From b63d24d58e1734b986d8e1fa5930e4ba51ddc4bc Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Aug 2020 20:56:01 +0200 Subject: [PATCH 01/37] krebs.secret: shell.escape file.service --- krebs/3modules/secret.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index bf2c62cc9..67454d1f7 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -22,7 +22,7 @@ in { wantedBy = ["multi-user.target"]; serviceConfig = { Type = "oneshot"; - ExecStart = "${pkgs.systemd}/bin/systemctl restart ${file.service}"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${shell.escape file.service}"; }; }) cfg.files From 19cc72be381b5718af90418cff45635f94a2012a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 19:14:52 +0200 Subject: [PATCH 02/37] wiki: announce changes in #xxx, serve with cgit --- krebs/0tests/data/secrets/gollum.id_ed25519 | 0 krebs/2configs/wiki.nix | 64 ++++++++++- krebs/3modules/default.nix | 1 + krebs/3modules/gollum.nix | 112 ++++++++++++++++++++ 4 files changed, 175 insertions(+), 2 deletions(-) create mode 100644 krebs/0tests/data/secrets/gollum.id_ed25519 create mode 100644 krebs/3modules/gollum.nix diff --git a/krebs/0tests/data/secrets/gollum.id_ed25519 b/krebs/0tests/data/secrets/gollum.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 2350e711e..dc6de2efd 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,9 +1,26 @@ -{ config, ... }: +{ config, pkgs, ... }: +with import ; { - services.gollum = { + krebs.gollum = { enable = true; + extraConfig = '' + Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| + system('${toString (pkgs.writers.writeDash "debuglol" '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin git@localhost:gollum + elif test "$url" != 'git@localhost:gollum'; then + git remote set-url origin git@localhost:gollum + fi + git push origin master + '')}') + end + ''; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; @@ -16,4 +33,47 @@ ''; }; }; + + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + }; + rules = with git; [ + { + user = [ + { + name = "gollum"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; + } + config.krebs.users.lass-mors + ]; + repo = [ config.krebs.git.repos.gollum ]; + perm = push ''refs/*'' [ create merge ]; + } + ]; + repos.gollum = { + public = true; + name = "gollum"; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + "refs/heads/newest" + "refs/tags/*" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }; + }; + }; + }; + + krebs.secret.files.gollum = { + path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + owner = { name = "gollum"; }; + source-path = "${}"; + }; } diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f3180722d..2772bf986 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -27,6 +27,7 @@ let ./github-known-hosts.nix ./git.nix ./go.nix + ./gollum.nix ./hidden-ssh.nix ./hosts.nix ./htgen.nix diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix new file mode 100644 index 000000000..4b4e04d16 --- /dev/null +++ b/krebs/3modules/gollum.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.krebs.gollum; +in + +{ + options.krebs.gollum = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable the Gollum service."; + }; + + address = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "IP address on which the web server will listen."; + }; + + port = mkOption { + type = types.int; + default = 4567; + description = "Port on which the web server will run."; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Content of the configuration file"; + }; + + mathjax = mkOption { + type = types.bool; + default = false; + description = "Enable support for math rendering using MathJax"; + }; + + allowUploads = mkOption { + type = types.nullOr (types.enum [ "dir" "page" ]); + default = null; + description = "Enable uploads of external files"; + }; + + emoji = mkOption { + type = types.bool; + default = false; + description = "Parse and interpret emoji tags"; + }; + + branch = mkOption { + type = types.str; + default = "master"; + example = "develop"; + description = "Git branch to serve"; + }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/gollum"; + description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; + }; + + }; + + config = mkIf cfg.enable { + + users.users.gollum = { + group = config.users.users.gollum.name; + description = "Gollum user"; + home = cfg.stateDir; + createHome = false; + isSystemUser = true; + }; + + users.groups.gollum = { }; + + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" + ]; + + systemd.services.gollum = { + description = "Gollum wiki"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.git ]; + + preStart = '' + # This is safe to be run on an existing repo + git init ${cfg.stateDir} + ''; + + serviceConfig = { + User = config.users.users.gollum.name; + Group = config.users.groups.gollum.name; + ExecStart = '' + ${pkgs.gollum}/bin/gollum \ + --port ${toString cfg.port} \ + --host ${cfg.address} \ + --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \ + --ref ${cfg.branch} \ + ${optionalString cfg.mathjax "--mathjax"} \ + ${optionalString cfg.emoji "--emoji"} \ + ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ + ${cfg.stateDir} + ''; + }; + }; + }; +} From 514ba4d303e663529f347d5c3adbaece0f94361b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 20:49:54 +0200 Subject: [PATCH 03/37] wiki: rename repo to wiki --- krebs/2configs/wiki.