kartei xkey: get hosts config out of kartei/others

This commit is contained in:
xkey 2022-11-24 22:18:53 +01:00 committed by tv
parent 43428ccca5
commit 5272ff2285
3 changed files with 127 additions and 104 deletions

View File

@ -592,106 +592,6 @@ in {
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC"; syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
nets = {}; nets = {};
}; };
catalonia = {
owner = config.krebs.users.xkey;
nets = {
retiolum = {
ip4.addr = "10.243.13.12";
aliases = [ "catalonia.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
};
};
};
sicily = {
owner = config.krebs.users.xkey;
nets = {
retiolum = {
ip4.addr = "10.243.161.1";
aliases = [ "sicily.r" "mukke.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
};
};
};
rojava = {
owner = config.krebs.users.xkey;
nets = {
retiolum = {
ip4.addr = "10.243.23.42";
aliases = [ "rojava.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
};
};
};
aland = {
owner = config.krebs.users.xkey;
nets = {
retiolum = {
ip4.addr = "10.243.12.34";
aliases = [ "aland.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
};
};
};
papawhakaaro = { papawhakaaro = {
owner = config.krebs.users.feliks; owner = config.krebs.users.feliks;
nets = { nets = {
@ -857,10 +757,6 @@ in {
mail = "xq@shackspace.de"; mail = "xq@shackspace.de";
pubkey = ssh-for "xq"; pubkey = ssh-for "xq";
}; };
xkey = {
mail = "xkey@krebsco.de";
pubkey = ssh-for "xkey";
};
miaoski = { miaoski = {
}; };
filly = { filly = {

126
kartei/xkey/default.nix Normal file
View File

@ -0,0 +1,126 @@
with import ../../lib;
{ config, ... }:
let
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
owner = config.krebs.users.kmein;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum = {
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
};
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill = {
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
};
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
in
{
users = rec {
xkey = {
mail = "xkey@krebsco.de";
pubkey = ssh-for "xkey";
};
};
hosts = mapAttrs hostDefaults {
aland = {
nets = {
retiolum = {
ip4.addr = "10.243.12.34";
aliases = [ "aland.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY
CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU
plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb
DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx
aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+
OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1
ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X
TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa
aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX
zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf
VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A";
};
};
};
catalonia = {
nets = {
retiolum = {
ip4.addr = "10.243.13.12";
aliases = [ "catalonia.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL";
};
};
};
rojava = {
nets = {
retiolum = {
ip4.addr = "10.243.23.42";
aliases = [ "rojava.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
};
};
};
sicily = {
nets = {
retiolum = {
ip4.addr = "10.243.161.1";
aliases = [ "sicily.r" "mukke.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg
aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam
xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod
1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/
IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7
KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC
7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L
LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp
T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB
w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO
8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN";
};
};
};
};
}

1
kartei/xkey/ssh/xkey.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC