Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
c691e94c45
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -7,3 +7,6 @@
|
|||||||
[submodule "lass/5pkgs/autowifi"]
|
[submodule "lass/5pkgs/autowifi"]
|
||||||
path = lass/5pkgs/autowifi
|
path = lass/5pkgs/autowifi
|
||||||
url = https://github.com/Lassulus/autowifi
|
url = https://github.com/Lassulus/autowifi
|
||||||
|
[submodule "submodules/disko"]
|
||||||
|
path = submodules/disko
|
||||||
|
url = https://github.com/nix-community/disko
|
||||||
|
@ -21,11 +21,11 @@ rather fuzzy and may mean different things, just choose what would fit best.
|
|||||||
|
|
||||||
Here are a numbers of samples for defining the component:
|
Here are a numbers of samples for defining the component:
|
||||||
|
|
||||||
* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum.r: change ip`
|
* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum: change ip`
|
||||||
* Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO`
|
* Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO`
|
||||||
* Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `<rationale>`
|
* Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `<rationale>`
|
||||||
* Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type`
|
* Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type`
|
||||||
* Change host `gum` in `makefu/1systems/gum`: `ma gum.r: add taskserver`
|
* Change host `gum` in `makefu/1systems/gum`: `ma gum: add taskserver`
|
||||||
* Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy`
|
* Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy`
|
||||||
|
|
||||||
## `<rationale>`
|
## `<rationale>`
|
||||||
|
@ -15,7 +15,6 @@ with import ../../lib;
|
|||||||
"test-all-krebs-modules"
|
"test-all-krebs-modules"
|
||||||
] (name: {
|
] (name: {
|
||||||
inherit name;
|
inherit name;
|
||||||
cores = 1;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.73.57";
|
ip4.addr = "10.243.73.57";
|
||||||
@ -36,7 +35,6 @@ in {
|
|||||||
hosts = mapAttrs hostDefaults ({
|
hosts = mapAttrs hostDefaults ({
|
||||||
filebitch = {
|
filebitch = {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 4;
|
|
||||||
nets = {
|
nets = {
|
||||||
shack = {
|
shack = {
|
||||||
ip4 = {
|
ip4 = {
|
||||||
@ -134,7 +132,6 @@ in {
|
|||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
|
||||||
};
|
};
|
||||||
onebutton = {
|
onebutton = {
|
||||||
cores = 1;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.0.101";
|
ip4.addr = "10.243.0.101";
|
||||||
@ -163,7 +160,6 @@ in {
|
|||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
|
||||||
};
|
};
|
||||||
ponte = {
|
ponte = {
|
||||||
cores = 1;
|
|
||||||
owner = config.krebs.users.krebs;
|
owner = config.krebs.users.krebs;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = /* bindzone */ ''
|
"krebsco.de" = /* bindzone */ ''
|
||||||
@ -212,7 +208,6 @@ in {
|
|||||||
};
|
};
|
||||||
puyak = {
|
puyak = {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 4;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.77.2";
|
ip4.addr = "10.243.77.2";
|
||||||
|
40
kartei/lass/blue.nix
Normal file
40
kartei/lass/blue.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.77";
|
||||||
|
ip6.addr = r6 "b1ce";
|
||||||
|
aliases = [
|
||||||
|
"blue.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
|
||||||
|
QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
|
||||||
|
sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
|
||||||
|
wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
|
||||||
|
PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
|
||||||
|
RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
|
||||||
|
HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
|
||||||
|
khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
|
||||||
|
49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
|
||||||
|
w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
|
||||||
|
ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
|
||||||
|
Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "b1ce";
|
||||||
|
aliases = [
|
||||||
|
"blue.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
||||||
|
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
|
||||||
|
}
|
42
kartei/lass/coaxmetal.nix
Normal file
42
kartei/lass/coaxmetal.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.17";
|
||||||
|
ip6.addr = r6 "17";
|
||||||
|
aliases = [
|
||||||
|
"coaxmetal.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
|
||||||
|
xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
|
||||||
|
gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
|
||||||
|
WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
|
||||||
|
ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
|
||||||
|
G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
|
||||||
|
G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
|
||||||
|
IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
|
||||||
|
K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
|
||||||
|
7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
|
||||||
|
bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
|
||||||
|
l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "17";
|
||||||
|
aliases = [
|
||||||
|
"coaxmetal.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
|
||||||
|
syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
|
||||||
|
}
|
33
kartei/lass/daedalus.nix
Normal file
33
kartei/lass/daedalus.nix
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.133.115";
|
||||||
|
ip6.addr = r6 "daed";
|
||||||
|
aliases = [
|
||||||
|
"daedalus.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
|
||||||
|
5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+
|
||||||
|
qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8
|
||||||
|
ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR
|
||||||
|
arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w
|
||||||
|
3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "daed";
|
||||||
|
aliases = [
|
||||||
|
"daedalus.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
|
||||||
|
}
|
@ -3,6 +3,12 @@ with import ../../lib;
|
|||||||
|
|
||||||
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
|
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
|
||||||
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
|
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
|
||||||
|
hostFiles =
|
||||||
|
builtins.map (lib.removeSuffix ".nix") (
|
||||||
|
builtins.filter
|
||||||
|
(x: lib.hasSuffix ".nix" x && x != "default.nix")
|
||||||
|
(lib.attrNames (builtins.readDir ./.))
|
||||||
|
);
|
||||||
|
|
||||||
in {
|
in {
|
||||||
dns.providers = {
|
dns.providers = {
|
||||||
@ -13,895 +19,10 @@ in {
|
|||||||
consul = true;
|
consul = true;
|
||||||
ci = true;
|
ci = true;
|
||||||
monitoring = true;
|
monitoring = true;
|
||||||
}) {
|
|
||||||
dishfire = {
|
|
||||||
cores = 4;
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4 = rec {
|
|
||||||
addr = "157.90.232.92";
|
|
||||||
prefix = "${addr}/32";
|
|
||||||
};
|
|
||||||
aliases = [
|
|
||||||
"dishfire.i"
|
|
||||||
];
|
|
||||||
ssh.port = 45621;
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.133.99";
|
|
||||||
ip6.addr = r6 "d15f:1233";
|
|
||||||
aliases = [
|
|
||||||
"dishfire.r"
|
|
||||||
"grafana.lass.r"
|
|
||||||
"prometheus.lass.r"
|
|
||||||
"alert.lass.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
|
|
||||||
Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
|
|
||||||
uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
|
|
||||||
R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
|
|
||||||
vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
|
|
||||||
HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
}) (
|
||||||
};
|
lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; })
|
||||||
prism = rec {
|
);
|
||||||
cores = 4;
|
|
||||||
extraZones = {
|
|
||||||
"krebsco.de" = ''
|
|
||||||
cache 60 IN A ${nets.internet.ip4.addr}
|
|
||||||
p 60 IN A ${nets.internet.ip4.addr}
|
|
||||||
c 60 IN A ${nets.internet.ip4.addr}
|
|
||||||
paste 60 IN A ${nets.internet.ip4.addr}
|
|
||||||
prism 60 IN A ${nets.internet.ip4.addr}
|
|
||||||
social 60 IN A ${nets.internet.ip4.addr}
|
|
||||||
'';
|
|
||||||
"lassul.us" = ''
|
|
||||||
$TTL 3600
|
|
||||||
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
|
|
||||||
60 IN NS ns16.ovh.net.
|
|
||||||
60 IN NS dns16.ovh.net.
|
|
||||||
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
|
|
||||||
IN MX 5 mail.lassul.us.
|
|
||||||
60 IN TXT "v=spf1 mx -all"
|
|
||||||
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
|
||||||
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
|
||||||
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
io 60 IN NS ions.lassul.us.
|
|
||||||
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
confusion 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nets = rec {
|
|
||||||
internet = {
|
|
||||||
ip4 = {
|
|
||||||
addr = "95.216.1.150";
|
|
||||||
prefix = "0.0.0.0/0";
|
|
||||||
};
|
|
||||||
ip6 = {
|
|
||||||
addr = "2a01:4f9:2a:1e9::1";
|
|
||||||
prefix = "2a01:4f9:2a:1e9::/64";
|
|
||||||
};
|
|
||||||
aliases = [
|
|
||||||
"prism.i"
|
|
||||||
"paste.i"
|
|
||||||
];
|
|
||||||
ssh.port = 45621;
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.243.0.103";
|
|
||||||
ip6.addr = r6 "1";
|
|
||||||
aliases = [
|
|
||||||
"prism.r"
|
|
||||||
"cache.prism.r"
|
|
||||||
"cgit.prism.r"
|
|
||||||
"bota.r"
|
|
||||||
"flix.r"
|
|
||||||
"jelly.r"
|
|
||||||
"paste.r"
|
|
||||||
"c.r"
|
|
||||||
"p.r"
|
|
||||||
"search.r"
|
|
||||||
"radio-news.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
|
|
||||||
fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo
|
|
||||||
rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z
|
|
||||||
ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB
|
|
||||||
wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio
|
|
||||||
/jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA
|
|
||||||
BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C
|
|
||||||
9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5
|
|
||||||
Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu
|
|
||||||
3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH
|
|
||||||
TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb
|
|
||||||
g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ
|
|
||||||
kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg
|
|
||||||
7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo
|
|
||||||
7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz
|
|
||||||
cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451
|
|
||||||
k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0
|
|
||||||
dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu
|
|
||||||
ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i
|
|
||||||
jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/
|
|
||||||
AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE
|
|
||||||
T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "XbBBPg+dtZM1LRN46VAujVKIC6VSo6nFoHo/1unbggO";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
via = internet;
|
|
||||||
ip4.addr = "10.244.1.103";
|
|
||||||
ip6.addr = w6 "1";
|
|
||||||
aliases = [
|
|
||||||
"prism.w"
|
|
||||||
];
|
|
||||||
wireguard = {
|
|
||||||
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
|
|
||||||
subnets = [
|
|
||||||
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
|
|
||||||
