From ed8d07f6822f0886525bcd1e65951fdfcb72bc0d Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Dec 2018 18:48:16 +0100 Subject: [PATCH 01/37] pkgs.ns-atmosphere-programmer: fix url, use archive.org instead of unstable upstream --- makefu/5pkgs/ns-atmosphere-programmer/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix index 1e1cb1d86..88a408578 100644 --- a/makefu/5pkgs/ns-atmosphere-programmer/default.nix +++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix @@ -10,15 +10,16 @@ stdenv.mkDerivation rec { version = "0.1"; src = fetchzip { - url = "http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-linux-v01.zip"; - sha256 = "0g2fxbirgi0lm0mi69cmknqj7626fxjkwn98bqx5pcalxplww8k0"; + url = "https://archive.org/download/ns-atmosphere-programmer/ns-atmosphere-programmer-ubuntu-64bit-v01.zip"; + # original source: http://www.ns-atmosphere.com/media/content/ns-atmosphere-programmer-ubuntu-64bit-v01.zip + sha256 = "1cnyydsmrcpfwpdiry7qybh179499wpbvlzq5rk442hq9ak416ri"; }; buildInputs = with xlibs; [ libX11 libXxf86vm libSM gnome3.gtk libpng12 ]; nativeBuildInputs = [ autoPatchelfHook makeWrapper ]; installPhase = '' - install -D -m755 NS-Atmosphere-Programmer-Linux-v0.1/NS-Atmosphere $out/bin/NS-Atmosphere + install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \ --suffix XDG_DATA_DIRS : '${gnome3.defaultIconTheme}/share' ''; @@ -26,7 +27,7 @@ stdenv.mkDerivation rec { dontStrip = true; meta = with stdenv.lib; { - description = "Payload programmer for ns-atmosphere injector"; + description = "Payload programmer for ns-atmosphere injector for nintendo switch"; homepage = http://www.ns-atmosphere.com; maintainers = [ maintainers.makefu ]; platforms = platforms.linux; From 62e90729acb11b9b9eeee373048f9b338fe86a0e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Dec 2018 01:12:29 +0100 Subject: [PATCH 02/37] ma hw/ssd: init --- makefu/2configs/hw/ssd.nix | 4 ++++ makefu/2configs/hw/tp-x2x0.nix | 2 ++ 2 files changed, 6 insertions(+) create mode 100644 makefu/2configs/hw/ssd.nix diff --git a/makefu/2configs/hw/ssd.nix b/makefu/2configs/hw/ssd.nix new file mode 100644 index 000000000..9615b34d8 --- /dev/null +++ b/makefu/2configs/hw/ssd.nix @@ -0,0 +1,4 @@ +{ + # ssd trimming + services.fstrim.enable = true; +} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 98fe30daf..42ae309d0 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -4,6 +4,7 @@ with import ; { imports = [ ./tpm.nix + ./ssd.nix ]; boot.kernelModules = [ @@ -50,6 +51,7 @@ with import ; CPU_MAX_PERF_ON_BAT=30 ''; + powerManagement.resumeCommands = '' ${pkgs.rfkill}/bin/rfkill unblock all ''; From 23562e36190e07f338211541ac3d2cc77ebdbafa Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 17 Dec 2018 09:33:45 +0100 Subject: [PATCH 03/37] l domsen: add alewis.de to sender_domains --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index ce7df4bfb..25dac0ac4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -135,6 +135,7 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "alewis.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; From 87c62a2650c987f215dd979676c8d3426a47db72 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Dec 2018 12:33:57 +0100 Subject: [PATCH 04/37] ma bump-distrowatch: init --- makefu/1systems/gum/config.nix | 1 + makefu/1systems/omo/config.nix | 1 + makefu/3modules/bump-distrowatch.nix | 31 ++++++++++++++++++++++++++++ makefu/3modules/default.nix | 1 + 4 files changed, 34 insertions(+) create mode 100644 makefu/3modules/bump-distrowatch.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index dcfa3d0e5..7bc7e668c 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -21,6 +21,7 @@ in { ]; }; } + # diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 81b1e0ea1..ac2677b7f 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -11,6 +11,7 @@ in { ./hw/omo.nix #./hw/tsp.nix + diff --git a/makefu/3modules/bump-distrowatch.nix b/makefu/3modules/bump-distrowatch.nix new file mode 100644 index 000000000..18426cdcc --- /dev/null +++ b/makefu/3modules/bump-distrowatch.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.makefu.distrobump; + + imp = { + systemd.services.distrobump = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.curl ]; + restartIfChanged = false; + startAt = "daily"; + serviceConfig = { + PrivateTmp = true; + Type = "oneshot"; + ExecStart = pkgs.writeDash "bump-distrowatch" '' + set -euf + UA='Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0' + curl -Lvc /tmp/cookie.jar -A "$UA" 'https://distrowatch.com/' >/dev/null + sleep $(shuf -i 3-15 -n1).$(shuf -i 0-9 -n1) + curl -Lvc /tmp/cookie.jar -A "$UA" -e 'https://distrowatch.com/' 'https://distrowatch.com/nixos?frphr' >/dev/null + ''; + RandomizedDelaySec = 28800; + }; + }; + }; +in +{ + options.makefu.distrobump.enable = lib.mkEnableOption "distrobump"; + config = lib.mkIf cfg.enable imp; +} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 65b5a6afd..c6d8fccc3 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -3,6 +3,7 @@ _: { imports = [ ./awesome-extra.nix + ./bump-distrowatch.nix ./deluge.nix ./forward-journal.nix ./netdata.nix From 6179076fe236f3de9062c6d65d2a286834049e4d Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Dec 2018 17:10:24 +0100 Subject: [PATCH 05/37] tv mu: use /dev/sda for devices, not UUIDs^_^ --- tv/1systems/mu/config.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index a653ce40d..7820b1a77 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -13,10 +13,7 @@ with import ; tv.x0vncserver.enable = true; - # hardware configuration - boot.initrd.luks.devices.muca = { - device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91"; - }; + boot.initrd.luks.devices.muca.device = "/dev/sda2"; boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ]; boot.initrd.availableKernelModules = [ "ahci" ]; boot.kernelModules = [ "fbcon" "kvm-intel" ]; @@ -34,7 +31,7 @@ with import ; options = [ "defaults" "discard" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/CEB1-9743"; + device = "/dev/sda1"; fsType = "vfat"; }; }; From 8b4428816d1385e1dd5ec9bf0ce44ae0e284130a Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Dec 2018 17:11:31 +0100 Subject: [PATCH 06/37] tv mu: import x220 config --- tv/1systems/mu/config.