Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
0430fbbbfe
@ -15,5 +15,6 @@ nur-packages makefu:
|
||||
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
|
||||
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
|
||||
- git push --force deploy HEAD:master
|
||||
- curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
|
||||
after_script:
|
||||
- rm -f deploy.key
|
||||
|
@ -1,13 +1,15 @@
|
||||
# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; };
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
<stockholm/jeschli>
|
||||
./hardware-configuration.nix
|
||||
<stockholm/jeschli/2configs/urxvt.nix>
|
||||
<stockholm/jeschli/2configs/emacs.nix>
|
||||
<stockholm/jeschli/2configs/xdg.nix>
|
||||
<stockholm/jeschli/2configs/xserver>
|
||||
# <stockholm/jeschli/2configs/emacs.nix>
|
||||
# <stockholm/jeschli/2configs/xdg.nix>
|
||||
# <stockholm/jeschli/2configs/xserver>
|
||||
<stockholm/jeschli/2configs/steam.nix>
|
||||
<stockholm/jeschli/2configs/virtualbox.nix>
|
||||
];
|
||||
@ -32,28 +34,31 @@
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
environment.shellAliases = {
|
||||
n = "nix-shell";
|
||||
stocki = pkgs.writeDash "deploy" ''
|
||||
cd ~/stockholm
|
||||
exec nix-shell -I stockholm="$PWD" --run 'deploy --system="brauerei"'
|
||||
'';
|
||||
# emacs aliases
|
||||
ed = "emacsclient";
|
||||
edc = "emacsclient --create-frame";
|
||||
# nix aliases
|
||||
ns = "nix-shell";
|
||||
# krops
|
||||
deploy = pkgs.writeDash "deploy" ''
|
||||
set -eu
|
||||
export SYSTEM="$1"
|
||||
$(nix-build $HOME/stockholm/jeschli/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# system helper
|
||||
# system helper
|
||||
acpi
|
||||
ag
|
||||
curl
|
||||
copyq
|
||||
curl
|
||||
dmenu
|
||||
git
|
||||
i3lock
|
||||
keepass
|
||||
networkmanagerapplet
|
||||
pavucontrol
|
||||
rsync
|
||||
terminator
|
||||
tmux
|
||||
@ -61,16 +66,17 @@
|
||||
# editors
|
||||
emacs
|
||||
# internet
|
||||
thunderbird
|
||||
chromium
|
||||
firefox
|
||||
google-chrome
|
||||
thunderbird
|
||||
# programming languages
|
||||
elixir
|
||||
elmPackages.elm
|
||||
exercism
|
||||
go
|
||||
gcc
|
||||
ghc
|
||||
go
|
||||
python35
|
||||
python35Packages.pip
|
||||
(vagrant.override {
|
||||
@ -84,23 +90,28 @@
|
||||
});
|
||||
};
|
||||
})
|
||||
# dev tools
|
||||
gnumake
|
||||
jetbrains.goland
|
||||
jetbrains.pycharm-professional
|
||||
jetbrains.webstorm
|
||||
# document viewer
|
||||
evince
|
||||
zathura
|
||||
# go tools
|
||||
golint
|
||||
gotools
|
||||
# rust
|
||||
cargo
|
||||
rustc
|
||||
# dev tools
|
||||
gnumake
|
||||
jetbrains.pycharm-professional
|
||||
jetbrains.webstorm
|
||||
jetbrains.goland
|
||||
# document viewer
|
||||
evince
|
||||
zathura
|
||||
rustracer
|
||||
rustup
|
||||
vscode
|
||||
# orga tools
|
||||
taskwarrior
|
||||
# xorg
|
||||
xorg.xbacklight
|
||||
taskwarrior
|
||||
# tokei
|
||||
tokei
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
@ -113,29 +124,32 @@
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
services.emacs.enable = true;
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
services.xserver = {
|
||||
|
||||
# Don't install feh into systemPackages
|
||||
# refs <nixpkgs/nixos/modules/services/x11/desktop-managers>
|
||||
desktopManager.session = lib.mkForce [];
|
||||
displayManager.lightdm.enable = lib.mkForce false;
|
||||
displayManager.job.execCmd = lib.mkForce "derp";
|
||||
|
||||
enable = true;
|
||||
display = lib.mkForce 11;
|
||||
tty = lib.mkForce 11;
|
||||
|
||||
dpi = 144;
|
||||
desktopManager = {
|
||||
xfce.enable = true;
|
||||
gnome3.enable = true;
|
||||
};
|
||||
|
||||
# videoDrivers = [ "nvidia" ];
|
||||
synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
windowManager = {
|
||||
session = [{
|
||||
name = "xmonad";
|
||||
start = ''
|
||||
${xmonad-jeschli}/bin/xmonad &
|
||||
waitPID=$!
|
||||
'';
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.xserver.windowManager.i3.enable = true;
|
||||
|
||||
users.extraUsers.jeschli = { # TODO: define as krebs.users
|
||||
isNormalUser = true;
|
||||
extraGroups = ["docker" "vboxusers" "audio"];
|
||||
@ -151,6 +165,7 @@
|
||||
config.krebs.users.lass.pubkey
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
|
||||
"ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAQC1x9+OtNfwv6LxblnLHeBElxoxLfaYUyvqMrBgnrlkaPjylPv711bvPslnt+YgdPsZQLCoQ2t5f0x0j7ZOMYE9eyRrnr67ITO+Od05u3eCypWOZulekkDL0ZDeYdvoZKOWnbKWnQVRfYuLOEL/g5/9E7MLtIdID8e98b/qHzs/+wmuuDR3zHCNic0BKixgET/EgFvLWezWxJ6D/TTv/5sDAfrC+RUN8ad14sxjKIkS3nkAlm8bhrCxQKaHLUcCJWiweW0gPWYSlp64VHS5lchvqCJlPYQdx0XbwolvlLYru0w74ljLbi3eL35GFFyHSeEjQ73EtVwo53uVKTy7SAORU7JNg6xL9H3ChOLOknN9oHs1K7t/maMsATle0HAFcTuaOhELUmHM8dCJh3nPVWIkzHQ4o3fyaogrpt7/V5j6R1/Ozn7P9n4OdqrjiaWqHlz/XHeYNNWte+a0EW+NubC83yS0Cu3uhZ36C3RET2vNM25CyYOBn4ccClAozayQIb6Cif0tCafMRPgkSlogQd8+SqNZpTnmtllIT3VnT5smgrufy6HETDkrHjApDrsqLtMCFY83RFwt4QLv/L93O7IsGifzmEfD9qD7YBSMNs8ihBIUXPk9doHXvYS506YroxWOxe/C0rzzbaogxQT6JMd1ozfXitRD9v7iBIFAT4Kzjw== christopher.kilian@dcso.de"
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -1,145 +0,0 @@
|
||||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
<stockholm/jeschli>
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
# boot.loader.grub.enable = true;
|
||||
# boot.loader.grub.version = 2;
|
||||
# boot.loader.grub.efiSupport = true;
|
||||
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
# Define on which hard drive you want to install Grub.
|
||||
# boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5002538844584d30"; # or "nodev" for efi only
|
||||
|
||||
boot.initrd.luks.devices = [
|
||||
{
|
||||
name = "root";
|
||||
device = "/dev/disk/by-id/wwn-0x5002538844584d30-part2";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
}
|
||||
];
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
networking.networkmanager.enable = true;
|
||||
# Select internationalisation properties.
|
||||
# i18n = {
|
||||
# consoleFont = "Lat2-Terminus16";
|
||||
# consoleKeyMap = "us";
|
||||
# defaultLocale = "en_US.UTF-8";
|
||||
# };
|
||||
|
||||
# Set your time zone.
|
||||
# time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# List packages installed in system profile. To search by name, run:
|
||||
# $ nix-env -qaP | grep wget
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.shellAliases = { n = "nix-shell"; };
|
||||
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
|
||||
environment.systemPackages = with pkgs; [
|
||||
# system helper
|
||||
ag
|
||||
curl
|
||||
copyq
|
||||
dmenu
|
||||
git
|
||||
i3lock
|
||||
keepass
|
||||
networkmanagerapplet
|
||||
rsync
|
||||
terminator
|
||||
tmux
|
||||
wget
|
||||
rxvt_unicode
|
||||
# editors
|
||||
emacs
|
||||
# internet
|
||||
thunderbird
|
||||
chromium
|
||||
google-chrome
|
||||
# programming languages
|
||||
go
|
||||
gcc
|
||||
ghc
|
||||
python35
|
||||
python35Packages.pip
|
||||
# go tools
|
||||
golint
|
||||
gotools
|
||||
# dev tools
|
||||
gnumake
|
||||
# document viewer
|
||||
zathura
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01 markus@reaganzglas"
|
||||
];
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "us";
|
||||
services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# Enable touchpad support.
|
||||
services.xserver.libinput.enable = true;
|
||||
|
||||
# Enable the KDE Desktop Environment.
|
||||
services.xserver.displayManager.sddm.enable = true;
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.extraUsers.jeschli = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.03"; # Did you read the comment?
