2018-09-15 22:32:35 +00:00
|
|
|
## generate keys with:
|
|
|
|
# tinc generate-keys
|
|
|
|
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
|
2018-12-11 20:41:11 +00:00
|
|
|
|
|
|
|
with import <stockholm/lib>;
|
|
|
|
{ config, ... }: let
|
|
|
|
|
2019-02-27 22:27:39 +00:00
|
|
|
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
|
|
|
|
{
|
|
|
|
owner = config.krebs.users.makefu;
|
|
|
|
}
|
|
|
|
# Retiolum defaults
|
|
|
|
(let
|
|
|
|
pubkey-path = ./retiolum + "/${hostName}.pub";
|
|
|
|
in optionalAttrs (pathExists pubkey-path) {
|
|
|
|
nets.retiolum = {
|
|
|
|
tinc.pubkey = readFile pubkey-path;
|
|
|
|
aliases = [
|
|
|
|
"${hostName}.r"
|
|
|
|
];
|
|
|
|
ip6.addr =
|
|
|
|
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
# Wiregrill defaults
|
|
|
|
(let
|
|
|
|
pubkey-path = ./wiregrill + "/${hostName}.pub";
|
|
|
|
in optionalAttrs (pathExists pubkey-path) {
|
|
|
|
nets.wiregrill = {
|
|
|
|
aliases = [
|
|
|
|
"${hostName}.w"
|
|
|
|
];
|
|
|
|
ip6.addr =
|
|
|
|
(krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
|
|
|
|
wireguard.pubkey = readFile pubkey-path;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
# SSHD defaults
|
|
|
|
(let
|
|
|
|
pubkey-path = ./sshd + "/${hostName}.pub";
|
|
|
|
in optionalAttrs (pathExists pubkey-path) {
|
|
|
|
ssh.pubkey = readFile pubkey-path;
|
|
|
|
# We assume that if the sshd pubkey exits then there must be a privkey in
|
|
|
|
# the screts store as well
|
|
|
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
|
|
|
})
|
|
|
|
host
|
|
|
|
];
|
2018-12-11 20:41:11 +00:00
|
|
|
|
2018-09-24 21:33:42 +00:00
|
|
|
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
2019-02-27 22:27:39 +00:00
|
|
|
w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
|
2018-09-24 21:33:42 +00:00
|
|
|
in {
|
2018-12-11 20:41:11 +00:00
|
|
|
hosts = mapAttrs hostDefaults {
|
2017-10-01 12:01:48 +00:00
|
|
|
cake = rec {
|
2017-11-14 09:18:20 +00:00
|
|
|
cores = 4;
|
2017-10-01 12:01:48 +00:00
|
|
|
ci = false;
|
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.136.236";
|
2017-10-01 12:01:48 +00:00
|
|
|
};
|
|
|
|
};
|
2018-09-15 22:32:35 +00:00
|
|
|
crapi = rec { # raspi1
|
|
|
|
cores = 1;
|
|
|
|
ci = false;
|
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.136.237";
|
2018-09-15 22:32:35 +00:00
|
|
|
};
|
|
|
|
};
|
2019-02-26 07:58:40 +00:00
|
|
|
firecracker = {
|
|
|
|
cores = 4;
|
2017-02-12 19:13:45 +00:00
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.12.12";
|
2017-02-12 19:13:45 +00:00
