From d6fba75f21b3de20f4b7b41ec3ee98bb5a205991 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 15:51:46 +0100 Subject: [PATCH 01/35] l: remove deprecated iso host --- krebs/3modules/lass/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 44417f006..1579ab4de 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -351,11 +351,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - iso = { - monitoring = false; - ci = false; - cores = 1; - }; sokrateslaptop = { monitoring = false; ci = false; From 3dd503e08f04577c896b7f8f3e52608006f7c7c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:05:47 +0100 Subject: [PATCH 02/35] remove unused domsen-nas host --- krebs/3modules/lass/default.nix | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1579ab4de..279b8cd6d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -129,20 +129,6 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - domsen-nas = { - ci = false; - monitoring = false; - external = true; - nets = rec { - internet = { - aliases = [ - "domsen-nas.internet" - ]; - ip4.addr = "87.138.180.167"; - ssh.port = 2223; - }; - }; - }; uriel = { monitoring = false; cores = 1; From c2d2e0e01d1d99cc68af22dcc87ee3ae56655d9d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:06:32 +0100 Subject: [PATCH 03/35] move external hosts from lass to external --- krebs/3modules/default.nix | 1 + krebs/3modules/external/default.nix | 312 +++++++++++++++++++++++++++ krebs/3modules/lass/default.nix | 313 ---------------------------- 3 files changed, 313 insertions(+), 313 deletions(-) create mode 100644 krebs/3modules/external/default.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 24cbd9cc9..e8ed64654 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -109,6 +109,7 @@ let }; imp = lib.mkMerge [ + { krebs = import ./external { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix new file mode 100644 index 000000000..0aef25317 --- /dev/null +++ b/krebs/3modules/external/default.nix @@ -0,0 +1,312 @@ +{ config, ... }: + +with import ; + +{ + hosts = mapAttrs (_: recursiveUpdate { + ci = false; + external = true; + monitoring = false; + }) { + sokrateslaptop = { + owner = config.krebs.users.sokratess; + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + kruck = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.29.201"; + ip6.addr = "42:4234:6a6d:600::1"; + aliases = [ + "kruck.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh + QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA + EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U + uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ + /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR + 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s + qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH + gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj + jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs + fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 + TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + scardanelli = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + ip6.addr = "42:2:5ca:da:3111::1"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + homeros = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + ip6.addr = "42:2::0:3:05::1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + ip6.addr = "42:4992:6a6d:600::1"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; + }; + }; + }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + ip6.addr = "42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + ip6.addr = "42:4992:6a6d:900::1"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.174"; + ip6.addr = "42:4992:6a6d:a00::1"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + users = { + Mic92 = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; + mail = "joerg@higgsboson.tk"; + }; + kmein = { + }; + palo = { + }; + sokratess = { + }; + }; +} + diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 279b8cd6d..52d0b18f1 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -337,313 +337,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - sokrateslaptop = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.142.104"; - ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; - aliases = [ - "sokrateslaptop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 - t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ - rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW - egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 - aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V - VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - kruck = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.201"; - ip6.addr = "42:4234:6a6d:600::1"; - aliases = [ - "kruck.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh - QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA - EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U - uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ - /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR - 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s - qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH - gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj - jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs - fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 - TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - scardanelli = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.2.2"; - ip6.addr = "42:2:5ca:da:3111::1"; - aliases = [ - "scardanelli.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ - MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge - UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi - kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 - gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx - we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY - QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm - SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL - 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f - m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q - FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 - lM61fOMcVW1KREdWypiDtu8CAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - homeros = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.2.1"; - ip6.addr = "42:2::0:3:05::1"; - aliases = [ - "homeros.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd - ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc - 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v - RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd - vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 - +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc - QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm - fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh - VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 - k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX - gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N - mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - }; - turingmachine = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.168"; - ip6.addr = "42:4992:6a6d:600::1"; - aliases = [ - "turingmachine.