|
||||
|
||||
programs.bash = {
|
||||
enableCompletion = true;
|
||||
interactiveShellInit = ''
|
||||
export GOPATH=$HOME/go
|
||||
export PATH=$PATH:$GOPATH/bin
|
||||
'';
|
||||
};
|
||||
|
||||
krebs.build.host = config.krebs.hosts.reagenzglas;
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
}
|
@ -1,33 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/09130cf7-b71b-42ab-9fa3-cb3c745f1fc9";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/8bee50b3-5733-4373-a966-388def141774";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/DA40-AC19";
|
||||
fsType = "vfat";
|
||||
};
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
# powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
@ -15,6 +15,7 @@ let
|
||||
(add-to-list 'package-archives '("gnu" . "http://elpa.gnu.org/packages/")))
|
||||
(package-initialize)
|
||||
'';
|
||||
|
||||
evilMode = ''
|
||||
;; Evil Mode
|
||||
(require 'evil)
|
||||
@ -25,6 +26,22 @@ let
|
||||
;; (require 'evil-org-agenda)
|
||||
;; (evil-org-agenda-set-keys)
|
||||
'';
|
||||
|
||||
goMode = ''
|
||||
(add-to-list 'exec-path "~/go/bin")
|
||||
(add-hook 'go-mode-hook
|
||||
(lambda ()
|
||||
(setq-default)
|
||||
(setq tab-width 2)
|
||||
(setq standard-indent 2)
|
||||
(setq indent-tabs-mode nil)))
|
||||
'';
|
||||
|
||||
ido = ''
|
||||
(require 'ido)
|
||||
(ido-mode t)
|
||||
'';
|
||||
|
||||
windowCosmetics = ''
|
||||
(menu-bar-mode -1)
|
||||
(tool-bar-mode -1) ; Disable the button bar atop screen
|
||||
@ -37,46 +54,68 @@ let
|
||||
(setq visible-bell nil) ; Disable annoying visual bell graphic
|
||||
(setq ring-bell-function 'ignore) ; Disable super annoying audio bell
|
||||
'';
|
||||
|
||||
orgMode = ''
|
||||
(add-to-list 'auto-mode-alist '("\\.\\(org\\|org_archive\\|txt\\)$" . org-mode))
|
||||
(global-set-key "\C-cl" 'org-store-link)
|
||||
(global-set-key "\C-ca" 'org-agenda)
|
||||
(global-set-key "\C-cb" 'org-iswitchb)
|
||||
(global-set-key "\C-c L" 'org-insert-link-global)
|
||||
(global-set-key "\C-c o" 'org-open-at-point-global)
|
||||
(setq org-link-frame-setup '((file . find-file))) ; open link in same frame.
|
||||
(if (boundp 'org-user-agenda-files)
|
||||
(setq org-agenda-files org-user-agenda-files)
|
||||
(setq org-agenda-files (quote ("~/projects/notes")))
|
||||
)
|
||||
'';
|
||||
|
||||
theme = ''
|
||||
(load-theme 'monokai-alt)
|
||||
(load-theme 'monokai-alt t)
|
||||
'';
|
||||
|
||||
recentFiles = ''
|
||||
(recentf-mode 1)
|
||||
(setq recentf-max-menu-items 25)
|
||||
(global-set-key "\C-x\ \C-r" 'recentf-open-files)
|
||||
'';
|
||||
|
||||
dotEmacs = pkgs.writeText "dot-emacs" ''
|
||||
${evilMode}
|
||||
${goMode}
|
||||
${ido}
|
||||
${packageRepos}
|
||||
${orgMode}
|
||||
${recentFiles}
|
||||
${theme}
|
||||
${windowCosmetics}
|
||||
'';
|
||||
|
||||
emacsWithCustomPackages = (pkgs.emacsPackagesNgGen pkgs.emacs).emacsWithPackages (epkgs: [
|
||||
epkgs.melpaPackages.ag
|
||||
epkgs.melpaPackages.evil
|
||||
epkgs.melpaStablePackages.magit
|
||||
epkgs.melpaPackages.nix-mode
|
||||
epkgs.melpaPackages.go-mode
|
||||
epkgs.melpaPackages.haskell-mode
|
||||
epkgs.melpaPackages.google-this
|
||||
epkgs.melpaPackages.monokai-alt-theme
|
||||
epkgs.melpaPackages.rust-mode
|
||||
]);
|
||||
|
||||
myEmacs = pkgs.writeDashBin "my-emacs" ''
|
||||
exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} "$@"
|
||||
'';
|
||||
|
||||
myEmacsWithDaemon = pkgs.writeDashBin "my-emacs-daemon" ''
|
||||
exec ${emacsWithCustomPackages}/bin/emacs -q -l ${dotEmacs} --daemon
|
||||
'';
|
||||
|
||||
myEmacsClient = pkgs.writeDashBin "meclient" ''
|
||||
exec ${emacsWithCustomPackages}/bin/emacsclient --create-frame
|
||||
'';
|
||||
|
||||
in {
|
||||
environment.systemPackages = [
|
||||
myEmacs
|
||||
myEmacs myEmacsWithDaemon myEmacsClient
|
||||
];
|
||||
}
|
||||
|
@ -51,6 +51,12 @@ in {
|
||||
${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} &
|
||||
${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} &
|
||||
${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' &
|
||||
${config.services.xserver.displayManager.sessionCommands}
|
||||
if test -z "$DBUS_SESSION_BUS_ADDRESS"; then
|
||||
exec ${pkgs.dbus.dbus-launch} --exit-with-session "$0" ""
|
||||
fi
|
||||
export DBUS_SESSION_BUS_ADDRESS
|
||||
${config.systemd.package}/bin/systemctl --user import-environment DISPLAY DBUS_SESSION_BUS_ADDRESS
|
||||
wait
|
||||
'';
|
||||
|
||||
|
@ -73,7 +73,6 @@ main = getArgs >>= \case
|
||||
|
||||
mainNoArgs :: IO ()
|
||||
mainNoArgs = do
|
||||
workspaces0 <- getWorkspaces0
|
||||
handleShutdownEvent <- newShutdownEventHandler
|
||||
xmonad
|
||||
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
|
||||
@ -85,7 +84,7 @@ mainNoArgs = do
|
||||
{ terminal = urxvtcPath
|
||||
, modMask = mod4Mask
|
||||
, keys = myKeys
|
||||
, workspaces = workspaces0
|
||||
, workspaces = ["comms", "org", "dev"]
|
||||
, layoutHook = smartBorders $ FixedColumn 1 20 80 10 ||| Full
|
||||
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
|
||||
--, handleEventHook = handleTimerEvent
|
||||
@ -93,7 +92,7 @@ mainNoArgs = do
|
||||
, startupHook = do
|
||||
setWMName "LG3D"
|
||||
whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK"))
|
||||
(\path -> forkFile path [] Nothing) <+> setWMName "LG3D"
|
||||
(\path -> forkFile path [] Nothing)
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
, focusedBorderColor = "#f000b0"
|
||||
, handleEventHook = handleShutdownEvent
|
||||
@ -152,7 +151,6 @@ myKeys conf = Map.fromList $
|
||||
, ((0 , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
|
||||
, ((_S , xK_Print ), gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
|
||||
, ((_C , xK_Print ), toggleWS)
|
||||
, ((_4 , xK_Print ), rhombus horseConfig (liftIO . hPutStrLn stderr) ["Correct", "Horse", "Battery", "Staple", "Stuhl", "Tisch"] )
|
||||
|
||||
-- %! Rotate through the available layout algorithms
|
||||
, ((_4 , xK_space ), sendMessage NextLayout)
|
||||
|
@ -12,10 +12,7 @@
|
||||
secrets = if test then {
|
||||
file = toString ./2configs/tests/dummy-secrets;
|
||||
} else {
|
||||
pass = {
|
||||
dir = "${lib.getEnv "HOME"}/.password-store";
|
||||
name = "hosts/${name}";
|
||||
};
|
||||
file = "${lib.getEnv "HOME"}/secrets/${name}";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
@ -21,5 +21,4 @@
|
||||
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
@ -2,10 +2,10 @@
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
gunicorn = pkgs.pythonPackages.gunicorn;
|
||||
gunicorn = pkgs.python3Packages.gunicorn;
|
||||
bepasty = pkgs.bepasty;
|
||||
gevent = pkgs.pythonPackages.gevent;
|
||||
python = pkgs.pythonPackages.python;
|
||||
gevent = pkgs.python3Packages.gevent;
|
||||
python = pkgs.python3Packages.python;
|
||||
cfg = config.krebs.bepasty;
|
||||
|
||||
out = {
|
||||
|
@ -48,6 +48,7 @@ let
|
||||
./rtorrent.nix
|
||||
./secret.nix
|
||||
./setuid.nix
|
||||
./syncthing.nix
|
||||
./tinc.nix
|
||||
./tinc_graphs.nix
|
||||
./urlwatch.nix
|
||||
|
30
krebs/3modules/external/default.nix
vendored
30
krebs/3modules/external/default.nix
vendored
@ -299,6 +299,33 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
toastbrot = {
|
||||
owner = config.krebs.users.jan;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.117.12";
|
||||
aliases = [
|
||||
"toastbrot.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
||||
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
||||
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
||||
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
||||
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
||||
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
||||
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
||||
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
||||
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
||||
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
||||
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
||||
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
tpsw = {
|
||||
cores = 2;
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
@ -411,6 +438,9 @@ in {
|
||||
mail = "dickbutt@excogitation.de";
|
||||
pubkey = ssh-for "exco";
|
||||
};
|
||||
jan = {
|
||||
mail = "jan.heidbrink@posteo.de";
|
||||
};
|
||||
kmein = {
|
||||
mail = "kieran.meinhardt@gmail.com";
|
||||
pubkey = ssh-for "kmein";
|
||||
|
@ -47,42 +47,6 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
reagenzglas = {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.27.27";
|
||||
aliases = [
|
||||
"reagenzglas.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
|
||||
bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
|
||||
utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
|
||||
2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
|
||||
hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
|
||||
mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
|
||||
8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
|
||||
aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
|
||||
pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
|
||||
3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
|
||||
lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
|
||||
+IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
|
||||
9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
|
||||
PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
|
||||
ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
|
||||
GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
|
||||
hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
|
||||
ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
|
||||
vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
|
||||
G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
|
||||
5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
|
||||
Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
enklave = {
|
||||
nets = rec {
|
||||
internet = {
|
||||
|
@ -106,6 +106,7 @@ in {
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
||||
};
|
||||
archprism = {
|
||||
cores = 1;
|
||||
@ -204,6 +205,7 @@ in {
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
||||
syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
|
||||
};
|
||||
shodan = {
|
||||
cores = 2;
|
||||
@ -270,6 +272,7 @@ in {
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||
syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
|
||||
};
|
||||
daedalus = {
|
||||
cores = 2;
|
||||
@ -324,10 +327,18 @@ in {
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "5ce7";
|
||||
aliases = [
|
||||
"skynet.w"
|
||||
];
|
||||
wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
|
||||
syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
|
||||
};
|
||||
littleT = {
|
||||
cores = 2;
|
||||
@ -365,10 +376,18 @@ in {
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "771e";
|
||||
aliases = [
|
||||
"littleT.w"
|
||||
];
|
||||
wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
|
||||
};
|
||||
red = {
|
||||
monitoring = false;
|
||||
@ -474,7 +493,48 @@ in {
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
||||
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
|
||||
};
|
||||
|
||||
green = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.66";
|
||||
ip6.addr = r6 "12ee";
|
||||
aliases = [
|
||||
"green.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
|
||||
uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
|
||||
ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
|
||||
n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
|
||||
hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
|
||||
m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
|
||||
BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
|
||||
pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
|
||||
2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
|
||||
UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
|
||||
udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
|
||||
3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wiregrill = {
|
||||
ip6.addr = w6 "12ee";
|
||||
aliases = [
|
||||
"green.w"
|
||||
];
|
||||
wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
|
||||
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
|
||||
};
|
||||
|
||||
phone = {
|
||||
nets = {
|
||||
wiregrill = {
|
||||
@ -482,11 +542,12 @@ in {
|
||||
aliases = [
|
||||
"phone.w"
|
||||
];
|
||||
wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
|
||||
wireguard.pubkey = "MRicxap2VxPnzmXoOqqjQNGWJ54cQC8Tfy28+IXXsxM=";
|
||||
};
|
||||
};
|
||||
external = true;
|
||||
ci = false;
|
||||
syncthing.id = "DUFMX7V-HNR6WXM-LZB5LJE-TM6QIOH-MTGHEUJ-QSD3XIY-YRFJLOR-G6Y3XQB";
|
||||
};
|
||||
morpheus = {
|
||||
cores = 1;
|
||||
|
@ -1 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPF7RHU4q6w1f3xWcfeAD6u23jDs2fd/H3IuxdT5G1ZL
|
||||
|
@ -5,443 +5,105 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, ... }: let
|
||||
|
||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||
owner = config.krebs.users.makefu;
|
||||
} // optionalAttrs (host.nets?retiolum) {
|
||||
nets.retiolum.ip6.addr =
|
||||
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
|
||||
});
|
||||
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
|
||||
{
|
||||
owner = config.krebs.users.makefu;
|
||||
}
|
||||
# Retiolum defaults
|
||||
(let
|
||||
pubkey-path = ./retiolum + "/${hostName}.pub";
|
||||
in optionalAttrs (pathExists pubkey-path) {
|
||||
nets.retiolum = {
|
||||
tinc.pubkey = readFile pubkey-path;
|
||||
aliases = [
|
||||
"${hostName}.r"
|
||||
];
|
||||
ip6.addr =
|
||||
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
|
||||
};
|
||||
})
|
||||
# Wiregrill defaults
|
