makefu: pornocauster -> x

2016-07-28 12:58:54 +02:00 · 2016-07-28 12:58:54 +02:00 · b156915805
commit b156915805
parent 8c465870fc
5 changed files with 27 additions and 21 deletions
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@ -126,15 +126,15 @@ with config.krebs.lib;
        };
      };
    };
-    pornocauster = {
+    x = {
      cores = 2;
      nets = {
        retiolum = {
          ip4.addr = "10.243.0.91";
          ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db";
          aliases = [
-            "pornocauster.retiolum"
-            "pornocauster.r"
+            "x.retiolum"
+            "x.r"
          ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
@ -167,7 +167,7 @@ with config.krebs.lib;
        };
      };
      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";

    };

@ -441,8 +441,9 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
    };
    shoney = rec {
      cores = 1;
-      nets = {
+      nets = rec {
        siem = {
+          via = internet;
          ip4.addr = "10.8.10.1";
          ip4.prefix = "10.8.10.0/24";
          aliases = [
@ -459,6 +460,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
            L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB
            -----END RSA PUBLIC KEY-----
          '';
+          tinc.port = 1655;
        };
        internet = {
          ip4.addr = "64.137.234.215";
@ -790,8 +792,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
  };
  users = rec {
    makefu = {
-      mail = "makefu@pornocauster.retiolum";
-      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
+      mail = "makefu@x.retiolum";
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@x";
      pgp.pubkeys.default = builtins.readFile ./default.pgp;
      pgp.pubkeys.brain = builtins.readFile ./brain.pgp;
    };
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@ -95,7 +95,7 @@ in {
                            method=build \
                            system={}".format(i)])

-        for i in [ "pornocauster", "wry", "vbob", "wbob", "shoney" ]:
+        for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
          addShell(f,name="build-{}".format(i),env=env_makefu,
                  command=nixshell + \
                      ["make \
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@ -66,7 +66,7 @@ in {
    client = {
      enable = true;
      screenName = "wbob";
-      serverAddress = "pornocauster.r";
+      serverAddress = "x.r";
    };
  };
 }
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@ -43,16 +43,8 @@
      ../2configs/temp/share-samba.nix
      # ../2configs/temp/elkstack.nix
      # ../2configs/temp/sabnzbd.nix
+      ../2configs/tinc/siem.nix
    ];
-
-  services.tinc.networks.siem = {
-    name = "makefu";
-    extraConfig = ''
-      ConnectTo = sdarth
-      ConnectTo = sjump
-    '';
-  };
-
  krebs.nginx = {
    default404 = false;
    servers.default.listen = [ "80 default_server" ];
@ -65,10 +57,10 @@

  # configure pulseAudio to provide a HDMI sink as well
  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 24800 ];
-  networking.firewall.allowedUDPPorts = [ 665 ];
+  networking.firewall.allowedTCPPorts = [ 80 24800 26061 ];
+  networking.firewall.allowedUDPPorts = [ 665 26061 ];

-  krebs.build.host = config.krebs.hosts.pornocauster;
+  krebs.build.host = config.krebs.hosts.x;
  krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";

  krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
--- a/makefu/2configs/tinc/siem.nix
+++ b/makefu/2configs/tinc/siem.nix
@ -0,0 +1,12 @@
+{lib, config, ... }:
+{
+  # TODO do not know why we need to force it, port is only set via default to 655
+  krebs.build.host.nets.siem.tinc.port = lib.mkForce 1655;
+
+  networking.firewall.allowedUDPPorts = [ 1665 ];
+  networking.firewall.allowedTCPPorts = [ 1655 ];
+  krebs.tinc.siem = {
+    enable = true;
+    connectTo = [ "shoney" ];
+  };
+}