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.170"; - ip6.addr = "42:4992:6a6d:700::1"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - rock = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - ip6.addr = "42:4992:6a6d:800::1"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - dpdkm = { - monitoring = false; - ci = false; - external = true; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - ip6.addr = "42:4992:6a6d:900::1"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eve = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; - aliases = [ "eve.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.174"; - ip6.addr = "42:4992:6a6d:a00::1"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; xerxes = { cores = 2; nets = rec { @@ -827,14 +520,8 @@ with import ; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; - sokratess = { - }; wine-mors = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842"; }; - Mic92 = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; - mail = "joerg@higgsboson.tk"; - }; }; } From b36e24732e626593371ff985239fa6cdbaa4d27c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:25:36 +0100 Subject: [PATCH 04/35] m: don't depend on iso host --- makefu/1systems/iso/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index 34a75dbd3..a2012155c 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -10,7 +10,7 @@ with import ; ]; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - krebs.build.host = config.krebs.hosts.iso; + krebs.build.host = { cores = 1; }; isoImage.isoBaseName = lib.mkForce "stockholm"; krebs.hidden-ssh.enable = true; environment.systemPackages = with pkgs; [ From 7fab6f2dfe2ab1479e4db6dc6fab8f0e672f9e3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:50:39 +0100 Subject: [PATCH 05/35] l hosts: remove deprecated gg23 net --- krebs/3modules/lass/default.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 52d0b18f1..86a36015b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -133,11 +133,6 @@ with import ; monitoring = false; cores = 1; nets = { - gg23 = { - ip4.addr = "10.23.1.12"; - aliases = ["uriel.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.81.176"; ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; @@ -164,11 +159,6 @@ with import ; mors = { cores = 2; nets = { - gg23 = { - ip4.addr = "10.23.1.11"; - aliases = ["mors.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.0.2"; ip6.addr = "42:0:0:0:0:0:0:dea7"; From 8f53937c40a88fc59c02a993315c29d32ff2d09c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:52:32 +0100 Subject: [PATCH 06/35] types host: cores can also be 0 --- lib/types.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/types.nix b/lib/types.nix index 016853300..41e75154e 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -19,7 +19,7 @@ rec { default = config._module.args.name; }; cores = mkOption { - type = positive; + type = uint; }; nets = mkOption { type = attrsOf net; From 0d560225f1a45b80fe94ec955a2d45434460ae20 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 5 Dec 2018 16:53:09 +0100 Subject: [PATCH 07/35] m iso: automatically detect cores --- makefu/1systems/iso/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index a2012155c..fdf203d5b 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -10,7 +10,7 @@ with import ; ]; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - krebs.build.host = { cores = 1; }; + krebs.build.host = { cores = 0; }; isoImage.isoBaseName = lib.mkForce "stockholm"; krebs.hidden-ssh.enable = true; environment.systemPackages = with pkgs; [ From d04c6be43d5c63f98a0c89aad512f19f1ffa6329 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 6 Dec 2018 14:20:04 +0100 Subject: [PATCH 08/35] l prism.r: add dnsmasq for wireguard --- lass/1systems/prism/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e2097e93a..83cc96771 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -323,6 +323,15 @@ with import ; } ]; }; + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig= '' + except-interface=lo + interface=wg0 + ''; + }; } { krebs.iptables.tables.filter.INPUT.rules = [ From 43be8e6bb38ea99ed489a8b6633ebb33b96b6282 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 6 Dec 2018 20:07:22 +0100 Subject: [PATCH 09/35] git: set correct owner on /tmp/cgit --- krebs/3modules/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index f6b4e3c69..895d9b3b6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -427,7 +427,7 @@ let system.activationScripts.cgit = '' mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} chmod 0770 ${cfg.cgit.settings.cache-root} - chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} + chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root} ''; services.nginx.virtualHosts.cgit = { From bfcf6ad0adaedf0d069850824fbbb55e4af20c5e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 6 Dec 2018 22:12:50 +0100 Subject: [PATCH 10/35] tv xserver: xhost +SI:localuser:tv -LOCAL: --- tv/2configs/xserver/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 8d4b13fad..1c0516651 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -64,7 +64,10 @@ in { XMONAD_DATA_DIR = cfg.dataDir; XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - ${pkgs.xorg.xhost}/bin/xhost +LOCAL: & + { + ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name} + ${pkgs.xorg.xhost}/bin/xhost -LOCAL: + } & ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & From 8ce6ab8401a243bdc7b9bfa56a861276ca279a73 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 7 Dec 2018 13:16:41 +0100 Subject: [PATCH 11/35] lib.krebs: init --- lib/default.nix | 1 + lib/krebs/default.nix | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 lib/krebs/default.nix diff --git a/lib/default.nix b/lib/default.nix index 348d47e85..bf8c65e21 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,6 +5,7 @@ let evalSource = import ./eval-source.nix; git = import ./git.nix { inherit lib; }; + krebs = import ./krebs lib; krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; diff --git a/lib/krebs/default.nix b/lib/krebs/default.nix new file mode 100644 index 000000000..c9d9bef63 --- /dev/null +++ b/lib/krebs/default.nix @@ -0,0 +1,3 @@ +lib: +with lib; +mapNixDir (flip import lib) ./. From 24c9ea126b620f341ec95b9c779fddb55c144ab2 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 7 Dec 2018 13:17:16 +0100 Subject: [PATCH 12/35] lib.krebs.genipv6: init --- lib/krebs/genipv6.nix | 92 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 lib/krebs/genipv6.nix diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix new file mode 100644 index 000000000..8d5ca1667 --- /dev/null +++ b/lib/krebs/genipv6.nix @@ -0,0 +1,92 @@ +lib: +with lib; +let { + body = netname: subnetname: suffix: rec { + address = let + suffix' = + if hasEmptyGroup (parseAddress suffix) + then suffix + else joinAddress "::" suffix; + in + checkAddress addressLength (joinAddress subnetPrefix suffix'); + addressCIDR = "${address}/${toString addressLength}"; + addressLength = 128; + + inherit netname; + netCIDR = "${netAddress}/${toString netPrefixLength}"; + netAddress = joinAddress netPrefix "::"; + netHash = toString { + retiolum = 0; + wirelum = 1; + }.${netname}; + netPrefix = "42:${netHash}"; + netPrefixLength = { + retiolum = 32; + wirelum = 32; + }.