|
|
|
};
|
2016-08-20 23:24:50 +00:00
|
|
|
};
|
2019-02-26 07:58:40 +00:00
|
|
|
|
2017-05-12 09:30:26 +00:00
|
|
|
studio = rec {
|
2018-11-10 20:11:23 +00:00
|
|
|
ci = false;
|
2017-05-12 09:30:26 +00:00
|
|
|
cores = 4;
|
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.227.163";
|
2017-05-12 09:30:26 +00:00
|
|
|
};
|
|
|
|
};
|
2016-12-22 13:12:24 +00:00
|
|
|
fileleech = rec {
|
2018-11-10 20:11:23 +00:00
|
|
|
ci = false;
|
2017-02-12 19:13:45 +00:00
|
|
|
cores = 4;
|
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.113.98";
|
2016-07-11 18:44:16 +00:00
|
|
|
};
|
|
|
|
};
|
2015-10-01 16:56:41 +00:00
|
|
|
tsp = {
|
2017-08-31 17:15:09 +00:00
|
|
|
ci = true;
|
2015-10-01 16:56:41 +00:00
|
|
|
cores = 1;
|
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.0.212";
|
2015-10-01 16:56:41 +00:00
|
|
|
};
|
|
|
|
};
|
2016-07-28 10:58:54 +00:00
|
|
|
x = {
|
2017-08-31 17:15:09 +00:00
|
|
|
ci = true;
|
2017-04-24 21:21:07 +00:00
|
|
|
cores = 4;
|
2015-10-01 16:56:41 +00:00
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.0.91";
|
|
|
|
wiregrill = {
|
|
|
|
# defaults
|
2016-06-23 14:45:44 +00:00
|
|
|
};
|
2015-10-01 16:56:41 +00:00
|
|
|
};
|
2015-12-14 13:33:06 +00:00
|
|
|
|
2015-10-01 16:56:41 +00:00
|
|
|
};
|
2015-11-06 09:59:40 +00:00
|
|
|
filepimp = rec {
|
2018-11-10 20:11:23 +00:00
|
|
|
ci = false;
|
2015-11-06 09:59:40 +00:00
|
|
|
cores = 1;
|
|
|
|
nets = {
|
2016-07-18 13:35:36 +00:00
|
|
|
lan = {
|
|
|
|
ip4.addr = "192.168.1.12";
|
|
|
|
aliases = [
|
|
|
|
"filepimp.lan"
|
|
|
|
];
|
|
|
|
};
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.153.102";
|
2015-11-06 09:59:40 +00:00
|
|
|
};
|
|
|
|
};
|
2015-12-16 11:06:44 +00:00
|
|
|
|
|
|
|
omo = rec {
|
2017-08-31 17:15:09 +00:00
|
|
|
ci = true;
|
2015-12-16 11:06:44 +00:00
|
|
|
cores = 2;
|
|
|
|
|
|
|
|
nets = {
|
2016-07-18 13:35:36 +00:00
|
|
|
lan = {
|
|
|
|
ip4.addr = "192.168.1.11";
|
|
|
|
aliases = [
|
|
|
|
"omo.lan"
|
|
|
|
];
|
|
|
|
};
|
2015-12-16 11:06:44 +00:00
|
|
|
retiolum = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "10.243.0.89";
|
2015-12-16 11:06:44 +00:00
|
|
|
aliases = [
|
2019-02-27 22:58:28 +00:00
|
|
|
"omo.r"
|
2018-11-05 15:22:39 +00:00
|
|
|
"dcpp.omo.r"
|
|
|
|
"torrent.omo.r"
|
2015-12-16 11:06:44 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2016-01-19 19:26:38 +00:00
|
|
|
wbob = rec {
|
2017-08-31 17:15:09 +00:00
|
|
|
ci = true;
|
2017-07-16 21:29:03 +00:00
|
|
|
cores = 4;
|
2016-01-19 19:26:38 +00:00
|
|
|
nets = {
|