||||
(let
|
||||
pubkey-path = ./wiregrill + "/${hostName}.pub";
|
||||
in optionalAttrs (pathExists pubkey-path) {
|
||||
nets.wiregrill = {
|
||||
aliases = [
|
||||
"${hostName}.w"
|
||||
];
|
||||
ip6.addr =
|
||||
(krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
|
||||
wireguard.pubkey = readFile pubkey-path;
|
||||
};
|
||||
})
|
||||
# SSHD defaults
|
||||
(let
|
||||
pubkey-path = ./sshd + "/${hostName}.pub";
|
||||
in optionalAttrs (pathExists pubkey-path) {
|
||||
ssh.pubkey = readFile pubkey-path;
|
||||
# We assume that if the sshd pubkey exits then there must be a privkey in
|
||||
# the screts store as well
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
})
|
||||
host
|
||||
];
|
||||
|
||||
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||
|
||||
w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
|
||||
in {
|
||||
hosts = mapAttrs hostDefaults {
|
||||
cake = rec {
|
||||
cores = 4;
|
||||
ci = false;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.136.236";
|
||||
aliases = [
|
||||
"cake.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
|
||||
jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
|
||||
MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
|
||||
6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
|
||||
36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
|
||||
MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.136.236";
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
|
||||
};
|
||||
crapi = rec { # raspi1
|
||||
cores = 1;
|
||||
ci = false;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.136.237";
|
||||
aliases = [
|
||||
"crapi.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
|
||||
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
|
||||
R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
|
||||
OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
|
||||
di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
|
||||
bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.136.237";
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
|
||||
};
|
||||
drop = rec {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
firecracker = {
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.177.9";
|
||||
aliases = [
|
||||
"drop.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
|
||||
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
|
||||
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
|
||||
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
|
||||
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
|
||||
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.12.12";
|
||||
};
|
||||
};
|
||||
|
||||
studio = rec {
|
||||
ci = false;
|
||||
cores = 4;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.227.163";
|
||||
aliases = [
|
||||
"studio.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
|
||||
cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
|
||||
GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
|
||||
jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
|
||||
78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
|
||||
8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.227.163";
|
||||
};
|
||||
};
|
||||
|
||||
fileleech = rec {
|
||||
ci = false;
|
||||
cores = 4;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.113.98";
|
||||
aliases = [
|
||||
"fileleech.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
|
||||
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
|
||||
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
|
||||
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
|
||||
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
|
||||
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
latte = rec {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "185.215.224.160";
|
||||
aliases = [
|
||||
"latte.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.80.249";
|
||||
aliases = [
|
||||
"latte.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
|
||||
5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
|
||||
r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
|
||||
43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
|
||||
GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
|
||||
vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
pnp = {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.210";
|
||||
aliases = [
|
||||
"pnp.r"
|
||||
"cgit.pnp.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
|
||||
Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
|
||||
pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
|
||||
SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
|
||||
TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
|
||||
Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
darth = {
|
||||
ci = false;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.84";
|
||||
aliases = [
|
||||
"darth.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq
|
||||
qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX
|
||||
yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi
|
||||
3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8
|
||||
q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE
|
||||
u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.2";
|
||||
ip4.prefix = "10.8.10.0/24";
|
||||
aliases = [
|
||||
"darth.siem"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW
|
||||
TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb
|
||||
fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS
|
||||
Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21
|
||||
kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh
|
||||
rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE=
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
ossim = { # vm on darth
|
||||
nets = {
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.6";
|
||||
ip4.prefix = "10.8.10.0/24";
|
||||
aliases = [
|
||||
"ossim.siem"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
|
||||
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
|
||||
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
|
||||
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
|
||||
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
|
||||
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
honeydrive = { # vm on darth
|
||||
nets = {
|
||||
internet = { # via shoney
|
||||
ip4.addr = "64.137.234.232";
|
||||
aliases = [
|
||||
"honeydrive.i"
|
||||
];
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.113.98";
|
||||
};
|
||||
};
|
||||
tsp = {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.212";
|
||||
aliases = [
|
||||
"tsp.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
|
||||
HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
|
||||
mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
|
||||
n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
|
||||
R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
|
||||
Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
|
||||
aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
|
||||
ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
|
||||
KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
|
||||
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
|
||||
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.0.212";
|
||||
};
|
||||
};
|
||||
x = {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.91";
|
||||
aliases = [
|
||||
"x.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
|
||||
RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
|
||||
kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
|
||||
JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
|
||||
2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
|
||||
+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
retiolum.ip4.addr = "10.243.0.91";
|
||||
wiregrill = {
|
||||
# defaults
|
||||
};
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.4";
|
||||
ip4.prefix = "10.8.10.0/24";
|
||||
aliases = [
|
||||
"makefu.siem"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p
|
||||
XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y
|
||||
ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O
|
||||
vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm
|
||||
t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR
|
||||
56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE=
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
#wiregrill = {
|
||||
# aliases = [
|
||||
# "x.w"
|
||||
# ];
|
||||
# wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
|
||||
#};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
|
||||
|
||||
};
|
||||
|
||||
vbob = {
|
||||
ci = true;
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.1.91";
|
||||
aliases = [
|
||||
"vbob.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
|
||||
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
|
||||
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
|
||||
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
|
||||
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
|
||||
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
|
||||
};
|
||||
pigstarter = rec {
|
||||
cores = 1;
|
||||
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
euer IN MX 1 aspmx.l.google.com.
|
||||
nixos.unstable IN CNAME krebscode.github.io.
|
||||
boot IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "192.40.56.122";
|
||||
ip6.addr = "2604:2880::841f:72c";
|
||||
aliases = [
|
||||
"pigstarter.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.153";
|
||||
aliases = [
|
||||
"pigstarter.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
|
||||
9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
|
||||
3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
|
||||
4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
|
||||
DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
|
||||
sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
wry = rec {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
wry IN A ${nets.internet.ip4.addr}
|
||||
tinc IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "104.233.87.86";
|
||||
aliases = [
|
||||
"wry.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.169";
|
||||
aliases = [
|
||||
"wry.r"
|
||||
"graph.wry.r"
|
||||
"paste.wry.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn
|
||||
U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms
|
||||
ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA
|
||||
7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2
|
||||
8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ
|
||||
j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF
|
||||
TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw
|
||||
RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC
|
||||
zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack
|
||||
86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT
|
||||
Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
|
||||
};
|
||||
filepimp = rec {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
@ -452,22 +114,7 @@ in {
|
||||
"filepimp.lan"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.153.102";
|
||||
aliases = [
|
||||
"filepimp.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
|
||||
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
|
||||
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
|
||||
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
|
||||
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
|
||||
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.153.102";
|
||||
};
|
||||
};
|
||||
|
||||
@ -489,68 +136,27 @@ in {
|
||||
"dcpp.omo.r"
|
||||
"torrent.omo.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
|
||||
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
|
||||
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
|
||||
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
|
||||
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
|
||||
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
|
||||
};
|
||||
wbob = rec {
|
||||
ci = true;
|
||||
cores = 4;
|
||||
nets = {
|
||||
siem = {
|
||||
ip4.addr = "10.8.10.7";
|
||||
ip4.prefix = "10.8.10.0/24";
|
||||
aliases = [ "display.siem" ];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5
|
||||
6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J
|
||||
+1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7
|
||||
FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg
|
||||
LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW
|
||||
LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
-----BEGIN ED25519 PUBLIC KEY-----
|
||||
3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO
|
||||
-----END ED25519 PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.214.15";
|
||||
aliases = [
|
||||
"wbob.r"
|
||||
"hydra.wbob.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
|
||||
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
|
||||
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
|
||||
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
|
||||
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
|
||||
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
|
||||
};
|
||||
gum = rec {
|
||||
ci = true;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
boot IN A ${nets.internet.ip4.addr}
|
||||
boot.euer IN A ${nets.internet.ip4.addr}
|
||||
cache.euer IN A ${nets.internet.ip4.addr}
|
||||
cache.gum IN A ${nets.internet.ip4.addr}
|
||||
@ -558,6 +164,7 @@ in {
|
||||
dl.euer IN A ${nets.internet.ip4.addr}
|
||||
dockerhub IN A ${nets.internet.ip4.addr}
|
||||
euer IN A ${nets.internet.ip4.addr}
|
||||
euer IN MX 1 aspmx.l.google.com.