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index dc6de2efd..ad88d666b 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -6,14 +6,15 @@ with import ; enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - system('${toString (pkgs.writers.writeDash "debuglol" '' + system('${toString (pkgs.writers.writeDash "push_cgit" '' export PATH=${makeBinPath [ pkgs.git ]} export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' cd ${config.krebs.gollum.stateDir} if ! url=$(git config remote.origin.url); then - git remote add origin git@localhost:gollum - elif test "$url" != 'git@localhost:gollum'; then - git remote set-url origin git@localhost:gollum + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" fi git push origin master '')}') @@ -48,13 +49,13 @@ with import ; } config.krebs.users.lass-mors ]; - repo = [ config.krebs.git.repos.gollum ]; + repo = [ config.krebs.git.repos.wiki ]; perm = push ''refs/*'' [ create merge ]; } ]; - repos.gollum = { + repos.wiki = { public = true; - name = "gollum"; + name = "wiki"; hooks = { post-receive = pkgs.git-hooks.irc-announce { channel = "#xxx"; From b42fe392f34554315d8aff7c808f73a5eb25badc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 21:38:32 +0200 Subject: [PATCH 04/37] l: add deploy to all systems --- lass/1systems/blue/config.nix | 8 -------- lass/2configs/default.nix | 1 + lass/5pkgs/deploy/default.nix | 6 ++++++ 3 files changed, 7 insertions(+), 8 deletions(-) create mode 100644 lass/5pkgs/deploy/default.nix diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 14f4971f7..c46bb351e 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -15,14 +15,6 @@ with import ; krebs.build.host = config.krebs.hosts.blue; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - networking.nameservers = [ "1.1.1.1" ]; services.restic.backups = genAttrs [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index b0d7ff23b..ae2754c96 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -93,6 +93,7 @@ with import ; environment.systemPackages = with pkgs; [ #stockholm + deploy git gnumake jq diff --git a/lass/5pkgs/deploy/default.nix b/lass/5pkgs/deploy/default.nix new file mode 100644 index 000000000..c07cf20d1 --- /dev/null +++ b/lass/5pkgs/deploy/default.nix @@ -0,0 +1,6 @@ +{ writers }: +writers.writeDashBin "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) +'' From 03939b14e1d5820bee8c43d63b34c6e3e0e5eac4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 22:52:37 +0200 Subject: [PATCH 05/37] wiki: allow push to git --- krebs/2configs/wiki.nix | 70 ++++++++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 26 deletions(-) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index ad88d666b..e4f05a6e6 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,23 +1,37 @@ { config, pkgs, ... }: with import ; +let + setupGit = '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" + fi + ''; + + pushGollum = pkgs.writeDash "push_gollum" '' + ${setupGit} + git fetch origin + git merge --ff-only origin/master + ''; + + pushCgit = pkgs.writeDash "push_cgit" '' + ${setupGit} + git push origin master + ''; + +in { krebs.gollum = { enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - system('${toString (pkgs.writers.writeDash "push_cgit" '' - export PATH=${makeBinPath [ pkgs.git ]} - export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' - repo='git@localhost:wiki' - cd ${config.krebs.gollum.stateDir} - if ! url=$(git config remote.origin.url); then - git remote add origin "$repo" - elif test "$url" != "$repo"; then - git remote set-url origin "$repo" - fi - git push origin master - '')}') + system('${pushCgit}') end ''; }; @@ -47,27 +61,27 @@ with import ; name = "gollum"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; } - config.krebs.users.lass-mors - ]; + ] ++ (attrValues config.krebs.users); repo = [ config.krebs.git.repos.wiki ]; - perm = push ''refs/*'' [ create merge ]; + perm = push ''refs/heads/master'' [ create merge ]; } ]; repos.wiki = { public = true; name = "wiki"; hooks = { - post-receive = pkgs.git-hooks.irc-announce { - channel = "#xxx"; - refs = [ - "refs/heads/master" - "refs/heads/newest" - "refs/tags/*" - ]; - nick = config.networking.hostName; - server = "irc.r"; - verbose = true; - }; + post-receive = '' + ${pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }} + /run/wrappers/bin/sudo -S -u gollum ${pushGollum} + ''; }; }; }; @@ -77,4 +91,8 @@ with import ; owner = { name = "gollum"; }; source-path = "${}"; }; + + security.sudo.extraConfig = '' + git ALL=(gollum) NOPASSWD: ${pushGollum} + ''; } From e296d69e1af19d93d95668686ab47e4420b9bd3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 12 Aug 2020 22:45:52 +0100 Subject: [PATCH 06/37] mic92: allocate retiolum subnet for tinc --- krebs/3modules/external/mic92.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b8aaf9900..06ee2e7bb 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -273,8 +273,12 @@ in { Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ]; + tinc.subnets = [ + # ohorn lan + "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" + # same prefix as `config.krebs.hosts.eve.nets.retiolum.ip6.addr` + "42:0000:3c46:70c7::/80" + ]; }; }; }; From da272bc7c33961ffd29eb694cb3ccd1a776c3e93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 13 Aug 2020 08:05:03 +0100 Subject: [PATCH 07/37] mic92: use subnet that does not include my server --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 06ee2e7bb..58e9e6be9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -276,8 +276,8 @@ in { tinc.subnets = [ # ohorn lan "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" - # same prefix as `config.krebs.hosts.eve.nets.retiolum.ip6.addr` - "42:0000:3c46:70c7::/80" + # docker network + "42:0000:002b:1605:3::/80" ]; }; }; From b0880d573677e0f32562a40d127910ec6a1d3ae2 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 16 Aug 2020 11:28:27 +0200 Subject: [PATCH 08/37] krebs.dns: allow disabling search-domain --- krebs/3modules/default.nix | 11 +++++++---- krebs/3modules/dns.nix | 2 +- krebs/3modules/hosts.nix | 6 +++++- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f3180722d..ccc3a44b9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -152,9 +152,11 @@ let let longs = net.aliases; shorts = - map (removeSuffix ".${cfg.dns.search-domain}") - (filter (hasSuffix ".