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index 7820b1a77..be8d90940 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -5,6 +5,11 @@ with import ; + + { + # Override x220.nix as we're using networkmanager here. + networking.wireless.enable = mkForce false; + } ]; From f89f99011d77e53cc0729d2cf735ea2adb45ef22 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 18 Dec 2018 20:39:36 +0100 Subject: [PATCH 07/37] tv: enable networking.wireless in systems --- tv/1systems/alnus/config.nix | 4 ---- tv/1systems/mu/config.nix | 4 ---- tv/1systems/nomic/config.nix | 2 ++ tv/1systems/wu/config.nix | 2 ++ tv/1systems/xu/config.nix | 2 ++ tv/1systems/zu/config.nix | 2 ++ tv/2configs/hw/AO753.nix | 2 -- tv/2configs/hw/x220.nix | 2 -- 8 files changed, 8 insertions(+), 12 deletions(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index 001ad0bc4..949a98b2a 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -8,10 +8,6 @@ with import ; ]; - # TODO remove non-hardware stuff from ../2configs/hw/x220.nix - # networking.wireless.enable collides with networkmanager - networking.wireless.enable = mkForce false; - boot = { initrd = { availableKernelModules = [ "ahci" ]; diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix index be8d90940..f1cd7d673 100644 --- a/tv/1systems/mu/config.nix +++ b/tv/1systems/mu/config.nix @@ -6,10 +6,6 @@ with import ; - { - # Override x220.nix as we're using networkmanager here. - networking.wireless.enable = mkForce false; - } ]; diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix index 996a5e7ec..a89f07e8a 100644 --- a/tv/1systems/nomic/config.nix +++ b/tv/1systems/nomic/config.nix @@ -64,4 +64,6 @@ with import ; gnupg tmux ]; + + networking.wireless.enable = true; } diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 17eeff5da..4c491d65b 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -41,6 +41,8 @@ with import ; }; }; + networking.wireless.enable = true; + services.printing.enable = true; services.udev.extraRules = '' diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 5421cab92..b9c76cf49 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -147,6 +147,8 @@ with import ; gptfdisk ]; + networking.wireless.enable = true; + #services.bitlbee.enable = true; #services.tor.client.enable = true; #services.tor.enable = true; diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix index 414d2f226..bbfcfafc1 100644 --- a/tv/1systems/zu/config.nix +++ b/tv/1systems/zu/config.nix @@ -44,6 +44,8 @@ with import ; }; }; + networking.wireless.enable = true; + services.printing.enable = true; #services.bitlbee.enable = true; diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix index 8625078da..4df5e097a 100644 --- a/tv/2configs/hw/AO753.nix +++ b/tv/2configs/hw/AO753.nix @@ -25,8 +25,6 @@ with import ; config.boot.kernelPackages.broadcom_sta ]; - networking.wireless.enable = true; - nix = { buildCores = 2; maxJobs = 2; diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 38a89cfc3..35e7d8941 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -26,8 +26,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.wireless.enable = true; - # Required for Centrino. hardware.enableRedistributableFirmware = true; From f7e0cdbc142ad38e435c9d24a7098714b5d2c473 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 18 Dec 2018 21:17:29 +0100 Subject: [PATCH 08/37] lass prism: set wiregrill subnets explicitly --- krebs/3modules/lass/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1117dc61c..9d1d56ad3 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -98,7 +98,11 @@ in { ]; wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; - subnets = [ "10.244.1.0/24" "42:1::/32" ]; + subnets = [ + "10.244.1.0/24" + (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR + ]; }; }; }; From 81ab10469adb870936c577798e0f861d851d4cda Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Dec 2018 21:21:24 +0100 Subject: [PATCH 09/37] ma pkgs.xdcc-dl: init --- makefu/5pkgs/xdcc-dl/default.nix | 195 +++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 makefu/5pkgs/xdcc-dl/default.nix diff --git a/makefu/5pkgs/xdcc-dl/default.nix b/makefu/5pkgs/xdcc-dl/default.nix new file mode 100644 index 000000000..d9fdc3d2b --- /dev/null +++ b/makefu/5pkgs/xdcc-dl/default.nix @@ -0,0 +1,195 @@ +# generated using pypi2nix tool (version: 1.8.0) +# See more at: https://github.com/garbas/pypi2nix +# +# COMMAND: +# pypi2nix -V 3.6 -r ./lol +# + +{ pkgs ? import {} +}: + +let + + inherit (pkgs) makeWrapper; + inherit (pkgs.stdenv.lib) fix' extends inNixShell; + + pythonPackages = + import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" { + inherit pkgs; + inherit (pkgs) stdenv; + python = pkgs.python36; + }; + + commonBuildInputs = []; + commonDoCheck = false; + + withPackages = pkgs': + let + pkgs = builtins.removeAttrs pkgs' ["__unfix__"]; + interpreter = pythonPackages.buildPythonPackage { + name = "python36-interpreter"; + buildInputs = [ makeWrapper ] ++ (builtins.attrValues pkgs); + buildCommand = '' + mkdir -p $out/bin + ln -s ${pythonPackages.python.interpreter} $out/bin/${pythonPackages.python.executable} + for dep in ${builtins.concatStringsSep " " (builtins.attrValues pkgs)}; do + if [ -d "$dep/bin" ]; then + for prog in "$dep/bin/"*; do + if [ -f $prog ]; then + ln -s $prog $out/bin/`basename $prog` + fi + done + fi + done + for prog in "$out/bin/"*; do + wrapProgram "$prog" --prefix PYTHONPATH : "$PYTHONPATH" + done + pushd $out/bin + ln -s ${pythonPackages.python.executable} python + popd + ''; + passthru.interpreter = pythonPackages.python; + }; + in { + __old = pythonPackages; + inherit interpreter; + mkDerivation = pythonPackages.buildPythonPackage; + packages = pkgs; + overrideDerivation = drv: f: + pythonPackages.buildPythonPackage (drv.drvAttrs // f drv.drvAttrs); + withPackages = pkgs'': + withPackages (pkgs // pkgs''); + }; + + python = withPackages {}; + + generated = self: { + inherit (pythonPackages) requests irc beautifulsoup4 six pyqt5; + "PyExecJS" = python.mkDerivation { + name = "PyExecJS-1.5.0"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/1c/a0/359e179605bbf3f6c6ed96c44e056eebed39732b67427f30d56e259934f2/PyExecJS-1.5.0.tar.gz"; sha256 = "99315766f8155eea195a3f4179b35cd8dc64b2360c081ae29d92c603c26aeaaa"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."six" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.mit; + description = "Run JavaScript code from Python"; + }; + }; + + + + + "bs4" = python.mkDerivation { + name = "bs4-0.0.1"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz"; sha256 = "36ecea1fd7cc5c0c6e4a1ff075df26d50da647b75376626cc186e2212886dd3a"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."beautifulsoup4" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.mit; + description = "Screen-scraping library"; + }; + }; + + + + "certifi" = python.mkDerivation { + name = "certifi-2017.11.5"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/23/3f/8be01c50ed24a4bd6b8da799839066ce0288f66f5e11f0367323467f0cbc/certifi-2017.11.5.tar.gz"; sha256 = "5ec74291ca1136b40f0379e1128ff80e866597e4e2c1e755739a913bbc3613c0"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = "MPL-2.0"; + description = "Python package for providing Mozilla's CA Bundle."; + }; + }; + + + + "cfscrape" = python.mkDerivation { + name = "cfscrape-1.9.1"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/cf/9a/50d3844d67fe5507217fd47c9e382e769ab5f7d967b41c25ba3712c441c3/cfscrape-1.9.1.tar.gz"; sha256 = "9cee3708c643904eaa010a64dd1715890457bb77010d87405fc1bfeb892508d7"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."PyExecJS" + self."requests" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = ""; + description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information."; + }; + }; + + + + "typing" = python.mkDerivation { + name = "typing-3.6.2"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/ca/38/16ba8d542e609997fdcd0214628421c971f8c395084085354b11ff4ac9c3/typing-3.6.2.tar.gz"; sha256 = "d514bd84b284dd3e844f0305ac07511f097e325171f6cc4a20878d11ad771849"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.psfl; + description = "Type Hints for Python"; + }; + }; + + + + + "urwid" = python.mkDerivation { + name = "urwid-1.3.1"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/85/5d/9317d75b7488c335b86bd9559ca03a2a023ed3413d0e8bfe18bea76f24be/urwid-1.3.1.tar.gz"; sha256 = "cfcec03e36de25a1073e2e35c2c7b0cc6969b85745715c3a025a31d9786896a1"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.lgpl2; + description = "A full-featured console (xterm et al.) user interface library"; + }; + }; + + + + "xdcc-dl" = python.mkDerivation { + name = "xdcc-dl-2.1.0"; + src = pkgs.fetchurl { url = "https://pypi.python.org/packages/52/5a/1f1c8e77c212074d508701f208440bdfac4c6366de3f74fc9772a09369ef/xdcc_dl-2.1.0.tar.gz"; sha256 = "7071fca28de83ab0944b086a6dac0af053225b5663d9cf28a8dac868d81b2fc6"; }; + doCheck = commonDoCheck; + buildInputs = commonBuildInputs; + propagatedBuildInputs = [ + self."bs4" + self."cfscrape" + self."irc" + self."requests" + self."typing" + self."urwid" + ]; + meta = with pkgs.stdenv.lib; { + homepage = ""; + license = licenses.gpl3; + description = "An XDCC File Downloader based on the irclib framework"; + }; + }; + + }; + +in python.withPackages + (fix' (pkgs.lib.fold + extends + generated + [] + ) + ) From 076190e5b72139c037929ff15ddddd0acda62c58 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Dec 2018 21:27:10 +0100 Subject: [PATCH 10/37] ma support-nixos: init --- makefu/2configs/support-nixos.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/2configs/support-nixos.nix diff --git a/makefu/2configs/support-nixos.nix b/makefu/2configs/support-nixos.nix new file mode 100644 index 000000000..d4e5556ff --- /dev/null +++ b/makefu/2configs/support-nixos.nix @@ -0,0 +1 @@ +{ makefu.distrobump.enable = true; } From 0b57526d4fabfd40cd1f0bd5ba7bca301c7288d3 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 18 Dec 2018 21:05:51 +0100 Subject: [PATCH 11/37] tv: configure the wiregrill --- krebs/3modules/tv/default.nix | 33 +++++++++++++++++++++----- krebs/3modules/tv/wiregrill/alnus.pub | 1 + krebs/3modules/tv/wiregrill/mu.pub | 1 + krebs/3modules/tv/wiregrill/ni.pub | 1 + krebs/3modules/tv/wiregrill/nomic.pub | 1 + krebs/3modules/tv/wiregrill/querel.pub | 1 + krebs/3modules/tv/wiregrill/wu.pub | 1 + krebs/3modules/tv/wiregrill/xu.pub | 1 + krebs/3modules/tv/wiregrill/zu.pub | 1 + 9 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 krebs/3modules/tv/wiregrill/alnus.pub create mode 100644 krebs/3modules/tv/wiregrill/mu.pub create mode 100644 krebs/3modules/tv/wiregrill/ni.pub create mode 100644 krebs/3modules/tv/wiregrill/nomic.pub create mode 100644 krebs/3modules/tv/wiregrill/querel.pub create mode 100644 krebs/3modules/tv/wiregrill/wu.pub create mode 100644 krebs/3modules/tv/wiregrill/xu.pub create mode 100644 krebs/3modules/tv/wiregrill/zu.pub diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 0683492bc..a20801b12 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,12 +1,30 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ - owner = config.krebs.users.tv; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; - }); + hostDefaults = hostName: host: foldl' recursiveUpdate {} [ + { + owner = config.krebs.users.tv; + } + (optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = + (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; + }; + }) + (let + pubkey-path = ./wiregrill + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.wiregrill = { + aliases = [ + "${hostName}.w" + ]; + ip6.addr = + (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address; + wireguard.pubkey = readFile pubkey-path; + }; + }) + host + ]; in { dns.providers = { @@ -103,6 +121,9 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill.wireguard.subnets = [ + (krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR + ]; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; }; diff --git a/krebs/3modules/tv/wiregrill/alnus.pub b/krebs/3modules/tv/wiregrill/alnus.pub new file mode 100644 index 000000000..de85e54da --- /dev/null +++ b/krebs/3modules/tv/wiregrill/alnus.pub @@ -0,0 +1 @@ +w7+6kMf1P3Ka0kXXY4CCbr80TrWPYpe/zd13yuvz9SE= diff --git a/krebs/3modules/tv/wiregrill/mu.pub b/krebs/3modules/tv/wiregrill/mu.pub new file mode 100644 index 000000000..18edc8986 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/mu.pub @@ -0,0 +1 @@ +4bboT+cZM1BYvNho9oKbO0MFnPFTvmASR+1IdV4/fwQ= diff --git a/krebs/3modules/tv/wiregrill/ni.pub b/krebs/3modules/tv/wiregrill/ni.pub new file mode 100644 index 000000000..257b29833 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/ni.pub @@ -0,0 +1 @@ +KiIiwkuin+E4FXqFajJjnoGKkHW3H3FzIx5EQrF1+lw= diff --git a/krebs/3modules/tv/wiregrill/nomic.pub b/krebs/3modules/tv/wiregrill/nomic.pub new file mode 100644 index 000000000..be9c94be6 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/nomic.pub @@ -0,0 +1 @@ +UgvgarDtuSvbciNx5SU2NDbctb9/OTQ9Kr8H/O3931A= diff --git a/krebs/3modules/tv/wiregrill/querel.pub b/krebs/3modules/tv/wiregrill/querel.pub new file mode 100644 index 000000000..2273cf99d --- /dev/null +++ b/krebs/3modules/tv/wiregrill/querel.pub @@ -0,0 +1 @@ +sxaqrsqcDgdM3+QH6mxzqDs3SLWgm7J8AytpIbRZ2n0= diff --git a/krebs/3modules/tv/wiregrill/wu.pub b/krebs/3modules/tv/wiregrill/wu.pub new file mode 100644 index 000000000..0d25d9de9 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/wu.pub @@ -0,0 +1 @@ +68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E= diff --git a/krebs/3modules/tv/wiregrill/xu.pub b/krebs/3modules/tv/wiregrill/xu.pub new file mode 100644 index 000000000..ba0c7dd04 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/xu.pub @@ -0,0 +1 @@ +XU76RFN0jG/YjffAPg3e3VuHF/iKMvVoRhHmixvLL1s= diff --git a/krebs/3modules/tv/wiregrill/zu.pub b/krebs/3modules/tv/wiregrill/zu.pub new file mode 100644 index 000000000..0238dd653 --- /dev/null +++ b/krebs/3modules/tv/wiregrill/zu.pub @@ -0,0 +1 @@ +WrILdnsketejrJuYM/sLEh89GdSVbddv8BG/D3sW7kw= From b199a386d331ab7ff16cae6e0393379ce18a17af Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Dec 2018 21:57:08 +0100 Subject: [PATCH 12/37] external: add qubasa --- krebs/3modules/external/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 02d28ddc8..39922e2ee 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -289,6 +289,31 @@ in { }; }; }; + qubasa = { + owner = config.krebs.users.qubasa; + nets = { + retiolum = { + ip4.addr = "10.243.29.175"; + aliases = [ "qubasa.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z + f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm + 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 + aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs + KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v + aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j + kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 + 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB + 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz + k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV + Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v + vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { Mic92 = { @@ -301,6 +326,9 @@ in { }; sokratess = { }; + qubasa = { + mail = "luis.nixos@gmail.com"; + }; }; } From dc79107558105a3b6afb558f194965fcb3867542 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Dec 2018 22:29:56 +0100 Subject: [PATCH 13/37] l wiregrill: remove newlines from pubkeys --- lass/2configs/wiregrill.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix index b2ee35df3..0183bd4e5 100644 --- a/lass/2configs/wiregrill.nix +++ b/lass/2configs/wiregrill.nix @@ -37,7 +37,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { ; endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; - publicKey = host.nets.wiregrill.wireguard.pubkey; + publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey); }) (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); }; From 5299bd93a0240580bc1aec377436c44273f144e5 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Dec 2018 23:24:00 +0100 Subject: [PATCH 14/37] ma bgt/backup.nix: init --- makefu/1systems/gum/config.nix | 1 + makefu/2configs/bgt/backup.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 makefu/2configs/bgt/backup.nix diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 7bc7e668c..97b4555a5 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -132,6 +132,7 @@ in { + # diff --git a/makefu/2configs/bgt/backup.nix b/makefu/2configs/bgt/backup.nix new file mode 100644 index 000000000..3b9baadef --- /dev/null +++ b/makefu/2configs/bgt/backup.nix @@ -0,0 +1,20 @@ +{ + # Manual steps: + # 1. ssh-copy-id root ssh-key to the remotes you want to back up + # 2. run `rsnapshot hourly` manually as root to check if everything works + services.rsnapshot = { + enable = true; + cronIntervals = { + daily = "50 21 * * *"; + hourly = "0 */4 * * *"; + }; + extraConfig = '' +retain hourly 5 +retain daily 365 +snapshot_root /var/backup +backup root@binaergewitter.jit.computer:/opt/isso jit +backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit +backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit + ''; + }; +} From d0a02bf54d6538a027f619f83fe895cbfdf4b366 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Dec 2018 14:25:03 +0100 Subject: [PATCH 15/37] external: move users from makefu namespace to external --- krebs/3modules/external/default.nix | 26 +++++++++++++++---- krebs/3modules/external/ssh/Mic92.pub | 1 + .../{makefu => external}/ssh/exco.pub | 0 krebs/3modules/external/ssh/raute.pub | 1 + .../{makefu => external}/ssh/ulrich.pub | 0 krebs/3modules/makefu/default.nix | 11 -------- 6 files changed, 23 insertions(+), 16 deletions(-) create mode 100644 krebs/3modules/external/ssh/Mic92.pub rename krebs/3modules/{makefu => external}/ssh/exco.pub (100%) create mode 100644 krebs/3modules/external/ssh/raute.pub rename krebs/3modules/{makefu => external}/ssh/ulrich.pub (100%) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 39922e2ee..7b651f6f1 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -9,6 +9,7 @@ with import ; nets.retiolum.ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }); + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); in { hosts = mapAttrs hostDefaults { @@ -316,19 +317,34 @@ in { }; }; users = { - Mic92 = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; - mail = "joerg@higgsboson.tk"; + ciko = { + mail = "wieczorek.stefan@googlemail.com"; + }; + exco = { + mail = "dickbutt@excogitation.de"; + pubkey = pub-for "exco"; }; kmein = { }; - palo = { + Mic92 = { + mail = "joerg@higgsboson.tk"; + pubkey = pub-for "Mic92"; }; - sokratess = { + palo = { }; qubasa = { mail = "luis.nixos@gmail.com"; }; + raute = { + mail = "macxylo@gmail.com"; + pubkey = pub-for "raute"; + }; + sokratess = { + }; + ulrich = { + mail = "shackspace.de@myvdr.de"; + pubkey = pub-for "ulrich"; + }; }; } diff --git a/krebs/3modules/external/ssh/Mic92.pub b/krebs/3modules/external/ssh/Mic92.pub new file mode 100644 index 000000000..600709c78 --- /dev/null +++ b/krebs/3modules/external/ssh/Mic92.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE diff --git a/krebs/3modules/makefu/ssh/exco.pub b/krebs/3modules/external/ssh/exco.pub similarity index 100% rename from krebs/3modules/makefu/ssh/exco.pub rename to krebs/3modules/external/ssh/exco.pub diff --git a/krebs/3modules/external/ssh/raute.pub b/krebs/3modules/external/ssh/raute.pub new file mode 100644 index 000000000..69b4d3d10 --- /dev/null +++ b/krebs/3modules/external/ssh/raute.