Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
2ea3b14cb5
2
.gitmodules
vendored
2
.gitmodules
vendored
@ -1,6 +1,6 @@
|
|||||||
[submodule "submodules/nix-writers"]
|
[submodule "submodules/nix-writers"]
|
||||||
path = submodules/nix-writers
|
path = submodules/nix-writers
|
||||||
url = http://cgit.krebsco.de/nix-writers
|
url = https://cgit.krebsco.de/nix-writers
|
||||||
[submodule "submodules/krops"]
|
[submodule "submodules/krops"]
|
||||||
path = submodules/krops
|
path = submodules/krops
|
||||||
url = https://cgit.krebsco.de/krops
|
url = https://cgit.krebsco.de/krops
|
||||||
|
@ -1,15 +1,18 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: let
|
||||||
config = lib.mkMerge (map (path: { krebs = import path { inherit config; }; }) [
|
removeTemplate =
|
||||||
./dbalan
|
# TODO don't remove during CI
|
||||||
./jeschli
|
lib.flip builtins.removeAttrs ["template"];
|
||||||
./kmein
|
in {
|
||||||
./krebs
|
config =
|
||||||
./lass
|
lib.mkMerge
|
||||||
./makefu
|
(lib.mapAttrsToList
|
||||||
./mic92
|
(name: _type: let
|
||||||
./others
|
path = ./. + "/${name}";
|
||||||
./palo
|
in {
|
||||||
./rtunreal
|
krebs = import path { inherit config; };
|
||||||
./tv
|
})
|
||||||
]);
|
(removeTemplate
|
||||||
|
(lib.filterAttrs
|
||||||
|
(_name: type: type == "directory")
|
||||||
|
(builtins.readDir ./.))));
|
||||||
}
|
}
|
||||||
|
@ -592,106 +592,6 @@ in {
|
|||||||
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
|
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
|
||||||
nets = {};
|
nets = {};
|
||||||
};
|
};
|
||||||
catalonia = {
|
|
||||||
owner = config.krebs.users.xkey;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.12";
|
|
||||||
aliases = [ "catalonia.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
|
|
||||||
gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
|
|
||||||
VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
|
|
||||||
Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
|
|
||||||
FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
|
|
||||||
HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
|
|
||||||
mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
|
|
||||||
zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
|
|
||||||
sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
|
|
||||||
ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
|
|
||||||
vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
sicily = {
|
|
||||||
owner = config.krebs.users.xkey;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.161.1";
|
|
||||||
aliases = [ "sicily.r" "mukke.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
|
|
||||||
aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
|
|
||||||
xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
|
|
||||||
1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
|
|
||||||
IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
|
|
||||||
KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
|
|
||||||
7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
|
|
||||||
LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
|
|
||||||
T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
|
|
||||||
w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
|
|
||||||
8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
rojava = {
|
|
||||||
owner = config.krebs.users.xkey;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.23.42";
|
|
||||||
aliases = [ "rojava.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
|
|
||||||
B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
|
|
||||||
HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
|
|
||||||
Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
|
|
||||||
lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
|
|
||||||
+ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
|
|
||||||
3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
|
|
||||||
vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
|
|
||||||
HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
|
|
||||||
XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
|
|
||||||
yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
aland = {
|
|
||||||
owner = config.krebs.users.xkey;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.12.34";
|
|
||||||
aliases = [ "aland.r" ];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
|
|
||||||
CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
|
|
||||||
plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
|
|
||||||
DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
|
|
||||||
aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
|
|
||||||
OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
|
|
||||||
ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
|
|
||||||
TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
|
|
||||||
aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
|
|
||||||
zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
|
|
||||||
VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
papawhakaaro = {
|
papawhakaaro = {
|
||||||
owner = config.krebs.users.feliks;
|
owner = config.krebs.users.feliks;
|
||||||
nets = {
|
nets = {
|
||||||
@ -857,10 +757,6 @@ in {
|
|||||||
mail = "xq@shackspace.de";
|
mail = "xq@shackspace.de";
|
||||||
pubkey = ssh-for "xq";
|
pubkey = ssh-for "xq";
|
||||||
};
|
};
|
||||||
xkey = {
|
|
||||||
mail = "xkey@krebsco.de";
|
|
||||||
pubkey = ssh-for "xkey";
|
|
||||||
};
|
|
||||||
miaoski = {
|
miaoski = {
|
||||||
};
|
};
|
||||||
filly = {
|
filly = {
|
||||||
|
20
kartei/template/default.nix
Normal file
20