|
||||
ghook IN A ${nets.internet.ip4.addr}
|
||||
git.euer IN A ${nets.internet.ip4.addr}
|
||||
gold IN A ${nets.internet.ip4.addr}
|
||||
@ -566,6 +173,7 @@ in {
|
||||
iso.euer IN A ${nets.internet.ip4.addr}
|
||||
mon.euer IN A ${nets.internet.ip4.addr}
|
||||
netdata.euer IN A ${nets.internet.ip4.addr}
|
||||
nixos.unstable IN CNAME krebscode.github.io.
|
||||
o.euer IN A ${nets.internet.ip4.addr}
|
||||
photostore IN A ${nets.internet.ip4.addr}
|
||||
pigstarter IN A ${nets.internet.ip4.addr}
|
||||
@ -586,17 +194,21 @@ in {
|
||||
"nextgum.i"
|
||||
];
|
||||
};
|
||||
#wiregrill = {
|
||||
# via = internet;
|
||||
# aliases = [
|
||||
# "gum.w"
|
||||
# ];
|
||||
# wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
|
||||
#};
|
||||
wiregrill = {
|
||||
via = internet;
|
||||
ip6.addr = w6 "1";
|
||||
wireguard = {
|
||||
subnets = [
|
||||
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
|
||||
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
|
||||
];
|
||||
};
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.0.213";
|
||||
aliases = [
|
||||
"gum.r"
|
||||
"backup.makefu.r"
|
||||
"blog.gum.r"
|
||||
"blog.makefu.r"
|
||||
@ -605,7 +217,6 @@ in {
|
||||
"dcpp.gum.r"
|
||||
"dcpp.nextgum.r"
|
||||
"graph.r"
|
||||
"gum.r"
|
||||
"logs.makefu.r"
|
||||
"netdata.makefu.r"
|
||||
"nextgum.r"
|
||||
@ -617,91 +228,15 @@ in {
|
||||
"wiki.gum.r"
|
||||
"wiki.makefu.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
|
||||
};
|
||||
|
||||
shoney = rec {
|
||||
ci = false;
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
siem = {
|
||||
via = internet;
|
||||
ip4.addr = "10.8.10.1";
|
||||
ip4.prefix = "10.8.10.0/24";
|
||||
aliases = [
|
||||
"shoney.siem"
|
||||
"graph.siem"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu
|
||||
74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU
|
||||
l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB
|
||||
CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4
|
||||
fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z
|
||||
L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.port = 1655;
|
||||
};
|
||||
internet = {
|
||||
ip4.addr = "64.137.234.215";
|
||||
aliases = [
|
||||
"shoney.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.205.131";
|
||||
aliases = [
|
||||
"shoney.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
|
||||
ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
|
||||
okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
|
||||
M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
|
||||
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
|
||||
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
sdev = rec {
|
||||
ci = true;
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.83.237";
|
||||
aliases = [
|
||||
"sdev.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
|
||||
LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
|
||||
XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
|
||||
ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
|
||||
f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
|
||||
nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
retiolum.ip4.addr = "10.243.83.237";
|
||||
};
|
||||
};
|
||||
|
||||
@ -725,19 +260,6 @@ in {
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.211.172";
|
||||
aliases = [
|
||||
"flap.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
|
||||
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
|
||||
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
|
||||
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
|
||||
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
|
||||
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -747,108 +269,6 @@ in {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.231.219";
|
||||
aliases = [
|
||||
"nukular.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
|
||||
gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
|
||||
gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
|
||||
H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
|
||||
tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
|
||||
meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
heidi = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.124.21";
|
||||
aliases = [
|
||||
"heidi.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
|
||||
1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
|
||||
jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
|
||||
ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
|
||||
q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
|
||||
w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
lariat = rec {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.64.7";
|
||||
aliases = [
|
||||
"lariat.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
|
||||
eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
|
||||
269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
|
||||
unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
|
||||
d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
|
||||
yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
soundflower = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.69.184";
|
||||
aliases = [
|
||||
"soundflower.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
|
||||
H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
|
||||
Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
|
||||
FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
|
||||
lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
|
||||
8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
falk = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.120.19";
|
||||
aliases = [
|
||||
"falk.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
|
||||
4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
|
||||
9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
|
||||
2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
|
||||
0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
|
||||
FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -858,91 +278,6 @@ in {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.189.130";
|
||||
aliases = [
|
||||
"filebitch.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
|
||||
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
|
||||
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
|
||||
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
|
||||
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
|
||||
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
bridge = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.26.29";
|
||||
aliases = [
|
||||
"excobridge.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
|
||||
VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
|
||||
UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
|
||||
oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
|
||||
/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
|
||||
lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
horisa = rec {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.226.213";
|
||||
aliases = [
|
||||
"horisa.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
|
||||
Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
|
||||
XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
|
||||
+EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
|
||||
sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
|
||||
M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
tahoe = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
internet = {
|
||||
ip4.addr = "148.251.47.69";
|
||||
aliases = [
|
||||
"wooki.i"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.57.85";
|
||||
aliases = [
|
||||
"wooki.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
|
||||
QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
|
||||
dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
|
||||
9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
|
||||
hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
|
||||
egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -952,43 +287,6 @@ in {
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.163";
|
||||
aliases = [
|
||||
"senderechner.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
|
||||
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
|
||||
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
|
||||
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
|
||||
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
|
||||
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
tcac-0-1 = rec {
|
||||
cores = 1;
|
||||
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
|
||||
";
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.144.142";
|
||||
aliases = [
|
||||
"tcac-0-1.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
|
||||
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
|
||||
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
|
||||
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
|
||||
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
|
||||
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
8
krebs/3modules/makefu/retiolum/cake.pub
Normal file
8
krebs/3modules/makefu/retiolum/cake.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
|
||||
jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
|
||||
MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
|
||||
6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
|
||||
36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
|
||||
MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
9
krebs/3modules/makefu/retiolum/crapi.pub
Normal file
9
krebs/3modules/makefu/retiolum/crapi.pub
Normal file
@ -0,0 +1,9 @@
|
||||
Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
|
||||
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
|
||||
R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
|
||||
OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
|
||||
di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
|
||||
bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/filebitch.pub
Normal file
8
krebs/3modules/makefu/retiolum/filebitch.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
|
||||
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
|
||||
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
|
||||
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
|
||||
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
|
||||
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/fileleech.pub
Normal file
8
krebs/3modules/makefu/retiolum/fileleech.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
|
||||
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
|
||||
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
|
||||
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
|
||||
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
|
||||
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/filepimp.pub
Normal file
8
krebs/3modules/makefu/retiolum/filepimp.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
|
||||
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
|
||||
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
|
||||
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
|
||||
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
|
||||
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
14
krebs/3modules/makefu/retiolum/firecracker.pub
Normal file
14
krebs/3modules/makefu/retiolum/firecracker.pub
Normal file
@ -0,0 +1,14 @@
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuZaPnN4pQVpKWKG1Yylx
|
||||
JghzOphuQMuzstedqKFo3MTUtgra27ul8IyqljJxVH+hnpObhDwzYS3Zz1BAp/WF
|
||||
SFAslLbpPEG7UrwmvZHa3jqE4m/uIMtgYK65iIfB8bs17lkvRchfTfzTvwdtPSkM
|
||||
zbgjq4HttI2aMoNggadfMSGdzv7hEhxFpRBAiXxJHOFTNa//ov/DehrW88blYQ3l
|
||||
lSS2ZR+WHNVYfRPvfejDnstGenNCJXkpMYPe5YD9CZa0sy639ejTGs+nluU5+uId
|
||||
lp+0QW5i8E3JvZDiIu9NF9cT+GZhKcgWyvwoA/yRFqRVWHUcK7w8MN1hmbExXFub
|
||||
pS3GW2/f50USjT2jvK6zg2/KzTio2yEfd/FpQwTmyzAUJbwBkJNyD1YmFGv54tWS
|
||||
/xDyn3+OsKT4VztfTPrH59MVZZd12WMavB3Y0VIEkVHhrK2BNIoMuJ9e96VDFZ14
|
||||
9N6ouRAchIydQweESiBzHr0DUXeZO1jNLlNM0q8+aaS/bONkiFzRrKkYnbqB6ION