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH385gr3BAKJ92k1FaOLx2wFMgDFTmupOcww5g/bEAsO raute@wolf diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/external/ssh/ulrich.pub similarity index 100% rename from krebs/3modules/makefu/ssh/ulrich.pub rename to krebs/3modules/external/ssh/ulrich.pub diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index befec2156..4fe24025f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1079,16 +1079,5 @@ in { inherit (makefu) mail pgp; pubkey = pub-for "makefu.bob"; }; - ciko = { - mail = "wieczorek.stefan@googlemail.com"; - }; - ulrich = { - pubkey = pub-for "ulrich"; - mail = "shackspace.de@myvdr.de"; - }; - exco = { - mail = "dickbutt@excogitation.de"; - pubkey = pub-for "exco"; - }; }; } From 30654e46c67e99d67c5e247f8e92050cc3087e0e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Dec 2018 14:33:07 +0100 Subject: [PATCH 16/37] external: sort --- krebs/3modules/external/default.nix | 390 ++++++++++++++-------------- 1 file changed, 195 insertions(+), 195 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7b651f6f1..ee1dbf4ee 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -13,128 +13,25 @@ with import ; in { hosts = mapAttrs hostDefaults { - sokrateslaptop = { - owner = config.krebs.users.sokratess; - nets = { - retiolum = { - ip4.addr = "10.243.142.104"; - aliases = [ - "sokrateslaptop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 - t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ - rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW - egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 - aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V - VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - kruck = { - owner = config.krebs.users.palo; - nets = { - retiolum = { - ip4.addr = "10.243.29.201"; - aliases = [ - "kruck.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh - QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA - EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U - uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ - /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR - 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s - qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH - gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj - jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs - fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 - TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - scardanelli = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.2"; - aliases = [ - "scardanelli.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ - MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge - UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi - kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 - gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx - we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY - QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm - SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL - 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f - m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q - FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 - lM61fOMcVW1KREdWypiDtu8CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - homeros = { - owner = config.krebs.users.kmein; - nets = { - retiolum = { - ip4.addr = "10.243.2.1"; - aliases = [ - "homeros.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd - ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc - 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v - RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd - vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 - +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc - QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm - fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh - VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 - k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX - gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N - mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - turingmachine = { + dpdkm = { owner = config.krebs.users.Mic92; - nets = { + nets = rec { retiolum = { - ip4.addr = "10.243.29.168"; - aliases = [ - "turingmachine.r" - ]; + ip4.addr = "10.243.29.173"; + aliases = [ "dpdkm.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; @@ -178,83 +75,6 @@ in { }; }; }; - rock = { - owner = config.krebs.users.Mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - dpdkm = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; eve = { owner = config.krebs.users.Mic92; nets = rec { @@ -290,6 +110,59 @@ in { }; }; }; + homeros = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + kruck = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.29.201"; + aliases = [ + "kruck.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh + QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA + EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U + uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ + /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR + 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s + qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH + gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj + jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs + fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 + TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -315,6 +188,133 @@ in { }; }; }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + scardanelli = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + sokrateslaptop = { + owner = config.krebs.users.sokratess; + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { ciko = { From 337761712a00c4f90ea3fabc228bf5d494f357e5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Dec 2018 14:41:56 +0100 Subject: [PATCH 17/37] external: move tpsw from makefu, add justraute --- krebs/3modules/external/default.nix | 36 ++++++++++++--- krebs/3modules/external/tinc/justraute.pub | 14 ++++++ krebs/3modules/external/tinc/tpsw.pub | 8 ++++ krebs/3modules/makefu/default.nix | 51 ---------------------- 4 files changed, 53 insertions(+), 56 deletions(-) create mode 100644 krebs/3modules/external/tinc/justraute.pub create mode 100644 krebs/3modules/external/tinc/tpsw.