com/r/science/.rss|#snews - [SPAM]reddit_tech|http://www.reddit.com/r/technology/.rss|#snews - [SPAM]reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews - [SPAM]reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews - [SPAM]r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews - [SPAM]reuters|http://feeds.reuters.com/Reuters/worldNews|#snews - [SPAM]reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews - [SPAM]rt|http://rt.com/rss/news/|#snews - [SPAM]schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews - [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews - [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews - [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - [SPAM]shackspace|http://shackspace.de/atom.xml|#snews - [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews - [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews - [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews - [SPAM]sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews - [SPAM]sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews - [SPAM]sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews - [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews - [SPAM]slate|http://feeds.slate.com/slate|#snews - [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews - [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews - [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews - [SPAM]stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews - [SPAM]sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews - [SPAM]sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews - [SPAM]sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews - [SPAM]tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews - [SPAM]taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews - [SPAM]telegraph|http://www.telegraph.co.uk/rss.xml|#snews - [SPAM]telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews - [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews - [SPAM]tigsource|http://www.tigsource.com/feed/|#snews - [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews - [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews - [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews - [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews - [SPAM]travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews - [SPAM]un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews - [SPAM]un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews - [SPAM]un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews - [SPAM]un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews - [SPAM]un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews - [SPAM]un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews - [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews - [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews - [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews - [SPAM]xkcd|https://xkcd.com/rss.xml|#snews - [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews + _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews + _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews + _antirez|http://antirez.com/rss|#snews + _archlinux|http://www.archlinux.org/feeds/news/|#snews + _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews + _augustl|http://augustl.com/atom.xml|#snews + _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews + _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews + _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews + _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews + _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews + _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews + _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews + _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews + _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews + _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews + _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews + _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews + _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews + _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews + _ccc|http://www.ccc.de/rss/updates.rdf|#snews + _chan_biz|http://boards.4chan.org/biz/index.rss|#snews + _chan_g|http://boards.4chan.org/g/index.rss|#snews + _chan_int|http://boards.4chan.org/int/index.rss|#snews + _chan_sci|http://boards.4chan.org/sci/index.rss|#snews + _chan_x|http://boards.4chan.org/x/index.rss|#snews + _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews + _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews + _csm|http://rss.csmonitor.com/feeds/csm|#snews + _csm_world|http://rss.csmonitor.com/feeds/world|#snews + _danisch|http://www.danisch.de/blog/feed/|#snews + _dod|http://www.defense.gov/news/afps2.xml|#snews + _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews + _ecat|http://ecat.com/feed|#snews + _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews + _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews + _embargowatch|https://embargowatch.wordpress.com/feed/|#snews + _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews + _ethereum|http://blog.ethereum.org/feed|#snews + _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews + _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews + _exploitdb|http://www.exploit-db.com/rss.xml|#snews + _fars|http://www.farsnews.com/rss.php|#snews #test + _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews + _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews + _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews + _fbi|https://www.fbi.gov/news/rss.xml|#snews + _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews + _fefe|http://blog.fefe.de/rss.xml|#snews + _forbes|http://www.forbes.com/forbes/feed2/|#snews + _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews + _fox|http://feeds.foxnews.com/foxnews/latest|#snews + _geheimorganisation|http://geheimorganisation.org/feed/|#snews + _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews + _gmanet|http://www.gmanetwork.com/news/rss/news|#snews + _golem|http://rss.golem.de/rss.php|#snews + _google|http://news.google.com/?output=rss|#snews + _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews + _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews + _gulli|http://ticker.gulli.com/rss/|#snews + _hackernews|https://news.ycombinator.com/rss|#snews + _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews + _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews + _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews + _hindu|http://www.thehindu.com/?service=rss|#snews + _ign|http://feeds.ign.com/ign/all|#snews + _independent|http://www.independent.com/rss/headlines/|#snews + _indymedia|https://de.indymedia.org/rss.xml|#snews + _info_libera|http://www.informationliberation.com/rss.xml|#snews + _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews + _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews + _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews + _lisp|http://planet.lisp.org/rss20.xml|#snews + _liveleak|http://www.liveleak.com/rss|#snews + _lolmythesis|http://lolmythesis.com/rss|#snews + _LtU|http://lambda-the-ultimate.org/rss.xml|#snews + _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews + _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews + _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews + _nds|http://www.nachdenkseiten.de/?feed=atom|#snews + _netzpolitik|https://netzpolitik.org/feed/|#snews + _newsbtc|http://newsbtc.com/feed/|#snews + _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews + _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews + _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews + _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews + _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews + _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei + _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews + _painload|https://github.com/krebs/painload/commits/master.atom|#snews + _phys|http://phys.org/rss-feed/|#snews + _piraten|https://www.piratenpartei.de/feed/|#snews + _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews + _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews + _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews + _prisonplanet|http://prisonplanet.com/feed.rss|#snews + _rawstory|http://www.rawstory.com/rs/feed/|#snews + _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews + _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews + _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews + _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews + _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews + _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews + _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews + _reddit_sci|http://www.reddit.com/r/science/.rss|#snews + _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews + _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews + _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews + _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews + _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews + _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews + _rt|http://rt.com/rss/news/|#snews + _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews + _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews + _scmp|http://www.scmp.com/rss/91/feed|#snews + _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews + _shackspace|http://shackspace.de/atom.xml|#snews + _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews + _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews + _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews + _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews + _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews + _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews + _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews + _slate|http://feeds.slate.com/slate|#snews + _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews + _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews + _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews + _stern|http://www.stern.de/feed/standard/all/|#snews + _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews + _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews + _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews + _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews + _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews + _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews + _telegraph|http://www.telegraph.co.uk/rss.xml|#snews + _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews + _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews + _tigsource|http://www.tigsource.com/feed/|#snews + _tinc|http://tinc-vpn.org/news/index.rss|#snews + _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews + _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews + _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews + _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews + _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews + _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews + _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews + _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews + _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews + _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews + _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews + _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews + _weechat|http://dev.weechat.org/feed/atom|#snews + _xkcd|https://xkcd.com/rss.xml|#snews + _zdnet|http://www.zdnet.com/news/rss.xml|#snews ''; }; } -- cgit v1.2.3 From d6fba75f21b3de20f4b7b41ec3ee98bb5a205991 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 15:51:46 +0100 Subject: l: remove deprecated iso host --- krebs/3modules/lass/default.