|
||||
Ln6pg+5NtrZ/Cb7/UWwSNeooiiOnjzVLsZv3mEzt3IjcJO5iW3IOZhT29S9E3CwG
|
||||
0rqK7CiByJJXPB/LqwKZdN3WtZgCfPJ48abmzobHhEKTsVG230G4jMF/dLpV3sZT
|
||||
tIsbd9vYVSSP0Rg/K4hmsOMCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/flap.pub
Normal file
8
krebs/3modules/makefu/retiolum/flap.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
|
||||
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
|
||||
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
|
||||
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
|
||||
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
|
||||
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/gum.pub
Normal file
8
krebs/3modules/makefu/retiolum/gum.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/nukular.pub
Normal file
8
krebs/3modules/makefu/retiolum/nukular.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
|
||||
gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
|
||||
gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
|
||||
H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
|
||||
tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
|
||||
meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/omo.pub
Normal file
8
krebs/3modules/makefu/retiolum/omo.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
|
||||
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
|
||||
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
|
||||
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
|
||||
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
|
||||
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/sdev.pub
Normal file
8
krebs/3modules/makefu/retiolum/sdev.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
|
||||
LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
|
||||
XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
|
||||
ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
|
||||
f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
|
||||
nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/senderechner.pub
Normal file
8
krebs/3modules/makefu/retiolum/senderechner.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
|
||||
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
|
||||
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
|
||||
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
|
||||
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
|
||||
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/studio.pub
Normal file
8
krebs/3modules/makefu/retiolum/studio.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
|
||||
cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
|
||||
GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
|
||||
jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
|
||||
78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
|
||||
8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
13
krebs/3modules/makefu/retiolum/tsp.pub
Normal file
13
krebs/3modules/makefu/retiolum/tsp.pub
Normal file
@ -0,0 +1,13 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
|
||||
HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
|
||||
mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
|
||||
n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
|
||||
R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
|
||||
Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
|
||||
aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
|
||||
ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
|
||||
KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
|
||||
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
|
||||
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/wbob.pub
Normal file
8
krebs/3modules/makefu/retiolum/wbob.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
|
||||
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
|
||||
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
|
||||
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
|
||||
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
|
||||
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
8
krebs/3modules/makefu/retiolum/x.pub
Normal file
8
krebs/3modules/makefu/retiolum/x.pub
Normal file
@ -0,0 +1,8 @@
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
|
||||
RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
|
||||
kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
|
||||
JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
|
||||
2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
|
||||
+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
1
krebs/3modules/makefu/sshd/cake.pub
Normal file
1
krebs/3modules/makefu/sshd/cake.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake
|
1
krebs/3modules/makefu/sshd/crapi.pub
Normal file
1
krebs/3modules/makefu/sshd/crapi.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi
|
1
krebs/3modules/makefu/sshd/fileleech.pub
Normal file
1
krebs/3modules/makefu/sshd/fileleech.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech
|
1
krebs/3modules/makefu/sshd/firecracker.pub
Normal file
1
krebs/3modules/makefu/sshd/firecracker.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGk+QqJEPoBNP9KbPiivCI5YJ9psAKnujRrUL4bNqxwe firecracker
|
1
krebs/3modules/makefu/sshd/gum.pub
Normal file
1
krebs/3modules/makefu/sshd/gum.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum
|
1
krebs/3modules/makefu/sshd/omo.pub
Normal file
1
krebs/3modules/makefu/sshd/omo.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH
|
1
krebs/3modules/makefu/sshd/sdev.pub
Normal file
1
krebs/3modules/makefu/sshd/sdev.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev
|
1
krebs/3modules/makefu/sshd/studio.pub
Normal file
1
krebs/3modules/makefu/sshd/studio.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio
|
1
krebs/3modules/makefu/sshd/wbob.pub
Normal file
1
krebs/3modules/makefu/sshd/wbob.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr
|
1
krebs/3modules/makefu/sshd/x.pub
Normal file
1
krebs/3modules/makefu/sshd/x.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x
|
1
krebs/3modules/makefu/wiregrill/gum.pub
Normal file
1
krebs/3modules/makefu/wiregrill/gum.pub
Normal file
@ -0,0 +1 @@
|
||||
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
|
1
krebs/3modules/makefu/wiregrill/x.pub
Normal file
1
krebs/3modules/makefu/wiregrill/x.pub
Normal file
@ -0,0 +1 @@
|
||||
fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=
|
@ -1,7 +1,6 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.krebs.power-action;
|
||||
|
||||
|
161
krebs/3modules/syncthing.nix
Normal file
161
krebs/3modules/syncthing.nix
Normal file
@ -0,0 +1,161 @@
|
||||
{ config, pkgs, ... }: with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.krebs.syncthing;
|
||||
|
||||
devices = mapAttrsToList (name: peer: {
|
||||
name = name;
|
||||
deviceID = peer.id;
|
||||
addresses = peer.addresses;
|
||||
}) cfg.peers;
|
||||
|
||||
folders = map (folder: {
|
||||
inherit (folder) path id type;
|
||||
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
|
||||
rescanIntervalS = folder.rescanInterval;
|
||||
fsWatcherEnabled = folder.watch;
|
||||
fsWatcherDelayS = folder.watchDelay;
|
||||
ignorePerms = folder.ignorePerms;
|
||||
}) cfg.folders;
|
||||
|
||||
getApiKey = pkgs.writeDash "getAPIKey" ''
|
||||
${pkgs.libxml2}/bin/xmllint \
|
||||
--xpath 'string(configuration/gui/apikey)'\
|
||||
${config.services.syncthing.dataDir}/config.xml
|
||||
'';
|
||||
|
||||
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
|
||||
set -efu
|
||||
# wait for service to restart
|
||||
${pkgs.untilport}/bin/untilport localhost 8384
|
||||
API_KEY=$(${getApiKey})
|
||||
CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
|
||||
echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
|
||||
"devices": ${builtins.toJSON devices},
|
||||
"folders": ${builtins.toJSON folders}
|
||||
}' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
|
||||
${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options.krebs.syncthing = {
|
||||
|
||||
enable = mkEnableOption "syncthing-init";
|
||||
|
||||
id = mkOption {
|
||||
type = types.str;
|
||||
default = config.krebs.build.host.name;
|
||||
};
|
||||
|
||||
cert = mkOption {
|
||||
type = types.nullOr types.absolute-pathname;
|
||||
default = null;
|
||||
};
|
||||
|
||||
key = mkOption {
|
||||
type = types.nullOr types.absolute-pathname;
|
||||
default = null;
|
||||
};
|
||||
|
||||
peers = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf (types.submodule ({
|
||||
options = {
|
||||
|
||||
# TODO make into addr + port submodule
|
||||
addresses = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
};
|
||||
|
||||
#TODO check
|
||||
id = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
folders = mkOption {
|
||||
default = [];
|
||||
type = types.listOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
|
||||
path = mkOption {
|
||||
type = types.absolute-pathname;
|
||||
};
|
||||
|
||||
id = mkOption {
|
||||
type = types.str;
|
||||
default = config.path;
|
||||
};
|
||||
|
||||
peers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
};
|
||||
|
||||
rescanInterval = mkOption {
|
||||
type = types.int;
|
||||
default = 3600;
|
||||
};
|
||||
|
||||
type = mkOption {
|
||||
type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
|
||||
default = "sendreceive";
|
||||
};
|
||||
|
||||
watch = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
|
||||
watchDelay = mkOption {
|
||||
type = types.int;
|
||||
default = 10;
|
||||
};
|
||||
|
||||
ignorePerms = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
|
||||
config = (mkIf cfg.enable) {
|
||||
|
||||
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
|
||||
preStart = ''
|
||||
${optionalString (cfg.cert != null) ''
|
||||
cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
|
||||
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
|
||||
chmod 400 ${config.services.syncthing.dataDir}/cert.pem
|
||||
''}
|
||||
${optionalString (cfg.key != null) ''
|
||||
cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
|
||||
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
|
||||
chmod 400 ${config.services.syncthing.dataDir}/key.pem
|
||||
''}
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.syncthing-init = {
|
||||
after = [ "syncthing.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = config.services.syncthing.user;
|
||||
RemainAfterExit = true;
|
||||
Type = "oneshot";
|
||||
ExecStart = updateConfig;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -10,6 +10,10 @@ with import <stockholm/lib>;
|
||||
version = "2.2.0";
|
||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||
};
|
||||
"19.03" = {
|
||||
version = "2.2.0";
|
||||
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
|
||||
};
|
||||
}.${versions.majorMinor nixpkgsVersion};
|
||||
|
||||
in mkDerivation {
|
||||
|
@ -15,6 +15,11 @@ with import <stockholm/lib>;
|
||||
rev = "refs/tags/v${cfg.version}";
|
||||
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||
};
|
||||
"19.03" = {
|
||||
version = "0.4.1-tv1";
|
||||
rev = "refs/tags/v${cfg.version}";
|
||||
sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
|
||||
};
|
||||
}.${versions.majorMinor nixpkgsVersion};
|
||||
|
||||
in mkDerivation {
|
||||
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels",
|
||||
"rev": "b01a89d58f117c485f16c97a388da6227d8f0103",
|
||||
"date": "2019-02-08T10:50:49+01:00",
|
||||
"sha256": "1s2jdfvqjviiiq897sd6fkmc8ffyca7agmxynp4w873rfjdz10yi",
|
||||
"rev": "5c52b25283a6cccca443ffb7a358de6fe14b4a81",
|
||||
"date": "2019-04-09T21:48:56+02:00",
|
||||
"sha256": "0fhbl6bgabhi1sw1lrs64i0hibmmppy1bh256lq8hxy3a2p1haip",
|
||||
"fetchSubmodules": false
|
||||
}
|
||||
|
@ -3,7 +3,7 @@ dir=$(dirname $0)
|
||||
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
||||
--url https://github.com/NixOS/nixpkgs-channels \
|
||||
--rev refs/heads/nixos-18.09' \
|
||||
--rev refs/heads/nixos-19.03' \
|
||||
> $dir/nixpkgs.json
|
||||
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
||||
|
@ -8,21 +8,29 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
|
||||