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index ee1dbf4ee..fc450b667 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -9,7 +9,8 @@ with import ; nets.retiolum.ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }); - pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); + tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); in { hosts = mapAttrs hostDefaults { @@ -137,6 +138,18 @@ in { }; }; }; + justraute = { + owner = config.krebs.users.raute; # laptop + nets = { + retiolum = { + ip4.addr = "10.243.183.231"; + aliases = [ + "justraute.r" + ]; + tinc.pubkey = tinc-for "justraute"; + }; + }; + }; kruck = { owner = config.krebs.users.palo; nets = { @@ -260,6 +273,19 @@ in { }; }; }; + tpsw = { + cores = 2; + owner = config.krebs.users.ciko; # main laptop + nets = { + retiolum = { + ip4.addr = "10.243.183.236"; + aliases = [ + "tpsw.r" + ]; + tinc.pubkey = tinc-for "tpsw"; + }; + }; + }; turingmachine = { owner = config.krebs.users.Mic92; nets = { @@ -322,13 +348,13 @@ in { }; exco = { mail = "dickbutt@excogitation.de"; - pubkey = pub-for "exco"; + pubkey = ssh-for "exco"; }; kmein = { }; Mic92 = { mail = "joerg@higgsboson.tk"; - pubkey = pub-for "Mic92"; + pubkey = ssh-for "Mic92"; }; palo = { }; @@ -337,13 +363,13 @@ in { }; raute = { mail = "macxylo@gmail.com"; - pubkey = pub-for "raute"; + pubkey = ssh-for "raute"; }; sokratess = { }; ulrich = { mail = "shackspace.de@myvdr.de"; - pubkey = pub-for "ulrich"; + pubkey = ssh-for "ulrich"; }; }; } diff --git a/krebs/3modules/external/tinc/justraute.pub b/krebs/3modules/external/tinc/justraute.pub new file mode 100644 index 000000000..b4af349b7 --- /dev/null +++ b/krebs/3modules/external/tinc/justraute.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0FJ2Wh7y8lgXOLXR2VQh +BsERf4uoWQ2UZexxv5bo6H9aYmyc+pA7q9ScP+ljKIXHLG3RbskIDFJLfs2HHS2u +rCD3Pv71Ihx8fgmP7VdJktvFV8uBbDk2YF28Kd198ggEPL9ki1+LKzauTv0CCBcK +O78VgN8v+l42v+oQSFk30FBYCpvld39dv74etb4/T4zmn7H3RNH+gPU1T0dge4yu +xdlCk4TmNXWcw3cDvcCDDJFblH100IWRZ8enH4wHC5LvSKcYCqiiILsKAPuS8/J0 +cUePfRln1ZJDvR8AlO8ejRU7PC7550JbyqRbu0oAro2fLz7BOAJi6v8SbPU4GUaT +uFDwJsIqcRnnC8a7N4DouDyUUnTWdTtuDtl0R/I9SYY/u4MhgmFI8bribhwDMmdC +V7UM+023cC/mM9TqCPP0xdy3oiTXRyWk9aNEWep4box/VXmNsJ0hjeIi/W06eXBZ +0j5T3wKnuxSzktyhq8Jt4zJEuarBfwGBcxNf+3CHuKjfN7SAxmQZCRwS/2cPcNDS +HkApVsqTdOuLaXnoCJQyxvMQt70OCXmOs/bk0ZAcqNRJ+gYot1duplB+15+ro07j +3sLbwUMsfpC40CnHd3s1w74/5l1DAc9Mo4I5xX0QH7PCgVzJ9wEctonaItWzT/q4 +vElG9ULoGQb0prlJC35i738CAwEAAQ== +-----END PUBLIC KEY----- diff --git a/krebs/3modules/external/tinc/tpsw.pub b/krebs/3modules/external/tinc/tpsw.pub new file mode 100644 index 000000000..38b0cb293 --- /dev/null +++ b/krebs/3modules/external/tinc/tpsw.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ +Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML +WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl +OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM +0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd +pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 4fe24025f..e60bbee70 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -992,57 +992,6 @@ in { }; }; }; - } // { # hosts only maintained in stockholm, not owned by me - muhbaasu = rec { - owner = config.krebs.users.root; - cores = 1; - nets = { - internet = { - ip4.addr = "217.160.206.154"; - aliases = [ - "muhbaasu.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.139.184"; - aliases = [ - "muhbaasu.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0f4C4xKXpnyV1ig03O2Kef8ag+/5WGkW90uxEBb/h5NY9barex+Z - KqVbkPdHhwoCIINuCVcOnJXzeo0FZtSEq3zVhscVm0PVdNfjct8a9KMsK0iUmuul - 5WD9Glh5/1wkEmbRfVxDErhssz1b8YmFOAGQn+ujO/Znn3BLv36uKQvpqU2y5bzb - +rVnq3eE1bCSeuj41bgEve8+vxpforjLO6gbE91mwp3Ol6nkkp6CjpG+aFTuLCAj - YR0MIl2gGwskOGSI38QxlLouOlIGwus5f+KfC94ZP0pMwu5pT45UOUkVnlBXuZ9E - igNHG2Vtm76nB3yYHndOvuDTOufatX61dQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - tpsw = { - cores = 2; - owner = config.krebs.users.ciko; # main laptop - nets = { - retiolum = { - ip4.addr = "10.243.183.236"; - aliases = [ - "tpsw.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvwYPFAINwV0EH0myFpNzRjVbqXdAmJP616C5JvODklhZWJxFxlKJ - Poczl57j2Z+4bonkTrJmsNtSaQLPKYH4H1qfo/lwz7nqEpPi3Xp4Fgts23w36eML - WBvbw0fQO9R8zZJIIdRkJ2qqlhZiTlor1Gtlm8Z1RmpKkhL9O6Yzj94VhGLhABVl - OsaF2M3PgXJMiLry67jzbAs3+mVaT3iBTzWOaOyREjKQEUg9B9IDxrmZMSWqdXZM - 0wfzaCjS40jD73m7tqi7W3tXzAUP4mEeUqkC+NC2Zgm/lJ5B1KPx7AyNqtRLsBLd - pIdJs6ng63WV1fyHYUWMYqZk9zB/tQ0b0wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; }; users = rec { makefu = { From 50d91aa83f1ed2fda1771387845ab254b576ad7c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Dec 2018 20:54:01 +0100 Subject: [PATCH 18/37] nixpkgs: 5d4a1a3 -> 7e88992 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 61fd085be..62fd7d205 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "5d4a1a3897e2d674522bcb3aa0026c9e32d8fd7c", - "date": "2018-11-24T00:40:22-05:00", - "sha256": "19kryzx9a6x68mpyxks3dajraf92hkbnw1zf952k73s2k4qw9jlq", + "rev": "7e88992a8c7b2de0bcb89182d8686b27bd93e46a", + "date": "2018-12-14T12:54:27+01:00", + "sha256": "1f6lf4addczi81hchqbzjlhrsmkrj575dmdjdhyl0jkm7ypy2lgk", "fetchSubmodules": false } From 2e4266297a5b735639c34a52ec8a21f07512d479 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 15:48:35 +0100 Subject: [PATCH 19/37] l wiregrill: remove obsolete ipv4 --- krebs/3modules/lass/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9d1d56ad3..703e54e26 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,7 +91,6 @@ in { }; wiregrill = { via = internet; - ip4.addr = "10.244.1.1"; ip6.addr = w6 "1"; aliases = [ "prism.w" @@ -99,7 +98,6 @@ in { wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; subnets = [ - "10.244.1.0/24" (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR ]; @@ -474,7 +472,6 @@ in { phone = { nets = { wiregrill = { - ip4.addr = "10.244.1.2"; ip6.addr = w6 "a"; aliases = [ "phone.w" From 53bea08c263fa5f481255ed51da8ec79a88e11a8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 15:48:57 +0100 Subject: [PATCH 20/37] l daedalus: kill games & steam --- lass/1systems/daedalus/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 305b3f70e..4472711e5 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -6,8 +6,6 @@ with import ; - - { # bubsy config From 