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
|
|
||||||
"10.244.1.0/24"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
|
||||||
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
|
||||||
};
|
|
||||||
mors = {
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.2";
|
|
||||||
ip6.addr = r6 "dea7";
|
|
||||||
aliases = [
|
|
||||||
"mors.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
|
|
||||||
H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
|
|
||||||
+P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
|
|
||||||
1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
|
|
||||||
9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
|
|
||||||
O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "kuh0cP/HjGOQ+NafR3zjmqp+RAnA59F4CgtzENj9/MM";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "dea7";
|
|
||||||
aliases = [
|
|
||||||
"mors.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
|
||||||
syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
|
|
||||||
};
|
|
||||||
shodan = {
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.4";
|
|
||||||
ip6.addr = r6 "50da";
|
|
||||||
aliases = [
|
|
||||||
"shodan.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
|
|
||||||
YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
|
|
||||||
ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
|
|
||||||
7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
|
|
||||||
xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
|
|
||||||
V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "50da";
|
|
||||||
ip4.addr = "10.244.1.4";
|
|
||||||
aliases = [
|
|
||||||
"shodan.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
|
||||||
syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6";
|
|
||||||
};
|
|
||||||
icarus = {
|
|
||||||
cores = 2;
|
|
||||||
nets = rec {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.133.114";
|
|
||||||
ip6.addr = r6 "1205";
|
|
||||||
aliases = [
|
|
||||||
"icarus.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
|
|
||||||
Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
|
|
||||||
7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
|
|
||||||
k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
|
|
||||||
zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
|
|
||||||
gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "vUc/ynOlNqB7a+sr0BmfdRv0dATtGZTjsU2qL2yGInK";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "1205";
|
|
||||||
aliases = [
|
|
||||||
"icarus.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
|
||||||
syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
|
|
||||||
};
|
|
||||||
daedalus = {
|
|
||||||
cores = 2;
|
|
||||||
nets = rec {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.133.115";
|
|
||||||
ip6.addr = r6 "daed";
|
|
||||||
aliases = [
|
|
||||||
"daedalus.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
|
|
||||||
5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+
|
|
||||||
qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8
|
|
||||||
ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR
|
|
||||||
arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w
|
|
||||||
3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "daed";
|
|
||||||
aliases = [
|
|
||||||
"daedalus.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g";
|
|
||||||
};
|
|
||||||
skynet = {
|
|
||||||
cores = 2;
|
|
||||||
nets = rec {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.133.116";
|
|
||||||
ip6.addr = r6 "5ce7";
|
|
||||||
aliases = [
|
|
||||||
"skynet.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
|
|
||||||
Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B
|
|
||||||
p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0
|
|
||||||
yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da
|
|
||||||
NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb
|
|
||||||
mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "9s7eB16k7eAtHyneffTCmYR7s3mRpJqpVVjSPGaVKKN";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "5ce7";
|
|
||||||
aliases = [
|
|
||||||
"skynet.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
|
|
||||||
syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
|
|
||||||
};
|
|
||||||
littleT = {
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.133.77";
|
|
||||||
ip6.addr = r6 "771e";
|
|
||||||
aliases = [
|
|
||||||
"littleT.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
|
|
||||||
/m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
|
|
||||||
1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
|
|
||||||
ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
|
|
||||||
sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
|
|
||||||
M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
|
|
||||||
Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
|
|
||||||
+cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
|
|
||||||
xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
|
|
||||||
aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
|
|
||||||
7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
|
|
||||||
k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
|
|
||||||
idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
|
|
||||||
y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
|
|
||||||
SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
|
|
||||||
mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
|
|
||||||
PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
|
|
||||||
ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
|
|
||||||
Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
|
|
||||||
8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
|
|
||||||
NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
|
|
||||||
5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "rDnc4Ha+M6fyN5JU4lkV9NKfMBtIHOcG4/AUB9KodiP";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "771e";
|
|
||||||
aliases = [
|
|
||||||
"littleT.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
|
||||||
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
|
|
||||||
};
|
|
||||||
xerxes = {
|
|
||||||
cores = 2;
|
|
||||||
consul = false;
|
|
||||||
nets = rec {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.1.3";
|
|
||||||
ip6.addr = r6 "3";
|
|
||||||
aliases = [
|
|
||||||
"xerxes.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
|
|
||||||
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
|
|
||||||
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
|
|
||||||
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
|
|
||||||
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
|
|
||||||
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
|
|
||||||
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
|
|
||||||
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
|
|
||||||
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
|
|
||||||
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
|
|
||||||
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
|
|
||||||
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
|
|
||||||
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
|
|
||||||
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
|
|
||||||
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
|
|
||||||
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
|
|
||||||
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
|
|
||||||
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
|
|
||||||
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
|
|
||||||
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
|
|
||||||
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
|
|
||||||
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "3";
|
|
||||||
aliases = [
|
|
||||||
"xerxes.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
|
||||||
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
|
|
||||||
};
|
|
||||||
yellow = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.14";
|
|
||||||
ip6.addr = r6 "3110";
|
|
||||||
aliases = [
|
|
||||||
"yellow.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
|
|
||||||
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
|
|
||||||
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
|
|
||||||
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
|
|
||||||
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
|
|
||||||
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
|
|
||||||
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
|
|
||||||
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
|
|
||||||
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
|
|
||||||
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
|
|
||||||
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
|
|
||||||
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "qZBhDSW6ir1/w6lOngg2feCZj9W9AfifEMlKXcOb5QE";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "3110";
|
|
||||||
aliases = [
|
|
||||||
"yellow.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
|
|
||||||
};
|
|
||||||
blue = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.77";
|
|
||||||
ip6.addr = r6 "b1ce";
|
|
||||||
aliases = [
|
|
||||||
"blue.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
|
|
||||||
QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc
|
|
||||||
sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM
|
|
||||||
wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu
|
|
||||||
PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ
|
|
||||||
RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/
|
|
||||||
HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm
|
|
||||||
khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP
|
|
||||||
49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N
|
|
||||||
w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6
|
|
||||||
ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J
|
|
||||||
Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "b1ce";
|
|
||||||
aliases = [
|
|
||||||
"blue.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
|
||||||
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
|
|
||||||
};
|
|
||||||
|
|
||||||
green = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.66";
|
|
||||||
ip6.addr = r6 "12ee";
|
|
||||||
aliases = [
|
|
||||||
"green.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
|
|
||||||
uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
|
|
||||||
ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
|
|
||||||
n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
|
|
||||||
hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
|
|
||||||
m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
|
|
||||||
BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
|
|
||||||
pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
|
|
||||||
2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
|
|
||||||
UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
|
|
||||||
udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
|
|
||||||
3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "WfH8ULtWklOFK6htphdSSL46vHn6TkJIhsvK9fK+4+C";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "12ee";
|
|
||||||
aliases = [
|
|
||||||
"green.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
|
|
||||||
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
|
|
||||||
};
|
|
||||||
|
|
||||||
massulus = {
|
|
||||||
cores = 1;
|
|
||||||
ci = false;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.113";
|
|
||||||