<stockholm/lass/2configs/blue.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.blue;
|
||||
|
||||
krebs.syncthing.folders = [
|
||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
|
||||
environment.shellAliases = {
|
||||
deploy = pkgs.writeDash "deploy" ''
|
||||
set -eu
|
||||
export SYSTEM="$1"
|
||||
$(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||
'';
|
||||
};
|
||||
|
||||
networking.nameservers = [ "1.1.1.1" ];
|
||||
|
||||
lass.restic = genAttrs [
|
||||
services.restic.backups = genAttrs [
|
||||
"daedalus"
|
||||
"icarus"
|
||||
"littleT"
|
||||
@ -30,20 +38,19 @@ with import <stockholm/lib>;
|
||||
"shodan"
|
||||
"skynet"
|
||||
] (dest: {
|
||||
dirs = [
|
||||
initialize = true;
|
||||
extraOptions = [
|
||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||
];
|
||||
repository = "sftp:backup@${dest}.r:/backups/blue";
|
||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
|
||||
paths = [
|
||||
"/home/"
|
||||
"/var/lib"
|
||||
];
|
||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
||||
repo = "sftp:backup@${dest}.r:/backups/blue";
|
||||
extraArguments = [
|
||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "00:05";
|
||||
RandomizedDelaySec = "5h";
|
||||
};
|
||||
});
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
|
||||
}
|
||||
|
@ -4,5 +4,4 @@
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
@ -1,20 +1,14 @@
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
nixpkgs = lib.mkForce {
|
||||
derivation = let
|
||||
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||
in ''
|
||||
with import (builtins.fetchTarball {
|
||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||
sha256 = "${sha256}";
|
||||
}) {};
|
||||
pkgs.fetchFromGitHub {
|
||||
file = {
|
||||
path = toString (pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = "${rev}";
|
||||
sha256 = "${sha256}";
|
||||
}
|
||||
'';
|
||||
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||
});
|
||||
useChecksum = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -11,6 +11,10 @@
|
||||
fsType = "btrfs";
|
||||
options = ["defaults" "noatime" "ssd" "compress=lzo"];
|
||||
};
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
|
28
lass/1systems/green/config.nix
Normal file
28
lass/1systems/green/config.nix
Normal file
@ -0,0 +1,28 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
<stockholm/lass/2configs>
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/exim-retiolum.nix>
|
||||
<stockholm/lass/2configs/mail.nix>
|
||||
|
||||
#<stockholm/lass/2configs/blue.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.green;
|
||||
|
||||
krebs.syncthing.folders = [
|
||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
|
||||
|
||||
#networking.nameservers = [ "1.1.1.1" ];
|
||||
|
||||
#time.timeZone = "Europe/Berlin";
|
||||
}
|
7
lass/1systems/green/physical.nix
Normal file
7
lass/1systems/green/physical.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
imports = [
|
||||
./config.nix
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
}
|
14
lass/1systems/green/source.nix
Normal file
14
lass/1systems/green/source.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
nixpkgs = lib.mkForce {
|
||||
file = {
|
||||
path = toString (pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev;
|
||||
sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256;
|
||||
});
|
||||
useChecksum = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -17,6 +17,9 @@
|
||||
<stockholm/lass/2configs/backup.nix>
|
||||
<stockholm/lass/2configs/wine.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
<stockholm/lass/2configs/prism-share.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.icarus;
|
||||
|
@ -17,4 +17,6 @@
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
|
||||
'';
|
||||
|
||||
services.thinkfan.enable = true;
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ with import <stockholm/lib>;
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
];
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
|
@ -36,7 +36,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/network-manager.nix>
|
||||
<stockholm/lass/2configs/nfs-dl.nix>
|
||||
<stockholm/lass/2configs/hardening.nix>
|
||||
#<stockholm/lass/2configs/hardening.nix>
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
#risk of rain
|
||||
@ -48,6 +48,16 @@ with import <stockholm/lib>;
|
||||
{ predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
krebs.syncthing.folders = [
|
||||
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
|
||||
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
|
||||
];
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
|
||||
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
}
|
||||
{
|
||||
lass.umts = {
|
||||
enable = true;
|
||||
|
@ -15,6 +15,10 @@
|
||||
device = "/dev/mapper/pool-virtual";
|
||||
fsType = "ext4";
|
||||
};
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
|
@ -109,25 +109,6 @@ with import <stockholm/lib>;
|
||||
localAddress = "10.233.2.2";
|
||||
};
|
||||
}
|
||||
{
|
||||
#onondaga
|
||||
systemd.services."container@onondaga".reloadIfChanged = mkForce false;
|
||||
containers.onondaga = {
|
||||
config = { ... }: {
|
||||
imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
services.openssh.enable = true;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
};
|
||||
autoStart = true;
|
||||
enableTun = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.233.2.5";
|
||||
localAddress = "10.233.2.6";
|
||||
};
|
||||
}
|
||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||
<stockholm/lass/2configs/ts3.nix>
|
||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||
@ -139,7 +120,6 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/reaktor-coders.nix>
|
||||
<stockholm/lass/2configs/ciko.nix>
|
||||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
|
||||
{ # quasi bepasty.nix
|
||||
imports = [
|
||||
<stockholm/lass/2configs/bepasty.nix>
|
||||
@ -286,6 +266,7 @@ with import <stockholm/lib>;
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
|
||||
];
|
||||
}
|
||||
{
|
||||
@ -386,6 +367,7 @@ with import <stockholm/lib>;
|
||||
lass-icarus.pubkey
|
||||
lass-daedalus.pubkey
|
||||
lass-helios.pubkey
|
||||
lass-android.pubkey
|
||||
makefu.pubkey
|
||||
wine-mors.pubkey
|
||||
];
|
||||
|
@ -4,5 +4,4 @@
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
@ -38,6 +38,10 @@
|
||||
device = "/dev/pool/bku";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
|
@ -7,6 +7,7 @@ with import <stockholm/lib>;
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/blue-host.nix>
|
||||
<stockholm/lass/2configs/power-action.nix>
|
||||
<stockholm/lass/2configs/syncthing.nix>
|
||||
{
|
||||
services.xserver.enable = true;
|
||||
services.xserver.desktopManager.xfce.enable = true;
|
||||
|
@ -11,7 +11,8 @@ with import <stockholm/lib>;
|
||||
|
||||
system.activationScripts.downloadFolder = ''
|
||||
mkdir -p /var/download
|
||||
chown download:download /var/download
|
||||
chown transmission:download /var/download
|
||||
chown transmission:download /var/download/finished
|
||||
chmod 775 /var/download
|
||||
'';
|
||||
|
||||
@ -43,7 +44,7 @@ with import <stockholm/lib>;
|
||||
fancyindex
|
||||
];
|
||||
};
|
||||
virtualHosts."dl" = {
|
||||
virtualHosts.default = {
|
||||
default = true;
|
||||
locations."/Nginx-Fancyindex-Theme-dark" = {
|
||||
extraConfig = ''
|
||||
|
@ -4,5 +4,4 @@
|
||||
];
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
environment.variables.NIX_REMOTE = "daemon";
|
||||
}
|
||||
|
@ -2,19 +2,11 @@
|
||||
with import <stockholm/lib>;
|
||||
|
||||
{
|
||||
fileSystems = {
|
||||
"/backups" = {
|
||||
device = "/dev/pool/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
users.users.backup = {
|
||||
useDefaultShell = true;
|
||||
home = "/backups";
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.hosts; [
|
||||
mors.ssh.pubkey
|
||||
prism.ssh.pubkey
|
||||
blue.ssh.pubkey
|
||||
];
|
||||
};
|
||||
|
@ -79,6 +79,7 @@ in {
|
||||
taskwarrior
|
||||
termite
|
||||
xclip
|
||||
xephyrify
|
||||
xorg.xbacklight
|
||||
xorg.xhost
|
||||
xsel
|
||||
|
@ -23,8 +23,8 @@ with (import <stockholm/lib>);
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
{ predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
{ predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";}
|
||||
{ predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";}
|
||||
{ predicate = "-i retiolum -p tcp --dport 9998:9999"; target = "ACCEPT";}
|
||||
{ predicate = "-i wiregrill -p tcp --dport 9998:9999"; target = "ACCEPT";}
|
||||
];
|
||||
|
||||
systemd.services.chat = let
|
||||
|
@ -4,10 +4,10 @@ with import <stockholm/lib>;
|
||||
imports = [
|
||||
<stockholm/krebs/2configs/nscd-fix.nix>
|
||||
./binary-cache/client.nix
|
||||
./backup.nix
|
||||
./gc.nix
|
||||
./mc.nix
|
||||
./vim.nix
|
||||
./monitoring/node-exporter.nix
|
||||
./zsh.nix
|
||||
./htop.nix
|
||||
./security-workarounds.nix
|
||||
@ -42,8 +42,6 @@ with import <stockholm/lib>;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.lass-mors.pubkey
|
||||
config.krebs.users.lass-blue.pubkey
|
||||
config.krebs.users.lass-shodan.pubkey
|
||||
config.krebs.users.lass-icarus.pubkey
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -211,6 +209,7 @@ with import <stockholm/lib>;
|
||||
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
||||
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
||||
{ predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -218,4 +217,7 @@ with import <stockholm/lib>;
|
||||
networking.dhcpcd.extraConfig = ''
|
||||
noipv4ll
|
||||
'';
|
||||
services.netdata = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
|
@ -97,6 +97,9 @@ with import <stockholm/lib>;
|
||||
{ from = "csv-direct@lassul.us"; to = lass.mail; }
|
||||
{ from = "nintendo@lassul.us"; to = lass.mail; }
|
||||
{ from = "overleaf@lassul.us"; to = lass.mail; }
|
||||
{ from = "box@lassul.us"; to = lass.mail; }
|
||||
{ from = "paloalto@lassul.us"; to = lass.mail; }
|
||||
{ from = "subtitles@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
@ -60,7 +60,10 @@ let
|
||||
paypal = [ "to:paypal@lassul.us" ];
|
||||
ptl = [ "to:ptl@posttenebraslab.ch" ];
|
||||
retiolum = [ "to:lass@mors.r" ];
|
||||
security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
|
||||
security = [
|
||||
"to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us"
|
||||
"to:security-announce@lists.apple.com"
|
||||
];
|
||||
shack = [ "to:shackspace.de" ];
|
||||
steam = [ "to:steam@lassul.us" ];
|
||||
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
|
||||
@ -225,6 +228,7 @@ in {
|
||||
msmtp
|
||||
mutt
|
||||
pkgs.notmuch
|
||||
pkgs.muchsync
|
||||
pkgs.haskellPackages.much
|
||||
tag-new-mails
|
||||
tag-old-mails
|
||||
|
@ -1,15 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
|
||||
];
|
||||
services.prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [
|
||||
"systemd"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -1,217 +0,0 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
#networking = {
|
||||
# firewall.allowedTCPPorts = [
|
||||
# 3000 # grafana
|
||||
# 9090 # prometheus
|
||||
# 9093 # alertmanager
|
||||
# ];
|
||||
# useDHCP = true;
|
||||
#};
|
||||
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; }
|
||||
{ predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
services = {
|
||||
prometheus = {
|
||||
enable = true;
|
||||
extraFlags = [
|
||||
"-storage.local.retention 8760h"
|
||||
"-storage.local.series-file-shrink-ratio 0.3"
|
||||
"-storage.local.memory-chunks 2097152"
|
||||
"-storage.local.max-chunks-to-persist 1048576"
|
||||
"-storage.local.index-cache-size.fingerprint-to-metric 2097152"
|
||||
"-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
|
||||
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
|
||||
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
|
||||
];
|
||||
alertmanagerURL = [ "http://localhost:9093" ];
|
||||
rules = [
|
||||
''
|
||||
ALERT node_down
|
||||
IF up == 0
|
||||
FOR 5m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Node is down.",
|
||||
description = "{{$labels.alias}} has been down for more than 5 minutes."