54d220f7fd758adb3e7289331a77ee27097aae9b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 15:49:17 +0100 Subject: [PATCH 21/37] l daedalus: add torbrowser to pkgs --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 4472711e5..a43603f50 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -70,6 +70,7 @@ with import ; #remote control environment.systemPackages = with pkgs; [ x11vnc + torbrowser ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } From e8f21e098edb2c3af5fc36f5df616e8f76f7f7b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 15:49:45 +0100 Subject: [PATCH 22/37] l mors: accept android sdk license --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 46cdbbb66..b39f03df9 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -147,6 +147,7 @@ with import ; OnCalendar = "00:37"; }; + nixpkgs.config.android_sdk.accept_license = true; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; From d5db3117b570e2afaa9133e44b7f04fd10bb0ad1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 15:50:05 +0100 Subject: [PATCH 23/37] l prism: add wiregrill nfs export --- lass/1systems/prism/config.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6c454b4ac..034721660 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -390,6 +390,28 @@ with import ; ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : chown download: /var/download/finished ''; + + fileSystems."/export/download" = { + device = "/var/lib/containers/yellow/var/download"; + options = [ "bind" ]; + }; + services.nfs.server = { + enable = true; + exports = '' + /export 42::/16(insecure,ro,crossmnt) + ''; + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } + ]; } ]; From 7657a92d85e967a6a753a428e1ddacee7eb73154 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 15:50:39 +0100 Subject: [PATCH 24/37] l xmonad: add copyToAll button --- lass/5pkgs/custom/xmonad-lass/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 79e6416e1..483e37bc8 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -11,10 +11,7 @@ pkgs.writeHaskellPackage "xmonad-lass" { "xmonad-stockholm" ]; text = /* haskell */ '' -{-# LANGUAGE DeriveDataTypeable #-} -- for XS -{-# LANGUAGE FlexibleContexts #-} -- for xmonad' {-# LANGUAGE LambdaCase #-} -{-# LANGUAGE ScopedTypeVariables #-} module Main where @@ -28,7 +25,7 @@ import System.Environment (getArgs, lookupEnv) import System.Exit (exitFailure) import System.IO (hPutStrLn, stderr) import System.Posix.Process (executeFile) -import XMonad.Actions.CopyWindow (copy, kill1) +import XMonad.Actions.CopyWindow (copy, copyToAll, kill1) import XMonad.Actions.CycleWS (toggleWS) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace) import XMonad.Actions.DynamicWorkspaces (withWorkspace) @@ -149,6 +146,8 @@ myKeyMap = , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") + , ("M4-", windows copyToAll) + , ("M4-", spawn "${pkgs.writeDash "nm-dmenu" '' export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@" From 4c60ad0e085702eb9291c20374f1c80fe5cfa05e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 16:32:19 +0100 Subject: [PATCH 25/37] l daedalus: fix typo in ipv6 --- krebs/3modules/lass/default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 703e54e26..018998c9c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -276,7 +276,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.115"; - ip6.addr = r6 "dead"; + ip6.addr = r6 "daed"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -292,8 +292,14 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "daed"; + aliases = [ + "dapdalus.w" + ]; + wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI="; + }; }; - secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; }; From 7a7dc91f179520bcc78ee1bd6e907979e1508260 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 16:32:41 +0100 Subject: [PATCH 26/37] l: add nfs-dl.nix --- lass/1systems/daedalus/config.nix | 1 + lass/2configs/baseX.nix | 1 + lass/2configs/nfs-dl.nix | 7 +++++++ 3 files changed, 9 insertions(+) create mode 100644 lass/2configs/nfs-dl.nix diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index a43603f50..e28fbf2f8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -7,6 +7,7 @@ with import ; + { # bubsy config users.users.bubsy = { diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 1b6a1d593..1f2bb511f 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix + ./nfs-dl.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/nfs-dl.nix b/lass/2configs/nfs-dl.nix new file mode 100644 index 000000000..abbcc1d42 --- /dev/null +++ b/lass/2configs/nfs-dl.nix @@ -0,0 +1,7 @@ +{ + fileSystems."/mnt/prism" = { + device = "prism.w:/export"; + fsType = "nfs"; + }; +} + From cabb397b83afbe2726a4da33f4d230da30704a63 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 24 Dec 2018 16:34:34 +0100 Subject: [PATCH 27/37] nixpkgs: 7e88992 -> b9fa31c --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 62fd7d205..821c79cde 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "7e88992a8c7b2de0bcb89182d8686b27bd93e46a", - "date": "2018-12-14T12:54:27+01:00", - "sha256": "1f6lf4addczi81hchqbzjlhrsmkrj575dmdjdhyl0jkm7ypy2lgk", + "rev": "b9fa31cea0e119ecf1867af4944ddc2f7633aacd", + "date": "2018-12-22T15:37:52+00:00", + "sha256": "1iqdra7nvcwbydjirjsk71rpzk4ljc0gzqy33fcp8l18y8iwh47k", "fetchSubmodules": false } From 371e22366526d8fe9695e6ac4d1d0b5fcb66bd6b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:21:45 +0100 Subject: [PATCH 28/37] external: set wiregrill ip6 --- krebs/3modules/external/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index fc450b667..441fda45e 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -8,6 +8,9 @@ with import ; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill.ip6.addr = + (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); From 8b4beb8138aa283f99b0cbb3adb84d08c05aad5a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:23:22 +0100 Subject: [PATCH 29/37] l daedalus.w: fix alias --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 018998c9c..630c14f18 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -295,7 +295,7 @@ in { wiregrill = { ip6.addr = w6 "daed"; aliases = [ - "dapdalus.w" + "daedalus.w" ]; wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI="; }; From 48847ca8154fdc8db62ff151effdb3e39cae87f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:38:29 +0100 Subject: [PATCH 30/37] external: add miaoski --- krebs/3modules/external/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 