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 44417f006..1579ab4de 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -351,11 +351,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - iso = { - monitoring = false; - ci = false; - cores = 1; - }; sokrateslaptop = { monitoring = false; ci = false; -- cgit v1.2.3 From 3dd503e08f04577c896b7f8f3e52608006f7c7c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:05:47 +0100 Subject: remove unused domsen-nas host --- krebs/3modules/lass/default.nix | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1579ab4de..279b8cd6d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -129,20 +129,6 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - domsen-nas = { - ci = false; - monitoring = false; - external = true; - nets = rec { - internet = { - aliases = [ - "domsen-nas.internet" - ]; - ip4.addr = "87.138.180.167"; - ssh.port = 2223; - }; - }; - }; uriel = { monitoring = false; cores = 1; -- cgit v1.2.3 From c2d2e0e01d1d99cc68af22dcc87ee3ae56655d9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:06:32 +0100 Subject: move external hosts from lass to external --- krebs/3modules/default.nix | 1 + krebs/3modules/external/default.nix | 312 +++++++++++++++++++++++++++++++++++ krebs/3modules/lass/default.nix | 313 ------------------------------------ 3 files changed, 313 insertions(+), 313 deletions(-) create mode 100644 krebs/3modules/external/default.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 24cbd9cc9..e8ed64654 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -109,6 +109,7 @@ let }; imp = lib.mkMerge [ + { krebs = import ./external { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix new file mode 100644 index 000000000..0aef25317 --- /dev/null +++ b/krebs/3modules/external/default.nix @@ -0,0 +1,312 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + ci = false; + external = true; + monitoring = false; + }) { + sokrateslaptop = { + owner = config.krebs.users.sokratess; + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + kruck = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.29.201"; + ip6.addr = "42:4234:6a6d:600::1"; + aliases = [ + "kruck.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh + QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA + EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U + uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ + /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR + 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s + qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH + gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj + jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs + fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 + TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + scardanelli = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + ip6.addr = "42:2:5ca:da:3111::1"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + homeros = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + ip6.addr = "42:2::0:3:05::1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + ip6.addr = "42:4992:6a6d:600::1"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; + }; + }; + }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + ip6.addr = "42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + ip6.addr = "42:4992:6a6d:900::1"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.174"; + ip6.addr = "42:4992:6a6d:a00::1"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + users = { + Mic92 = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; + mail = "joerg@higgsboson.tk"; + }; + kmein = { + }; + palo = { + }; + sokratess = { + }; + }; +} + diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 279b8cd6d..52d0b18f1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -337,313 +337,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - sokrateslaptop = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.142.104"; - ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; - aliases = [ - "sokrateslaptop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 - t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ - rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW - egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 - aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V - VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - kruck = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.201"; - ip6.addr = "42:4234:6a6d:600::1"; - aliases = [ - "kruck.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh - QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA - EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U - uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ - /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR - 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s - qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH - gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj - jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs - fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 - TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - scardanelli = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.2.2"; - ip6.addr = "42:2:5ca:da:3111::1"; - aliases = [ - "scardanelli.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ - MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge - UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi - kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 - gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx - we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY - QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm - SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL - 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f - m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q - FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 - lM61fOMcVW1KREdWypiDtu8CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - homeros = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.2.1"; - ip6.addr = "42:2::0:3:05::1"; - aliases = [ - "homeros.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd - ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc - 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v - RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd - vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 - +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc - QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm - fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh - VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 - k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX - gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N - mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - turingmachine = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.168"; - ip6.addr = "42:4992:6a6d:600::1"; - aliases = [ - "turingmachine.