|
||||
}
|
||||
ALERT node_systemd_service_failed
|
||||
IF node_systemd_unit_state{state="failed"} == 1
|
||||
FOR 4m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
|
||||
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
|
||||
}
|
||||
ALERT node_filesystem_full_90percent
|
||||
IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
|
||||
FOR 5m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
|
||||
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
|
||||
}
|
||||
ALERT node_filesystem_full_in_4h
|
||||
IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
|
||||
FOR 5m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
|
||||
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
|
||||
}
|
||||
ALERT node_filedescriptors_full_in_3h
|
||||
IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
|
||||
FOR 20m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
|
||||
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
|
||||
}
|
||||
ALERT node_load1_90percent
|
||||
IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
|
||||
FOR 1h
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: Running on high load.",
|
||||
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
|
||||
}
|
||||
ALERT node_cpu_util_90percent
|
||||
IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
|
||||
FOR 1h
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary = "{{$labels.alias}}: High CPU utilization.",
|
||||
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
|
||||
}
|
||||
ALERT node_ram_using_90percent
|
||||
IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
|
||||
FOR 30m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary="{{$labels.alias}}: Using lots of RAM.",
|
||||
description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
|
||||
}
|
||||
ALERT node_swap_using_80percent
|
||||
IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
|
||||
FOR 10m
|
||||
LABELS {
|
||||
severity="page"
|
||||
}
|
||||
ANNOTATIONS {
|
||||
summary="{{$labels.alias}}: Running out of swap soon.",
|
||||
description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
|
||||
}
|
||||
''
|
||||
];
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "node";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts));
|
||||
#labels = {
|
||||
# alias = "prometheus.example.com";
|
||||
#};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
configuration = {
|
||||
"global" = {
|
||||
"smtp_smarthost" = "smtp.example.com:587";
|
||||
"smtp_from" = "alertmanager@example.com";
|
||||
};
|
||||
"route" = {
|
||||
"group_by" = [ "alertname" "alias" ];
|
||||
"group_wait" = "30s";
|
||||
"group_interval" = "2m";
|
||||
"repeat_interval" = "4h";
|
||||
"receiver" = "team-admins";
|
||||
};
|
||||
"receivers" = [
|
||||
{
|
||||
"name" = "team-admins";
|
||||
"email_configs" = [
|
||||
{
|
||||
"to" = "devnull@example.com";
|
||||
}
|
||||
];
|
||||
"webhook_configs" = [
|
||||
{
|
||||
"url" = "http://127.0.0.1:14813/prometheus-alerts";
|
||||
"send_resolved" = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
grafana = {
|
||||
enable = true;
|
||||
addr = "0.0.0.0";
|
||||
domain = "grafana.example.com";
|
||||
rootUrl = "https://grafana.example.com/";
|
||||
auth.anonymous.enable = true;
|
||||
auth.anonymous.org_role = "Admin";
|
||||
};
|
||||
};
|
||||
services.logstash = {
|
||||
enable = true;
|
||||
inputConfig = ''
|
||||
http {
|
||||
port => 14813
|
||||
host => "127.0.0.1"
|
||||
}
|
||||
'';
|
||||
filterConfig = ''
|
||||
if ([alerts]) {
|
||||
ruby {
|
||||
code => '
|
||||
lines = []
|
||||
event["alerts"].each {|p|
|
||||
lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}"
|
||||
}
|
||||
event["output"] = lines.join("\n")
|
||||
'
|
||||
}
|
||||
}
|
||||
'';
|
||||
outputConfig = ''
|
||||
file { path => "/tmp/logs.json" codec => "json_lines" }
|
||||
irc {
|
||||
channels => [ "#noise" ]
|
||||
host => "irc.r"
|
||||
nick => "alarm"
|
||||
codec => "json_lines"
|
||||
format => "%{output}"
|
||||
}
|
||||
'';
|
||||
#plugins = [ ];
|
||||
};
|
||||
}
|
39
lass/2configs/prism-share.nix
Normal file
39
lass/2configs/prism-share.nix
Normal file
@ -0,0 +1,39 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 137"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 138"; target = "ACCEPT"; }
|
||||
];
|
||||
users.users.smbguest = {
|
||||
name = "smbguest";
|
||||
uid = config.ids.uids.smbguest;
|
||||
description = "smb guest user";
|
||||
home = "/home/share";
|
||||
createHome = true;
|
||||
};
|
||||
services.samba = {
|
||||
enable = true;
|
||||
enableNmbd = true;
|
||||
shares = {
|
||||
incoming = {
|
||||
path = "/mnt/prism";
|
||||
"read only" = "no";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
guest account = smbguest
|
||||
map to guest = bad user
|
||||
# disable printing
|
||||
load printers = no
|
||||
printing = bsd
|
||||
printcap name = /dev/null
|
||||
disable spoolss = yes
|
||||
'';
|
||||
};
|
||||
}
|
@ -29,7 +29,7 @@ in {
|
||||
hooks.url-title
|
||||
{
|
||||
activate = "match";
|
||||
pattern = ''@([^ ]+) (.*)$'';
|
||||
pattern = ''^@([^ ]+) (.*)$'';
|
||||
command = 1;
|
||||
arguments = [2];
|
||||
env.HOME = config.krebs.reaktor2.coders.stateDir;
|
||||
@ -66,7 +66,7 @@ in {
|
||||
}
|
||||
{
|
||||
activate = "match";
|
||||
pattern = ''!([^ ]+)(?:\s*(.*))?'';
|
||||
pattern = ''^!([^ ]+)(?:\s*(.*))?'';
|
||||
command = 1;
|
||||
arguments = [2];
|
||||
commands = {
|
||||
|
@ -3,9 +3,27 @@ with import <stockholm/lib>;
|
||||
{
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
group = "syncthing";
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
|
||||
{ predicate = "-p udp --dport 21027"; target = "ACCEPT";}
|
||||
];
|
||||
krebs.syncthing = {
|
||||
enable = true;
|
||||
cert = toString <secrets/syncthing.cert>;
|
||||
key = toString <secrets/syncthing.key>;
|
||||
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
|
||||
folders = [
|
||||
{ path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; }
|
||||
];
|
||||
};
|
||||
|
||||
system.activationScripts.syncthing-home = ''
|
||||
${pkgs.coreutils}/bin/chmod a+x /home/lass
|
||||
'';
|
||||
|
||||
lass.ensure-permissions = [
|
||||
{ folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
|
||||
];
|
||||
}
|
||||
|
0
lass/2configs/tests/dummy-secrets/syncthing.cert
Normal file
0
lass/2configs/tests/dummy-secrets/syncthing.cert
Normal file
0
lass/2configs/tests/dummy-secrets/syncthing.key
Normal file
0
lass/2configs/tests/dummy-secrets/syncthing.key
Normal file
@ -6,7 +6,6 @@ let
|
||||
in {
|
||||
#services.virtualboxHost.enable = true;
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
nixpkgs.config.virtualbox.enableExtensionPack = true;
|
||||
virtualisation.virtualbox.host.enableHardening = false;
|
||||
|
||||
users.extraUsers = {
|
||||
|
@ -94,7 +94,7 @@ in {
|
||||
config = {
|
||||
adminpassFile = toString <secrets> + "/nextcloud_pw";
|
||||
};
|
||||
#https = true;
|
||||
https = true;
|
||||
nginx.enable = true;
|
||||
};
|
||||
services.nginx.virtualHosts."o.xanf.org" = {
|
||||
@ -234,11 +234,13 @@ in {
|
||||
createHome = true;
|
||||
};
|
||||
|
||||
krebs.on-failure.plans.restic-backups-domsen = {};
|
||||
services.restic.backups.domsen = {
|
||||
initialize = true;
|
||||
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
||||
repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
|
||||
extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString <secrets> + "/ssh.id_ed25519"} -s sftp'" ];
|
||||
repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES";
|
||||
passwordFile = toString <secrets> + "/domsen_backup_pw";
|
||||
timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; };
|
||||
paths = [
|
||||
"/srv/http"
|
||||
"/home/domsen/Mail"
|
||||
|
@ -6,8 +6,6 @@ let
|
||||
in {
|
||||
users.users= {
|
||||
wine = {
|
||||
name = "wine";
|
||||
description = "user for running wine";
|
||||
home = "/home/wine";
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
|
@ -28,8 +28,8 @@
|
||||
}
|
||||
zle -N down-line-or-local-history
|
||||
|
||||
setopt share_history
|
||||
setopt hist_ignore_dups
|
||||
setopt SHARE_HISTORY
|
||||
setopt HIST_IGNORE_ALL_DUPS
|
||||
# setopt inc_append_history
|
||||
bindkey '^R' history-incremental-search-backward
|
||||
|
||||
|
@ -3,6 +3,7 @@ _:
|
||||
imports = [
|
||||
./dnsmasq.nix
|
||||
./ejabberd
|
||||
./ensure-permissions.nix
|
||||
./folderPerms.nix
|
||||
./hosts.nix
|
||||
./mysql-backup.nix
|
||||
|
66
lass/3modules/ensure-permissions.nix
Normal file
66
lass/3modules/ensure-permissions.nix
Normal file
@ -0,0 +1,66 @@
|
||||
{ config, pkgs, ... }: with import <stockholm/lib>;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.lass.ensure-permissions;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options.lass.ensure-permissions = mkOption {
|
||||
default = [];
|
||||
type = types.listOf (types.submodule ({
|
||||
options = {
|
||||
|
||||
folder = mkOption {
|
||||
type = types.absolute-pathname;
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
# TODO user type
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