kartei/template/default.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{ config, ... }: let
|
||||||
|
lib = import ../../lib;
|
||||||
|
in {
|
||||||
|
users.DUMMYUSER = {
|
||||||
|
mail = "DUMMYUSER@example.ork";
|
||||||
|
};
|
||||||
|
hosts.DUMMYHOST = {
|
||||||
|
owner = config.krebs.users.DUMMYUSER;
|
||||||
|
nets.retiolum = {
|
||||||
|
aliases = [ "DUMMYHOST.DUMMYUSER.r" ];
|
||||||
|
ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address;
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
DUMMYTINCPUBKEYRSA
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -169,6 +169,8 @@ in {
|
|||||||
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
|
search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
krebsco.de. 60 IN MX 5 ni
|
krebsco.de. 60 IN MX 5 ni
|
||||||
krebsco.de. 60 IN TXT v=spf1 mx -all
|
krebsco.de. 60 IN TXT v=spf1 mx -all
|
||||||
tv 300 IN NS ni
|
tv 300 IN NS ni
|
||||||
@ -196,6 +198,7 @@ in {
|
|||||||
aliases = [
|
aliases = [
|
||||||
"ni.r"
|
"ni.r"
|
||||||
"cgit.ni.r"
|
"cgit.ni.r"
|
||||||
|
"search.ni.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
126
kartei/xkey/default.nix
Normal file
126
kartei/xkey/default.nix
Normal file
@ -0,0 +1,126 @@
|
|||||||
|
with import ../../lib;
|
||||||
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
|
||||||
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
|
ci = false;
|
||||||
|
external = true;
|
||||||
|
monitoring = false;
|
||||||
|
owner = config.krebs.users.kmein;
|
||||||
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
|
nets.retiolum = {
|
||||||
|
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
|
};
|
||||||
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
|
nets.wiregrill = {
|
||||||
|
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
|
in
|
||||||
|
{
|
||||||
|
users = rec {
|
||||||
|
xkey = {
|
||||||
|
mail = "xkey@krebsco.de";
|
||||||
|
pubkey = ssh-for "xkey";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
hosts = mapAttrs hostDefaults {
|
||||||
|
aland = {
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.12.34";
|
||||||
|
aliases = [ "aland.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
|
||||||
|
CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
|
||||||
|
plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
|
||||||
|
DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
|
||||||
|
aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
|
||||||
|
OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
|
||||||
|
ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
|
||||||
|
TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
|
||||||
|
aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
|
||||||
|
zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
|
||||||
|
VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
catalonia = {
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.12";
|
||||||
|
aliases = [ "catalonia.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
|
||||||
|
gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
|
||||||
|
VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
|
||||||
|
Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
|
||||||
|
FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
|
||||||
|
HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
|
||||||
|
mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
|
||||||
|
zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
|
||||||
|
sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
|
||||||
|
ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
|
||||||
|
vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
rojava = {
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.23.42";
|
||||||
|
aliases = [ "rojava.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
|
||||||
|
B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
|
||||||
|
HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
|
||||||
|
Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
|
||||||
|
lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
|
||||||
|
+ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
|
||||||
|
3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
|
||||||
|
vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
|
||||||
|
HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
|
||||||
|
XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
|
||||||
|
yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sicily = {
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.161.1";
|
||||||
|
aliases = [ "sicily.r" "mukke.r" ];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
|
||||||
|
aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
|
||||||
|
xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
|
||||||
|
1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
|
||||||
|
IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
|
||||||
|
KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
|
||||||
|
7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
|
||||||
|
LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
|
||||||
|
T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
|
||||||
|
w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
|
||||||
|
8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
1
kartei/xkey/ssh/xkey.pub
Normal file
1
kartei/xkey/ssh/xkey.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC
|
@ -49,6 +49,7 @@ let
|
|||||||
./secret.nix
|
./secret.nix
|
||||||
./setuid.nix
|
./setuid.nix
|
||||||
./shadow.nix
|
./shadow.nix
|
||||||
|
./sitemap.nix
|
||||||
./ssl.nix