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.170"; - ip6.addr = "42:4992:6a6d:700::1"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - rock = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - ip6.addr = "42:4992:6a6d:800::1"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - dpdkm = { - monitoring = false; - ci = false; - external = true; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - ip6.addr = "42:4992:6a6d:900::1"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eve = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; - aliases = [ "eve.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.174"; - ip6.addr = "42:4992:6a6d:a00::1"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; xerxes = { cores = 2; nets = rec { @@ -827,14 +520,8 @@ with import ; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; - sokratess = { - }; wine-mors = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842"; }; - Mic92 = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; - mail = "joerg@higgsboson.tk"; - }; }; } -- cgit v1.2.3 From 7fab6f2dfe2ab1479e4db6dc6fab8f0e672f9e3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:50:39 +0100 Subject: l hosts: remove deprecated gg23 net --- krebs/3modules/lass/default.nix | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 52d0b18f1..86a36015b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -133,11 +133,6 @@ with import ; monitoring = false; cores = 1; nets = { - gg23 = { - ip4.addr = "10.23.1.12"; - aliases = ["uriel.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.81.176"; ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; @@ -164,11 +159,6 @@ with import ; mors = { cores = 2; nets = { - gg23 = { - ip4.addr = "10.23.1.11"; - aliases = ["mors.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.0.2"; ip6.addr = "42:0:0:0:0:0:0:dea7"; -- cgit v1.2.3 From 43be8e6bb38ea99ed489a8b6633ebb33b96b6282 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 6 Dec 2018 20:07:22 +0100 Subject: git: set correct owner on /tmp/cgit --- krebs/3modules/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index f6b4e3c69..895d9b3b6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -427,7 +427,7 @@ let system.activationScripts.cgit = '' mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} chmod 0770 ${cfg.cgit.settings.cache-root} - chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} + chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root} ''; services.nginx.virtualHosts.cgit = { -- cgit v1.2.3 From 60f1e40445692451ffa922a1b48d442f8cab2bb7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:52:32 +0100 Subject: dns.providers: add wirelum (w) --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8ed64654..2e7c61fb5 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -122,6 +122,7 @@ let shack = "hosts"; i = "hosts"; r = "hosts"; + w = "hosts"; }; krebs.users = { -- cgit v1.2.3 From a289812df188ab45ee03aedea83d5a0c861594f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:01:51 +0100 Subject: l: add phone.w --- krebs/3modules/lass/default.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 86a36015b..fe63982be 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,7 +1,11 @@ { config, ... }: - with import ; +let + + rip6 = krebs.genipv6 "retiolum" "lass"; + wip6 = krebs.genipv6 "wirelum" "lass"; +in { dns.providers = { "lassul.us" = "zones"; @@ -459,6 +463,20 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; }; + phone = { + nets = { + wirelum = { + ip6.addr = (wip6 "a").address; + ip4.addr = "10.244.1.2"; + aliases = [ + "phone.w" + ]; + wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + }; + }; + external = true; + ci = false; + }; }; users = rec { lass = lass-blue; -- cgit v1.2.3 From c739f81e5bd62a5dff2def3a45e7c0ac71b08f52 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:02:50 +0100 Subject: l: add wirelum to prism, mors, shodan, icarus, yellow --- krebs/3modules/lass/default.nix | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index fe63982be..adfa8dbee 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,11 +89,22 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + via = internet; + ip4.addr = "10.244.1.1"; + ip6.addr = (wip6 "1").address; + aliases = [ + "prism.w" + ]; + wireguard = { + pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; + subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ]; + }; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - archprism = { cores = 1; nets = rec { @@ -181,6 +192,13 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "dea7").address; + aliases = [ + "mors.w" + ]; + wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ="; + }; }; secure = true; ssh.privkey.path = ; @@ -207,6 +225,13 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "50da").address; + aliases = [ + "shodan.w" + ]; + wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ="; + }; }; secure = true; ssh.privkey.path = ; @@ -233,6 +258,13 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "1205").address; + aliases = [ + "icarus.w" + ]; + wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ="; + }; }; secure = true; ssh.privkey.path = ; @@ -429,6 +461,13 @@ in -----END PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "e110").address; + aliases = [ + "yellow.w" + ]; + wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; -- cgit v1.2.3 From 30772247c0e629d443fb62bc566f3651be1157c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:12:34 +0100 Subject: l: add morpheus.r --- krebs/3modules/lass/default.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index adfa8dbee..f06d62586 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -516,6 +516,35 @@ in external = true; ci = false; }; + morpheus = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.19"; + ip6.addr = "42::19"; + aliases = [ + "morpheus.