ip6.addr = r6 "113";
|
|
||||||
aliases = [
|
|
||||||
"massulus.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
|
|
||||||
ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
|
|
||||||
ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
|
|
||||||
zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
|
|
||||||
F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
|
|
||||||
v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
|
|
||||||
kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
|
|
||||||
LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
|
|
||||||
EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
|
|
||||||
KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
|
|
||||||
oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
|
|
||||||
yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
|
|
||||||
port = 1655;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "113";
|
|
||||||
aliases = [
|
|
||||||
"massulus.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = ''
|
|
||||||
4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
|
|
||||||
};
|
|
||||||
|
|
||||||
phone = {
|
|
||||||
consul = false;
|
|
||||||
nets = {
|
|
||||||
wiregrill = {
|
|
||||||
ip4.addr = "10.244.1.13";
|
|
||||||
ip6.addr = w6 "a";
|
|
||||||
aliases = [
|
|
||||||
"phone.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "FY4PB8E/RC2JvtLgq/IDyMmZ9Ln6pz6eGyoytmUFMgk=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
external = true;
|
|
||||||
ci = false;
|
|
||||||
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
|
|
||||||
};
|
|
||||||
tablet = {
|
|
||||||
consul = false;
|
|
||||||
nets = {
|
|
||||||
wiregrill = {
|
|
||||||
ip4.addr = "10.244.1.14";
|
|
||||||
ip6.addr = w6 "b";
|
|
||||||
aliases = [
|
|
||||||
"tablet.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
external = true;
|
|
||||||
ci = false;
|
|
||||||
};
|
|
||||||
hilum = {
|
|
||||||
consul = false;
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.20.123";
|
|
||||||
ip6.addr = r6 "005b";
|
|
||||||
aliases = [
|
|
||||||
"hilum.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
|
|
||||||
pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
|
|
||||||
V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
|
|
||||||
SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
|
|
||||||
4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
|
|
||||||
saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
|
|
||||||
vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
|
|
||||||
8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
|
|
||||||
wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
|
|
||||||
RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
|
|
||||||
Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
|
|
||||||
87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "9D50r3DmftSe2L++jPktQRbcCrE4sEazMewgbQbodRH";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "005b";
|
|
||||||
aliases = [
|
|
||||||
"hilum.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = ''
|
|
||||||
0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
|
|
||||||
syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
|
|
||||||
};
|
|
||||||
styx = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.11.1";
|
|
||||||
ip6.addr = r6 "111";
|
|
||||||
aliases = [
|
|
||||||
"styx.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
|
|
||||||
ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU
|
|
||||||
aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE
|
|
||||||
3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi
|
|
||||||
6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq
|
|
||||||
m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn
|
|
||||||
Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt
|
|
||||||
EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/
|
|
||||||
7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao
|
|
||||||
Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2
|
|
||||||
6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF
|
|
||||||
wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "yVT5nQstw+o5P0ZoBK81G7sL6nQEBwg42wyBn6ogZgK";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "111";
|
|
||||||
aliases = [
|
|
||||||
"styx.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = ''
|
|
||||||
0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs=
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
|
|
||||||
syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
|
|
||||||
};
|
|
||||||
|
|
||||||
coaxmetal = {
|
|
||||||
cores = 16;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.17";
|
|
||||||
ip6.addr = r6 "17";
|
|
||||||
aliases = [
|
|
||||||
"coaxmetal.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
|
|
||||||
xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
|
|
||||||
gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
|
|
||||||
WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
|
|
||||||
ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
|
|
||||||
G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
|
|
||||||
G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
|
|
||||||
IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
|
|
||||||
K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
|
|
||||||
7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
|
|
||||||
bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
|
|
||||||
l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "17";
|
|
||||||
aliases = [
|
|
||||||
"coaxmetal.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = ''
|
|
||||||
lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
|
|
||||||
syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
|
|
||||||
};
|
|
||||||
|
|
||||||
echelon = {
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.3";
|
|
||||||
ip6.addr = r6 "4";
|
|
||||||
aliases = [
|
|
||||||
"echelon.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp
|
|
||||||
1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A
|
|
||||||
MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe
|
|
||||||
UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V
|
|
||||||
rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez
|
|
||||||
gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO
|
|
||||||
c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna
|
|
||||||
dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze
|
|
||||||
ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D
|
|
||||||
KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq
|
|
||||||
GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr
|
|
||||||
43jjLL40ONdFxX7qW/DhT9MCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "3";
|
|
||||||
aliases = [
|
|
||||||
"echelon.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = ''
|
|
||||||
SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc=
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd ";
|
|
||||||
syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ";
|
|
||||||
};
|
|
||||||
|
|
||||||
lasspi = {
|
|
||||||
consul = false;
|
|
||||||
cores = 1;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.1.89";
|
|
||||||
ip6.addr = r6 "189";
|
|
||||||
aliases = [
|
|
||||||
"lasspi.r"
|
|
||||||
];
|
|
||||||
tinc = {
|
|
||||||
pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1
|
|
||||||
JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F
|
|
||||||
CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl
|
|
||||||
oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P
|
|
||||||
Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS
|
|
||||||
BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC
|
|
||||||
VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8
|
|
||||||
+Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs
|
|
||||||
QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP
|
|
||||||
zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP
|
|
||||||
6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc
|
|
||||||
287nChBcbY+HlshTe0lZdrkCAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
pubkey_ed25519 = "vSCHU+/BkoCo6lL5OmikALKBWgkRY8JRo4q8ZZRd5EG";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
ip6.addr = w6 "189";
|
|
||||||
aliases = [
|
|
||||||
"lasspi.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = ''
|
|
||||||
IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw=
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB";
|
|
||||||
};
|
|
||||||
|
|
||||||
domsen-pixel = {
|
|
||||||
consul = false;
|
|
||||||
nets = {
|
|
||||||
wiregrill = {
|
|
||||||
ip4.addr = "10.244.1.17";
|
|
||||||
ip6.addr = w6 "d0";
|
|
||||||
aliases = [
|
|
||||||
"domsen-pixel.w"
|
|
||||||
];
|
|
||||||
wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
external = true;
|
|
||||||
ci = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
users = rec {
|
users = rec {
|
||||||
lass = lass-yubikey;
|
lass = lass-yubikey;
|
||||||
lass-yubikey = {
|
lass-yubikey = {
|
||||||
@ -917,6 +38,10 @@ in {
|
|||||||
mail = "lass@green.r";
|
mail = "lass@green.r";
|
||||||
pubkey = builtins.readFile ./ssh/green.ed25519;
|
pubkey = builtins.readFile ./ssh/green.ed25519;
|
||||||
};
|
};
|
||||||
|
lass-red = {
|
||||||
|
mail = "lass@red.r";
|
||||||
|
pubkey = builtins.readFile ./ssh/red.ed25519;
|
||||||
|
};
|
||||||
lass-mors = {
|
lass-mors = {
|
||||||
mail = "lass@mors.r";
|
mail = "lass@mors.r";
|
||||||
pubkey = builtins.readFile ./ssh/mors.rsa;
|
pubkey = builtins.readFile ./ssh/mors.rsa;
|
||||||
|
40
kartei/lass/dishfire.nix
Normal file
40
kartei/lass/dishfire.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
ip4 = rec {
|
||||||
|
addr = "157.90.232.92";
|
||||||
|
prefix = "${addr}/32";
|
||||||
|
};
|
||||||
|
aliases = [
|
||||||
|
"dishfire.i"
|
||||||
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = internet;
|
||||||
|
ip4.addr = "10.243.133.99";
|
||||||
|
ip6.addr = r6 "d15f:1233";
|
||||||
|
aliases = [
|
||||||
|
"dishfire.r"
|
||||||
|
"grafana.lass.r"
|
||||||
|
"prometheus.lass.r"
|
||||||
|
"alert.lass.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
|
||||||
|
Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
|
||||||
|
uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
|
||||||
|
R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
|
||||||
|
vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
|
||||||
|
HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||||
|
}
|
16
kartei/lass/domsen-pixel.nix
Normal file
16
kartei/lass/domsen-pixel.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
consul = false;
|
||||||
|
nets = {
|
||||||
|
wiregrill = {
|
||||||
|
ip4.addr = "10.244.1.17";
|
||||||
|
ip6.addr = w6 "d0";
|
||||||
|
aliases = [
|
||||||
|
"domsen-pixel.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "cGuBSB1DftIsanbxrSG/i4FiC+TmQrs+Z0uE6SPscHY=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
external = true;
|
||||||
|
ci = false;
|
||||||
|
}
|
42
kartei/lass/echelon.nix
Normal file
42
kartei/lass/echelon.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.3";
|
||||||
|
ip6.addr = r6 "4";
|
||||||
|
aliases = [
|
||||||
|
"echelon.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp
|
||||||
|
1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A
|
||||||
|
MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe
|
||||||
|
UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V
|
||||||
|
rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez
|