${cfg.dns.search-domain}") - longs); + optionals + (cfg.dns.search-domain != null) + (map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") + longs)); add-port = a: if net.ssh.port != 22 then "[${a}]:${toString net.ssh.port}" @@ -177,7 +179,8 @@ let (concatMap (host: attrValues host.nets) (mapAttrsToList (_: host: recursiveUpdate host - (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) { + (optionalAttrs (cfg.dns.search-domain != null && + hasAttr cfg.dns.search-domain host.nets) { nets."" = host.nets.${cfg.dns.search-domain} // { aliases = [host.name]; addrs = []; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index b7e2a2cbb..8acc4ccd8 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -6,7 +6,7 @@ with import ; }; krebs.dns.search-domain = mkOption { - type = types.hostname; + type = types.nullOr types.hostname; }; }; } diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index 7fe01a769..159b54e34 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -24,7 +24,11 @@ in { aliases = longs ++ shorts; longs = filter check net.aliases; shorts = let s = ".${config.krebs.dns.search-domain}"; in - map (removeSuffix s) (filter (hasSuffix s) longs); + optionals + (config.krebs.dns.search-domain != null) + (map (removeSuffix s) + (filter (hasSuffix s) + longs)); in map (addr: { ${addr} = aliases; }) net.addrs) (attrValues host.nets)) From c61d99ccc653c9bee950c9e2d8a3f5bf6f4d8d1c Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 19 Aug 2020 02:26:27 +0200 Subject: [PATCH 09/37] tv: privatize gg23 --- krebs/3modules/default.nix | 1 - krebs/3modules/tv/default.nix | 37 ------------------- tv/2configs/default.nix | 1 + tv/2configs/nets/gg23.nix | 69 +++++++++++++++++++++++++++++++++++ 4 files changed, 70 insertions(+), 38 deletions(-) create mode 100644 tv/2configs/nets/gg23.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ccc3a44b9..9e4146ff2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -108,7 +108,6 @@ let { krebs.dns.providers = { "krebsco.de" = "zones"; - gg23 = "hosts"; shack = "hosts"; i = "hosts"; r = "hosts"; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index a20801b12..c2bf406f1 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -131,11 +131,6 @@ in { ci = true; cores = 2; nets = { - gg23 = { - ip4.addr = "10.23.1.110"; - aliases = ["nomic.gg23"]; - ssh.port = 11423; - }; retiolum = { ip4.addr = "10.243.0.110"; aliases = [ @@ -158,27 +153,10 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; - ok = { - external = true; - nets = { - gg23 = { - ip4.addr = "10.23.1.1"; - aliases = ["ok.gg23"]; - }; - }; - }; wu = { ci = true; cores = 4; nets = { - gg23 = { - ip4.addr = "10.23.1.37"; - aliases = [ - "wu.gg23" - "cache.wu.gg23" - ]; - ssh.port = 11423; - }; retiolum = { ip4.addr = "10.243.13.37"; aliases = [ @@ -237,14 +215,6 @@ in { ci = true; cores = 4; nets = { - gg23 = { - ip4.addr = "10.23.1.38"; - aliases = [ - "xu.gg23" - "cache.xu.gg23" - ]; - ssh.port = 11423; - }; retiolum = { ip4.addr = "10.243.13.38"; aliases = [ @@ -272,13 +242,6 @@ in { ci = true; cores = 4; nets = { - gg23 = { - ip4.addr = "10.23.1.39"; - aliases = [ - "zu.gg23" - ]; - ssh.port = 11423; - }; retiolum = { ip4.addr = "10.243.13.40"; aliases = [ diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 4d27b0eac..01f83482e 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -16,6 +16,7 @@ with import ; ./backup.nix ./bash ./htop.nix + ./nets/gg23.nix ./nginx ./pki ./ssh.nix diff --git a/tv/2configs/nets/gg23.nix b/tv/2configs/nets/gg23.nix new file mode 100644 index 000000000..fc5d239d5 --- /dev/null +++ b/tv/2configs/nets/gg23.nix @@ -0,0 +1,69 @@ +{ + krebs = { + dns.providers.gg23 = "hosts"; + hosts = { + nomic = { + nets.gg23 = { + ip4 = { + addr = "10.23.1.110"; + prefix = "10.23.1.0/24"; + }; + aliases = [ + "nomic.gg23" + ]; + ssh.port = 11423; + }; + }; + ok = { + external = true; + nets.gg23 = { + ip4 = { + addr = "10.23.1.1"; + prefix = "10.23.1.0/24"; + }; + aliases = [ + "ok.gg23" + ]; + }; + }; + wu = { + nets.gg23 = { + ip4 = { + addr = "10.23.1.37"; + prefix = "10.23.1.0/24"; + }; + aliases = [ + "wu.gg23" + "cache.wu.gg23" + ]; + ssh.port = 11423; + }; + }; + xu = { + nets.gg23 = { + ip4 = { + addr = "10.23.1.38"; + prefix = "10.23.1.0/24"; + }; + aliases = [ + "xu.gg23" + "cache.xu.gg23" + ]; + ssh.port = 11423; + }; + }; + zu = { + nets.gg23 = { + ip4 = { + addr = "10.23.1.39"; + prefix = "10.23.1.0/24"; + }; + aliases = [ + "zu.gg23" + ]; + ssh.port = 11423; + }; + }; + }; + }; +} From 358633f9737c8327d6028ebfadf72cbb51df70fb Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 19 Aug 2020 02:30:51 +0200 Subject: [PATCH 10/37] tv nets: gg23 -> hkw --- tv/2configs/binary-cache/default.nix | 2 +- tv/2configs/default.nix | 2 +- tv/2configs/nets/{gg23.nix => hkw.nix} | 26 +++++++++++++------------- tv/2configs/nginx/public_html.nix | 2 +- 4 files changed, 16 insertions(+), 16 deletions(-) rename tv/2configs/nets/{gg23.nix => hkw.nix} (76%) diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 866434cb5..f6eaba36f 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -27,7 +27,7 @@ enable = true; virtualHosts.nix-serve = { serverAliases = [ - "cache.${config.krebs.build.host.name}.gg23" + "cache.