2019-06-14 23:05:01 +00:00
|
|
|
lan = {
|
|
|
|
ip4.addr = "192.168.8.11";
|
|
|
|
aliases = [
|
|
|
|
"wbob.lan"
|
|
|
|
"log.wbob.lan"
|
|
|
|
];
|
|
|
|
};
|
2016-02-17 09:51:26 +00:00
|
|
|
retiolum = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "10.243.214.15";
|
2016-01-19 19:26:38 +00:00
|
|
|
aliases = [
|
2019-02-27 22:58:28 +00:00
|
|
|
"wbob.r"
|
2018-02-26 17:59:43 +00:00
|
|
|
"hydra.wbob.r"
|
2019-06-14 23:05:01 +00:00
|
|
|
"log.wbob.r"
|
2016-01-19 19:26:38 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2018-11-05 15:22:39 +00:00
|
|
|
gum = rec {
|
2018-06-24 21:41:27 +00:00
|
|
|
ci = true;
|
2018-08-06 14:31:04 +00:00
|
|
|
extraZones = {
|
|
|
|
"krebsco.de" = ''
|
2019-02-26 07:58:40 +00:00
|
|
|
boot IN A ${nets.internet.ip4.addr}
|
2018-12-09 23:09:03 +00:00
|
|
|
boot.euer IN A ${nets.internet.ip4.addr}
|
2018-08-06 14:31:04 +00:00
|
|
|
cache.euer IN A ${nets.internet.ip4.addr}
|
|
|
|
cache.gum IN A ${nets.internet.ip4.addr}
|
2018-12-09 23:09:03 +00:00
|
|
|
cgit.euer IN A ${nets.internet.ip4.addr}
|
|
|
|
dl.euer IN A ${nets.internet.ip4.addr}
|
|
|
|
dockerhub IN A ${nets.internet.ip4.addr}
|
|
|
|
euer IN A ${nets.internet.ip4.addr}
|
2019-02-26 07:58:40 +00:00
|
|
|
euer IN MX 1 aspmx.l.google.com.
|
2018-12-09 23:09:03 +00:00
|
|
|
ghook IN A ${nets.internet.ip4.addr}
|
|
|
|
git.euer IN A ${nets.internet.ip4.addr}
|
2018-08-06 14:31:04 +00:00
|
|
|
gold IN A ${nets.internet.ip4.addr}
|
2018-12-09 23:09:03 +00:00
|
|
|
graph IN A ${nets.internet.ip4.addr}
|
|
|
|
gum IN A ${nets.internet.ip4.addr}
|
2018-09-15 22:32:35 +00:00
|
|
|
iso.euer IN A ${nets.internet.ip4.addr}
|
2018-11-05 15:22:39 +00:00
|
|
|
mon.euer IN A ${nets.internet.ip4.addr}
|
2018-12-09 23:09:03 +00:00
|
|
|
netdata.euer IN A ${nets.internet.ip4.addr}
|
2019-02-26 07:58:40 +00:00
|
|
|
nixos.unstable IN CNAME krebscode.github.io.
|
2018-12-09 23:09:03 +00:00
|
|
|
o.euer IN A ${nets.internet.ip4.addr}
|
|
|
|
photostore IN A ${nets.internet.ip4.addr}
|
2018-11-05 15:22:39 +00:00
|
|
|
pigstarter IN A ${nets.internet.ip4.addr}
|
|
|
|
share.euer IN A ${nets.internet.ip4.addr}
|
2018-12-09 23:09:03 +00:00
|
|
|
wg.euer IN A ${nets.internet.ip4.addr}
|
|
|
|
wiki.euer IN A ${nets.internet.ip4.addr}
|
2018-11-05 15:22:39 +00:00
|
|
|
wikisearch IN A ${nets.internet.ip4.addr}
|
2019-09-24 16:39:03 +00:00
|
|
|
bookmark.euer IN A ${nets.internet.ip4.addr}
|
2018-11-05 15:22:39 +00:00
|
|
|
io IN NS gum.krebsco.de.
|
2019-06-14 23:05:01 +00:00
|
|
|
mediengewitter IN CNAME over.dose.io.