${netname}; + + inherit subnetname; + subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; + subnetAddress = joinAddress subnetPrefix "::"; + subnetHash = hash subnetname; + subnetPrefix = joinAddress netPrefix subnetHash; + subnetPrefixLength = netPrefixLength + 16; + + inherit suffix; + suffixLength = addressLength - subnetPrefixLength; + }; + + hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s))); + + dropLast = n: xs: reverseList (drop n (reverseList xs)); + takeLast = n: xs: reverseList (take n (reverseList xs)); + + hasEmptyPrefix = xs: take 2 xs == ["" ""]; + hasEmptySuffix = xs: takeLast 2 xs == ["" ""]; + hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs); + + hasEmptyGroup = xs: + any (p: p xs) [hasEmptyPrefix hasEmptyInfix hasEmptySuffix]; + + ltrimEmpty = n: xs: if hasEmptyPrefix xs then drop n xs else xs; + rtrimEmpty = n: xs: if hasEmptySuffix xs then dropLast n xs else xs; + trimEmpty = n: xs: rtrimEmpty n (ltrimEmpty n xs); + + parseAddress = splitString ":"; + formatAddress = concatStringsSep ":"; + + check = s: c: if !c then throw "${s}" else true; + + checkAddress = maxaddrlen: addr: let + parsedaddr = parseAddress addr; + normalizedaddr = trimEmpty 1 parsedaddr; + in + assert (check "address malformed; lone leading colon: ${addr}" ( + head parsedaddr == "" -> tail (take 2 parsedaddr) == "" + )); + assert (check "address malformed; lone trailing colon ${addr}" ( + last parsedaddr == "" -> head (takeLast 2 parsedaddr) == "" + )); + assert (check "address malformed; too many successive colons: ${addr}" ( + length (filter (x: x == "") normalizedaddr) > 1 -> addr == [""] + )); + assert (check "address malformed: ${addr}" ( + all (test "[0-9a-f]{0,4}") parsedaddr + )); + assert (check "address is too long: ${addr}" ( + length normalizedaddr * 16 <= maxaddrlen + )); + addr; + + joinAddress = prefix: suffix: let + parsedPrefix = parseAddress prefix; + parsedSuffix = parseAddress suffix; + normalizePrefix = rtrimEmpty 2 parsedPrefix; + normalizeSuffix = ltrimEmpty 2 parsedSuffix; + delimiter = + optional (length (normalizePrefix ++ normalizeSuffix) < 8 && + (hasEmptySuffix parsedPrefix || hasEmptyPrefix parsedSuffix)) + ""; + in + formatAddress (normalizePrefix ++ delimiter ++ normalizeSuffix); +} From 149b7f49ec23eaeb9236d1b9b85d7a6bd1b611ad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:50:58 +0100 Subject: [PATCH 13/35] lib types nets: add wireguard --- lib/types.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index 41e75154e..17c1688fa 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -192,6 +192,28 @@ rec { })); default = null; }; + wireguard = mkOption { + type = nullOr (submodule ({ config, ... }: { + options = { + port = mkOption { + type = int; + description = "tinc port to use to connect to host"; + default = 51820; + }; + pubkey = mkOption { + type = wireguard-pubkey; + }; + subnets = mkOption { + type = listOf cidr; + description = '' + wireguard subnets, + this defines how routing behaves for hosts that can't reach each other. + ''; + default = []; + }; + }; + })); + }; }; }); @@ -548,4 +570,6 @@ rec { check = filename.check; merge = mergeOneOption; }; + + wireguard-pubkey = str; } From 60f1e40445692451ffa922a1b48d442f8cab2bb7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:52:32 +0100 Subject: [PATCH 14/35] dns.providers: add wirelum (w) --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e8ed64654..2e7c61fb5 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -122,6 +122,7 @@ let shack = "hosts"; i = "hosts"; r = "hosts"; + w = "hosts"; }; krebs.users = { From 9e632ce4905fe46d285ad36f0e5b8a90f5d53dfd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:54:00 +0100 Subject: [PATCH 15/35] l: add wirelum.nix --- lass/2configs/default.nix | 1 + lass/2configs/wirelum.nix | 44 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 lass/2configs/wirelum.nix diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index a43113177..dea32d4d4 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,6 +10,7 @@ with import ; ./zsh.nix ./htop.nix ./security-workarounds.nix + ./wirelum.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix new file mode 100644 index 000000000..cd8a20c6b --- /dev/null +++ b/lass/2configs/wirelum.nix @@ -0,0 +1,44 @@ +with import ; +{ config, pkgs, ... }: let + + self = config.krebs.build.host.nets.wirelum; + isRouter = !isNull self.via; + +in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) { + #hack for modprobe inside containers + systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [ + (pkgs.writeDashBin "modprobe" ":") + ]); + + boot.kernel.sysctl = mkIf isRouter { + "net.ipv6.conf.all.forwarding" = 1; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ + { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; } + ]; + + networking.wireguard.interfaces.wirelum = { + ips = + (optional (!isNull self.ip4) self.ip4.addr) ++ + (optional (!isNull self.ip6) self.ip6.addr); + listenPort = 51820; + privateKeyFile = (toString ) + "/wirelum.key"; + allowedIPsAsRoutes = true; + peers = mapAttrsToList + (_: host: { + allowedIPs = if isRouter then + (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++ + (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr) + else + host.nets.wirelum.wireguard.subnets + ; + endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}"); + persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61; + publicKey = host.nets.wirelum.wireguard.pubkey; + }) + (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts); + }; +} From 5d321689af3fd207a72ea73280add7689dc8d8c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 16:55:00 +0100 Subject: [PATCH 16/35] l prism.r: dedup with wirelum.nix --- lass/1systems/prism/config.nix | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 83cc96771..ec3976519 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -297,37 +297,25 @@ with import ; }; } { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + imports = [ + ]; + #krebs.iptables.tables.nat.PREROUTING.rules = [ + # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + #]; krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; } { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.1.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString ) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # lass-android - allowedIPs = [ "10.244.1.2/32" ]; - publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; - } - ]; - }; services.dnsmasq = { enable = true; resolveLocalQueries = false; extraConfig= '' + listen-address=10.244.1.1 except-interface=lo interface=wg0 ''; From a289812df188ab45ee03aedea83d5a0c861594f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:01:51 +0100 Subject: [PATCH 17/35] l: add phone.w --- krebs/3modules/lass/default.