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY + T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN + /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh + S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz + Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR + bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI + Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz + sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ + VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j + 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA + U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + }; }; users = rec { lass = lass-blue; -- cgit v1.2.3 From 2e18ee84f02c0d7abcf936b1d39c42ab8e75825c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Dec 2018 00:09:03 +0100 Subject: ma: sort hostnames for euer, add netdata.euer.krebsco.de --- krebs/3modules/makefu/default.nix | 52 ++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 25 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 188fbc461..32cba1886 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -560,27 +560,28 @@ in { ci = true; extraZones = { "krebsco.de" = '' + boot.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} - wg.euer IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} + netdata.euer IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; @@ -607,24 +608,25 @@ in { ip4.addr = "10.243.0.213"; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ - "nextgum.r" - "graph.r" - "cache.gum.r" - "logs.makefu.r" - "stats.makefu.r" "backup.makefu.r" + "blog.gum.r" + "blog.makefu.r" + "cache.gum.r" + "cgit.gum.r" + "dcpp.gum.r" "dcpp.nextgum.r" + "graph.r" "gum.r" - "cgit.gum.r" + "logs.makefu.r" + "netdata.makefu.r" + "nextgum.r" "o.gum.r" - "tracker.makefu.r" "search.makefu.r" - "wiki.makefu.r" - "wiki.gum.r" - "blog.makefu.r" - "blog.gum.r" - "dcpp.gum.r" + "stats.makefu.r" "torrent.gum.r" + "tracker.makefu.r" + "wiki.gum.r" + "wiki.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 313712ebc2fc70adefd577f09f0d1795450b0b00 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 21:41:11 +0100 Subject: hosts.*.net.retiolum.ip6.addr: use genipv6 --- krebs/3modules/external/default.nix | 36 +++++++++++--------------- krebs/3modules/jeschli/default.nix | 20 +++++++-------- krebs/3modules/krebs/default.nix | 24 ++++++++---------- krebs/3modules/lass/default.nix | 36 +++++++++----------------- krebs/3modules/makefu/default.nix | 50 ++++++++++--------------------------- krebs/3modules/tv/default.nix | 22 ++++++++-------- 6 files changed, 70 insertions(+), 118 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 0aef25317..02d28ddc8 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -1,19 +1,22 @@ -{ config, ... }: - with import ; +{ config, ... }: let -{ - hosts = mapAttrs (_: recursiveUpdate { + hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; monitoring = false; - }) { + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); + +in { + hosts = mapAttrs hostDefaults { sokrateslaptop = { owner = config.krebs.users.sokratess; nets = { retiolum = { ip4.addr = "10.243.142.104"; - ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; aliases = [ "sokrateslaptop.r" ]; @@ -35,7 +38,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.201"; - ip6.addr = "42:4234:6a6d:600::1"; aliases = [ "kruck.r" ]; @@ -62,7 +64,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.2.2"; - ip6.addr = "42:2:5ca:da:3111::1"; aliases = [ "scardanelli.r" ]; @@ -90,7 +91,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.2.1"; - ip6.addr = "42:2::0:3:05::1"; aliases = [ "homeros.r" ]; @@ -118,7 +118,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.168"; - ip6.addr = "42:4992:6a6d:600::1"; aliases = [ "turingmachine.r" ]; @@ -148,14 +147,13 @@ with import ; ip4.addr = "129.215.197.11"; aliases = [ "eddie.i" ]; }; - retiolum = rec { + retiolum = { via = internet; addrs = [ - ip4.addr - ip6.addr + config.krebs.hosts.eddie.nets.retiolum.ip4.addr + config.krebs.hosts.eddie.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.170"; - ip6.addr = "42:4992:6a6d:700::1"; aliases = [ "eddie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -184,7 +182,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.171"; - ip6.addr = "42:4992:6a6d:700::2"; aliases = [ "rock.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -214,7 +211,6 @@ with import ; retiolum = { via = internet; ip4.addr = "10.243.29.172"; - ip6.addr = "42:4992:6a6d:800::1"; aliases = [ "inspector.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -239,7 +235,6 @@ with import ; nets = rec { retiolum = { ip4.addr = "10.243.29.173"; - ip6.addr = "42:4992:6a6d:900::1"; aliases = [ "dpdkm.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -268,14 +263,13 @@ with import ; ip6.addr = "2a03:4000:13:31e::1"; aliases = [ "eve.i" ]; }; - retiolum = rec { + retiolum = { via = internet; addrs = [ - ip4.addr - ip6.addr + config.krebs.hosts.eve.nets.retiolum.ip4.addr + config.krebs.hosts.eve.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.174"; - ip6.addr = "42:4992:6a6d:a00::1"; aliases = [ "eve.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index c0cb601bc..4a8af435b 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -1,17 +1,20 @@ -{ config, ... }: - with import ; +{ config, ... }: let -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.jeschli; + hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = true; - }) { + owner = config.krebs.users.jeschli; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; + }); + +in { + hosts = mapAttrs hostDefaults { brauerei = { nets = { retiolum = { ip4.addr = "10.243.27.29"; - ip6.addr = "42::29"; aliases = [ "brauerei.r" ]; @@ -48,7 +51,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.27.27"; - ip6.addr = "42::27"; aliases = [ "reagenzglas.r" ]; @@ -92,7 +94,6 @@ with import ; retiolum = { via = internet; ip4.addr = "10.243.27.30"; - ip6.addr = "42::30"; aliases = [ "enklave.r" "cgit.enklave.r" @@ -131,7 +132,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.27.31"; - ip6.addr = "42::31"; aliases = [ "bolide.r" ]; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 889ee2817..59fc43af8 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -1,20 +1,24 @@ -{ config, ... }: - with import ; -let +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.krebs; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address; + }); + testHosts = genAttrs [ "test-arch" "test-centos6" "test-centos7" "test-all-krebs-modules" ] (name: { - owner = config.krebs.users.krebs; inherit