${config.krebs.build.host.name}.hkw" ]; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 01f83482e..9db35184a 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -16,7 +16,7 @@ with import ; ./backup.nix ./bash ./htop.nix - ./nets/gg23.nix + ./nets/hkw.nix ./nginx ./pki ./ssh.nix diff --git a/tv/2configs/nets/gg23.nix b/tv/2configs/nets/hkw.nix similarity index 76% rename from tv/2configs/nets/gg23.nix rename to tv/2configs/nets/hkw.nix index fc5d239d5..725e63b13 100644 --- a/tv/2configs/nets/gg23.nix +++ b/tv/2configs/nets/hkw.nix @@ -1,65 +1,65 @@ { krebs = { - dns.providers.gg23 = "hosts"; + dns.providers.hkw = "hosts"; hosts = { nomic = { - nets.gg23 = { + nets.hkw = { ip4 = { addr = "10.23.1.110"; prefix = "10.23.1.0/24"; }; aliases = [ - "nomic.gg23" + "nomic.hkw" ]; ssh.port = 11423; }; }; ok = { external = true; - nets.gg23 = { + nets.hkw = { ip4 = { addr = "10.23.1.1"; prefix = "10.23.1.0/24"; }; aliases = [ - "ok.gg23" + "ok.hkw" ]; }; }; wu = { - nets.gg23 = { + nets.hkw = { ip4 = { addr = "10.23.1.37"; prefix = "10.23.1.0/24"; }; aliases = [ - "wu.gg23" - "cache.wu.gg23" + "wu.hkw" + "cache.wu.hkw" ]; ssh.port = 11423; }; }; xu = { - nets.gg23 = { + nets.hkw = { ip4 = { addr = "10.23.1.38"; prefix = "10.23.1.0/24"; }; aliases = [ - "xu.gg23" - "cache.xu.gg23" + "xu.hkw" + "cache.xu.hkw" ]; ssh.port = 11423; }; }; zu = { - nets.gg23 = { + nets.hkw = { ip4 = { addr = "10.23.1.39"; prefix = "10.23.1.0/24"; }; aliases = [ - "zu.gg23" + "zu.hkw" ]; ssh.port = 11423; }; diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index cc7a39891..a37498ba3 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -9,7 +9,7 @@ with import ; serverAliases = [ "localhost" "${config.krebs.build.host.name}" - "${config.krebs.build.host.name}.gg23" + "${config.krebs.build.host.name}.hkw" "${config.krebs.build.host.name}.r" ]; locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' From 040ec5de038f0614e441e2cda85255d3eb8d7f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 19 Aug 2020 18:55:54 +0100 Subject: [PATCH 11/37] mic92: update eva public key --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 58e9e6be9..997614e8a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -458,14 +458,20 @@ in { "eva.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv - 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC - pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r - NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44 - 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd - WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyHptaExEcSUjEJ+RH33h + uRK0Ttq8mJLDosWFYcoQkcL9S54aO9kF1gRJAKPBHoOt/IGeOxg2LNYWK6UjWfUy + LB9c42EQ1wWZ2jSJ0LJgYzjR9cp3dlo9aHSa//O6p6eLpXRo9QLf8+aIWhNW5+BG + sLIMR5b6Ngc2l8xQS+wvMmvTWJt3LyfQ6AKiKwCjeyrUFiuw0VWSn1I6n7H+CZBZ + f/UvSxLucy1e0rvbHoTITOflIAfA84iCHsHsZjVqrx1iyOMdPtY2sBPmWhtVemDo + duwzUpIuaJnWS7JOB4jsYWm672/KfzK7yAivqxD19OwqfZ3nNQ7sEDb3p4udw2Lf + 0dqHwZ5Hoj21vs3XiXX/SHcSf5QLzpj1MWBkV3r1D8I8v3P5qUbLunCofp3d9GxE + N0gK06gqbLNonJvC/WD7lxeY32Rh1wYXbzbD/X6aWe/oD8WMIl312hH4cHQHOnVT + t76NISlYTPxwX5mfFsBm8t0GjnnWY2jLwaefk7N/CwoDaKhkhmw1oeAZMuRcDRvE + 0ecpO4CZ6CcYERLxoYHgEAj3cMkSrQ8dT6XS4b9EO4hW4zCQ3RK9xDz71+uaihuB + 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR + LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== + -----END PUBLIC KEY----- ''; }; }; From 56d529277f0e6b5677a2f444202accdf11e8f2fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 19 Aug 2020 19:45:25 +0100 Subject: [PATCH 12/37] eva: add public ip addresses --- krebs/3modules/external/mic92.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 997614e8a..edd5b48d9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -451,8 +451,15 @@ in { }; eva = { owner = config.krebs.users.Mic92; - nets = { + nets = rec { + internet = { + # eva.thalheim.io + ip4.addr = "52.59.172.193"; + ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; + aliases = [ "eva.i" ]; + }; retiolum = { + via = internet; ip4.addr = "10.243.29.185"; aliases = [ "eva.r" From e3fdcdbadfababea9ae70e88846956ebc45e28a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 20 Aug 2020 21:16:50 +0100 Subject: [PATCH 13/37] mic92: lower-case user --- krebs/1systems/puyak/config.nix | 2 +- krebs/3modules/external/default.nix | 4 ++-- krebs/3modules/external/mic92.nix | 32 ++++++++++++++--------------- lass/1systems/prism/config.nix | 8 ++++---- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index a50d2eab4..c84887eaa 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -84,7 +84,7 @@ ''; users.users.joerg = { - openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; + openssh.authorizedKeys.keys = [ config.krebs.users.mic92.pubkey ]; isNormalUser = true; shell = "/run/current-system/sw/bin/zsh"; }; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 082dfd80f..e1667cb68 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -465,9 +465,9 @@ in { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; }; - Mic92 = { + mic92 = { mail = "joerg@thalheim.io"; - pubkey = ssh-for "Mic92"; + pubkey = ssh-for "mic92"; }; qubasa = { mail = "luis.nixos@gmail.com"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index edd5b48d9..782f8ac04 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -11,7 +11,7 @@ with import ; in { hosts = mapAttrs hostDefaults { amy = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.57"; @@ -44,7 +44,7 @@ in { }; }; clara = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.58"; @@ -77,7 +77,7 @@ in { }; }; dimitrios = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.183"; @@ -98,7 +98,7 @@ in { }; }; donna = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.54"; @@ -132,7 +132,7 @@ in { }; }; dpdkm = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { retiolum = { ip4.addr = "10.243.29.173"; @@ -156,7 +156,7 @@ in { }; }; herbert = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { retiolum = { addrs = [ @@ -179,7 +179,7 @@ in { }; }; inspector = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "141.76.44.154"; @@ -208,7 +208,7 @@ in { }; }; eddie = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eddie.thalheim.io @@ -242,7 +242,7 @@ in { }; }; eve = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eve.thalheim.io @@ -283,7 +283,7 @@ in { }; }; martha = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.53"; @@ -317,7 +317,7 @@ in { }; }; matchbox = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.176"; @@ -343,7 +343,7 @@ in { }; }; rock = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.171"; @@ -367,7 +367,7 @@ in { }; }; rose = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.52"; @@ -401,7 +401,7 @@ in { }; }; turingmachine = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.168"; @@ -429,7 +429,7 @@ in { }; }; harsha = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.184"; @@ -450,7 +450,7 @@ in { }; }; eva = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eva.thalheim.io diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f1f14e791..33ec21e72 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -396,12 +396,12 @@ with import ; ]; } { - nix.trustedUsers = [ "Mic92" ]; - users.users.Mic92 = { - uid = genid_uint31 "Mic92"; + nix.trustedUsers = [ "mic92" ]; + users.users.mic92 = { + uid = genid_uint31 "mic92"; isNormalUser = true; openssh.authorizedKeys.keys = [ - config.krebs.users.Mic92.pubkey + config.krebs.users.mic92.pubkey ]; }; } From d405f47fede42135735662b324c77ab82420baa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 21 Aug 2020 13:50:46 +0200 Subject: [PATCH 14/37] Mic92 -> mic92 --- krebs/3modules/external/ssh/{Mic92.pub => mic92.pub} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename krebs/3modules/external/ssh/{Mic92.pub => mic92.pub} (100%) diff --git a/krebs/3modules/external/ssh/Mic92.pub b/krebs/3modules/external/ssh/mic92.pub similarity index 100% rename from krebs/3modules/external/ssh/Mic92.pub rename to krebs/3modules/external/ssh/mic92.pub From 0ba7da55339efd015ce131a90585891b777ee892 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 26 Aug 2020 17:32:32 +0200 Subject: [PATCH 15/37] tv alnus: btrfs -> ext4 --- tv/1systems/alnus/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index 66bd52ab2..4669ac614 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -31,12 +31,12 @@ with import ; }; "/" = { device = "/dev/mapper/main-root"; - fsType = "btrfs"; + fsType = "ext4"; options = [ "defaults" "noatime" ]; }; "/home" = { device = "/dev/mapper/main-home"; - fsType = "btrfs"; + fsType = "ext4"; options = [ "defaults" "noatime" ]; }; }; From f81eff7d672e53ca62ab4918c6f4f1befb17a742 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 26 Aug 2020 17:52:19 +0200 Subject: [PATCH 16/37] tv alnus: remove chromium --- tv/1systems/alnus/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index 4669ac614..d7589bc1f 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -17,7 +17,6 @@ with import ; }; environment.systemPackages = with pkgs; [ - chromium firefoxWrapper networkmanagerapplet (pkgs.pidgin-with-plugins.override { From 92874c19bfef708134633fe7ee6fc997deb7252e Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 26 Aug 2020 17:50:24 +0200 Subject: [PATCH 17/37] tv alnus: enable earlyoom; prefer firefox tabs --- tv/1systems/alnus/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index d7589bc1f..f8f1b24fa 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -58,6 +58,12 @@ with import ; allowUnfree = true; }; + services.earlyoom.enable = true; + services.earlyoom.freeMemThreshold = 5; + systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ + "--prefer '^(Web Content|Privileged Cont)$'" # firefox tabs + ]; + services.xserver = { enable = true; layout = "de"; From 69c052b7d354c60d71b8f0150022ad4840032de6 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 26 Aug 2020 18:22:37 +0200 Subject: [PATCH 18/37] tv alnus: don't allow unfree --- tv/1systems/alnus/config.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix index f8f1b24fa..ed5fb671c 100644 --- a/tv/1systems/alnus/config.nix +++ b/tv/1systems/alnus/config.nix @@ -54,10 +54,6 @@ with import ; networking.networkmanager.enable = true; - nixpkgs.config = { - allowUnfree = true; - }; - services.earlyoom.enable = true; services.earlyoom.freeMemThreshold = 5; systemd.services.earlyoom.environment.EARLYOOM_ARGS = toString [ From 6b248db017a4172f12a48d7cd253414f354d5bd9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Sep 2020 01:17:51 +0200 Subject: [PATCH 19/37] krebs.tinc: add support for ED25519 keys --- krebs/3modules/tinc.nix | 39 ++++++++++++++++++++++++++++++++++++--- lib/types.nix | 4 ++++ 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 1fca7de5c..0f5e1aa83 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -29,6 +29,9 @@ let Interface = ${netname} Broadcast = no ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + ${optionalString (tinc.config.privkey_ed25519 != null) + "Ed25519PrivateKeyFile = ${tinc.config.privkey_ed25519.path}" + } PrivateKeyFile = ${tinc.config.privkey.path} Port = ${toString tinc.config.host.nets.${netname}.tinc.port} ${tinc.config.extraConfig} @@ -165,6 +168,17 @@ let }; }; + privkey_ed25519 = mkOption { + type = types.nullOr types.secret-file; + default = + if config.krebs.hosts.${tinc.config.host.name}.nets.${tinc.config.netname}.tinc.pubkey_ed25519 == null then null else { + name = "${tinc.config.netname}.ed25519_key.priv"; + path = "${tinc.config.user.home}/tinc.ed25519_key.priv"; + owner = tinc.config.user; + source-path = toString + "/${tinc.config.netname}.ed25519_key.priv"; + }; + }; + connectTo = mkOption { type = types.listOf types.str; ${if tinc.config.netname == "retiolum" then "default" else null} = [ @@ -198,8 +212,23 @@ let # TODO `environment.systemPackages = [ cfg.tincPackage cfg.iproutePackage ]` for each network, # avoid conflicts in environment if the packages differ - krebs.secret.files = mapAttrs' (netname: cfg: - nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + krebs.secret.files = + let + ed25519_keys = + filterAttrs + (_: key: key != null) + (mapAttrs' + (netname: cfg: + nameValuePair "${netname}.ed25519_key.priv" cfg.privkey_ed25519 + ) + config.krebs.tinc); + + rsa_keys = + mapAttrs' + (netname: cfg: nameValuePair "${netname}.rsa_key.priv" cfg.privkey) + config.krebs.tinc; + in + ed25519_keys // rsa_keys; users.users = mapAttrs' (netname: cfg: nameValuePair "${netname}" { @@ -221,11 +250,15 @@ let in { description = "Tinc daemon for ${netname}"; after = [ - config.krebs.secret.files."