|
2018-08-06 14:31:04 +00:00
|
|
|
'';
|
|
|
|
};
|
2018-06-24 21:41:27 +00:00
|
|
|
cores = 8;
|
|
|
|
nets = rec {
|
|
|
|
internet = {
|
|
|
|
ip4.addr = "144.76.26.247";
|
|
|
|
ip6.addr = "2a01:4f8:191:12f6::2";
|
|
|
|
aliases = [
|
2018-11-05 15:22:39 +00:00
|
|
|
"gum.i"
|
2018-06-24 21:41:27 +00:00
|
|
|
"nextgum.i"
|
|
|
|
];
|
|
|
|
};
|
2019-02-27 22:27:39 +00:00
|
|
|
wiregrill = {
|
|
|
|
via = internet;
|
2019-06-14 23:25:27 +00:00
|
|
|
ip4.addr = "10.244.245.1";
|
2019-02-27 22:27:39 +00:00
|
|
|
ip6.addr = w6 "1";
|
2019-06-14 23:05:01 +00:00
|
|
|
wireguard.port = 51821;
|
2019-06-14 23:25:27 +00:00
|
|
|
wireguard.subnets = [
|
|
|
|
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
|
|
|
|
"10.244.245.0/24" # required for routing directly to gum via rockit
|
|
|
|
];
|
2019-02-27 22:27:39 +00:00
|
|
|
};
|
2018-06-24 21:41:27 +00:00
|
|
|
retiolum = {
|
|
|
|
via = internet;
|
|
|
|
ip4.addr = "10.243.0.213";
|
|
|
|
aliases = [
|
2019-02-27 22:58:28 +00:00
|
|
|
"gum.r"
|
2018-09-25 10:11:22 +00:00
|
|
|
"backup.makefu.r"
|
2018-12-09 23:09:03 +00:00
|
|
|
"blog.gum.r"
|
|
|
|
"blog.makefu.r"
|
|
|
|
"cache.gum.r"
|
|
|
|
"cgit.gum.r"
|
|
|
|
"dcpp.gum.r"
|
2018-09-24 21:33:42 +00:00
|
|
|
"dcpp.nextgum.r"
|
2018-12-09 23:09:03 +00:00
|
|
|
"graph.r"
|
|
|
|
"logs.makefu.r"
|
|
|
|
"netdata.makefu.r"
|
|
|
|
"nextgum.r"
|
2017-01-09 14:56:44 +00:00
|
|
|
"o.gum.r"
|
2017-06-01 08:12:43 +00:00
|
|
|
"search.makefu.r"
|
2018-12-09 23:09:03 +00:00
|
|
|
"stats.makefu.r"
|
2018-11-22 08:38:33 +00:00
|
|
|
"torrent.gum.r"
|
2018-12-09 23:09:03 +00:00
|
|
|
"tracker.makefu.r"
|
|
|
|
"wiki.gum.r"
|
|
|
|
"wiki.makefu.r"
|
2019-06-17 05:51:41 +00:00
|
|
|
"sick.makefu.r"
|
2015-10-01 16:56:41 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2018-11-10 20:11:23 +00:00
|
|
|
|
2016-10-19 10:33:56 +00:00
|
|
|
sdev = rec {
|
2017-08-31 17:15:09 +00:00
|
|
|
ci = true;
|
2016-10-19 10:33:56 +00:00
|
|
|
cores = 1;
|
|
|
|
nets = {
|
2019-02-27 22:27:39 +00:00
|
|
|
retiolum.ip4.addr = "10.243.83.237";
|
2016-10-19 10:33:56 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2016-03-11 01:11:39 +00:00
|
|
|
|
2017-02-12 19:13:45 +00:00
|
|
|
# non-stockholm
|
2016-03-11 01:11:39 +00:00
|
|
|
|
|
|
|
flap = rec {
|
|
|
|
cores = 1;
|
|
|
|
extraZones = {
|
|
|
|
"krebsco.de" = ''
|
2016-04-08 01:53:34 +00:00
|
|
|
flap IN A ${nets.internet.ip4.addr}
|
2016-03-11 01:11:39 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
nets = {
|
|
|
|
internet = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "162.248.11.162";
|
2016-03-11 01:11:39 +00:00
|
|
|
aliases = [
|
2017-04-12 09:17:38 +00:00
|
|
|
"flap.i"
|
2016-03-11 01:11:39 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
retiolum = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "10.243.211.172";
|
2016-03-11 01:11:39 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