name; cores = 1; nets = { retiolum = { ip4.addr = "10.243.73.57"; - ip6.addr = "42:0:0:0:0:0:0:7357"; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd @@ -29,14 +33,12 @@ let }; }); in { - hosts = { + hosts = mapAttrs hostDefaults { hotdog = { ci = true; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.77.3"; - ip6.addr = "42:0:0:0:0:0:77:3"; aliases = [ "hotdog.r" "build.r" @@ -61,11 +63,9 @@ in { }; onebutton = { cores = 1; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.0.101"; - ip6.addr = "42:0:0:0:0:0:0:101"; aliases = [ "onebutton.r" ]; @@ -92,11 +92,9 @@ in { }; puyak = { ci = true; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.77.2"; - ip6.addr = "42:0:0:0:0:0:77:2"; aliases = [ "puyak.r" "build.puyak.r" @@ -120,7 +118,6 @@ in { }; wolf = { ci = true; - owner = config.krebs.users.krebs; nets = { shack = { ip4.addr = "10.42.2.150" ; @@ -135,7 +132,6 @@ in { }; retiolum = { ip4.addr = "10.243.77.1"; - ip6.addr = "42:0:0:0:0:0:77:1"; aliases = [ "wolf.r" "build.wolf.r" diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f06d62586..0d8513a69 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,20 +1,22 @@ -{ config, ... }: with import ; -let +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = true; + monitoring = true; + owner = config.krebs.users.lass; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address; + }); - rip6 = krebs.genipv6 "retiolum" "lass"; wip6 = krebs.genipv6 "wirelum" "lass"; -in -{ +in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.lass; - ci = true; - monitoring = true; - }) { + hosts = mapAttrs hostDefaults { prism = rec { cores = 4; extraZones = { @@ -54,7 +56,6 @@ in retiolum = { via = internet; ip4.addr = "10.243.0.103"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; aliases = [ "prism.r" "cache.prism.r" @@ -118,7 +119,6 @@ in retiolum = { via = internet; ip4.addr = "10.243.0.123"; - ip6.addr = "42:0:0:0:0:0:0:123"; aliases = [ "archprism.r" ]; @@ -150,7 +150,6 @@ in nets = { retiolum = { ip4.addr = "10.243.81.176"; - ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; aliases = [ "uriel.r" "cgit.uriel.r" @@ -176,7 +175,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.2"; - ip6.addr = "42:0:0:0:0:0:0:dea7"; aliases = [ "mors.r" "cgit.mors.r" @@ -209,7 +207,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.4"; - ip6.addr = "42:0:0:0:0:0:0:50d4"; aliases = [ "shodan.r" "cgit.shodan.r" @@ -242,7 +239,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.133.114"; - ip6.addr = "42:0:0:0:0:0:01ca:1205"; aliases = [ "icarus.r" "cgit.icarus.r" @@ -275,7 +271,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.133.115"; - ip6.addr = "42:0:0:0:0:0:daed:a105"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -301,7 +296,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.133.116"; - ip6.addr = "42:0:0:0:0:0:0:1101"; aliases = [ "skynet.r" "cgit.skynet.r" @@ -327,7 +321,6 @@ in nets = { retiolum = { ip4.addr = "10.243.133.77"; - ip6.addr = "42:0:0:0:0:0:717:7137"; aliases = [ "littleT.r" ]; @@ -368,7 +361,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.1.3"; - ip6.addr = "42::1:3"; aliases = [ "xerxes.r" ]; @@ -410,7 +402,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.13"; - ip6.addr = "42:0:0:0:0:0:0:12ed"; aliases = [ "red.r" ]; @@ -440,7 +431,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.14"; - ip6.addr = "42:0:0:0:0:0:0:14"; aliases = [ "yellow.r" ]; @@ -477,7 +467,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.77"; - ip6.addr = "42:0:0:0:0:0:0:77"; aliases = [ "blue.r" ]; @@ -521,7 +510,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.19"; - ip6.addr = "42::19"; aliases = [ "morpheus.r" ]; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 188fbc461..d6c1f0b61 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,20 +1,27 @@ -{ config, ... }: - -with import ; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -let + +with import ; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.makefu; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + }); + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); + in { - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + hosts = mapAttrs hostDefaults { cake = rec { cores = 4; ci = false; nets = { retiolum = { ip4.addr = "10.243.136.236"; - ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; aliases = [ "cake.r" ]; @@ -39,7 +46,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.136.237"; - ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2"; aliases = [ "crapi.r" ]; @@ -65,7 +71,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.177.9"; - ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; aliases = [ "drop.r" ]; @@ -90,7 +95,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.227.163"; - ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; aliases = [ "studio.r" ]; @@ -116,7 +120,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.113.98"; - # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -147,7 +150,6 @@ in { }; retiolum = { ip4.addr = "10.243.80.249"; - ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; aliases = [ "latte.r" ]; @@ -171,7 +173,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.210"; - ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001"; aliases = [ "pnp.r" "cgit.pnp.r" @@ -195,7 +196,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.84"; - ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"; aliases = [ "darth.r" ]; @@ -267,7 +267,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.212"; - ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002"; aliases = [ "tsp.r" ]; @@ -295,7 +294,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.91"; - ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ "x.r" ]; @@ -329,7 +327,6 @@ in { ''; }; #wiregrill = { - # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db"; # aliases = [ # "x.w" # ]; @@ -347,7 +344,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.1.91"; - ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400"; aliases = [ "vbob.r" ]; @@ -386,7 +382,6 @@ in { }; retiolum = { ip4.addr = "10.243.0.153"; - ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110"; aliases = [ "pigstarter.r" ]; @@ -422,7 +417,6 @@ in { retiolum = { via = internet; ip4.addr = "10.243.29.169"; - ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" "graph.wry.r" @@ -460,7 +454,6 @@ in { }; retiolum = { ip4.addr = "10.243.153.102"; - ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.r" ]; @@ -491,7 +484,6 @@ in { }; retiolum = { ip4.addr = "10.243.0.89"; - ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" "dcpp.omo.r" @@ -536,7 +528,6 @@ in { }; retiolum = { ip4.addr = "10.243.214.15"; - # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" "hydra.wbob.r" @@ -596,7 +587,6 @@ in { }; #wiregrill = { # via = internet; - # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3"; # aliases = [ # "gum.w" # ]; @@ -605,7 +595,6 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.213"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" "graph.r" @@ -673,7 +662,6 @@ in { }; retiolum = { ip4.addr = "10.243.205.131"; - ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; aliases = [ "shoney.r" ]; @@ -698,7 +686,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.83.237"; - ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; aliases = [ "sdev.r" ]; @@ -736,7 +723,6 @@ in { }; retiolum = { ip4.addr = "10.243.211.172"; - ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d"; aliases = [ "flap.r" ]; @@ -759,7 +745,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.231.219"; - ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"; aliases = [ "nukular.r" ]; @@ -782,7 +767,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.124.21"; - ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e"; aliases = [ "heidi.r" ]; @@ -872,7 +856,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.189.130"; - ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d"; aliases = [ "filebitch.r" ]; @@ -895,7 +878,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.26.29"; - ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e"; aliases = [ "excobridge.r" ]; @@ -918,7 +900,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.226.213"; - ip6.addr = "42:432e:2379:0cd2:8486:f3b5:335a:5d83"; aliases = [ "horisa.r" ]; @@ -947,7 +928,6 @@ in { }; retiolum = { ip4.addr = "10.243.57.85"; - ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"; aliases = [ "wooki.r" ]; @@ -970,7 +950,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.163"; - ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda"; aliases = [ "senderechner.r" ]; @@ -995,7 +974,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.144.142"; - ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; aliases = [ "tcac-0-1.r" ]; @@ -1025,7 +1003,6 @@ in { }; retiolum = { ip4.addr = "10.243.139.184"; - ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb"; aliases = [ "muhbaasu.r" ]; @@ -1048,7 +1025,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.183.236"; - ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; aliases = [ "tpsw.r" ]; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 71670d336..0683492bc 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,19 +1,24 @@ -{ config, ... }: - with import ; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.tv; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; + }); -{ +in { dns.providers = { "viljetic.de" = "regfish"; }; - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) { + hosts = mapAttrs hostDefaults { alnus = { ci = true; cores = 2; nets = { retiolum = { ip4.addr = "10.243.21.1"; - ip6.addr = "42::2101"; aliases = [ "alnus.r" ]; @@ -38,7 +43,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.20.1"; - ip6.addr = "42::2001"; aliases = [ "mu.r" ]; @@ -79,7 +83,6 @@ with import ; retiolum = { via = config.krebs.hosts.ni.nets.internet; ip4.addr = "10.243.113.223"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af4"; aliases = [ "ni.r" "cgit.ni.r" @@ -114,7 +117,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.0.110"; - ip6.addr = "42:2d5:733f:d6da:c0f5:2bb7:2b18:9ec"; aliases = [ "nomic.r" "cgit.nomic.r" @@ -158,7 +160,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.37"; - ip6.addr = "42::1337"; aliases = [ "wu.r" "cgit.wu.r" @@ -185,7 +186,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.22.22"; - ip6.addr = "42::2222"; aliases = [ "querel.r" ]; @@ -226,7 +226,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.38"; - ip6.addr = "42::1338"; aliases = [ "xu.r" "cgit.xu.r" @@ -261,7 +260,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.40"; - ip6.addr = "42::1340"; aliases = [ "zu.r" ]; -- cgit v1.2.3 From e55b54092803dbddbafe4971c9c7da4b5679988d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 23:11:40 +0100 Subject: krebs hosts: add owner to testHosts, too ^_^' --- krebs/3modules/krebs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 59fc43af8..72c16711c 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -33,7 +33,7 @@ with import ; }; }); in { - hosts = mapAttrs hostDefaults { + hosts = mapAttrs hostDefaults ({ hotdog = { ci = true; nets = { @@ -153,7 +153,7 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; - } // testHosts; + } // testHosts); users = { krebs = { pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary -- cgit v1.2.3 From 9e6dbd6df4532031c2dd23d1da7d88c12f1b2fbb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 21:10:05 +0100 Subject: l: set short ipv6 addresses for all hosts --- krebs/3modules/lass/default.nix | 50 ++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 13 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0d8513a69..148cc3ed8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,16 +1,14 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ + hostDefaults = hostName: host: flip recursiveUpdate host { ci = true; monitoring = true; owner = config.krebs.users.lass; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address; - }); + }; - wip6 = krebs.genipv6 "wirelum" "lass"; + r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; in { dns.providers = { @@ -56,6 +54,7 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.103"; + ip6.addr = r6 "1"; aliases = [ "prism.r" "cache.prism.r" @@ -93,13 +92,13 @@ in { wirelum = { via = internet; ip4.addr = "10.244.1.1"; - ip6.addr = (wip6 "1").address; + ip6.addr = w6 "1"; aliases = [ "prism.w" ]; wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; - subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ]; + subnets = [ "10.244.1.0/24" "42:1::/32" ]; }; }; }; @@ -150,6 +149,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.81.176"; + ip6.addr = r6 "1e1"; aliases = [ "uriel.r" "cgit.uriel.r" @@ -175,6 +175,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.2"; + ip6.addr = r6 "dea7"; aliases = [ "mors.r" "cgit.mors.r" @@ -191,7 +192,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "dea7").address; + ip6.addr = w6 "dea7"; aliases = [ "mors.w" ]; @@ -207,6 +208,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.4"; + ip6.addr = r6 "50da"; aliases = [ "shodan.r" "cgit.shodan.r" @@ -223,7 +225,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "50da").address; + ip6.addr = w6 "50da"; aliases = [ "shodan.w" ]; @@ -239,6 +241,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.114"; + ip6.addr = r6 "1205"; aliases = [ "icarus.r" "cgit.icarus.r" @@ -255,7 +258,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "1205").address; + ip6.addr = w6 "1205"; aliases = [ "icarus.w" ]; @@ -271,6 +274,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.115"; + ip6.addr = r6 "dead"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -296,6 +300,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.116"; + ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" "cgit.skynet.r" @@ -321,6 +326,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.133.77"; + ip6.addr = r6 "771e"; aliases = [ "littleT.r" ]; @@ -402,6 +408,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.13"; + ip6.addr = r6 "12ed"; aliases = [ "red.r" ]; @@ -431,6 +438,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.14"; + ip6.addr = r6 "3110"; aliases = [ "yellow.r" ]; @@ -452,7 +460,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "e110").address; + ip6.addr = w6 "3110"; aliases = [ "yellow.w" ]; @@ -467,6 +475,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.77"; + ip6.addr = r6 "b1ce"; aliases = [ "blue.r" ]; @@ -487,6 +496,13 @@ in { -----END PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = w6 "b1ce"; + aliases = [ + "blue.w" + ]; + wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; @@ -494,8 +510,8 @@ in { phone = { nets = { wirelum = { - ip6.addr = (wip6 "a").address; ip4.addr = "10.244.1.2"; + ip6.addr = w6 "a"; aliases = [ "phone.w" ]; @@ -510,6 +526,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.19"; + ip6.addr = r6 "012f"; aliases = [ "morpheus.r" ]; @@ -529,6 +546,13 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = w6 "012f"; + aliases = [ + "morpheus.w" + ]; + wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; -- cgit v1.2.3 From f0fc2013d75e249e03123f611eacf523077ad07e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 23:01:55 +0100 Subject: l: update shodan wirelum key --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 148cc3ed8..6f3b19a96 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -229,7 +229,7 @@ in { aliases = [ "shodan.w" ]; - wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ="; + wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; }; }; secure = true; -- cgit v1.2.3 From 4e04b2ac99885f2d953487b506d37c5519794754 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 23:02:22 +0100 Subject: l: rip xerxes --- krebs/3modules/lass/default.nix | 40 ---------------------------------------- 1 file changed, 40 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6f3b19a96..1eac198fa 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -362,46 +362,6 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - xerxes = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.3"; - aliases = [ - "xerxes.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U - MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk - gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W - /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb - mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO - X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj - +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim - hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 - 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 - H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 - JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 - hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe - SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo - 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe - vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 - Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO - scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv - jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ - Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u - /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 - bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ - sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; - }; red = { monitoring = false; cores = 1; -- cgit v1.2.3 From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:11:02 +0100 Subject: wirelum -> wiregrill --- krebs/3modules/lass/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1eac198fa..1117dc61c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -8,7 +8,7 @@ with import ; }; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; - w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; in { dns.providers = { @@ -89,7 +89,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { via = internet; ip4.addr = "10.244.1.1"; ip6.addr = w6 "1"; @@ -191,7 +191,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "dea7"; aliases = [ "mors.w" @@ -224,7 +224,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "50da"; aliases = [ "shodan.w" @@ -257,7 +257,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "1205"; aliases = [ "icarus.w" @@ -419,7 +419,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "3110"; aliases = [ "yellow.w" @@ -456,7 +456,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "b1ce"; aliases = [ "blue.w" @@ -469,7 +469,7 @@ in { }; phone = { nets = { - wirelum = { + wiregrill = { ip4.addr = "10.244.1.2"; ip6.addr = w6 "a"; aliases = [ @@ -506,7 +506,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "012f"; aliases = [ "morpheus.w" -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/a4300000.lock: No such file or directory (2)