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 86a36015b..fe63982be 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,7 +1,11 @@ { config, ... }: - with import ; +let + rip6 = krebs.genipv6 "retiolum" "lass"; + wip6 = krebs.genipv6 "wirelum" "lass"; + +in { dns.providers = { "lassul.us" = "zones"; @@ -459,6 +463,20 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; }; + phone = { + nets = { + wirelum = { + ip6.addr = (wip6 "a").address; + ip4.addr = "10.244.1.2"; + aliases = [ + "phone.w" + ]; + wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; + }; + }; + external = true; + ci = false; + }; }; users = rec { lass = lass-blue; From c739f81e5bd62a5dff2def3a45e7c0ac71b08f52 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:02:50 +0100 Subject: [PATCH 18/35] l: add wirelum to prism, mors, shodan, icarus, yellow --- krebs/3modules/lass/default.nix | 41 ++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index fe63982be..adfa8dbee 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -89,11 +89,22 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + via = internet; + ip4.addr = "10.244.1.1"; + ip6.addr = (wip6 "1").address; + aliases = [ + "prism.w" + ]; + wireguard = { + pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; + subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ]; + }; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - archprism = { cores = 1; nets = rec { @@ -181,6 +192,13 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "dea7").address; + aliases = [ + "mors.w" + ]; + wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ="; + }; }; secure = true; ssh.privkey.path = ; @@ -207,6 +225,13 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "50da").address; + aliases = [ + "shodan.w" + ]; + wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ="; + }; }; secure = true; ssh.privkey.path = ; @@ -233,6 +258,13 @@ in -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "1205").address; + aliases = [ + "icarus.w" + ]; + wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ="; + }; }; secure = true; ssh.privkey.path = ; @@ -429,6 +461,13 @@ in -----END PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = (wip6 "e110").address; + aliases = [ + "yellow.w" + ]; + wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; From 1a3980bf2eeeb925305312f68e2b8033fc8af78d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:03:44 +0100 Subject: [PATCH 19/35] l yellow.r: fix transmission stuff --- lass/1systems/yellow/config.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index ff7b23687..58fa564a1 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -19,7 +19,11 @@ with import ; users.groups.download.members = [ "transmission" ]; users.users.transmission.group = mkForce "download"; - systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ]; + systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ]; + systemd.services.transmission.after = [ "openvpn-nordvpn.service" ]; + systemd.services.transmission.postStart = '' + chmod 775 /var/download/finished + ''; services.transmission = { enable = true; settings = { @@ -52,6 +56,9 @@ with import ; autoindex on; ''; }; + locations."/dl".extraConfig = '' + return 301 /; + ''; locations."/" = { root = "/var/download/finished"; extraConfig = '' From 848ababbe1d050b12ca98da2ca713e7de7eca286 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:04:02 +0100 Subject: [PATCH 20/35] l: add more mails --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 1ee45bb41..1acfe5056 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -94,6 +94,7 @@ with import ; { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } { from = "nordvpn@lassul.us"; to = lass.mail; } + { from = "csv-direct@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 72e9832f73ba27aafe0fe819d8dc160235222897 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:04:13 +0100 Subject: [PATCH 21/35] l games: add dolhinEmu to pkgs --- lass/2configs/games.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 49602898e..62e3f6d52 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -57,6 +57,7 @@ let in { environment.systemPackages = with pkgs; [ + dolphinEmu doom1 doom2 vdoom1 From dfa8e29fd82219849676244b3e90574cfaf7fe2c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:07:53 +0100 Subject: [PATCH 22/35] l: rebind capslock, enable libinput --- lass/2configs/baseX.nix | 4 ++-- lass/2configs/mouse.nix | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index d781f8c71..53d90ed7d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -97,9 +97,9 @@ in { enable = true; layout = "us"; display = mkForce 0; - xkbModel = "evdev"; xkbVariant = "altgr-intl"; - xkbOptions = "caps:backspace"; + xkbOptions = "caps:escape"; + libinput.enable = true; displayManager.lightdm.enable = true; windowManager.default = "xmonad"; windowManager.session = [{ diff --git a/lass/2configs/mouse.nix b/lass/2configs/mouse.nix index 098809d62..f5f9319ed 100644 --- a/lass/2configs/mouse.nix +++ b/lass/2configs/mouse.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { hardware.trackpoint = { enable = true; @@ -7,6 +7,7 @@ emulateWheel = true; }; + services.xserver.libinput.enable = lib.mkForce false; services.xserver.synaptics = { enable = true; horizEdgeScroll = false; From 30772247c0e629d443fb62bc566f3651be1157c1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:12:34 +0100 Subject: [PATCH 23/35] l: add morpheus.r --- krebs/3modules/lass/default.nix | 29 +++++++++++++++++++++++++ lass/1systems/morpheus/config.nix | 33 +++++++++++++++++++++++++++++ lass/1systems/morpheus/physical.nix | 32 ++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+) create mode 100644 lass/1systems/morpheus/config.nix create mode 100644 lass/1systems/morpheus/physical.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index adfa8dbee..f06d62586 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -516,6 +516,35 @@ in external = true; ci = false; }; + morpheus = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.19"; + ip6.addr = "42::19"; + aliases = [ + "morpheus.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY + T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN + /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh + S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz + Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR + bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI + Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz + sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ + VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j + 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA + U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + }; }; users = rec { lass = lass-blue; diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix new file mode 100644 index 000000000..0d82ba611 --- /dev/null +++ b/lass/1systems/morpheus/config.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: +with import ; +{ + imports = [ + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.morpheus; + + networking.wireless.enable = false; + networking.networkmanager.enable = true; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + + nixpkgs.config.packageOverrides = super: { + steam = super.steam.override { + withPrimus = true; + extraPkgs = p: with p; [ + glxinfo + nettools + bumblebee + ]; + }; + }; +} diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix new file mode 100644 index 000000000..0f08acb2d --- /dev/null +++ b/lass/1systems/morpheus/physical.nix @@ -0,0 +1,32 @@ +{ lib, ... }: +{ + imports = [ + + ./config.