||||||
|
gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO
|
||||||
|
c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna
|
||||||
|
dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze
|
||||||
|
ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D
|
||||||
|
KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq
|
||||||
|
GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr
|
||||||
|
43jjLL40ONdFxX7qW/DhT9MCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "3";
|
||||||
|
aliases = [
|
||||||
|
"echelon.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd ";
|
||||||
|
syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ";
|
||||||
|
}
|
40
kartei/lass/green.nix
Normal file
40
kartei/lass/green.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.66";
|
||||||
|
ip6.addr = r6 "12ee";
|
||||||
|
aliases = [
|
||||||
|
"green.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
|
||||||
|
uoDBjWqhM9Pgq6PJSpJjyNAgMkKJcQnWi0WpELaHISAVqjdPGUQSLiar++JN3YBx
|
||||||
|
ZQGFiucG0ijVJKAUbQQDYbc+RGK8MGO2v3Bv/6E56UKjxtT1zjjvkyXpSC7FN477
|
||||||
|
n9IfsvIzH/RLcAP5VnHBYqZ467UR4rqi7T7yWjrEgr+VirY9Opp9LM9YozlbRrlI
|
||||||
|
hYshk5RET/EvOSwYlw/KJEMMmYHro74neZKIVKoXD3CSE66rncNmdFwD3ZXVxYn6
|
||||||
|
m3Eob8ojWPW+CpAL2AurUyq4Igem9JVigZiyKGgaYsdkOWgkYLW2M0DXX+vCRcM6
|
||||||
|
BvJgJn7s0PHkLvybEVveTolRWO+I/IG1LN8m0SvrVPXf5JYHB32nKYwVMLwi+BQ1
|
||||||
|
pwo0USGByVRv2lWZfy3doKxow0ppilq4DwoT+iqVO4sK5YhPipBHSmCcaxlquHjy
|
||||||
|
2k1eb0gYisp0LBjHlhTErXtt4RlrUqs/84RfgtIZYUowJfXbtEbyDmLIlESbY7qk
|
||||||
|
UlXIMXtY0sWpDivWwpdMj9kJdKlS09QTMeLYz4fFGXMksFmLijx8RKDOYfNWL7oA
|
||||||
|
udmEOHPzYzu/Ex8RfKJjD4GhWLDvDTcyXDG9vmuDNZGcPHANeg23sGhr5Hz37FRT
|
||||||
|
3MVh92sFyMVYkJcL7SISk80CAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "WfH8ULtWklOFK6htphdSSL46vHn6TkJIhsvK9fK+4+C";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "12ee";
|
||||||
|
aliases = [
|
||||||
|
"green.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "lOORkStNJ6iP5ffqjHa/kWOxilJIMW4E6BEtNvNhLGk=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0wqzo7rMkyw6gqTGuUp8aUA0vtwj0HuuaTIkkOnA30 ";
|
||||||
|
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
|
||||||
|
}
|
43
kartei/lass/hilum.nix
Normal file
43
kartei/lass/hilum.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
consul = false;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.20.123";
|
||||||
|
ip6.addr = r6 "005b";
|
||||||
|
aliases = [
|
||||||
|
"hilum.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
|
||||||
|
pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
|
||||||
|
V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
|
||||||
|
SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
|
||||||
|
4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
|
||||||
|
saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
|
||||||
|
vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
|
||||||
|
8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
|
||||||
|
wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
|
||||||
|
RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
|
||||||
|
Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
|
||||||
|
87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "9D50r3DmftSe2L++jPktQRbcCrE4sEazMewgbQbodRH";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "005b";
|
||||||
|
aliases = [
|
||||||
|
"hilum.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
|
||||||
|
syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
|
||||||
|
}
|
35
kartei/lass/icarus.nix
Normal file
35
kartei/lass/icarus.nix
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.133.114";
|
||||||
|
ip6.addr = r6 "1205";
|
||||||
|
aliases = [
|
||||||
|
"icarus.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
|
||||||
|
Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
|
||||||
|
7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
|
||||||
|
k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
|
||||||
|
zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
|
||||||
|
gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "vUc/ynOlNqB7a+sr0BmfdRv0dATtGZTjsU2qL2yGInK";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "1205";
|
||||||
|
aliases = [
|
||||||
|
"icarus.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||||
|
syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
|
||||||
|
}
|
42
kartei/lass/lasspi.nix
Normal file
42
kartei/lass/lasspi.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
consul = false;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.1.89";
|
||||||
|
ip6.addr = r6 "189";
|
||||||
|
aliases = [
|
||||||
|
"lasspi.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3zUXIiw8/9okrGaxlAR1
|
||||||
|
JvoXNxAzLj5wwE2B0A+9ppev7Vl52HJarNoM6+0RN4aZDGMhDWg8J5ZQSdGUNm5F
|
||||||
|
CIdxE1TwLXxzW5nd7BIb+MVsjtw0pxId7Gxq6Wgtx1QljUdsp8OVrJActqsmXYMl
|
||||||
|
oYEWdENHRONYTCyhs+Kd18MERyxQCqOXOnD170iaFuCcHiIa2nSOtlk+aIPNIE/P
|
||||||
|
Qsp7Q0RCRvqd5LszsI7bp3gZL9mgGquQEW+3ZxSaIYHGTdK/zI4PHYpEa7IvdJFS
|
||||||
|
BJjJj+PbilnSxy7iL826O8ckxBqA0rNS0EynCKCI0DoVimCeklk20vLagDyXiDyC
|
||||||
|
VW2774j1rF35eIowPTBVJNfquEptNDl9MLV3MC2P8gnCZp5x+7dEwpqsvecBQ7Z8
|
||||||
|
+Ry9JZ/zlWi5qT86SrwKKqJqRhWHjZZSRzWdo4ypaNOy0cKHb2DcVfgn38Kf16xs
|
||||||
|
QM11XLCRE8VLIVl5UFgrF6q/0f8JP1BG8RO90NDsLwIW/EwKiJ9OGFtayvxkmgHP
|
||||||
|
zgmzgws8cn50762OPkp4OVzVexN77d9N8GU9QXAlsFyn2FJlO26DvFON4fHIf0bP
|
||||||
|
6lqI1Up2jAy0eSl2txlxxKbKRlkIaebHulhxIxQ1djA+xPb/5cfasom9Qqwf6/Lc
|
||||||
|
287nChBcbY+HlshTe0lZdrkCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "vSCHU+/BkoCo6lL5OmikALKBWgkRY8JRo4q8ZZRd5EG";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "189";
|
||||||
|
aliases = [
|
||||||
|
"lasspi.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
IIBAiG7jZEliQJJsNUQswLsB5FQFkAfq5IwyHAp71Vw=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEjYOaTQE9OvvIaWWjO+3/uSy7rvnhnJA48rWYeB2DfB";
|
||||||
|
}
|
51
kartei/lass/littleT.nix
Normal file
51
kartei/lass/littleT.nix
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.133.77";
|
||||||
|
ip6.addr = r6 "771e";
|
||||||
|
aliases = [
|
||||||
|
"littleT.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
|
||||||
|
/m2ZWpKDZyKx17GXQwm8n0NgyvcemvoCVGqSHIsbxvLB6aBF6ZLkeKyx1mZioEDY
|
||||||
|
1MWR+yr42dFn+6uVTxJhLPmOxgX0D3pWe31UycoAMSWf4eAhmFIEFUvQCAW43arO
|
||||||
|
ni1TFSsaHOCxOaLVd/r7tSO0aT72WbOat84zWccwBZXvpqt/V6/o1MGB28JwZ92G
|
||||||
|
sBMjsCsoiciSg9aAzMCdjOYdM+RSwHEHI9xMineJgZFAbQqwTvK9axyvleJvgaWR
|
||||||
|
M9906r/17tlqJ/hZ0IwA6X+OT4w/JNGruy/5phxHvZmDgvXmYD9hf2a6JmjOMPp/
|
||||||
|
Zn6zYCDYgSYugwJ7GI39GG7f+3Xpmre87O6g6WSaMWCfdOaAeYnj+glP5+YvTLpT
|
||||||
|
+cdN9HweV27wShRozJAqTGZbD0Nfs+EXd0J/q6kP43lwv6wyZdmXCShPF2NzBlEY
|
||||||
|
xdtWKhRYKC1cs0Z2nK+XGEyznNzp1f8NC5qvTguj4kDMhoOd6WXwk460HF49Tf/c
|
||||||
|
aGQTGzgEVMAI7phTJubEmxdBooedvPFamS5wpHTmOt9dZ3qbpCgThaMblVvUu/lm
|
||||||
|
7pkPgc60Y2RAk/Rvyy5A8AaxBXPRBNwVkM5TY/5TW+S1zY09600ZCC2GE27qGT9v
|
||||||
|
k4GHabO42n3wTHk+APodzKDBbEazhOp5Oclg4nNKqgg+IrmheB91oEqBXlfyDj8B
|
||||||
|
idVoUvbH9WPwBqdh7hoqzrHDur5wCFBphrkjEe98o5iFFFi2C8W04H7iqe+nFqvJ
|
||||||
|
y/vzKk5kbfpjov71EEje+hNUCLTWF7sjgT4Z2z8LuqjpIq+d2i5dASfTqj4VBs6D
|
||||||
|
SeiHyyAfCHG/03I9E5eizCCd98Tr30yhu3IKsdFFXsVwxHVFenq2Y1ca7uypCk+i
|
||||||
|
mDC5q5WQFEK/8SSO25i1teWBawfNVVVI/A1b676VJyafS9ebJs8TmXYRbE6rcBzH
|
||||||
|
PssdHNwbtEwhbGdQhgQ2pqQg1SIZM3zvjcpgzL9QP29tulubJ05keaw/4p/Yg/mB
|
||||||
|
ivF8EAIefXYYVxYkRQsHox7UQpSCzjOtj7gvc0KdJxshSLuryM0LxP+gk+x6JPX5
|
||||||
|
Ht8x+oE7iL0cqBsIenc/e0XdTZ+4zrBY5hWbGH8a8VJqEYs54WRJhzQf1jzNaCbS
|
||||||
|
8328MpRF5lXujv61aveg0i4pvczznlSV7wXmmwNAdhvSUTh34tCpRqabpCJdlRBt
|
||||||
|
NvVuij6guPKt4XV1TxXNsPCfib1vYjvwX8gUE4UhL69VmM8OBaC3XdroMfNvz9YW
|
||||||
|
5ObxDGIEiP53Jp8hiWId0AI/XF5Ct3Gh2wIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "rDnc4Ha+M6fyN5JU4lkV9NKfMBtIHOcG4/AUB9KodiP";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "771e";
|
||||||
|
aliases = [
|
||||||
|
"littleT.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
|
||||||
|
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
|
||||||
|
}
|
44
kartei/lass/massulus.nix
Normal file
44
kartei/lass/massulus.nix
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
ci = false;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.113";
|
||||||
|
ip6.addr = r6 "113";
|
||||||
|
aliases = [
|
||||||
|
"massulus.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
|
||||||
|
ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
|
||||||
|
ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
|
||||||
|
zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
|
||||||
|
F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
|
||||||
|
v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
|
||||||
|
kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
|
||||||
|
LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
|
||||||
|
EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
|
||||||
|
KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
|
||||||
|
oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
|
||||||
|
yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
|
||||||
|
port = 1655;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "113";
|
||||||
|
aliases = [
|
||||||
|
"massulus.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
|
||||||
|
syncthing.id = "R2EGJ5S-PQMETUP-C2UGXQG-A6VP7TB-NGSN3MV-C7OGSWT-SZ34L3X-H6IF6AQ";
|
||||||
|
}
|
35
kartei/lass/mors.nix
Normal file
35
kartei/lass/mors.nix
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.2";
|
||||||
|
ip6.addr = r6 "dea7";
|
||||||
|
aliases = [
|
||||||
|
"mors.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
|
||||||
|
H0QwkiMmk3aZy1beq3quM6gX13aT+/wMfWnLyuvT11T5C9JEf/IS91STpM2BRN+R
|
||||||
|
+P/DhbuDcW4UsdEe6uwQDGEJbXRN5ZA7GI0bmcYcwHJ9SQmW5v7P9Z3oZ+09hMD+
|
||||||
|
1cZ3HkPN7weSdMLMPpUpmzCsI92cXGW0xRC4iBEt1ZeBwjkLCRsBFBGcUMuKWwVa
|
||||||
|
9sovca0q3DUar+kikEKVrVy26rZUlGuBLobMetDGioSawWkRSxVlfZvTHjAK5JzU
|
||||||
|
O6y6hj0yQ1sp6W2JjU8ntDHf63aM71dB9QIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "kuh0cP/HjGOQ+NafR3zjmqp+RAnA59F4CgtzENj9/MM";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "dea7";
|
||||||
|
aliases = [
|
||||||
|
"mors.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
|
||||||
|
syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
|
||||||
|
}
|
38
kartei/lass/neoprism.nix
Normal file
38
kartei/lass/neoprism.nix
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.99";
|
||||||
|
ip6.addr = r6 "99";
|
||||||
|
aliases = [
|
||||||
|
"neoprism.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAwQiPQT9XQkeAIMohNhIVH1Er73LS36JQu/bokNSAlgRjiHfmWVQw
|
||||||
|
hpmI0hO5ewI/HSxVH8MqITTjj8fp5+TOY5rxb3qj9SKGmoDpENw7g7BJsrpydu8+
|
||||||
|
hdvC4btCibAeTeaNqubPMoJLnwuh7NJ9ucYAcRU24FI6qR/Q973a3rzWYBfPd4w9
|
||||||
|
+Lq3ltFE4m6eLiL4ruQGR9Fc4HOJshJlUDUovGIC/98Fu468OuCaka4fR/IXD13O
|
||||||
|
khc5LfAzm2PLuD25YZRjw27Pv3txYOWzb9ZfI8BS+7WUg1nKPDVZErvj97OouqVH
|
||||||
|
binDgKLdLsamJgi+BrZs9uoxmXK9b459B3J6z4/d8dXTAW/cczqsODzsJnvw8IEE
|
||||||
|
u45Pm3sY49vmnNsVhDEIPad3ZDitgeWW6UVBR+EJHp+r1TZ8eLaeUTdV6x3zIrHv
|
||||||
|
dkobgI/0ynujSeMVzXA8cRDuLLVz0CwvNQ9FWzciZw4prOPjUDeSaOlIISOD4q8O
|
||||||
|
u/jRfaIzPuQNyQN/0B9gUacHOGkQ3sZ33gFt1j6YdfjWnHn2Ddxm99nXfYUo82oC
|
||||||
|
tEMui/7Vtj5G9dqDCzEacECvKqNVY2MRq5gpX+X5IwSbNc/vmykqhuDB5fzZWXRD
|
||||||
|
AmRfNCsuFCw3EehPWkdH9JJxysBa52sAB387CL44bJ2rfRglTAKZYNUCAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "/k2/hpq3XdSKfPPSAolfIx/AUgtKNF6kgv+WRTKtMqG";
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "99";
