Merge remote-tracking branch 'orange/master'

kartei/janik/default.nix

@@ -0,0 +1,38 @@
+with import ../../lib;
+{ config, ... }: let
+  hostDefaults = hostName: host: flip recursiveUpdate host ({
+    ci = false;
+    external = true;
+    monitoring = false;
+  } // optionalAttrs (host.nets?retiolum) {
+    nets.retiolum.ip6.addr =
+      (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+  });
+in {
+  users.janik = {
+    mail = "retiolum.janik@aq0.de";
+  };
+  hosts.hertz = {
+    owner = config.krebs.users.janik;
+    nets.retiolum = {
+      aliases = [ "hertz.janik.r" ];
+      ip6.addr = (lib.krebs.genipv6 "retiolum" "janik" { hostName = "hertz"; }).address;
+      tinc.pubkey = ''
+        -----BEGIN RSA PUBLIC KEY-----
+        MIICCgKCAgEA0mqxrdVU9wFhNZYGWEknJpKV4yIodNlaCIKDPVhU5wmlzh2szKUS
+        V3PzyEAo4DaQCZXdpj1jS9ddN+yLj68K4k4LRLuCyXep0GcFM1mUKQTBOxa3VF+W
+        oRaSUAVHib/jUiX08BIxYBDwiCUPSdEBUHWftnc8WYvjthPkOOuGAvs1w9ZBs6qC
+        ftkVJT5rt8cU9VsXPqRRauVHb9wH1M41p5/3HtBAgVBtCDp/qXmABW0rbXEKtwmv
+        +hzZoMvxTm05cAE7O2UlluERdnheKkBXWuBYR4aC9BQQH54kIShByOZYYACWuGGA
+        oHHqITYwWh+42wacAKCkTZ6kHoIQrU+uDypQ24YBhxbqUiGTspGbfO/jDHxxjgrd
+        Aauxil2YNQNclEZuWFD4Hlt2Y29jDh7uQwBbOl3dmTLvXr8qTA5HQIsf9uuOrvu9
+        uejj8VMIUHxdSZi8oH3+4XOH43DAGWM2pZogE+jeZtc2hPjqz1XZ40tXBPfEeUr4
+        VE4l1q4m9ynEMZbMZjyDGxX4Yo9htgJmKGk3LQ0ufbOo5CQM/lqzAZVYDKBlW7ka
+        rTgh9ZwMmd3/5ije3nI94Bd+2x+TLJ8ESCloqLYGZ0HaIRU1b5JX5a44+OPq5obB
+        sClD3CzaqMDkoEDBWrEyst8VkqZUWKmicnWtZapNWW67mjXBtzUQmOUCAwEAAQ==
+        -----END RSA PUBLIC KEY-----
+      '';
+      tinc.pubkey_ed25519 = "iT84cW45GuGqsEGgtVwGwe36iGFAha/orKcyZp8VbxH";
+    };
+  };
+}

kartei/lass/default.nix

@@ -29,7 +29,7 @@ in {
   users = rec {
     lass = lass-yubikey;
     lass-yubikey = {
-      mail = "lass@lassul.us";
+      mail = "lass@green.r";
       pubkey = builtins.readFile ./ssh/yubikey.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
     };

kartei/palo/default.nix

@@ -43,6 +43,31 @@ in
         };
       };
     };
+    centauri = {
+      owner = config.krebs.users.palo;
+      nets = {
+        retiolum = {
+          tinc.port = 720;
+          aliases = [ "centauri.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60
+            mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC
+            Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu
+            lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1
+            7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT
+            NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV
+            yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef
+            Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q
+            hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr
+            vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg
+            uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ==
+            -----END RSA PUBLIC KEY-----
+          '';
+          tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP";
+        };
+      };
+    };
   };
   users = {
     palo = {

krebs/1systems/hotdog/config.nix

@@ -22,6 +22,7 @@
   ];
 
   krebs.build.host = config.krebs.hosts.hotdog;
+  krebs.hosts.hotdog.ssh.privkey.path = <secrets/ssh.id_ed25519>;
   krebs.pages.enable = true;
 
   boot.isContainer = true;