${netname}.rsa_key.priv".service "network.target" + config.krebs.secret.files."${netname}.rsa_key.priv".service + ] ++ optionals (cfg.privkey_ed25519 != null) [ + config.krebs.secret.files."${netname}.ed25519_key.priv".service ]; partOf = [ config.krebs.secret.files."${netname}.rsa_key.priv".service + ] ++ optionals (cfg.privkey_ed25519 != null) [ + config.krebs.secret.files."${netname}.ed25519_key.priv".service ]; wantedBy = [ "multi-user.target" ]; path = [ tinc iproute ]; diff --git a/lib/types.nix b/lib/types.nix index 1eb4d947c..3eda2262f 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -179,6 +179,10 @@ rec { pubkey = mkOption { type = tinc-pubkey; }; + pubkey_ed25519 = mkOption { + type = nullOr tinc-pubkey; + default = null; + }; extraConfig = mkOption { description = "Extra Configuration to be appended to the hosts file"; default = ""; From a5d4acd92b2eae8c8886103f1e5c3d122acf01cc Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 5 Sep 2020 01:24:43 +0200 Subject: [PATCH 20/37] tv au: init --- krebs/3modules/tv/default.nix | 27 +++++++++++++++++++++++++++ tv/1systems/au/config.nix | 18 ++++++++++++++++++ tv/1systems/au/disks.nix | 19 +++++++++++++++++++ tv/2configs/nets/hkw.nix | 14 +++++++++++++- 4 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 tv/1systems/au/config.nix create mode 100644 tv/1systems/au/disks.nix diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index c2bf406f1..c86fda05d 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -55,6 +55,33 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; + au = { + ci = true; + cores = 4; + nets = { + retiolum = { + ip4.addr = "10.243.13.39"; + aliases = [ + "au.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEApD+HJS5gANbZScCMLxgZZgHZUsQUDlyWTLNdANfo0gXQdsYRVE/z + 9zMG/VE9xwy0OC9JM73YaEymXdmWa3kGXP2jjQnOZyJTFMNFHc8dkl+RBnWv8eZm + PzFN84ZjnYXyOpXJFajR8eelzqlFvD+2WKsXAD5xaW5EmCBTMIjB/zSuLBpqnIHb + PqQA1XUye69dQRjjcPn1mtYQPS78H8ClJjnhS76owFzyzNZjri1tr2xi2oevnVJG + cnYNggZHz3Kg3btJQ3VtDKGLJTzHvvMcn2JfPrePR2+KK0/KbMitpYAS687Ikb83 + jjB+eZgXq5g81vc1116bA5yqcT2UNdOPWwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = + "Ed25519PublicKey = bfDtJbxusBdosE6dMED32Yc6ZeYI3RFyXryQr7heZpO"; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; + }; mu = { ci = true; cores = 2; diff --git a/tv/1systems/au/config.nix b/tv/1systems/au/config.nix new file mode 100644 index 000000000..fc4b216f5 --- /dev/null +++ b/tv/1systems/au/config.nix @@ -0,0 +1,18 @@ +{ config, ... }: { + imports = [ + ./disks.nix + + + + ]; + + krebs.build.host = config.krebs.hosts.au; + + networking.wireless.enable = true; + networking.useDHCP = false; + networking.interfaces.enp0s25.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + networking.interfaces.wwp0s29u1u4i6.useDHCP = true; + + system.stateVersion = "20.03"; +} diff --git a/tv/1systems/au/disks.nix b/tv/1systems/au/disks.nix new file mode 100644 index 000000000..434de1740 --- /dev/null +++ b/tv/1systems/au/disks.nix @@ -0,0 +1,19 @@ +{ + boot.initrd.luks.devices.main.device = "/dev/sda2"; + fileSystems."/" = { + device = "/dev/main/root"; + options = ["defaults" "noatime" "commit=60"]; + }; + fileSystems."/boot" = { + device = "/dev/sda1"; + options = ["defaults" "noatime"]; + }; + fileSystems."/bku" = { + device = "/dev/main/bku"; + options = ["defaults" "noatime"]; + }; + fileSystems."/home" = { + device = "/dev/main/home"; + options = ["defaults" "noatime" "commit=60"]; + }; +} diff --git a/tv/2configs/nets/hkw.nix b/tv/2configs/nets/hkw.nix index 725e63b13..c3acde1fb 100644 --- a/tv/2configs/nets/hkw.nix +++ b/tv/2configs/nets/hkw.nix @@ -2,6 +2,18 @@ krebs = { dns.providers.hkw = "hosts"; hosts = { + au = { + nets.hkw = { + ip4 = { + addr = "10.23.1.39"; + prefix = "10.23.1.0/24"; + }; + aliases = [ + "au.hkw" + ]; + ssh.port = 11423; + }; + }; nomic = { nets.hkw = { ip4 = { @@ -55,7 +67,7 @@ zu = { nets.hkw = { ip4 = { - addr = "10.23.1.39"; + addr = "10.23.1.40"; prefix = "10.23.1.0/24"; }; aliases = [ From ba66d5c4b039207c0b5959b9dca84badd7c8c800 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Sep 2020 19:54:04 +0200 Subject: [PATCH 21/37] nixpkgs: e23e054 -> 4267405 --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 04684a220..363d68583 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "e23e05452c67ce406debffa831290fb3abaabf0e", - "date": "2020-08-06T15:33:30+02:00", - "sha256": "10wlcm20bvak8cxjhfvmn0vm4n9da3zl19026h66zc1wfmcqgrkp", + "rev": "42674051d12540d4a996504990c6ea3619505953", + "date": "2020-09-06T21:21:08-04:00", + "sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy", "fetchSubmodules": false } From 549598bfd9cf6e94f8bb83ebbcc17400069f1198 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 Sep 2020 19:59:49 +0200 Subject: [PATCH 22/37] nixpkgs-unstable: 8e2b14a -> c59ea8b --- krebs/nixpkgs-unstable.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 1973a012a..35e74c3b1 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "8e2b14aceb1d40c7e8b84c03a7c78955359872bb", - "date": "2020-08-05T09:17:35+01:00", - "sha256": "0zzjpd9smr7rxzrdf6raw9kbj42fbvafxb5bz36lcxgv290pgsm8", + "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38", + "date": "2020-08-20T19:08:02+02:00", + "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v", "fetchSubmodules": false } From 6fbbf7e6170f6a1ba42c5dcecd11ca67c6bc5afd Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 8 Sep 2020 21:47:29 +0200 Subject: [PATCH 23/37] krebs.permown: add keepGoing option --- krebs/3modules/permown.nix | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index fe293810c..ca81e2ea5 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -18,6 +18,15 @@ with import ; default = null; type = types.nullOr types.groupname; }; + keepGoing = mkOption { + default = false; + type = types.bool; + description = '' + Whether to keep going when chowning or chmodding fails. + If set to false, then errors will cause the service to restart + instead. + ''; + }; owner = mkOption { type = types.username; }; @@ -43,7 +52,12 @@ with import ; ''; in concatMapStrings mkdir plans; - systemd.services = genAttrs' plans (plan: { + systemd.services = genAttrs' plans (plan: let + continuable = command: + if plan.keepGoing + then /* sh */ "{ ${command}; } || :" + else command; + in { name = "permown.