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostId = "60ce7e88"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ]; + + hardware.bumblebee.enable = true; + hardware.bumblebee.group = "video"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DF3B-4528"; + fsType = "vfat"; + }; + + nix.maxJobs = lib.mkDefault 8; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} From dc64ec0307253b497afc4a99a5e6aca1f1a23be9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:26:41 +0100 Subject: [PATCH 24/35] l gen-secrets: add wirelum keys --- lass/5pkgs/l-gen-secrets/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index b6cb2ec7e..5997dca09 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -8,6 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" '' ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key + ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub cat < $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; @@ -35,6 +37,15 @@ pkgs.writeDashBin "l-gen-secrets" '' $(cat $TMPDIR/retiolum.rsa_key.pub) ${"''"}; }; + wirelum = { + ip6.addr = (wip6 "changeme").address; + aliases = [ + "$HOSTNAME.w" + ]; + wireguard.pubkey = ${"''"} + $(cat $TMPDIR/wirelum.pub) + ${"''"}; + }; }; ssh.privkey.path = ; ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; From 761ce9cefdb2c04132f44c2b41fac6d49a472752 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 9 Dec 2018 10:14:09 +0100 Subject: [PATCH 25/35] tv xmonad: cleanup service definition --- tv/2configs/xserver/default.nix | 45 +++++++++++++++------------------ 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 1c0516651..f68e8e681 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -48,34 +48,35 @@ in { systemd.services.xmonad = let xmonad = "${pkgs.haskellPackages.xmonad-tv}/bin/xmonad"; + xmonad-prepare = pkgs.writeDash "xmonad-prepare" '' + ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CACHE_DIR" + ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_CONFIG_DIR" + ${pkgs.coreutils}/bin/mkdir -p "$XMONAD_DATA_DIR" + ''; + xmonad-ready = pkgs.writeDash "xmonad-ready" '' + { + ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name} + ${pkgs.xorg.xhost}/bin/xhost -LOCAL: + } & + ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & + ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & + ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & + wait + ''; in { wantedBy = [ "graphical.target" ]; requires = [ "xserver.service" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; - FZMENU_FZF_DEFAULT_OPTS = toString [ "--color=dark,border:126,bg+:090" "--inline-info" ]; - XMONAD_CACHE_DIR = cfg.cacheDir; XMONAD_CONFIG_DIR = cfg.configDir; XMONAD_DATA_DIR = cfg.dataDir; - - XMONAD_STARTUP_HOOK = pkgs.writeDash "xmonad-startup-hook" '' - { - ${pkgs.xorg.xhost}/bin/xhost +SI:localuser:${cfg.user.name} - ${pkgs.xorg.xhost}/bin/xhost -LOCAL: - } & - ${pkgs.xorg.xmodmap}/bin/xmodmap ${import ./Xmodmap.nix args} & - ${pkgs.xorg.xrdb}/bin/xrdb ${import ./Xresources.nix args} & - ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c' & - wait - ''; - - # XXX JSON is close enough :) - XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [ + XMONAD_STARTUP_HOOK = xmonad-ready; + XMONAD_WORKSPACES0_FILE = pkgs.writeJSON "xmonad-workspaces0.json" [ "Dashboard" # we start here "23" "cr" @@ -85,7 +86,7 @@ in { "mail" "stockholm" "za" "zh" "zj" "zs" - ]); + ]; }; path = [ config.tv.slock.package @@ -96,14 +97,10 @@ in { "/run/wrappers" # for su ]; serviceConfig = { - SyslogIdentifier = "xmonad"; - ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${toString [ - "\${XMONAD_CACHE_DIR}" - "\${XMONAD_CONFIG_DIR}" - "\${XMONAD_DATA_DIR}" - ]}"; - ExecStart = "@${xmonad} xmonad-${currentSystem} "; + ExecStartPre = "@${xmonad-prepare} xmonad-prepare"; + ExecStart = "@${xmonad} xmonad-${currentSystem}"; ExecStop = "@${xmonad} xmonad-${currentSystem} --shutdown"; + SyslogIdentifier = "xmonad"; User = cfg.user.name; WorkingDirectory = cfg.user.home; }; From c36a52fb672e585d89db469a075593ef34351207 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 19:52:12 +0100 Subject: [PATCH 26/35] =?UTF-8?q?lib.krebs.genipv6=20hash:=200000=20->=200?= =?UTF-8?q?=20instead=20of=20=CE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/krebs/genipv6.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 8d5ca1667..27df8bf55 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -36,7 +36,7 @@ let { suffixLength = addressLength - subnetPrefixLength; }; - hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s))); + hash = s: head (match "0*(.+)" (substring 0 4 (hashString "sha256" s))); dropLast = n: xs: reverseList (drop n (reverseList xs)); takeLast = n: xs: reverseList (take n (reverseList xs)); From 46275b41edaa6063bdfb3ba040421b79ebd27b35 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 21:37:52 +0100 Subject: [PATCH 27/35] lib.krebs.genipv6: can compute suffix from name --- lib/krebs/genipv6.nix | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 27df8bf55..8e105ab49 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -1,7 +1,7 @@ lib: with lib; let { - body = netname: subnetname: suffix: rec { + body = netname: subnetname: suffixSpec: rec { address = let suffix' = if hasEmptyGroup (parseAddress suffix) @@ -28,15 +28,45 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; subnetAddress = joinAddress subnetPrefix "::"; - subnetHash = hash subnetname; + subnetHash = simplify (hash 4 subnetname); subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; - inherit suffix; + suffix = getAttr (typeOf suffixSpec) { + set = + concatMapStringsSep + ":" + simplify + (stringToGroupsOf 4 (hash (suffixLength / 8) suffixSpec.hostName)); + string = suffixSpec; + }; suffixLength = addressLength - subnetPrefixLength; }; - hash = s: head (match "0*(.+)" (substring 0 4 (hashString "sha256" s))); + # Split string into list of chunks where each chunk is at most n chars long. + # The leftmost chunk might shorter. + # Example: stringToGroupsOf "123456" -> ["12" "3456"] + stringToGroupsOf = n: s: let + acc = + foldl' + (acc: c: if stringLength acc.chunk < n then { + chunk = acc.chunk + c; + chunks = acc.chunks; + } else { + chunk = c; + chunks = acc.chunks ++ [acc.chunk]; + }) + { + chunk = ""; + chunks = []; + } + (stringToCharacters s); + in + filter (x: x != []) ([acc.chunk] ++ acc.chunks); + + simplify = s: head (match "0*(.+)" s); + + hash = n: s: substring 0 n (hashString "sha256" s); dropLast = n: xs: reverseList (drop n (reverseList xs)); takeLast = n: xs: reverseList (take n (reverseList xs)); From 313712ebc2fc70adefd577f09f0d1795450b0b00 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 21:41:11 +0100 Subject: [PATCH 28/35] hosts.*.net.retiolum.ip6.addr: use genipv6 --- krebs/3modules/external/default.nix | 36 +++++++++------------ krebs/3modules/jeschli/default.nix | 20 ++++++------ krebs/3modules/krebs/default.nix | 24 ++++++-------- krebs/3modules/lass/default.nix | 36 +++++++-------------- krebs/3modules/makefu/default.nix | 50 ++++++++--------------------- krebs/3modules/tv/default.nix | 22 ++++++------- 6 files changed, 70 insertions(+), 118 deletions(-) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 0aef25317..02d28ddc8 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -1,19 +1,22 @@ -{ config, ... }: - with import ; +{ config, ... }: let -{ - hosts = mapAttrs (_: recursiveUpdate { + hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; monitoring = false; - }) { + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); + +in { + hosts = mapAttrs hostDefaults { sokrateslaptop = { owner = config.krebs.users.sokratess; nets = { retiolum = { ip4.addr = "10.243.142.104"; - ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; aliases = [ "sokrateslaptop.r" ]; @@ -35,7 +38,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.201"; - ip6.addr = "42:4234:6a6d:600::1"; aliases = [ "kruck.r" ]; @@ -62,7 +64,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.2.2"; - ip6.addr = "42:2:5ca:da:3111::1"; aliases = [ "scardanelli.r" ]; @@ -90,7 +91,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.2.1"; - ip6.addr = "42:2::0:3:05::1"; aliases = [ "homeros.r" ]; @@ -118,7 +118,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.168"; - ip6.addr = "42:4992:6a6d:600::1"; aliases = [ "turingmachine.r" ]; @@ -148,14 +147,13 @@ with import ; ip4.addr = "129.215.197.11"; aliases = [ "eddie.i" ]; }; - retiolum = rec { + retiolum = { via = internet; addrs = [ - ip4.addr - ip6.addr + config.krebs.hosts.eddie.nets.retiolum.ip4.addr + config.krebs.hosts.eddie.