nukular = rec {
|
|
|
|
cores = 1;
|
|
|
|
nets = {
|
|
|
|
retiolum = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "10.243.231.219";
|
2016-03-11 01:11:39 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
filebitch = rec {
|
|
|
|
cores = 4;
|
|
|
|
nets = {
|
|
|
|
retiolum = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "10.243.189.130";
|
2016-03-11 01:11:39 +00:00
|
|
|
};
|
|
|
|
};
|
2019-06-17 05:51:41 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
shackdev = rec { # router@shack
|
|
|
|
cores = 1;
|
|
|
|
nets.wiregrill.ip4.addr = "10.244.245.2";
|
2016-03-11 01:11:39 +00:00
|
|
|
};
|
2019-06-17 05:51:41 +00:00
|
|
|
|
2019-06-14 23:05:01 +00:00
|
|
|
rockit = rec { # router@home
|
|
|
|
cores = 1;
|
2019-06-17 05:51:41 +00:00
|
|
|
nets.wiregrill.ip4.addr = "10.244.245.3";
|
2019-06-14 23:05:01 +00:00
|
|
|
};
|
2016-03-11 01:11:39 +00:00
|
|
|
|
2016-04-07 17:54:17 +00:00
|
|
|
senderechner = rec {
|
|
|
|
cores = 2;
|
|
|
|
nets = {
|
|
|
|
retiolum = {
|
2016-04-08 01:53:34 +00:00
|
|
|
ip4.addr = "10.243.0.163";
|
2016-08-22 16:41:07 +00:00
|
|
|
};
|
2017-02-12 19:13:45 +00:00
|
|
|
};
|
2016-08-22 16:41:07 +00:00
|
|
|
};
|
2015-10-01 16:56:41 +00:00
|
|
|
};
|
2016-02-06 17:54:01 +00:00
|
|
|
users = rec {
|
2015-10-01 16:56:41 +00:00
|
|
|
makefu = {
|
2017-04-12 09:17:38 +00:00
|
|
|
mail = "makefu@x.r";
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.x";
|
2017-04-12 09:15:02 +00:00
|
|
|
pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
|
|
|
|
pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
|
2015-12-14 16:04:16 +00:00
|
|
|
};
|
2015-12-14 16:12:51 +00:00
|
|
|
makefu-omo = {
|
2016-03-16 07:35:06 +00:00
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.omo";
|
2015-12-14 16:04:16 +00:00
|
|
|
};
|
2015-12-14 16:12:51 +00:00
|
|
|
makefu-tsp = {
|
2016-03-16 07:35:06 +00:00
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.tsp";
|
2015-12-14 16:04:16 +00:00
|
|
|
};
|
2015-12-14 16:12:51 +00:00
|
|
|
makefu-vbob = {
|
2016-03-16 07:35:06 +00:00
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.vbob";
|
2015-12-14 16:12:51 +00:00
|
|
|
};
|
2017-02-04 13:35:29 +00:00
|
|
|
makefu-tempx = {
|
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.tempx";
|
2017-02-04 13:35:29 +00:00
|
|
|
};
|
2017-10-08 20:20:46 +00:00
|
|
|
makefu-android = {
|
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.android";
|
2017-10-08 20:20:46 +00:00
|
|
|
};
|
2018-02-14 00:33:05 +00:00
|
|
|
makefu-remote-builder = {
|
2018-02-14 07:12:06 +00:00
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.remote-builder";
|
2018-02-14 00:33:05 +00:00
|
|
|
};
|
2017-02-08 17:37:15 +00:00
|
|
|
makefu-bob = {
|
|
|
|
inherit (makefu) mail pgp;
|
2018-09-24 21:33:42 +00:00
|
|
|
pubkey = pub-for "makefu.bob";
|
2017-02-08 17:37:15 +00:00
|
|
|
};
|
2015-10-01 16:56:41 +00:00
|
|
|
};
|
|
|
|
}
|