|
||||||
|
aliases = [
|
||||||
|
"neoprism.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
lhMJvEZOREjCSS3BbBxel0dJ3Mxjj0m82sUXqyYlUx0=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEljpF/rqA2o9CcZny8Kdg1Ij9JmHsmuS/ii+HS5T7rW ";
|
||||||
|
}
|
17
kartei/lass/phone.nix
Normal file
17
kartei/lass/phone.nix
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
consul = false;
|
||||||
|
nets = {
|
||||||
|
wiregrill = {
|
||||||
|
ip4.addr = "10.244.1.13";
|
||||||
|
ip6.addr = w6 "a";
|
||||||
|
aliases = [
|
||||||
|
"phone.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "FY4PB8E/RC2JvtLgq/IDyMmZ9Ln6pz6eGyoytmUFMgk=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
external = true;
|
||||||
|
ci = false;
|
||||||
|
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
|
||||||
|
}
|
123
kartei/lass/prism.nix
Normal file
123
kartei/lass/prism.nix
Normal file
@ -0,0 +1,123 @@
|
|||||||
|
{ config, krebs, r6, w6, ... }:
|
||||||
|
rec {
|
||||||
|
extraZones = {
|
||||||
|
"krebsco.de" = ''
|
||||||
|
cache 60 IN A ${nets.internet.ip4.addr}
|
||||||
|
p 60 IN A ${nets.internet.ip4.addr}
|
||||||
|
c 60 IN A ${nets.internet.ip4.addr}
|
||||||
|
paste 60 IN A ${nets.internet.ip4.addr}
|
||||||
|
prism 60 IN A ${nets.internet.ip4.addr}
|
||||||
|
social 60 IN A ${nets.internet.ip4.addr}
|
||||||
|
'';
|
||||||
|
"lassul.us" = ''
|
||||||
|
$TTL 3600
|
||||||
|
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
|
||||||
|
60 IN NS ns16.ovh.net.
|
||||||
|
60 IN NS dns16.ovh.net.
|
||||||
|
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
|
||||||
|
IN MX 5 mail.lassul.us.
|
||||||
|
60 IN TXT "v=spf1 mx -all"
|
||||||
|
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
|
||||||
|
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
|
||||||
|
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
io 60 IN NS ions.lassul.us.
|
||||||
|
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
|
||||||
|
flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
ip4 = {
|
||||||
|
addr = "95.216.1.150";
|
||||||
|
prefix = "0.0.0.0/0";
|
||||||
|
};
|
||||||
|
ip6 = {
|
||||||
|
addr = "2a01:4f9:2a:1e9::1";
|
||||||
|
prefix = "2a01:4f9:2a:1e9::/64";
|
||||||
|
};
|
||||||
|
aliases = [
|
||||||
|
"prism.i"
|
||||||
|
"paste.i"
|
||||||
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = internet;
|
||||||
|
ip4.addr = "10.243.0.103";
|
||||||
|
ip6.addr = r6 "1";
|
||||||
|
aliases = [
|
||||||
|
"prism.r"
|
||||||
|
"cache.prism.r"
|
||||||
|
"cgit.prism.r"
|
||||||
|
"bota.r"
|
||||||
|
"flix.r"
|
||||||
|
"paste.r"
|
||||||
|
"c.r"
|
||||||
|
"p.r"
|
||||||
|
"search.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
|
||||||
|
fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo
|
||||||
|
rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z
|
||||||
|
ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB
|
||||||
|
wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio
|
||||||
|
/jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA
|
||||||
|
BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C
|
||||||
|
9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5
|
||||||
|
Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu
|
||||||
|
3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH
|
||||||
|
TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb
|
||||||
|
g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ
|
||||||
|
kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg
|
||||||
|
7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo
|
||||||
|
7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz
|
||||||
|
cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451
|
||||||
|
k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0
|
||||||
|
dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu
|
||||||
|
ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i
|
||||||
|
jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/
|
||||||
|
AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE
|
||||||
|
T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "XbBBPg+dtZM1LRN46VAujVKIC6VSo6nFoHo/1unbggO";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
via = internet;
|
||||||
|
ip4.addr = "10.244.1.103";
|
||||||
|
ip6.addr = w6 "1";
|
||||||
|
aliases = [
|
||||||
|
"prism.w"
|
||||||
|
];
|
||||||
|
wireguard = {
|
||||||
|
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
|
||||||
|
subnets = [
|
||||||
|
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
|
||||||
|
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
|
||||||
|
"10.244.1.0/24"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||||
|
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
|
||||||
|
}
|
40
kartei/lass/radio.nix
Normal file
40
kartei/lass/radio.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.11";
|
||||||
|
ip6.addr = r6 "4d10";
|
||||||
|
aliases = [
|
||||||
|
"radio.r"
|
||||||
|
"radio-news.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAx08urv4sl22+pLchD6W6kprJ1JZBiG9/MVA50PqYAJmvTpYyDUCR
|
||||||
|
Dwgt7pR8n/zbbof98QS5D67J5rZPcrLI6PY2bBzlXFFKHZEj2AVwUjUbyvEvQqtf
|
||||||
|
yJM+AxFy1/CaXmDvYM9UF/Wh6rb/ZeUxFtbaIVfMPox0Zln0THEsOmCWvNzxMvjZ
|
||||||
|
rjouZGzrH+er3yxJVovxD/JT32COmK0R20DLDoofBdtBkFlB/VkrbxYfX/cWXX1K
|
||||||
|
WQVJuQ/H1xP9m4c4S8g/nM63rLUBOIkn06TcXyI/mEgRecEUDgC02PNXc5BDgB4A
|
||||||
|
seXx+BiLC/f6+64KOWODHEEm/iHjCyrOSZtdA2EbPCATfOHrj0EG5Y4V6d1Iw4WP
|
||||||
|
kiOIQByHMbOzRwm91yd/gM1DTxdy3j5nqaMhCzrM/QeOhSf5FXkWpARawUsChwh+
|
||||||
|
eCuSZDg218u/NkzCrTvCPTdY1q+MZ5d5qgID4VQrenjBJq4AZxsw74Zd2G2uRWlF
|
||||||
|
paZ2pSCyAey19A/or2iG10tqNpXJzZy0HNhh7q/gKhQKKTh+ggzgOrRe2ZaxlbEy
|
||||||
|
P45JQKcR9/WJAohnYQ8uZJ6oin5EsEdVkapdYu60aReRGeyTmq3RLnu3Zn5MR5RH
|
||||||
|
1r+W03KQcQzmmpE5YrxKSZL6OriXQYEPTa9/mSZT6TEUIvRT8W5jGQ0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "DmiyfmRsWd8Qg6M/ZsAd5lFM+vnkwRTfnMH/jCFwWFF";
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "4d10";
|
||||||
|
aliases = [
|
||||||
|
"radio.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
iCe1O9qeziw18AlGuFt5tIxm6SIBtNpwO/6OZm9Bn30=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsvyWrMN2lupBmjI8nW+NUSJIDPkr8c90Z4BcuZ7Myi";
|
||||||
|
syncthing.id = "KMDPLE5-7FBYYXH-PF5LEET-G2AWR33-7XAPZJU-5S3VOB7-ZX5Q74V-PZKI6QN";
|
||||||
|
}
|
36
kartei/lass/shodan.nix
Normal file
36
kartei/lass/shodan.nix
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.4";
|
||||||
|
ip6.addr = r6 "50da";
|
||||||
|
aliases = [
|
||||||
|
"shodan.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
|
||||||
|
YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7
|
||||||
|
ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF
|
||||||
|
7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4
|
||||||
|
xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ
|
||||||
|
V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "50da";
|
||||||
|
ip4.addr = "10.244.1.4";
|
||||||
|
aliases = [
|
||||||
|
"shodan.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
|
||||||
|
syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6";
|
||||||
|
}
|
35
kartei/lass/skynet.nix
Normal file
35
kartei/lass/skynet.nix
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.133.116";
|
||||||
|
ip6.addr = r6 "5ce7";
|
||||||
|
aliases = [
|
||||||
|
"skynet.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
|
||||||
|
Ic457utOSGxTE+90yXXez2DD9llJMMyd+O06lHJ7CxtbJGBNr3jwoUZVCdBuuo5B
|
||||||
|
p9XfhXU9l9fUsbc1+a/cDjPBhQv8Uqmc6tOX+52H1aqZsa4W50c9Dv5vjsHgxCB0
|
||||||
|
yiUd2MrKptCQTdmMM9Mf0XWKPPOuwpHpxaomlrpUz07LisFVGGHCflOvj5PAy8Da
|
||||||
|
NC+AfNgR/76yfuYWcv4NPo9acjD9AIftS2c0tD3szyHBCGaYK/atKzIoBbFbOtMb
|
||||||
|
mwG3B0X3UdphkqGDGsvT+66Kcv2jnKwL0wIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "9s7eB16k7eAtHyneffTCmYR7s3mRpJqpVVjSPGaVKKN";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "5ce7";
|
||||||
|
aliases = [
|
||||||
|
"skynet.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "pt9a6nP+YPqxnSskcM9NqRmAmFzbO5bE7wzViFFonnU=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
|
||||||
|
syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
|
||||||
|
}
|
1
kartei/lass/ssh/red.ed25519
Normal file
1
kartei/lass/ssh/red.ed25519
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp
|
43
kartei/lass/styx.nix
Normal file
43
kartei/lass/styx.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.11.1";
|
||||||
|
ip6.addr = r6 "111";
|
||||||
|
aliases = [
|
||||||
|
"styx.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
|
||||||
|
ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU
|
||||||
|
aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE
|
||||||
|
3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi
|
||||||
|
6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq
|
||||||
|
m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn
|
||||||
|
Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt
|
||||||
|
EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/
|
||||||
|
7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao
|
||||||
|
Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2
|
||||||
|
6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF
|
||||||
|
wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "yVT5nQstw+o5P0ZoBK81G7sL6nQEBwg42wyBn6ogZgK";
|
||||||
|
weight = null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "111";
|
||||||
|
aliases = [
|
||||||
|
"styx.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = ''
|
||||||
|
0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs=
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
|
||||||
|
syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
|
||||||
|
}
|
16
kartei/lass/tablet.nix
Normal file
16
kartei/lass/tablet.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
consul = false;
|
||||||
|
nets = {
|
||||||
|
wiregrill = {
|
||||||
|
ip4.addr = "10.244.1.14";
|
||||||
|
ip6.addr = w6 "b";
|
||||||
|
aliases = [
|
||||||
|
"tablet.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
external = true;
|
||||||
|
ci = false;
|
||||||
|
}
|
52
kartei/lass/xerxes.nix
Normal file
52
kartei/lass/xerxes.nix
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
consul = false;
|
||||||
|
nets = rec {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.1.3";
|
||||||
|
ip6.addr = r6 "3";
|
||||||
|
aliases = [
|
||||||
|
"xerxes.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
|
||||||
|
MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
|
||||||
|
gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
|
||||||
|
/EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
|
||||||
|
mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
|
||||||
|
X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
|
||||||
|
+2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
|
||||||
|
hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
|
||||||
|
3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
|
||||||
|
H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
|
||||||
|
JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
|
||||||
|
hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
|
||||||
|
SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
|
||||||
|
4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
|
||||||
|
vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
|
||||||
|
Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
|
||||||
|
scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
|
||||||
|
jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