# TODO group type
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
|
||||
permission = mkOption {
|
||||
# TODO permission type
|
||||
type = types.str;
|
||||
default = "u+rw,g+rw";
|
||||
};
|
||||
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
config = mkIf (cfg != []) {
|
||||
|
||||
system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
|
||||
${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
|
||||
${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
|
||||
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
|
||||
'') cfg;
|
||||
systemd.services =
|
||||
listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
ExecStart = pkgs.writeDash "ensure-perms" ''
|
||||
${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
|
||||
| while IFS= read -r FILE; do
|
||||
${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
|
||||
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
|
||||
done
|
||||
'';
|
||||
};
|
||||
}) cfg)
|
||||
;
|
||||
|
||||
};
|
||||
}
|
@ -13,15 +13,18 @@ let
|
||||
api = {
|
||||
enable = mkEnableOption "screenlock";
|
||||
command = mkOption {
|
||||
type = types.str;
|
||||
default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
|
||||
type = types.path;
|
||||
default = pkgs.writeDash "screenlock" ''
|
||||
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
|
||||
sleep 3
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
systemd.services.screenlock = {
|
||||
before = [ "sleep.target" ];
|
||||
wantedBy = [ "sleep.target" ];
|
||||
requiredBy = [ "sleep.target" ];
|
||||
environment = {
|
||||
DISPLAY = ":${toString config.services.xserver.display}";
|
||||
};
|
||||
|
@ -133,7 +133,7 @@ myKeyMap =
|
||||
, ("M4-f", floatNext True)
|
||||
, ("M4-b", sendMessage ToggleStruts)
|
||||
|
||||
, ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) )
|
||||
, ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.greedyView) )
|
||||
, ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) )
|
||||
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
|
||||
|
||||
@ -169,6 +169,7 @@ myKeyMap =
|
||||
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
|
||||
|
||||
, ("M4-s", spawn "${pkgs.knav}/bin/knav")
|
||||
, ("<Print>", spawn "${pkgs.flameshot-once}/bin/flameshot-once")
|
||||
|
||||
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
|
||||
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
|
||||
@ -220,7 +221,7 @@ gridConfig = def
|
||||
|
||||
allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
|
||||
allWorkspaceNames ws =
|
||||
return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
|
||||
return $ map W.tag (W.hidden ws ++ (map W.workspace $ W.visible ws)) ++ [W.tag $ W.workspace $ W.current ws]
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -11,7 +11,7 @@
|
||||
{}
|
||||
;
|
||||
|
||||
source = { test }: lib.evalSource [
|
||||
source = { test }: lib.evalSource ([
|
||||
(krebs-source { test = test; })
|
||||
{
|
||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
|
||||
@ -24,8 +24,7 @@
|
||||
};
|
||||
};
|
||||
}
|
||||
host-source
|
||||
];
|
||||
] ++ (lib.optional (! test) host-source));
|
||||
|
||||
in {
|
||||
|
||||
|
@ -86,6 +86,12 @@ rec {
|
||||
type = nullOr ssh-privkey;
|
||||
default = null;
|
||||
};
|
||||
|
||||
syncthing.id = mkOption {
|
||||
# TODO syncthing id type
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
|
0
makefu/0tests/data/secrets/hass/adbkey
Normal file
0
makefu/0tests/data/secrets/hass/adbkey
Normal file
1
makefu/0tests/data/secrets/hass/router.nix
Normal file
1
makefu/0tests/data/secrets/hass/router.nix
Normal file
@ -0,0 +1 @@
|
||||
""
|
5
makefu/0tests/data/secrets/hass/telegram-bot.json
Normal file
5
makefu/0tests/data/secrets/hass/telegram-bot.json
Normal file
@ -0,0 +1,5 @@
|
||||
{
|
||||
"platform": "polling",
|
||||
"api_key": "1:A",
|
||||
"allowed_chat_ids": [ 0, 1 ]
|
||||
}
|
0
makefu/0tests/data/secrets/id_nixBuild
Normal file
0
makefu/0tests/data/secrets/id_nixBuild
Normal file
@ -1,9 +1,16 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
let
|
||||
primaryInterface = "eth0";
|
||||
in {
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
./hardware-config.nix
|
||||
<stockholm/makefu/2configs/tools/core.nix>
|
||||
# <stockholm/makefu/2configs/tools/core.nix>
|
||||
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
|
||||
<stockholm/makefu/2configs/binary-cache/nixos.nix>
|
||||
#<stockholm/makefu/2configs/support-nixos.nix>
|
||||
<stockholm/makefu/2configs/homeautomation/default.nix>
|
||||
<stockholm/makefu/2configs/homeautomation/google-muell.nix>
|
||||
# configure your hw:
|
||||
# <stockholm/makefu/2configs/save-diskspace.nix>
|
||||
];
|
||||
@ -12,7 +19,7 @@
|
||||
tinc.retiolum.enable = true;
|
||||
build.host = config.krebs.hosts.cake;
|
||||
};
|
||||
|
||||
networking.firewall.trustedInterfaces = [ primaryInterface ];
|
||||
documentation.info.enable = false;
|
||||
documentation.man.enable = false;
|
||||
services.nixosManual.enable = false;
|
||||
|
@ -1,46 +1,15 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# :l <nixpkgs>
|
||||
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
|
||||
imports = [
|
||||
<stockholm/makefu>
|
||||
./hardware-config.nix
|
||||
<stockholm/makefu/2configs>
|
||||
<stockholm/makefu/2configs/tinc/retiolum.nix>
|
||||
<stockholm/makefu/2configs/save-diskspace.nix>
|
||||
|
||||
];
|
||||
krebs.build.host = config.krebs.hosts.crapi;
|
||||
# NixOS wants to enable GRUB by default
|
||||
boot.loader.grub.enable = false;
|
||||
|
||||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
||||
|
||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
||||
|
||||
fileSystems = {
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||||
fsType = "vfat";
|
||||
};
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.create-swap = ''
|
||||
if [ ! -e /swapfile ]; then
|
||||
fallocate -l 2G /swapfile
|
||||
mkswap /swapfile
|
||||
fi
|
||||
'';
|
||||
swapDevices = [ { device = "/swapfile"; size = 2048; } ];
|
||||
|
||||
nix.package = lib.mkForce pkgs.nixStable;
|
||||
services.openssh.enable = true;
|
||||
|
||||
}
|
||||
|
39
makefu/1systems/crapi/hardware-config.nix
Normal file
39
makefu/1systems/crapi/hardware-config.nix
Normal file
@ -0,0 +1,39 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
#raspi1
|
||||
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.raspberryPi.enable = true;
|
||||
boot.loader.raspberryPi.version = 1;
|
||||
boot.loader.raspberryPi.uboot.enable = true;
|
||||
boot.loader.raspberryPi.uboot.configurationLimit = 1;
|
||||
boot.loader.generationsDir.enable = lib.mkDefault false;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
boot.cleanTmpDir = true;
|
||||
environment.systemPackages = [ pkgs.raspberrypi-tools ];
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi;
|
||||
|
||||
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
|
||||
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
|
||||
|
||||
fileSystems = {
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||||
fsType = "vfat";
|
||||
};
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.create-swap = ''
|
||||
if [ ! -e /swapfile ]; then
|
||||
fallocate -l 2G /swapfile
|
||||
mkswap /swapfile
|
||||
chmod 600 /swapfile
|
||||
fi
|
||||
'';
|
||||
swapDevices = [ { device = "/swapfile"; size = 4096; } ];
|
||||
}
|
@ -84,6 +84,7 @@ in {
|
||||
<stockholm/makefu/2configs/shack/events-publisher>
|
||||
<stockholm/makefu/2configs/shack/gitlab-runner>
|
||||
<stockholm/makefu/2configs/remote-build/slave.nix>
|
||||
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
|
||||
<stockholm/makefu/2configs/taskd.nix>
|
||||
|
||||
# services
|
||||
|
@ -41,36 +41,36 @@ in {
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
boot.loader.grub.devices = [ main-disk ];
|
||||
boot.initrd.kernelModules = [ "dm-raid" ];
|
||||
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
|
||||
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
|
||||
];
|
||||
boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
|
||||
boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/nixos-root";
|
||||
device = "/dev/nixos/root";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/lib" = {
|
||||
device = "/dev/mapper/nixos-lib";
|
||||
device = "/dev/nixos/lib";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/log" = {
|
||||
device = "/dev/mapper/nixos-log";
|
||||
device = "/dev/nixos/log";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/download" = {
|
||||
device = "/dev/mapper/nixos-download";
|
||||
device = "/dev/nixos/download";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/var/www/binaergewitter" = {
|
||||
device = "/dev/mapper/nixos-binaergewitter";
|
||||
device = "/dev/nixos/binaergewitter";
|
||||
fsType = "ext4";
|
||||
options = [ "nofail" ];
|
||||
options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ];
|
||||
};
|
||||
fileSystems."/var/lib/borgbackup" = {
|
||||
device = "/dev/mapper/nixos-backup";
|
||||
device = "/dev/nixos/backup";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user