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.170"; - ip6.addr = "42:4992:6a6d:700::1"; aliases = [ "eddie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -184,7 +182,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.171"; - ip6.addr = "42:4992:6a6d:700::2"; aliases = [ "rock.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -214,7 +211,6 @@ with import ; retiolum = { via = internet; ip4.addr = "10.243.29.172"; - ip6.addr = "42:4992:6a6d:800::1"; aliases = [ "inspector.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -239,7 +235,6 @@ with import ; nets = rec { retiolum = { ip4.addr = "10.243.29.173"; - ip6.addr = "42:4992:6a6d:900::1"; aliases = [ "dpdkm.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -268,14 +263,13 @@ with import ; ip6.addr = "2a03:4000:13:31e::1"; aliases = [ "eve.i" ]; }; - retiolum = rec { + retiolum = { via = internet; addrs = [ - ip4.addr - ip6.addr + config.krebs.hosts.eve.nets.retiolum.ip4.addr + config.krebs.hosts.eve.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.174"; - ip6.addr = "42:4992:6a6d:a00::1"; aliases = [ "eve.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index c0cb601bc..4a8af435b 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -1,17 +1,20 @@ -{ config, ... }: - with import ; +{ config, ... }: let -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.jeschli; + hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = true; - }) { + owner = config.krebs.users.jeschli; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; + }); + +in { + hosts = mapAttrs hostDefaults { brauerei = { nets = { retiolum = { ip4.addr = "10.243.27.29"; - ip6.addr = "42::29"; aliases = [ "brauerei.r" ]; @@ -48,7 +51,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.27.27"; - ip6.addr = "42::27"; aliases = [ "reagenzglas.r" ]; @@ -92,7 +94,6 @@ with import ; retiolum = { via = internet; ip4.addr = "10.243.27.30"; - ip6.addr = "42::30"; aliases = [ "enklave.r" "cgit.enklave.r" @@ -131,7 +132,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.27.31"; - ip6.addr = "42::31"; aliases = [ "bolide.r" ]; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 889ee2817..59fc43af8 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -1,20 +1,24 @@ -{ config, ... }: - with import ; -let +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.krebs; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address; + }); + testHosts = genAttrs [ "test-arch" "test-centos6" "test-centos7" "test-all-krebs-modules" ] (name: { - owner = config.krebs.users.krebs; inherit name; cores = 1; nets = { retiolum = { ip4.addr = "10.243.73.57"; - ip6.addr = "42:0:0:0:0:0:0:7357"; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd @@ -29,14 +33,12 @@ let }; }); in { - hosts = { + hosts = mapAttrs hostDefaults { hotdog = { ci = true; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.77.3"; - ip6.addr = "42:0:0:0:0:0:77:3"; aliases = [ "hotdog.r" "build.r" @@ -61,11 +63,9 @@ in { }; onebutton = { cores = 1; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.0.101"; - ip6.addr = "42:0:0:0:0:0:0:101"; aliases = [ "onebutton.r" ]; @@ -92,11 +92,9 @@ in { }; puyak = { ci = true; - owner = config.krebs.users.krebs; nets = { retiolum = { ip4.addr = "10.243.77.2"; - ip6.addr = "42:0:0:0:0:0:77:2"; aliases = [ "puyak.r" "build.puyak.r" @@ -120,7 +118,6 @@ in { }; wolf = { ci = true; - owner = config.krebs.users.krebs; nets = { shack = { ip4.addr = "10.42.2.150" ; @@ -135,7 +132,6 @@ in { }; retiolum = { ip4.addr = "10.243.77.1"; - ip6.addr = "42:0:0:0:0:0:77:1"; aliases = [ "wolf.r" "build.wolf.r" diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f06d62586..0d8513a69 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,20 +1,22 @@ -{ config, ... }: with import ; -let +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = true; + monitoring = true; + owner = config.krebs.users.lass; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address; + }); - rip6 = krebs.genipv6 "retiolum" "lass"; wip6 = krebs.genipv6 "wirelum" "lass"; -in -{ +in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.lass; - ci = true; - monitoring = true; - }) { + hosts = mapAttrs hostDefaults { prism = rec { cores = 4; extraZones = { @@ -54,7 +56,6 @@ in retiolum = { via = internet; ip4.addr = "10.243.0.103"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab"; aliases = [ "prism.r" "cache.prism.r" @@ -118,7 +119,6 @@ in retiolum = { via = internet; ip4.addr = "10.243.0.123"; - ip6.addr = "42:0:0:0:0:0:0:123"; aliases = [ "archprism.r" ]; @@ -150,7 +150,6 @@ in nets = { retiolum = { ip4.addr = "10.243.81.176"; - ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; aliases = [ "uriel.r" "cgit.uriel.r" @@ -176,7 +175,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.2"; - ip6.addr = "42:0:0:0:0:0:0:dea7"; aliases = [ "mors.r" "cgit.mors.r" @@ -209,7 +207,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.4"; - ip6.addr = "42:0:0:0:0:0:0:50d4"; aliases = [ "shodan.r" "cgit.shodan.r" @@ -242,7 +239,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.133.114"; - ip6.addr = "42:0:0:0:0:0:01ca:1205"; aliases = [ "icarus.r" "cgit.icarus.r" @@ -275,7 +271,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.133.115"; - ip6.addr = "42:0:0:0:0:0:daed:a105"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -301,7 +296,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.133.116"; - ip6.addr = "42:0:0:0:0:0:0:1101"; aliases = [ "skynet.r" "cgit.skynet.r" @@ -327,7 +321,6 @@ in nets = { retiolum = { ip4.addr = "10.243.133.77"; - ip6.addr = "42:0:0:0:0:0:717:7137"; aliases = [ "littleT.r" ]; @@ -368,7 +361,6 @@ in nets = rec { retiolum = { ip4.addr = "10.243.1.3"; - ip6.addr = "42::1:3"; aliases = [ "xerxes.r" ]; @@ -410,7 +402,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.13"; - ip6.addr = "42:0:0:0:0:0:0:12ed"; aliases = [ "red.r" ]; @@ -440,7 +431,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.14"; - ip6.addr = "42:0:0:0:0:0:0:14"; aliases = [ "yellow.r" ]; @@ -477,7 +467,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.77"; - ip6.addr = "42:0:0:0:0:0:0:77"; aliases = [ "blue.r" ]; @@ -521,7 +510,6 @@ in nets = { retiolum = { ip4.addr = "10.243.0.19"; - ip6.addr = "42::19"; aliases = [ "morpheus.r" ]; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 188fbc461..d6c1f0b61 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,20 +1,27 @@ -{ config, ... }: - -with import ; ## generate keys with: # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -let + +with import ; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.makefu; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + }); + pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); + in { - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + hosts = mapAttrs hostDefaults { cake = rec { cores = 4; ci = false; nets = { retiolum = { ip4.addr = "10.243.136.236"; - ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; aliases = [ "cake.r" ]; @@ -39,7 +46,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.136.237"; - ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2"; aliases = [ "crapi.r" ]; @@ -65,7 +71,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.177.9"; - ip6.addr = "42:f63:ddf8:7520:cfec:9b61:d807:1dce"; aliases = [ "drop.r" ]; @@ -90,7 +95,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.227.163"; - ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; aliases = [ "studio.r" ]; @@ -116,7 +120,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.113.98"; - # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -147,7 +150,6 @@ in { }; retiolum = { ip4.addr = "10.243.80.249"; - ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; aliases = [ "latte.r" ]; @@ -171,7 +173,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.210"; - ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001"; aliases = [ "pnp.r" "cgit.pnp.r" @@ -195,7 +196,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.84"; - ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"; aliases = [ "darth.r" ]; @@ -267,7 +267,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.212"; - ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002"; aliases = [ "tsp.r" ]; @@ -295,7 +294,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.91"; - ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"; aliases = [ "x.r" ]; @@ -329,7 +327,6 @@ in { ''; }; #wiregrill = { - # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db"; # aliases = [ # "x.w" # ]; @@ -347,7 +344,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.1.91"; - ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400"; aliases = [ "vbob.r" ]; @@ -386,7 +382,6 @@ in { }; retiolum = { ip4.addr = "10.243.0.153"; - ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110"; aliases = [ "pigstarter.r" ]; @@ -422,7 +417,6 @@ in { retiolum = { via = internet; ip4.addr = "10.243.29.169"; - ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" "graph.wry.r" @@ -460,7 +454,6 @@ in { }; retiolum = { ip4.addr = "10.243.153.102"; - ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.r" ]; @@ -491,7 +484,6 @@ in { }; retiolum = { ip4.addr = "10.243.0.89"; - ip6.addr = "42:f9f0::10"; aliases = [ "omo.r" "dcpp.omo.r" @@ -536,7 +528,6 @@ in { }; retiolum = { ip4.addr = "10.243.214.15"; - # ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"; aliases = [ "wbob.r" "hydra.wbob.r" @@ -596,7 +587,6 @@ in { }; #wiregrill = { # via = internet; - # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3"; # aliases = [ # "gum.w" # ]; @@ -605,7 +595,6 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.213"; - ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ "nextgum.r" "graph.r" @@ -673,7 +662,6 @@ in { }; retiolum = { ip4.addr = "10.243.205.131"; - ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; aliases = [ "shoney.r" ]; @@ -698,7 +686,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.83.237"; - ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101"; aliases = [ "sdev.r" ]; @@ -736,7 +723,6 @@ in { }; retiolum = { ip4.addr = "10.243.211.172"; - ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d"; aliases = [ "flap.r" ]; @@ -759,7 +745,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.231.219"; - ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"; aliases = [ "nukular.r" ]; @@ -782,7 +767,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.124.21"; - ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e"; aliases = [ "heidi.r" ]; @@ -872,7 +856,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.189.130"; - ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d"; aliases = [ "filebitch.r" ]; @@ -895,7 +878,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.26.29"; - ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e"; aliases = [ "excobridge.r" ]; @@ -918,7 +900,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.226.213"; - ip6.addr = "42:432e:2379:0cd2:8486:f3b5:335a:5d83"; aliases = [ "horisa.r" ]; @@ -947,7 +928,6 @@ in { }; retiolum = { ip4.addr = "10.243.57.85"; - ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"; aliases = [ "wooki.r" ]; @@ -970,7 +950,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.163"; - ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda"; aliases = [ "senderechner.r" ]; @@ -995,7 +974,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.144.142"; - ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278"; aliases = [ "tcac-0-1.r" ]; @@ -1025,7 +1003,6 @@ in { }; retiolum = { ip4.addr = "10.243.139.184"; - ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb"; aliases = [ "muhbaasu.r" ]; @@ -1048,7 +1025,6 @@ in { nets = { retiolum = { ip4.addr = "10.243.183.236"; - ip6.addr = "42:8ca8:d2e4:adf6:5c0f:38cb:e9ef:eb3c"; aliases = [ "tpsw.r" ]; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 71670d336..0683492bc 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,19 +1,24 @@ -{ config, ... }: - with import ; +{ config, ... }: let -{ + hostDefaults = hostName: host: flip recursiveUpdate host ({ + owner = config.krebs.users.tv; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; + }); + +in { dns.providers = { "viljetic.de" = "regfish"; }; - hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) { + hosts = mapAttrs hostDefaults { alnus = { ci = true; cores = 2; nets = { retiolum = { ip4.addr = "10.243.21.1"; - ip6.addr = "42::2101"; aliases = [ "alnus.r" ]; @@ -38,7 +43,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.20.1"; - ip6.addr = "42::2001"; aliases = [ "mu.r" ]; @@ -79,7 +83,6 @@ with import ; retiolum = { via = config.krebs.hosts.ni.nets.internet; ip4.addr = "10.243.113.223"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af4"; aliases = [ "ni.r" "cgit.ni.r" @@ -114,7 +117,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.0.110"; - ip6.addr = "42:2d5:733f:d6da:c0f5:2bb7:2b18:9ec"; aliases = [ "nomic.r" "cgit.nomic.r" @@ -158,7 +160,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.37"; - ip6.addr = "42::1337"; aliases = [ "wu.r" "cgit.wu.r" @@ -185,7 +186,6 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.22.22"; - ip6.addr = "42::2222"; aliases = [ "querel.r" ]; @@ -226,7 +226,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.38"; - ip6.addr = "42::1338"; aliases = [ "xu.r" "cgit.xu.r" @@ -261,7 +260,6 @@ with import ; }; retiolum = { ip4.addr = "10.243.13.40"; - ip6.addr = "42::1340"; aliases = [ "zu.r" ]; From facbcdafc891094fa62857089b13fcc9926a4485 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 21:59:41 +0100 Subject: [PATCH 29/35] lib.setAttr: RIP --- lib/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index bf8c65e21..54597e5fd 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -29,8 +29,6 @@ let listToAttrs (map (name: nameValuePair name set.${name}) (filter (flip hasAttr set) names)); - setAttr = name: value: set: set // { ${name} = value; }; - test = re: x: isString x && testString re x; testString = re: x: match re x != null; From b6e1cef6a5d0235a049b8d7606ebf053d8ab1516 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 22:47:27 +0100 Subject: [PATCH 30/35] lib.normalize-ip6-addr: only normalize addrs w/o :: --- lib/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/default.nix b/lib/default.nix index 54597e5fd..e352c7be9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -107,7 +107,11 @@ let in a: concatStringsSep ":" (map f (splitString ":" a)); in - a: toLower (group-zeros (drop-leading-zeros a)); + a: + toLower + (if test ".