|
||||||
|
Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
|
||||||
|
/Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
|
||||||
|
bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
|
||||||
|
sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "3";
|
||||||
|
aliases = [
|
||||||
|
"xerxes.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
|
||||||
|
syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
|
||||||
|
}
|
42
kartei/lass/yellow.nix
Normal file
42
kartei/lass/yellow.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ r6, w6, ... }:
|
||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.14";
|
||||||
|
ip6.addr = r6 "3110";
|
||||||
|
aliases = [
|
||||||
|
"yellow.r"
|
||||||
|
"jelly.r"
|
||||||
|
"radar.r"
|
||||||
|
"sonar.r"
|
||||||
|
];
|
||||||
|
tinc = {
|
||||||
|
pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
|
||||||
|
MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY
|
||||||
|
b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU
|
||||||
|
Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd
|
||||||
|
OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP
|
||||||
|
vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6
|
||||||
|
C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp
|
||||||
|
Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU
|
||||||
|
52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg
|
||||||
|
zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p
|
||||||
|
DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ
|
||||||
|
Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
pubkey_ed25519 = "qZBhDSW6ir1/w6lOngg2feCZj9W9AfifEMlKXcOb5QE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
ip6.addr = w6 "3110";
|
||||||
|
aliases = [
|
||||||
|
"yellow.w"
|
||||||
|
];
|
||||||
|
wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
|
||||||
|
}
|
@ -58,21 +58,18 @@ with import ../../lib;
|
|||||||
in {
|
in {
|
||||||
hosts = mapAttrs hostDefaults {
|
hosts = mapAttrs hostDefaults {
|
||||||
cake = rec {
|
cake = rec {
|
||||||
cores = 4;
|
|
||||||
ci = false;
|
ci = false;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.136.236";
|
retiolum.ip4.addr = "10.243.136.236";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
crapi = rec { # raspi1
|
crapi = rec { # raspi1
|
||||||
cores = 1;
|
|
||||||
ci = false;
|
ci = false;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.136.237";
|
retiolum.ip4.addr = "10.243.136.237";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
firecracker = {
|
firecracker = {
|
||||||
cores = 4;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.12.12";
|
retiolum.ip4.addr = "10.243.12.12";
|
||||||
};
|
};
|
||||||
@ -80,28 +77,24 @@ in {
|
|||||||
|
|
||||||
studio = rec {
|
studio = rec {
|
||||||
ci = false;
|
ci = false;
|
||||||
cores = 4;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.227.163";
|
retiolum.ip4.addr = "10.243.227.163";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fileleech = rec {
|
fileleech = rec {
|
||||||
ci = false;
|
ci = false;
|
||||||
cores = 4;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.113.98";
|
retiolum.ip4.addr = "10.243.113.98";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
tsp = {
|
tsp = {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 1;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.0.212";
|
retiolum.ip4.addr = "10.243.0.212";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
x = {
|
x = {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 4;
|
|
||||||
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
|
syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.0.91";
|
retiolum.ip4.addr = "10.243.0.91";
|
||||||
@ -113,7 +106,6 @@ in {
|
|||||||
};
|
};
|
||||||
filepimp = rec {
|
filepimp = rec {
|
||||||
ci = false;
|
ci = false;
|
||||||
cores = 1;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.153.102";
|
retiolum.ip4.addr = "10.243.153.102";
|
||||||
};
|
};
|
||||||
@ -121,7 +113,6 @@ in {
|
|||||||
|
|
||||||
omo = rec {
|
omo = rec {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 2;
|
|
||||||
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
|
syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
@ -139,7 +130,6 @@ in {
|
|||||||
};
|
};
|
||||||
wbob = rec {
|
wbob = rec {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 4;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.214.15";
|
ip4.addr = "10.243.214.15";
|
||||||
@ -165,7 +155,6 @@ in {
|
|||||||
latte.euer IN A ${nets.internet.ip4.addr}
|
latte.euer IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
cores = 4;
|
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "178.254.30.202";
|
ip4.addr = "178.254.30.202";
|
||||||
@ -247,7 +236,6 @@ in {
|
|||||||
music.euer IN A ${nets.internet.ip4.addr}
|
music.euer IN A ${nets.internet.ip4.addr}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
cores = 8;
|
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "142.132.189.140";
|
ip4.addr = "142.132.189.140";
|
||||||
@ -303,7 +291,6 @@ in {
|
|||||||
|
|
||||||
sdev = rec {
|
sdev = rec {
|
||||||
ci = true;
|
ci = true;
|
||||||
cores = 1;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum.ip4.addr = "10.243.83.237";
|
retiolum.ip4.addr = "10.243.83.237";
|
||||||
};
|
};
|
||||||
@ -313,7 +300,6 @@ in {
|
|||||||
# non-stockholm
|
# non-stockholm
|
||||||
|
|
||||||
flap = rec {
|
flap = rec {
|
||||||
cores = 1;
|
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
flap IN A ${nets.internet.ip4.addr}
|
flap IN A ${nets.internet.ip4.addr}
|
||||||
@ -333,7 +319,6 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
nukular = rec {
|
nukular = rec {
|
||||||
cores = 1;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.231.219";
|
ip4.addr = "10.243.231.219";
|
||||||
@ -343,17 +328,14 @@ in {
|
|||||||
|
|
||||||
|
|
||||||
shackdev = rec { # router@shack
|
shackdev = rec { # router@shack
|
||||||
cores = 1;
|
|
||||||
nets.wiregrill.ip4.addr = "10.244.245.2";
|
nets.wiregrill.ip4.addr = "10.244.245.2";
|
||||||
};
|
};
|
||||||
|
|
||||||
rockit = rec { # router@home
|
rockit = rec { # router@home
|
||||||
cores = 1;
|
|
||||||
nets.wiregrill.ip4.addr = "10.244.245.3";
|
nets.wiregrill.ip4.addr = "10.244.245.3";
|
||||||
};
|
};
|
||||||
|
|
||||||
senderechner = rec {
|
senderechner = rec {
|
||||||
cores = 2;
|
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.0.163";
|
ip4.addr = "10.243.0.163";
|
||||||
|
@ -507,8 +507,8 @@ in {
|
|||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
# eva.thalheim.io
|
# eva.thalheim.io
|
||||||
ip4.addr = "131.159.102.4";
|
ip4.addr = "89.58.27.144";
|
||||||
ip6.addr = "2a09:80c0:102::4";
|
ip6.addr = "2a03:4000:62:fdb::";
|
||||||
aliases = [ "eva.i" ];
|
aliases = [ "eva.i" ];
|
||||||
};
|
};
|
||||||
retiolum = {
|
retiolum = {
|
||||||
|
@ -43,7 +43,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
horisa = {
|
horisa = {
|
||||||
cores = 2;
|
|
||||||
owner = config.krebs.users.ulrich; # main laptop
|
owner = config.krebs.users.ulrich; # main laptop
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
@ -57,7 +56,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
hasegateway = {
|
hasegateway = {
|
||||||
cores = 1;
|
|
||||||
owner = config.krebs.users.hase;
|
owner = config.krebs.users.hase;
|
||||||
nets = {
|
nets = {
|
||||||
#internet = {
|
#internet = {
|
||||||
@ -343,7 +341,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
tpsw = {
|
tpsw = {
|
||||||
cores = 2;
|
|
||||||
owner = config.krebs.users.ciko; # main laptop
|
owner = config.krebs.users.ciko; # main laptop
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
|
@ -1,7 +1,17 @@
|
|||||||
with import ../../lib;
|
with import ../../lib;
|
||||||
{ config, ... }: let
|
{ config, ... }: {
|
||||||
|
dns.providers = {
|
||||||
evalHost = hostName: hostConfig: evalSubmodule types.host [
|
"viljetic.de" = "regfish";
|
||||||
|
};
|
||||||
|
hosts =
|
||||||
|
mapAttrs
|
||||||
|
(hostName: hostFile: let
|
||||||
|
hostSource = import hostFile;
|
||||||
|
hostConfig = getAttr (typeOf hostSource) {
|
||||||
|
lambda = hostSource { inherit config lib; };
|
||||||
|
set = hostSource;
|
||||||
|
};
|
||||||
|
in evalSubmodule types.host [
|
||||||
hostConfig
|
hostConfig
|
||||||
{
|
{
|
||||||
name = hostName;
|
name = hostName;
|
||||||
@ -31,340 +41,13 @@ with import ../../lib;
|
|||||||
type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
|
type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
])
|
||||||
|
(mapAttrs'
|
||||||
in {
|
(name: type: {
|
||||||
dns.providers = {
|
name = removeSuffix ".nix" name;
|
||||||
"viljetic.de" = "regfish";
|
value = ./hosts + "/${name}";
|
||||||
};
|
})
|
||||||
hosts = mapAttrs evalHost {
|
(readDir ./hosts));
|
||||||
alnus = {
|
|
||||||
ci = true;
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.21.1";
|
|
||||||
aliases = [
|
|
||||||
"alnus.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAyDGucukxY1xFSkqDaicpiCXZe3NX1Max7N+E9PKXO2yE0EFoGdUP
|
|
||||||
/4hZFO9IbteDwlsTd/RQIhhUWF818TLWzwasUxgmqBFN4d23IIDLHJxgRZ8cPzAs
|
|
||||||
gmBWwnVWRetDETc6HZK6m2rLU6PG53rRLvheZHW/B9nSfUp7n+puehJdGLnBQ8W+
|
|
||||||
q5d/yUmN8hqS6h62yfAZEJSr7Gh/AW6Irmf3gjKRJlRmD2z28hR5tFH+Q/ulxJXQ
|
|
||||||
rNVzusASjRBO9VYOSWnNWI3Zl9vaUtbtEnvyl3PaV9N3gcHzB2HHlyDIotjqXvxU
|
|
||||||
cPLMN0lWOZeDae/9SDT62l/YuETYQo6TxwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "Td6pRkmSzSGVJll26rULdr6W4U87xsHZ/87NEaglW3K";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
|
||||||
};
|
|
||||||
au = {
|
|
||||||
ci = true;
|
|
||||||
cores = 4;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.39";
|
|
||||||
aliases = [
|
|
||||||
"au.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEApD+HJS5gANbZScCMLxgZZgHZUsQUDlyWTLNdANfo0gXQdsYRVE/z
|
|
||||||
9zMG/VE9xwy0OC9JM73YaEymXdmWa3kGXP2jjQnOZyJTFMNFHc8dkl+RBnWv8eZm
|
|
||||||
PzFN84ZjnYXyOpXJFajR8eelzqlFvD+2WKsXAD5xaW5EmCBTMIjB/zSuLBpqnIHb
|
|
||||||
PqQA1XUye69dQRjjcPn1mtYQPS78H8ClJjnhS76owFzyzNZjri1tr2xi2oevnVJG
|
|
||||||
cnYNggZHz3Kg3btJQ3VtDKGLJTzHvvMcn2JfPrePR2+KK0/KbMitpYAS687Ikb83
|
|
||||||
jjB+eZgXq5g81vc1116bA5yqcT2UNdOPWwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "bfDtJbxusBdosE6dMED32Yc6ZeYI3RFyXryQr7heZpO";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au";
|
|
||||||
};
|
|
||||||
bu = {
|
|
||||||
ci = true;
|
|
||||||
cores = 4;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.36";
|
|
||||||
aliases = [
|
|
||||||
"bu.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAxjAvT1sfHPWExhWRoXG+NJbYUmf5q4yfpfBRvb232LC9sLn4Z2wb
|
|
||||||
hxKreR5/j9a/2hRIlCz4IwKftl5vroG9Vy4e7zZIz6QvN4TqED8dUjJ1ubhtj47l
|
|
||||||
jjHW4cHLUWsaqqu6TAuPH26qPSxm9VrD6rZIX9RmQ1bWIaonVB3Q+XnDfPlISw6M
|
|
||||||
gbQXz4tOsOnC+y/6C3VPUo0nqC+PuA/kyRq/ivVutKd0dTSY8LmCDNla6AEVD5dG
|
|
||||||
sIqPWX5h8fjqU7G3oOMvMsBrCkvRRB0F0dQzGo8EXwCDJxa+xOuk5n1GYJ2lqeM/
|
|
||||||
st7KIxmLvO5AE7cUxdLlDj4EzVLSDoAqOwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "/MXEuv96HlrpHBto8KP2S6Ztiahhi3H7AevmbYS+xqE";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa";
|
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Y13PvTn+9VjQbgy2ZmpAEFXyYaroYP/5nK9o7B8cidf01Sh39184mG8KN8VuEzCj7b37KnLH8qUDcsukvkxOVSoVHmXH+/Pgbmsxp4c9sxLQLHBfCazhT0S3Zs+BkR6LNQ8GOCS1qsgy05L6fMXoQgds3Zx/X4ZYjLnYVnJo8k+6aP4pU/rB6GFzGG9UrLDvSvk/PoswpEr7S6uFa4bF8JWD5VPkQTPTNwm1LWH4va+ABcw9KOgL2tsAk/jJlkLD4qgXowqgbwcpfe+QCukJb7uIQjRtOgxSAhHqT1nxjS6gROhGt0ojuwALaZaFPr9YtGlqxPhUzAXWKvvbVcr6kkR17HrtXZeLdFqwrUPlkIDFV6yLbYzQGKPFwxtpoJaH/irv6cgeXnHaa9XQJk+XJ5pE0X9uNljGr3B8LMKymdlvvBiWOOLpYsHg5aVOR+K7HvydLSuaah8hpCLjjVyIYIl/pIDL4F/FUSxcFBB4fgdXB77LXm5UizmI7+dqZaOQSm8qXbLZ8P+13ele2JyV1pmvJbLFlhCksDMOXx9jvSJQ6DOjPd+2vtABWh9XGo2Fiy+ekB9LTzlW+xON4FRZDoTPrPmhg40v+s7lySHx3miwCIJfNfLJpf0dxm3pQYWZPIra1RA9hbgstXBJ3+2VA5JEuVRt0SEygN5Kgk1Y5w== root@bu";