441fda45e..e5b201f74 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -344,6 +344,20 @@ in { }; }; }; + miaoski = { + owner = config.krebs.users.miaoski; + nets = { + wiregrill = { + aliases = [ "miaoski.w" ]; + wireguard = { + pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4="; + subnets = [ + (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR + ]; + }; + }; + }; + }; }; users = { ciko = { @@ -374,6 +388,8 @@ in { mail = "shackspace.de@myvdr.de"; pubkey = ssh-for "ulrich"; }; + miaoski = { + }; }; } From 712ef03b7afce99f359cf1a5072b63f493ed461b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:24:32 +0100 Subject: [PATCH 31/37] l prism: fix MASQUERADING for externals --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 034721660..dd8ab0dd9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -309,7 +309,7 @@ with import ; { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } + { v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; services.dnsmasq = { From 16bfb80f528bf51610bf621b7eb4dfae7ed010db Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:24:51 +0100 Subject: [PATCH 32/37] l: add nintendo@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1acfe5056..f487a9910 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -95,6 +95,7 @@ with import ; { from = "lesswrong@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; } { from = "csv-direct@lassul.us"; to = lass.mail; } + { from = "nintendo@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From a46b64750512ebc167a65a39b563eeca8ce8d8b9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:28:41 +0100 Subject: [PATCH 33/37] l websites: add wireguard-key location --- lass/2configs/websites/lassulus.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17af0d00d..307f1c2b3 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -63,6 +63,9 @@ in { locations."= /retiolum.hosts".extraConfig = '' alias ${pkgs.retiolum-hosts}; ''; + locations."= /wireguard-key".extraConfig = '' + alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey}; + ''; locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; From 81de4a0473da780b449c9a5e502c2c6a12f57d3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 Dec 2018 14:29:41 +0100 Subject: [PATCH 34/37] l sqlBackup: fix permissions/folders --- lass/2configs/websites/sqlBackup.nix | 4 +--- lass/3modules/mysql-backup.nix | 16 ++++++++-------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 897e35e61..10a6e4643 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -20,9 +20,7 @@ lass.mysqlBackup = { enable = true; - config.all = { - password = toString (); - }; + config.all = {}; }; } diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix index d2ae67171..516f96c34 100644 --- a/lass/3modules/mysql-backup.nix +++ b/lass/3modules/mysql-backup.nix @@ -41,7 +41,7 @@ let }; location = mkOption { type = str; - default = "/bku/sql_dumps"; + default = "/backups/sql_dumps"; }; }; })); @@ -51,11 +51,9 @@ let imp = { - #systemd.timers = - # mapAttrs (_: plan: { - # wantedBy = [ "timers.target" ]; - # timerConfig = plan.timerConfig; - #}) cfg.config; + services.mysql.ensureUsers = [ + { ensurePermissions = { "*.*" = "ALL"; }; name = "root"; } + ]; systemd.services = mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" { @@ -75,8 +73,10 @@ let start = plan: let - backupScript = plan: db: - "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz"; + backupScript = plan: db: '' + mkdir -p ${plan.location} + mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz + ''; in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" '' ${concatMapStringsSep "\n" (backupScript plan) plan.databases} From 7a4ec8bdb5c156efc57b58f15b62922a6fa0bbb8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Dec 2018 16:28:46 +0100 Subject: [PATCH 35/37] external: add kmein pubkey --- krebs/3modules/external/default.nix | 2 ++ krebs/3modules/external/ssh/kmein.pub | 1 + 2 files changed, 3 insertions(+) create mode 100644 krebs/3modules/external/ssh/kmein.pub diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index e5b201f74..760521ef9 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -368,6 +368,8 @@ in { pubkey = ssh-for "exco"; }; kmein = { + mail = "kieran.meinhardt@gmail.com"; + pubkey = ssh-for "kmein"; }; Mic92 = { mail = "joerg@higgsboson.tk"; diff --git a/krebs/3modules/external/ssh/kmein.pub b/krebs/3modules/external/ssh/kmein.pub new file mode 100644 index 000000000..5711a2c1c --- /dev/null +++ b/krebs/3modules/external/ssh/kmein.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC19H0FhSNWcfBRPKzbTVSMJikIWZl0CoM8zCm+/3fdMgoaLRpeZWe/AfDK6b4qOjk/sez/J0JUFCGr+JbMwjsduoazsuQowu9L9DLP9Q5UkJje4BD7MHznaeu9/XfVng/MvyaEWArA/VUJeKQesHe76tR511/+n3+bdzlIh8Zw/3wfFxmg1OTNA99/vLkXrQzHDTuV/yj1pxykL4xFtN0OIssW1IKncJeKtkO/OHGT55ypz52Daj6bNKqvxiTuzeEhv5M+5ppyIPcRf1uj/7IaPKttCgZAntEqBTIR9MbyXFeAZVayzaFnLl2okeam5XreeZbj+Y1h2ZjxiIuWoab3MLndSekVfLtfa63gtcWIf8CIvZO2wJoH8v73y0U78JsfWVaTM09ZCfFlHHA/bWqZ6laAjW+mWLO/c77DcYkB3IBzaMVNfc6mfTcGFIC+biWeYpKgA0zC6rByUPbmbIoMueP9zqJwqUaM90Nwd6559inBB107/BK3Ktb3b+37mMCstetIPB9e4EFpGMjhmnL/G81jS53ACWLXJYzt7mKU/fEsiW93MtaB+Le46OEC18y/4G8F7p/nnH7i0kO74ukxbnc4PlpiM7iWT6ra2Cyy+nzEgdXCNXywIxr05TbCQDwX6/NY8k7Hokgdfyz+1Pq3sX0yCcWRPaoB26YF12KYFQ== kieran.meinhardt@gmail.com From e4138df4aa790fca87223dee67c921627bf28a26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Dec 2018 16:44:25 +0100 Subject: [PATCH 36/37] l prism: add kmein user --- lass/1systems/prism/config.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index dd8ab0dd9..df2778bef 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -82,6 +82,13 @@ with import ; ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; }; + users.users.kmein = { + uid = genid_uint31 "kmein"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.kmein.pubkey + ]; + }; } { #hotdog From fb254e60949f029cc7cb48764093b49932d0acde Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Dec 2018 23:48:54 +0100 Subject: [PATCH 37/37] external: remove miaoski wrong subnet --- krebs/3modules/external/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 760521ef9..baa49dbe0 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -351,9 +351,6 @@ in { aliases = [ "miaoski.w" ]; wireguard = { pubkey = "8haz9JX5nAMORzNy89VdHC1Z9XA94ogaZsY3d2Rfkl4="; - subnets = [ - (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR - ]; }; }; };