${replaceStrings ["/"] ["_"] plan.path}"; value = { environment = { @@ -82,9 +96,9 @@ with import ; cleanup exec "$0" "$@" fi - chown -h "$OWNER_GROUP" "$path" + ${continuable /* sh */ ''chown -h "$OWNER_GROUP" "$path"''} if test -f "$path"; then - chmod "$FILE_MODE" "$path" + ${continuable /* sh */ ''chmod "$FILE_MODE" "$path"''} fi done < "$paths" ''; From 91b7a2a58490a59d6090870a9db9eca8d11d9ab4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Sep 2020 20:16:10 +0200 Subject: [PATCH 24/37] go: return go.r for shortened urls --- krebs/2configs/go.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index f4c1290c2..c39b08a8e 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -13,7 +13,7 @@ with import ; enable = true; virtualHosts.go = { locations."/".extraConfig = '' - proxy_set_header Host go; + proxy_set_header Host go.r; proxy_pass http://localhost:1337; ''; serverAliases = [ From 371a8ced90d4ef6bf0a26718dcf0ff506b9e4208 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Sep 2020 20:38:17 +0200 Subject: [PATCH 25/37] l games: disable most games --- lass/2configs/games.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 63bfa53e0..67f250ef3 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -66,14 +66,16 @@ in { useDefaultShell = true; packages = with pkgs; [ # minecraft - steam-run - scummvm - dolphinEmu - doom1 - doom2 - vdoom1 - vdoom2 - vdoomserver + # ftb + # steam-run + # scummvm + # dolphinEmu + # doom1 + # doom2 + # protontricks + # vdoom1 + # vdoom2 + # vdoomserver retroarchBare ]; }; From d8dbc950ab343c0b55697cb1737ff3572eea0893 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Sep 2020 20:48:08 +0200 Subject: [PATCH 26/37] shack: add telegram_bot secret --- krebs/0tests/data/secrets/shack/telegram_bot.env | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/shack/telegram_bot.env diff --git a/krebs/0tests/data/secrets/shack/telegram_bot.env b/krebs/0tests/data/secrets/shack/telegram_bot.env new file mode 100644 index 000000000..e69de29bb From cb17a36b44f9e7cf53194ed07fa0cd0e69e4d82b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Sep 2020 21:00:07 +0200 Subject: [PATCH 27/37] htgen: 1.2.3 -> 1.2.4 --- krebs/5pkgs/simple/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index a44c1a7d0..fdadb9693 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,14 +1,14 @@ { coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import ; let - version = "1.2.3"; + version = "1.2.4"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "0lml336w31ckgspp633ym2jnppzln3f8mvmy3y2vz9yanf59j0hb"; + sha256 = "1bwb005grrm23h47f0wwairzgk47nygzi8fm82npycyqh86cjljn"; }; installPhase = '' From c8f8fdd05b3b8c7b74e04849611cb321c4d0a171 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Sep 2020 21:02:01 +0200 Subject: [PATCH 28/37] htgen-imgur: 1.0.0 -> 1.1.0 Use HTGEN_VERBOSE for printing debug information. --- krebs/5pkgs/simple/htgen-imgur/default.nix | 2 +- .../5pkgs/simple/htgen-imgur/src/htgen-imgur | 20 +++++++++++-------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/krebs/5pkgs/simple/htgen-imgur/default.nix b/krebs/5pkgs/simple/htgen-imgur/default.nix index fe0b2ab04..f909cb98b 100644 --- a/krebs/5pkgs/simple/htgen-imgur/default.nix +++ b/krebs/5pkgs/simple/htgen-imgur/default.nix @@ -2,7 +2,7 @@ with import ; { attr, coreutils, exiv2, findutils, gnugrep, jq, nix, utillinux, stdenv }: stdenv.mkDerivation rec { pname = "htgen-imgur"; - version = "1.0.0"; + version = "1.1.0"; src = ./src; diff --git a/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur b/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur index af092d007..f30265ba7 100644 --- a/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur +++ b/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur @@ -27,13 +27,15 @@ basic_response() {( } ') - printf "HTTP/1.1 $status_code $status_reason\r\n" - printf 'Connection: close\r\n' - printf 'Content-Length: %d\r\n' $(expr ${#response_body} + 1) - printf 'Content-Type: application/json; charset=UTF-8\r\n' - printf 'Server: %s\r\n' "$Server" - printf '\r\n' - printf '%s\n' "$response_body" + if test "$HTGEN_VERBOSE" = true; then + printf "HTTP/1.1 $status_code $status_reason\r\n" + printf 'Connection: close\r\n' + printf 'Content-Length: %d\r\n' $(expr ${#response_body} + 1) + printf 'Content-Type: application/json; charset=UTF-8\r\n' + printf 'Server: %s\r\n' "$Server" + printf '\r\n' + printf '%s\n' "$response_body" + fi )} @@ -78,7 +80,9 @@ case "$Method $path" in trap "rm $content >&2" EXIT case ${req_expect-} in 100-continue) - printf 'HTTP/1.1 100 Continue\r\n\r\n' + if test "$HTGEN_VERBOSE" = true; then + printf 'HTTP/1.1 100 Continue\r\n\r\n' + fi esac head -c $req_content_length > $content From da6703e7b9b9504b12cccc0e80abdf158b797ff9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Sep 2020 21:28:25 +0200 Subject: [PATCH 29/37] htgen: 1.2.4 -> 1.2.5 --- krebs/5pkgs/simple/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index fdadb9693..f46c6308c 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,14 +1,14 @@ { coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import ; let - version = "1.2.4"; + version = "1.2.5"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "1bwb005grrm23h47f0wwairzgk47nygzi8fm82npycyqh86cjljn"; + sha256 = "1ri42dp3bsnlk6njlvk0bmn64l1vklq37r720s4bxghzias395nv"; }; installPhase = '' From c7adff5ce3a30e6b04e3da3f55d536fc7571c9b4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Sep 2020 21:46:22 +0200 Subject: [PATCH 30/37] htgen: 1.2.5 -> 1.2.6 --- krebs/5pkgs/simple/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index f46c6308c..0f4d2686b 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,14 +1,14 @@ { coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import ; let - version = "1.2.5"; + version = "1.2.6"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "1ri42dp3bsnlk6njlvk0bmn64l1vklq37r720s4bxghzias395nv"; + sha256 = "0jkz5af4frm71wjx3wj911ib6xd25rv63lyk02la7hcg5l882yz5"; }; installPhase = '' From cbbae87712101b6057b4d6d09f7827f09d2eefd2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Sep 2020 21:55:55 +0200 Subject: [PATCH 31/37] htgen: 1.2.6 -> 1.2.7 --- krebs/5pkgs/simple/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index 0f4d2686b..05f0a94d4 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,14 +1,14 @@ { coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import ; let - version = "1.2.6"; + version = "1.2.7"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "0jkz5af4frm71wjx3wj911ib6xd25rv63lyk02la7hcg5l882yz5"; + sha256 = "1jnpr7f2mgsr8n2nz9sa69v5v8ay1jjz4ydbnq14vrpf5q9qq9fx"; }; installPhase = '' From 9904ec050bfc8ff91a4d9bff43d3d21ac06e8772 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Sep 2020 22:33:29 +0200 Subject: [PATCH 32/37] l yellow.r: add flix-index service --- lass/1systems/yellow/config.nix | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 82fe3fac5..bc3b1f5d5 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -251,6 +251,27 @@ with import ; 3f8a56ddb2e64eb67adfc9b337157ff4 -----END OpenVPN Static key V1----- - ''; + + systemd.services.flix-index = { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.inotifyTools + ]; + serviceConfig = { + Restart = "always"; + ExecStart = pkgs.writers.writeDash "flix-index" '' + set -efu + + DIR=/var/download/finished + cd "$DIR" + while inotifywait -rq -e create -e move -e delete "$DIR"; do + find . -type f > "$DIR"/index.tmp + mv "$DIR"/index.tmp "$DIR"/index + done + ''; + }; + }; } From e6a8d378460827bab9a0fd45a50faa5eca7e8ae0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Sep 2020 22:52:34 +0200 Subject: [PATCH 33/37] reaktor2: nicks can have special characters --- krebs/2configs/reaktor2.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 72eff176b..061dc9ab9 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -76,7 +76,7 @@ let }; } { - pattern = ''^([\w-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; + pattern = ''^([\H-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$''; activate = "match"; arguments = [1 2 3]; command = { From 2299f49864cd60b6eebca31eae727d3b0845916f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Sep 2020 22:57:16 +0200 Subject: [PATCH 34/37] htgen: 1.2.7 -> 1.2.8 --- krebs/5pkgs/simple/htgen/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix index 05f0a94d4..c3f6d1779 100644 --- a/krebs/5pkgs/simple/htgen/default.nix +++ b/krebs/5pkgs/simple/htgen/default.nix @@ -1,14 +1,14 @@ { coreutils, dash, fetchgit, gnused, stdenv, ucspi-tcp }: with import ; let - version = "1.2.7"; + version = "1.2.8"; in stdenv.mkDerivation { name = "htgen-${version}"; src = fetchgit { url = "http://cgit.krebsco.de/htgen"; rev = "refs/tags/v${version}"; - sha256 = "1jnpr7f2mgsr8n2nz9sa69v5v8ay1jjz4ydbnq14vrpf5q9qq9fx"; + sha256 = "046c05jswar2agagqixad3idqxca494aaf199h6bdn02cyzygnpq"; }; installPhase = '' From e87f9e002bfb458ea9ab6dcdab482df315b94d09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 22 Aug 2020 09:07:03 +0100 Subject: [PATCH 35/37] mic92: add v4/v6 aliases to etc hosts this is convinient when you only want to speak a certain protocol --- krebs/3modules/hosts.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index 159b54e34..ae0136303 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -48,7 +48,9 @@ in { hostNetAliases = host: mapAttrs (_: net: filter (x: x.name != null && x.value != []) [ { name = net.ip4.addr or null; value = net.aliases; } + { name = net.ip4.addr or null; value = (map (alias: "4.${alias}") net.aliases); } { name = net.ip6.addr or null; value = net.aliases; } + { name = net.ip6.addr or null; value = (map (alias: "6.${alias}") net.aliases); } ]) host.nets; # netAliases : { ${netname} : [addrAliases] } From ec33eacc22cf690ef68774042a1a11cf6d1f2a49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 27 Aug 2020 21:29:04 +0100 Subject: [PATCH 36/37] add prometheus.r --- krebs/3modules/external/mic92.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 782f8ac04..384d813cc 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -463,6 +463,7 @@ in { ip4.addr = "10.243.29.185"; aliases = [ "eva.r" + "prometheus.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- From e97cf417fc05b382830d226ffaa04665ffb6e48a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 13 Sep 2020 09:35:41 +0200 Subject: [PATCH 37/37] mic92: add rock publickey --- krebs/3modules/external/mic92.nix | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 384d813cc..5a766664f 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -349,19 +349,20 @@ in { ip4.addr = "10.243.29.171"; aliases = [ "rock.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0uhNk3XXVxQcIVhD1Ime + 9PY3QBIcXvwDlOrd3oUwyWTvZpUeO7yzIXdouAe4s0ohPIVq7Cmruj4ZrOGUCKyB + oJpOziYSbL/IiCpXyOzWMLEwu0AoeFfbxig+5oZfwQ9epM2j902CgsUipJBLIg48 + BC9oOD+/iYEwsFPqQ/S0kETyQK5Ad+qv0lbU6/Kmify8Qplvpv/8DRdjsdLki1fU + a6MAEw12OtHe6IWtlitPjFMBykTP6kkSp/eg0G2KZFVuEulwHGf9QT/eT4fZTMCC + 2V5Vp4rIr/hawmj+h4NIxniBSQcPAAIGNwZVC4uYYV1nd4iaI/T04rDJwte5WKHf + EVxtlYt9RU1I/XdNRSj9gYyneVcVlDVos8Z93oUv1hIGZYFtNmGVna6lggOBPf/t + BZ1MT6FKA4QX9JI8bQoNs18s8ffzyb07psNbH6YhpCygnhf9C7NR/CeI8BtpzJza + 1Qk731Z6bk6xRFKMuY2tRKlNCqPHULj44oTHB3Ki2B/bMlkguqSChfFzKIRASYO1 + SASSgddexjkjKLslxcLWhIqYrZhuhYlFyoeoMI3qQsey/4X5PUmQDxxhTT80+qvE + thBNPg46joyLTq9E9ddf7t/0C6oD2DXY88N9bkztuK5dtYHmjajUbePuaTJtrKhI + 7MnLboZCEiSyvkVTTx0Yjf0CAwEAAQ== + -----END PUBLIC KEY----- ''; }; };