|
|
||||||
};
|
|
||||||
hu = {
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.41";
|
|
||||||
aliases = [
|
|
||||||
"hu.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAwj5T9Rejp8zGVrHjqA+OeMvcVpax4VazssnRPSUznUEOdVEeSJL5
|
|
||||||
8gDBJPtIfxF8iunXr5K7CW036tKvYaGMDwYMOPJZXhFCmU2yUF2g4BcqEhuDdIfO
|
|
||||||
+D2Pfr4lc9xO90SKOgwJ53qhf5yqeU/WQ3dpCF/n8k4SUmdafTsvh00UrxYpHuTU
|
|
||||||
C22BRXIKR4r/sCJUitWQSWNdSQUxh3lu7sUPr+6sZyJov+eu8oBVlPgYOv6u9nZe
|
|
||||||
YhrbCPDKMGPfnQTAtWfHIxNt70Ec5AG6ddQzLeVcM2gP5qi957Fert+C2RNtbz5s
|
|
||||||
Brbw1bqZ3P+CGzvxVJZtirvR2f3HkidGPQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "PV8Dz9ni2cPXyJGiG5oU0XWdJkUPgrMzDuzHj7kpMzO";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rrf9tvuusYlnSZwUiHS4O+AhrpVZ/6n7peSRKojTc root@hu";
|
|
||||||
};
|
|
||||||
mu = {
|
|
||||||
ci = true;
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.20.1";
|
|
||||||
aliases = [
|
|
||||||
"mu.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
|
|
||||||
g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
|
|
||||||
XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
|
|
||||||
o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
|
|
||||||
QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
|
|
||||||
FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "cEf/Kq/2Fo70yoIcVmhIp4it9eA7L3GdkgrVE9AWU6C";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
|
|
||||||
};
|
|
||||||
ni = {
|
|
||||||
extraZones = {
|
|
||||||
"krebsco.de" = ''
|
|
||||||
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
|
||||||
ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
|
||||||
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
|
||||||
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
|
||||||
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
|
||||||
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
|
||||||
search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
|
||||||
search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
|
||||||
krebsco.de. 60 IN MX 5 ni
|
|
||||||
krebsco.de. 60 IN TXT "v=spf1 mx -all"
|
|
||||||
tv 300 IN NS ni
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nets = {
|
|
||||||
internet = {
|
|
||||||
ip4 = rec {
|
|
||||||
addr = "188.68.36.196";
|
|
||||||
prefix = "${addr}/32";
|
|
||||||
};
|
|
||||||
ip6 = rec {
|
|
||||||
addr = "2a03:4000:13:4c::1";
|
|
||||||
prefix = "${addr}/64";
|
|
||||||
};
|
|
||||||
aliases = [
|
|
||||||
"ni.i"
|
|
||||||
"cgit.ni.i"
|
|
||||||
];
|
|
||||||
ssh.port = 11423;
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = config.krebs.hosts.ni.nets.internet;
|
|
||||||
ip4.addr = "10.243.113.223";
|
|
||||||
aliases = [
|
|
||||||
"ni.r"
|
|
||||||
"cgit.ni.r"
|
|
||||||
"krebs.ni.r"
|
|
||||||
"search.ni.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEA7NHuW8eLVhpBfL70WwcSGVmv4dijKLJs5cH/BmqK8zN2lpiLKt12
|
|
||||||
bhaE1YEhGoGma7Kef1Fa0V9xUkJy6C1+sVlfWp/LeY8VRSX5E3u36TEl6kl/4zu6
|
|
||||||
Ea/44BoGUSOC9ImxVEX51czA10PFjUSrGFyK0oaRlKNsTwwpNiBOY7/6i74bhn59
|
|
||||||
OIsySRUBd2QPjYhJkiuc7gltVfwt6wteZh8R4w2rluVGYLQPsmN/XEWgJbhzI4im
|
|
||||||
W+3/bdewHVF1soZWtdocPLeXTn5HETX5g8p2V3bwYL37oIwkCcYxOeQtT7W+lNJ2
|
|
||||||
NvIiVh4Phojl4dBUgUQGT0NApMnsaG/4LJpSC4AGiqbsznBdSPhepob7zJggPnWY
|
|
||||||
nfAs+YrUUZp1wovhSgWfYTRglRuyYvWkoGbq411H1efawyZ0gcMr+HQlSn2keQOv
|
|
||||||
lbcvdgOAxQiEcPVixPq3mTeKaSxWyIJGFceuqtnILGifRNvViX0uo9g5rLQ41PrJ
|
|
||||||
9F3azz3gD2Uh73j5pvLU72cge7p1a7epPYWTJYf8oc5JcI3nYTKpSqH8IYaWUjv9
|
|
||||||
q0NwOYFDhYtUcTwdbUNl/tUWKyBcovIe7f40723pHSijiPV2WDZC2M/mOc3dvWKF
|
|
||||||
Mf00uin+7uMuKtnG6+1z5nKb/AWrqN1RZu0rnG/IkZPKwa19HYsYcOkCAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "nDuK96NlNhcxzlX7G30w/706RxItb+FhkFkz/VhUgCE";
|
|
||||||
};
|
|
||||||
wiregrill = {
|
|
||||||
via = config.krebs.hosts.ni.nets.internet;
|
|
||||||
ip4.addr = "10.244.3.1";
|
|
||||||
wireguard.subnets = [
|
|
||||||
(krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
|
|
||||||
};
|
|
||||||
nomic = {
|
|
||||||
ci = true;
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.0.110";
|
|
||||||
aliases = [
|
|
||||||
"nomic.r"
|
|
||||||
"cgit.nomic.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
|
|
||||||
qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
|
|
||||||
Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
|
|
||||||
5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
|
|
||||||
OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
|
|
||||||
Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "sBevGkYkcNKd39yf/Mp0whnsWIJfTGxSU1lbqN305nP";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
|
|
||||||
};
|
|
||||||
wu = {
|
|
||||||
ci = true;
|
|
||||||
cores = 4;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.37";
|
|
||||||
aliases = [
|
|
||||||
"wu.r"
|
|
||||||
"cgit.wu.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
|
|
||||||
M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
|
|
||||||
GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
|
|
||||||
KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
|
|
||||||
4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
|
|
||||||
AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
|
|
||||||
};
|
|
||||||
querel = {
|
|
||||||
ci = true;
|
|
||||||
cores = 2;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.22.22";
|
|
||||||
aliases = [
|
|
||||||
"querel.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz
|
|
||||||
2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn
|
|
||||||
bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x
|
|
||||||
ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh
|
|
||||||
iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W
|
|
||||||
xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk
|
|
||||||
4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf
|
|
||||||
aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs
|
|
||||||
UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E
|
|
||||||
vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA
|
|
||||||
J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
|
|
||||||
};
|
|
||||||
xu = {
|
|
||||||
binary-cache = {
|
|
||||||
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
|
|
||||||
};
|
|
||||||
ci = true;
|
|
||||||
cores = 4;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.38";
|
|
||||||
aliases = [
|
|
||||||
"xu.r"
|
|
||||||
"cgit.xu.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
|
|
||||||
uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
|
|
||||||
8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
|
|
||||||
mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
|
|
||||||
4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
|
|
||||||
4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "xYgYM9rXS73RFKUHF3ekQWhcWzuBLOPYG2bimhpH2pM";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
|
|
||||||
};
|
|
||||||
zu = {
|
|
||||||
ci = true;
|
|
||||||
cores = 4;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.13.40";
|
|
||||||
aliases = [
|
|
||||||
"zu.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIIBCgKCAQEAti6y+Qkz80oay6H2+ANROWdH4aJS54ST8VhFxRB3WdnlDFG/9t6d
|
|
||||||
idU87uxW5Xmfm6nvpO0OPhG4E3+UI7KtWP71nnducpLV6gfob4f2xNGVG435CJ6u
|
|
||||||
BgorbneUbJEfr4Bb0xd46X2BtLqi5/vUY3M5KMGE2sMdyL2/7oujEI8zQJCse95a
|
|
||||||
OhDZdF2bCDEixCHahNprkQrD8t1lNYoLR2qtDZ5psIh5vgdp0WOOMGvUkCDkNjWj
|
|
||||||
/NKaRXPhUVRDLRFEzMZhtFtSHzaofzrhGFoU1rGZwc/XopqpiFi0D7L++TiNqKAk
|
|
||||||
b9cXwDAI50f8dJagPYtIupjN5bmo+QhXcQIDAQAB
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
secure = true;
|
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
|
|
||||||
};
|
|
||||||
umz = {
|
|
||||||
nets.wiregrill.ip4.addr = "10.244.3.101";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
sitemap = {
|
sitemap = {
|
||||||
"http://cgit.krebsco.de" = {
|
"http://cgit.krebsco.de" = {
|
||||||
desc = "Git repositories";
|
desc = "Git repositories";
|
||||||
|
23
kartei/tv/hosts/alnus.nix
Normal file
23
kartei/tv/hosts/alnus.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.21.1";
|
||||||
|
aliases = [
|
||||||
|
"alnus.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAyDGucukxY1xFSkqDaicpiCXZe3NX1Max7N+E9PKXO2yE0EFoGdUP
|
||||||
|
/4hZFO9IbteDwlsTd/RQIhhUWF818TLWzwasUxgmqBFN4d23IIDLHJxgRZ8cPzAs
|
||||||
|
gmBWwnVWRetDETc6HZK6m2rLU6PG53rRLvheZHW/B9nSfUp7n+puehJdGLnBQ8W+
|
||||||
|
q5d/yUmN8hqS6h62yfAZEJSr7Gh/AW6Irmf3gjKRJlRmD2z28hR5tFH+Q/ulxJXQ
|
||||||
|
rNVzusASjRBO9VYOSWnNWI3Zl9vaUtbtEnvyl3PaV9N3gcHzB2HHlyDIotjqXvxU
|
||||||
|
cPLMN0lWOZeDae/9SDT62l/YuETYQo6TxwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "Td6pRkmSzSGVJll26rULdr6W4U87xsHZ/87NEaglW3K";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
||||||
|
}
|
24
kartei/tv/hosts/au.nix
Normal file
24
kartei/tv/hosts/au.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.39";
|
||||||
|
aliases = [
|
||||||
|
"au.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEApD+HJS5gANbZScCMLxgZZgHZUsQUDlyWTLNdANfo0gXQdsYRVE/z
|
||||||
|
9zMG/VE9xwy0OC9JM73YaEymXdmWa3kGXP2jjQnOZyJTFMNFHc8dkl+RBnWv8eZm
|
||||||
|
PzFN84ZjnYXyOpXJFajR8eelzqlFvD+2WKsXAD5xaW5EmCBTMIjB/zSuLBpqnIHb
|
||||||
|
PqQA1XUye69dQRjjcPn1mtYQPS78H8ClJjnhS76owFzyzNZjri1tr2xi2oevnVJG
|
||||||
|
cnYNggZHz3Kg3btJQ3VtDKGLJTzHvvMcn2JfPrePR2+KK0/KbMitpYAS687Ikb83
|
||||||
|
jjB+eZgXq5g81vc1116bA5yqcT2UNdOPWwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "bfDtJbxusBdosE6dMED32Yc6ZeYI3RFyXryQr7heZpO";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au";
|
||||||
|
}
|
24
kartei/tv/hosts/bu.nix
Normal file
24
kartei/tv/hosts/bu.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.36";
|
||||||
|
aliases = [
|
||||||
|
"bu.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAxjAvT1sfHPWExhWRoXG+NJbYUmf5q4yfpfBRvb232LC9sLn4Z2wb
|
||||||
|
hxKreR5/j9a/2hRIlCz4IwKftl5vroG9Vy4e7zZIz6QvN4TqED8dUjJ1ubhtj47l
|
||||||
|
jjHW4cHLUWsaqqu6TAuPH26qPSxm9VrD6rZIX9RmQ1bWIaonVB3Q+XnDfPlISw6M
|
||||||
|
gbQXz4tOsOnC+y/6C3VPUo0nqC+PuA/kyRq/ivVutKd0dTSY8LmCDNla6AEVD5dG
|
||||||
|
sIqPWX5h8fjqU7G3oOMvMsBrCkvRRB0F0dQzGo8EXwCDJxa+xOuk5n1GYJ2lqeM/
|
||||||
|
st7KIxmLvO5AE7cUxdLlDj4EzVLSDoAqOwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "/MXEuv96HlrpHBto8KP2S6Ztiahhi3H7AevmbYS+xqE";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1Y13PvTn+9VjQbgy2ZmpAEFXyYaroYP/5nK9o7B8cidf01Sh39184mG8KN8VuEzCj7b37KnLH8qUDcsukvkxOVSoVHmXH+/Pgbmsxp4c9sxLQLHBfCazhT0S3Zs+BkR6LNQ8GOCS1qsgy05L6fMXoQgds3Zx/X4ZYjLnYVnJo8k+6aP4pU/rB6GFzGG9UrLDvSvk/PoswpEr7S6uFa4bF8JWD5VPkQTPTNwm1LWH4va+ABcw9KOgL2tsAk/jJlkLD4qgXowqgbwcpfe+QCukJb7uIQjRtOgxSAhHqT1nxjS6gROhGt0ojuwALaZaFPr9YtGlqxPhUzAXWKvvbVcr6kkR17HrtXZeLdFqwrUPlkIDFV6yLbYzQGKPFwxtpoJaH/irv6cgeXnHaa9XQJk+XJ5pE0X9uNljGr3B8LMKymdlvvBiWOOLpYsHg5aVOR+K7HvydLSuaah8hpCLjjVyIYIl/pIDL4F/FUSxcFBB4fgdXB77LXm5UizmI7+dqZaOQSm8qXbLZ8P+13ele2JyV1pmvJbLFlhCksDMOXx9jvSJQ6DOjPd+2vtABWh9XGo2Fiy+ekB9LTzlW+xON4FRZDoTPrPmhg40v+s7lySHx3miwCIJfNfLJpf0dxm3pQYWZPIra1RA9hbgstXBJ3+2VA5JEuVRt0SEygN5Kgk1Y5w== root@bu";
|
||||||
|
}
|
23
kartei/tv/hosts/hu.nix
Normal file
23
kartei/tv/hosts/hu.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.41";
|
||||||
|
aliases = [
|
||||||
|