*::.*" a + then a + else group-zeros (drop-leading-zeros a)); }; in From cee44811cdc5fbc0d46efd96439885065627aa1a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 22:49:14 +0100 Subject: [PATCH 31/35] lib.krebs.genipv6: use normalize-ip6-addr --- lib/krebs/genipv6.nix | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 8e105ab49..bf3ebab38 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -3,18 +3,16 @@ with lib; let { body = netname: subnetname: suffixSpec: rec { address = let - suffix' = - if hasEmptyGroup (parseAddress suffix) - then suffix - else joinAddress "::" suffix; + suffix' = prependZeros suffixLength suffix; in - checkAddress addressLength (joinAddress subnetPrefix suffix'); + normalize-ip6-addr + (checkAddress addressLength (joinAddress subnetPrefix suffix')); addressCIDR = "${address}/${toString addressLength}"; addressLength = 128; inherit netname; netCIDR = "${netAddress}/${toString netPrefixLength}"; - netAddress = joinAddress netPrefix "::"; + netAddress = appendZeros netPrefixLength netPrefix; netHash = toString { retiolum = 0; wirelum = 1; @@ -27,22 +25,35 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; - subnetAddress = joinAddress subnetPrefix "::"; - subnetHash = simplify (hash 4 subnetname); + subnetAddress = appendZeros subnetPrefixLength subnetPrefix; + subnetHash = hash 4 subnetname; subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; suffix = getAttr (typeOf suffixSpec) { set = - concatMapStringsSep + concatStringsSep ":" - simplify - (stringToGroupsOf 4 (hash (suffixLength / 8) suffixSpec.hostName)); + (stringToGroupsOf 4 (hash (suffixLength / 4) suffixSpec.hostName)); string = suffixSpec; }; suffixLength = addressLength - subnetPrefixLength; }; + appendZeros = n: s: let + n' = n / 16; + zeroCount = n' - length parsedaddr; + parsedaddr = parseAddress s; + in + formatAddress (parsedaddr ++ map (const "0") (range 1 zeroCount)); + + prependZeros = n: s: let + n' = n / 16; + zeroCount = n' - length parsedaddr; + parsedaddr = parseAddress s; + in + formatAddress (map (const "0") (range 1 zeroCount) ++ parsedaddr); + # Split string into list of chunks where each chunk is at most n chars long. # The leftmost chunk might shorter. # Example: stringToGroupsOf "123456" -> ["12" "3456"] @@ -64,8 +75,6 @@ let { in filter (x: x != []) ([acc.chunk] ++ acc.chunks); - simplify = s: head (match "0*(.+)" s); - hash = n: s: substring 0 n (hashString "sha256" s); dropLast = n: xs: reverseList (drop n (reverseList xs)); From e55b54092803dbddbafe4971c9c7da4b5679988d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 23:11:40 +0100 Subject: [PATCH 32/35] krebs hosts: add owner to testHosts, too ^_^' --- krebs/3modules/krebs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 59fc43af8..72c16711c 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -33,7 +33,7 @@ with import ; }; }); in { - hosts = mapAttrs hostDefaults { + hosts = mapAttrs hostDefaults ({ hotdog = { ci = true; nets = { @@ -153,7 +153,7 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; - } // testHosts; + } // testHosts); users = { krebs = { pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary From 474e3e2e4513a5d2df89789885725b176e7ec532 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Dec 2018 23:21:42 +0100 Subject: [PATCH 33/35] lib: import generally useful stuff from genipv6 --- lib/default.nix | 27 +++++++++++++++++++++++++++ lib/krebs/genipv6.nix | 32 ++++---------------------------- 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index e352c7be9..64b2d48ab 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -112,6 +112,33 @@ let (if test ".*::.*" a then a else group-zeros (drop-leading-zeros a)); + + hashToLength = n: s: substring 0 n (hashString "sha256" s); + + dropLast = n: xs: reverseList (drop n (reverseList xs)); + takeLast = n: xs: reverseList (take n (reverseList xs)); + + # Split string into list of chunks where each chunk is at most n chars long. + # The leftmost chunk might shorter. + # Example: stringToGroupsOf "123456" -> ["12" "3456"] + stringToGroupsOf = n: s: let + acc = + foldl' + (acc: c: if stringLength acc.chunk < n then { + chunk = acc.chunk + c; + chunks = acc.chunks; + } else { + chunk = c; + chunks = acc.chunks ++ [acc.chunk]; + }) + { + chunk = ""; + chunks = []; + } + (stringToCharacters s); + in + filter (x: x != []) ([acc.chunk] ++ acc.chunks); + }; in diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index bf3ebab38..af1df6d0e 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -26,7 +26,7 @@ let { inherit subnetname; subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}"; subnetAddress = appendZeros subnetPrefixLength subnetPrefix; - subnetHash = hash 4 subnetname; + subnetHash = hashToLength 4 subnetname; subnetPrefix = joinAddress netPrefix subnetHash; subnetPrefixLength = netPrefixLength + 16; @@ -34,7 +34,9 @@ let { set = concatStringsSep ":" - (stringToGroupsOf 4 (hash (suffixLength / 4) suffixSpec.hostName)); + (stringToGroupsOf + 4 + (hashToLength (suffixLength / 4) suffixSpec.hostName)); string = suffixSpec; }; suffixLength = addressLength - subnetPrefixLength; @@ -54,32 +56,6 @@ let { in formatAddress (map (const "0") (range 1 zeroCount) ++ parsedaddr); - # Split string into list of chunks where each chunk is at most n chars long. - # The leftmost chunk might shorter. - # Example: stringToGroupsOf "123456" -> ["12" "3456"] - stringToGroupsOf = n: s: let - acc = - foldl' - (acc: c: if stringLength acc.chunk < n then { - chunk = acc.chunk + c; - chunks = acc.chunks; - } else { - chunk = c; - chunks = acc.chunks ++ [acc.chunk]; - }) - { - chunk = ""; - chunks = []; - } - (stringToCharacters s); - in - filter (x: x != []) ([acc.chunk] ++ acc.chunks); - - hash = n: s: substring 0 n (hashString "sha256" s); - - dropLast = n: xs: reverseList (drop n (reverseList xs)); - takeLast = n: xs: reverseList (take n (reverseList xs)); - hasEmptyPrefix = xs: take 2 xs == ["" ""]; hasEmptySuffix = xs: takeLast 2 xs == ["" ""]; hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs); From 35be9c66bfa6dd03437f919ec610aed0e9b20b58 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 12 Dec 2018 00:34:32 +0100 Subject: [PATCH 34/35] lib.normalize-ip6-addr: no :: for single section --- lib/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/default.nix b/lib/default.nix index 64b2d48ab..347830e8c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -93,7 +93,13 @@ let in if max.pos == 0 then a - else "${concatStringsSep ":" lhs}::${concatStringsSep ":" rhs}"; + else let + sep = + if 8 - (length lhs + length rhs) == 1 + then ":0:" + else "::"; + in + "${concatStringsSep ":" lhs}${sep}${concatStringsSep ":" rhs}"; drop-leading-zeros = let From 4d44efa2fceda1308dbe8207e8fd0f122cd64e19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Dec 2018 15:35:15 +0100 Subject: [PATCH 35/35] l: import network-manager only in mors --- lass/1systems/mors/config.nix | 1 + lass/2configs/baseX.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 207c7c640..46cdbbb66 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -34,6 +34,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 53d90ed7d..859a2a1b9 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./network-manager.nix { hardware.pulseaudio = { enable = true;