|
./ssl.nix
|
||||||
./sync-containers.nix
|
./sync-containers.nix
|
||||||
./systemd.nix
|
./systemd.nix
|
||||||
@ -56,6 +57,7 @@ let
|
|||||||
./tinc_graphs.nix
|
./tinc_graphs.nix
|
||||||
./upstream
|
./upstream
|
||||||
./urlwatch.nix
|
./urlwatch.nix
|
||||||
|
./users.nix
|
||||||
./xresources.nix
|
./xresources.nix
|
||||||
./zones.nix
|
./zones.nix
|
||||||
];
|
];
|
||||||
@ -66,15 +68,6 @@ let
|
|||||||
api = {
|
api = {
|
||||||
enable = mkEnableOption "krebs";
|
enable = mkEnableOption "krebs";
|
||||||
|
|
||||||
users = mkOption {
|
|
||||||
type = with types; attrsOf user;
|
|
||||||
};
|
|
||||||
|
|
||||||
sitemap = mkOption {
|
|
||||||
default = {};
|
|
||||||
type = types.attrsOf types.sitemap.entry;
|
|
||||||
};
|
|
||||||
|
|
||||||
zone-head-config = mkOption {
|
zone-head-config = mkOption {
|
||||||
type = with types; attrsOf str;
|
type = with types; attrsOf str;
|
||||||
description = ''
|
description = ''
|
||||||
@ -102,28 +95,6 @@ let
|
|||||||
|
|
||||||
imp = lib.mkMerge [
|
imp = lib.mkMerge [
|
||||||
{
|
{
|
||||||
krebs.dns.providers = {
|
|
||||||
"krebsco.de" = "zones";
|
|
||||||
shack = "hosts";
|
|
||||||
i = "hosts";
|
|
||||||
r = "hosts";
|
|
||||||
w = "hosts";
|
|
||||||
};
|
|
||||||
|
|
||||||
krebs.dns.search-domain = mkDefault "r";
|
|
||||||
|
|
||||||
krebs.users = {
|
|
||||||
krebs = {
|
|
||||||
home = "/krebs";
|
|
||||||
mail = "spam@krebsco.de";
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
home = "/root";
|
|
||||||
pubkey = config.krebs.build.host.ssh.pubkey;
|
|
||||||
uid = 0;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh.hostKeys =
|
services.openssh.hostKeys =
|
||||||
let inherit (config.krebs.build.host.ssh) privkey; in
|
let inherit (config.krebs.build.host.ssh) privkey; in
|
||||||
mkIf (privkey != null) [privkey];
|
mkIf (privkey != null) [privkey];
|
||||||
|
@ -1,12 +1,21 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{ config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
krebs.dns.providers = mkOption {
|
krebs.dns.providers = mkOption {
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
krebs.dns.search-domain = mkOption {
|
krebs.dns.search-domain = mkOption {
|
||||||
type = types.nullOr types.hostname;
|
type = types.nullOr types.hostname;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
config = mkIf config.krebs.enable {
|
||||||
|
krebs.dns.providers = {
|
||||||
|
"krebsco.de" = "zones";
|
||||||
|
shack = "hosts";
|
||||||
|
i = "hosts";
|
||||||
|
r = "hosts";
|
||||||
|
w = "hosts";
|
||||||
|
};
|
||||||
|
krebs.dns.search-domain = mkDefault "r";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -11,7 +11,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = mkIf config.krebs.enable {
|
||||||
networking.hosts =
|
networking.hosts =
|
||||||
filterAttrs
|
filterAttrs
|
||||||
(_name: value: value != [])
|
(_name: value: value != [])
|
||||||
|
8
krebs/3modules/sitemap.nix
Normal file
8
krebs/3modules/sitemap.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
let
|
||||||
|
lib = import ../../lib;
|
||||||
|
in {
|
||||||
|
options.krebs.sitemap = lib.mkOption {
|
||||||
|
type = with lib.types; attrsOf sitemap.entry;
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
}
|
20
krebs/3modules/users.nix
Normal file
20
krebs/3modules/users.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{ config, ... }: let
|
||||||
|
lib = import ../../lib;
|
||||||
|
in {
|
||||||
|
options.krebs.users = lib.mkOption {
|
||||||
|
type = with lib.types; attrsOf user;
|
||||||
|
};
|
||||||
|
config = lib.mkIf config.krebs.enable {
|
||||||
|
krebs.users = {
|
||||||
|
krebs = {
|
||||||
|
home = "/krebs";
|
||||||
|
mail = "spam@krebsco.de";
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
home = "/root";
|
||||||
|
pubkey = config.krebs.build.host.ssh.pubkey;
|
||||||
|
uid = 0;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -136,7 +136,7 @@ rec {
|
|||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
ip4 = mkOption {
|
ip4 = mkOption {
|
||||||
type = nullOr (submodule {
|
type = nullOr (submodule (ip4: {
|
||||||
options = {
|
options = {
|
||||||
addr = mkOption {
|
addr = mkOption {
|
||||||
type = addr4;
|
type = addr4;
|
||||||
@ -146,13 +146,15 @@ rec {
|
|||||||
} // {
|
} // {
|
||||||
retiolum.default = "10.243.0.0/16";
|
retiolum.default = "10.243.0.0/16";
|
||||||
wiregrill.default = "10.244.0.0/16";
|
wiregrill.default = "10.244.0.0/16";
|
||||||
}.${config._module.args.name} or {});
|
}.${config._module.args.name} or {
|
||||||
|
default = "${ip4.config.addr}/32";
|
||||||
|
});
|
||||||
};
|
};
|
||||||
});
|
}));
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
ip6 = mkOption {
|
ip6 = mkOption {
|
||||||
type = nullOr (submodule {
|
type = nullOr (submodule (ip6: {
|
||||||
options = {
|
options = {
|
||||||
addr = mkOption {
|
addr = mkOption {
|
||||||
type = addr6;
|
type = addr6;
|
||||||
@ -163,9 +165,11 @@ rec {
|
|||||||
} // {
|
} // {
|
||||||
retiolum.default = "42:0::/32";
|
retiolum.default = "42:0::/32";
|
||||||
wiregrill.default = "42:1::/32";
|
wiregrill.default = "42:1::/32";
|
||||||
}.${config._module.args.name} or {});
|
}.${config._module.args.name} or {
|
||||||
|
default = "${ip6.config.addr}/128";
|
||||||
|
});
|
||||||
};
|
};
|
||||||
});
|
}));
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
ssh = mkOption {
|
ssh = mkOption {
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit c528cf970e292790b414b4c1c8c8e9d7e73b2a71
|
Subproject commit f65c77bdcc58be2081a0ffbda849289c5191b5e8
|
Loading…
Reference in New Issue
Block a user