"hu.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAwj5T9Rejp8zGVrHjqA+OeMvcVpax4VazssnRPSUznUEOdVEeSJL5
|
||||||
|
8gDBJPtIfxF8iunXr5K7CW036tKvYaGMDwYMOPJZXhFCmU2yUF2g4BcqEhuDdIfO
|
||||||
|
+D2Pfr4lc9xO90SKOgwJ53qhf5yqeU/WQ3dpCF/n8k4SUmdafTsvh00UrxYpHuTU
|
||||||
|
C22BRXIKR4r/sCJUitWQSWNdSQUxh3lu7sUPr+6sZyJov+eu8oBVlPgYOv6u9nZe
|
||||||
|
YhrbCPDKMGPfnQTAtWfHIxNt70Ec5AG6ddQzLeVcM2gP5qi957Fert+C2RNtbz5s
|
||||||
|
Brbw1bqZ3P+CGzvxVJZtirvR2f3HkidGPQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "PV8Dz9ni2cPXyJGiG5oU0XWdJkUPgrMzDuzHj7kpMzO";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rrf9tvuusYlnSZwUiHS4O+AhrpVZ/6n7peSRKojTc root@hu";
|
||||||
|
}
|
23
kartei/tv/hosts/mu.nix
Normal file
23
kartei/tv/hosts/mu.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.20.1";
|
||||||
|
aliases = [
|
||||||
|
"mu.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA
|
||||||
|
g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE
|
||||||
|
XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4
|
||||||
|
o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1
|
||||||
|
QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs
|
||||||
|
FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
#tinc.pubkey_ed25519 = "cEf/Kq/2Fo70yoIcVmhIp4it9eA7L3GdkgrVE9AWU6C";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
|
||||||
|
}
|
68
kartei/tv/hosts/ni.nix
Normal file
68
kartei/tv/hosts/ni.nix
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
{ config, lib, ... }: {
|
||||||
|
extraZones = {
|
||||||
|
"krebsco.de" = ''
|
||||||
|
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
|
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
|
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
|
search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
|
search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
|
||||||
|
krebsco.de. 60 IN MX 5 ni
|
||||||
|
krebsco.de. 60 IN TXT "v=spf1 mx -all"
|
||||||
|
tv 300 IN NS ni
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
nets = {
|
||||||
|
internet = {
|
||||||
|
ip4 = rec {
|
||||||
|
addr = "188.68.36.196";
|
||||||
|
prefix = "${addr}/32";
|
||||||
|
};
|
||||||
|
ip6 = rec {
|
||||||
|
addr = "2a03:4000:13:4c::1";
|
||||||
|
prefix = "${addr}/64";
|
||||||
|
};
|
||||||
|
aliases = [
|
||||||
|
"ni.i"
|
||||||
|
"cgit.ni.i"
|
||||||
|
];
|
||||||
|
ssh.port = 11423;
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = config.krebs.hosts.ni.nets.internet;
|
||||||
|
ip4.addr = "10.243.113.223";
|
||||||
|
aliases = [
|
||||||
|
"ni.r"
|
||||||
|
"cgit.ni.r"
|
||||||
|
"krebs.ni.r"
|
||||||
|
"search.ni.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEA7NHuW8eLVhpBfL70WwcSGVmv4dijKLJs5cH/BmqK8zN2lpiLKt12
|
||||||
|
bhaE1YEhGoGma7Kef1Fa0V9xUkJy6C1+sVlfWp/LeY8VRSX5E3u36TEl6kl/4zu6
|
||||||
|
Ea/44BoGUSOC9ImxVEX51czA10PFjUSrGFyK0oaRlKNsTwwpNiBOY7/6i74bhn59
|
||||||
|
OIsySRUBd2QPjYhJkiuc7gltVfwt6wteZh8R4w2rluVGYLQPsmN/XEWgJbhzI4im
|
||||||
|
W+3/bdewHVF1soZWtdocPLeXTn5HETX5g8p2V3bwYL37oIwkCcYxOeQtT7W+lNJ2
|
||||||
|
NvIiVh4Phojl4dBUgUQGT0NApMnsaG/4LJpSC4AGiqbsznBdSPhepob7zJggPnWY
|
||||||
|
nfAs+YrUUZp1wovhSgWfYTRglRuyYvWkoGbq411H1efawyZ0gcMr+HQlSn2keQOv
|
||||||
|
lbcvdgOAxQiEcPVixPq3mTeKaSxWyIJGFceuqtnILGifRNvViX0uo9g5rLQ41PrJ
|
||||||
|
9F3azz3gD2Uh73j5pvLU72cge7p1a7epPYWTJYf8oc5JcI3nYTKpSqH8IYaWUjv9
|
||||||
|
q0NwOYFDhYtUcTwdbUNl/tUWKyBcovIe7f40723pHSijiPV2WDZC2M/mOc3dvWKF
|
||||||
|
Mf00uin+7uMuKtnG6+1z5nKb/AWrqN1RZu0rnG/IkZPKwa19HYsYcOkCAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "nDuK96NlNhcxzlX7G30w/706RxItb+FhkFkz/VhUgCE";
|
||||||
|
};
|
||||||
|
wiregrill = {
|
||||||
|
via = config.krebs.hosts.ni.nets.internet;
|
||||||
|
ip4.addr = "10.244.3.1";
|
||||||
|
wireguard.subnets = [
|
||||||
|
(lib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
|
||||||
|
}
|
25
kartei/tv/hosts/nomic.nix
Normal file
25
kartei/tv/hosts/nomic.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.0.110";
|
||||||
|
aliases = [
|
||||||
|
"nomic.r"
|
||||||
|
"cgit.nomic.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
|
||||||
|
qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
|
||||||
|
Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
|
||||||
|
5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
|
||||||
|
OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
|
||||||
|
Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "sBevGkYkcNKd39yf/Mp0whnsWIJfTGxSU1lbqN305nP";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
|
||||||
|
}
|
27
kartei/tv/hosts/querel.nix
Normal file
27
kartei/tv/hosts/querel.nix
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.22.22";
|
||||||
|
aliases = [
|
||||||
|
"querel.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEArv9eB8acpUhJwRaLY9kGeM7DEPvInVvoduEbec10p4Y2PFx2MjSz
|
||||||
|
2OhyxFRkONC4EMV9oVTKD+NRtpbRGZGLYD8ZPB622SvccgB0XnL6ZZfie1feSgrn
|
||||||
|
bPyVnX8EnEgtx9IQckHyaxWgtyrluJnY2CbLkCYgD+50KFT12rdHyAa3+QoYU65x
|
||||||
|
ACQo28i9xIpsl6dm7iWBb+ecHc7fST35OqWywtVxSpHPe1nvwaYm1p3rqqtkCGVh
|
||||||
|
iXE5ruAscri7Dskc5dGR1p7LquhBaebuylH6sfRKA6kre05+/IkXi+JLeAmAtJ+W
|
||||||
|
xezYlecEvxhguql9ZmSYAYkR4KknZb56KtvCnm29o0evvEpsaYcbtgq1D0JhoGyk
|
||||||
|
4DixS5e+5dg470icVKxPfz1AzejxrTUTtMlI28qjAIx1FcmCBGM+T6yHs/MhNGbf
|
||||||
|
aqUmN+FwtsJ2QWFYqu9zjxxyAfrAw+gqHm0LnsKK1ttwF/2fYCTRLowY+ItB3axs
|
||||||
|
UVq7DQxyunyYalKGX2RSJ5BHczREHrfgX43HCSlcAuMuow9jHLOjzul0A49rSZ9E
|
||||||
|
vOPqbjrki0KEEQj0HN3Ax4UVqZ6mPWaTQzuup+bPQ/2Sjkx6COzMSAPmKo4l6DkA
|
||||||
|
J++ZonpnOCUkwCeCU6qJgMuHeXn0uh117Ypj/3J9eKYMO/RTSs3x8l0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
|
||||||
|
}
|
3
kartei/tv/hosts/umz.nix
Normal file
3
kartei/tv/hosts/umz.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
nets.wiregrill.ip4.addr = "10.244.3.101";
|
||||||
|
}
|
25
kartei/tv/hosts/wu.nix
Normal file
25
kartei/tv/hosts/wu.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.37";
|
||||||
|
aliases = [
|
||||||
|
"wu.r"
|
||||||
|
"cgit.wu.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
|
||||||
|
M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
|
||||||
|
GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
|
||||||
|
KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
|
||||||
|
4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
|
||||||
|
AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "urVOEGxTkBedkpszPH0XRCRMk+Fc2U9IneYMFDqGoIB";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
|
||||||
|
}
|
28
kartei/tv/hosts/xu.nix
Normal file
28
kartei/tv/hosts/xu.nix
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{
|
||||||
|
binary-cache = {
|
||||||
|
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
|
||||||
|
};
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.38";
|
||||||
|
aliases = [
|
||||||
|
"xu.r"
|
||||||
|
"cgit.xu.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
|
||||||
|
uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
|
||||||
|
8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
|
||||||
|
mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
|
||||||
|
4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
|
||||||
|
4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "xYgYM9rXS73RFKUHF3ekQWhcWzuBLOPYG2bimhpH2pM";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
|
||||||
|
}
|
23
kartei/tv/hosts/zu.nix
Normal file
23
kartei/tv/hosts/zu.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{
|
||||||
|
ci = true;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.13.40";
|
||||||
|
aliases = [
|
||||||
|
"zu.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAti6y+Qkz80oay6H2+ANROWdH4aJS54ST8VhFxRB3WdnlDFG/9t6d
|
||||||
|
idU87uxW5Xmfm6nvpO0OPhG4E3+UI7KtWP71nnducpLV6gfob4f2xNGVG435CJ6u
|
||||||
|
BgorbneUbJEfr4Bb0xd46X2BtLqi5/vUY3M5KMGE2sMdyL2/7oujEI8zQJCse95a
|
||||||
|
OhDZdF2bCDEixCHahNprkQrD8t1lNYoLR2qtDZ5psIh5vgdp0WOOMGvUkCDkNjWj
|
||||||
|
/NKaRXPhUVRDLRFEzMZhtFtSHzaofzrhGFoU1rGZwc/XopqpiFi0D7L++TiNqKAk
|
||||||
|
b9cXwDAI50f8dJagPYtIupjN5bmo+QhXcQIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secure = true;
|
||||||
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
|
||||||
|
}
|
@ -8,7 +8,6 @@
|
|||||||
];
|
];
|
||||||
|
|
||||||
krebs.hosts.minimal = {
|
krebs.hosts.minimal = {
|
||||||
cores = 1;
|
|
||||||
secure = false;
|
secure = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -53,6 +53,7 @@ with import <stockholm/lib>;
|
|||||||
config.krebs.users.lass-mors.pubkey
|
config.krebs.users.lass-mors.pubkey
|
||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
config.krebs.users.tv.pubkey
|
config.krebs.users.tv.pubkey
|
||||||
|
config.krebs.users.kmein.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
# The NixOS release to be compatible with for stateful data such as databases.
|
# The NixOS release to be compatible with for stateful data such as databases.
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
services.ergochat = {
|
services.ergochat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
server.name = "irc.r";
|
||||||
server.secure-nets = [
|
server.secure-nets = [
|
||||||
"42::0/16"
|
"42::0/16"
|
||||||
"10.240.0.0/12"
|
"10.240.0.0/12"
|
||||||
|
@ -146,7 +146,7 @@ let
|
|||||||
command = 1;
|
command = 1;
|
||||||
arguments = [2];
|
arguments = [2];
|
||||||
env.TASKDATA = "${stateDir}/${name}";
|
env.TASKDATA = "${stateDir}/${name}";
|
||||||
commands = {
|
commands = rec {
|
||||||
add.filename = pkgs.writeDash "${name}-task-add" ''
|
add.filename = pkgs.writeDash "${name}-task-add" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
|
||||||
'';
|
'';
|
||||||
@ -159,6 +159,7 @@ let
|
|||||||
delete.filename = pkgs.writeDash "${name}-task-delete" ''
|
delete.filename = pkgs.writeDash "${name}-task-delete" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
|
||||||
'';
|
'';
|
||||||
|
del = delete;
|
||||||
done.filename = pkgs.writeDash "${name}-task-done" ''
|
done.filename = pkgs.writeDash "${name}-task-done" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
|
||||||
'';
|
'';
|
||||||
|
@ -7,6 +7,7 @@ let
|
|||||||
out = {
|
out = {
|
||||||
imports = [
|
imports = [
|
||||||
../../kartei
|
../../kartei
|
||||||
|
../../submodules/disko/module.nix
|
||||||
./acl.nix
|
./acl.nix
|
||||||
./airdcpp.nix
|
./airdcpp.nix
|
||||||
./announce-activation.nix
|
./announce-activation.nix
|
||||||
|
@ -108,7 +108,7 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
imp = {
|
imp = {
|
||||||
krebs.systemd.services.exim = {};
|
krebs.systemd.services.exim.restartIfCredentialsChange = true;
|
||||||
systemd.services.exim.serviceConfig.LoadCredential =
|
systemd.services.exim.serviceConfig.LoadCredential =
|
||||||
map (dkim: "${dkim.domain}.dkim_private_key:${dkim.private_key}") cfg.dkim;
|
map (dkim: "${dkim.domain}.dkim_private_key:${dkim.private_key}") cfg.dkim;
|
||||||
krebs.exim = {
|
krebs.exim = {
|
||||||
|
@ -43,10 +43,6 @@ let
|
|||||||
target = mkOption {
|
target = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
};
|
};
|
||||||
precedence = mkOption {
|
|
||||||
type = int;
|
|
||||||
default = 0;
|
|
||||||
};
|
|
||||||
v4 = mkOption {
|
v4 = mkOption {
|
||||||
type = bool;
|
type = bool;
|
||||||
default = true;
|
default = true;
|
||||||
@ -145,13 +141,11 @@ let
|
|||||||
buildChain = tn: cn:
|
buildChain = tn: cn:
|
||||||
let
|
let
|
||||||
filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
|
filteredRules = filter (r: r."${v}") ts."${tn}"."${cn}".rules;
|
||||||
sortedRules = sort (a: b: a.precedence > b.precedence) filteredRules;
|
|
||||||
|
|
||||||
in
|
in
|
||||||
#TODO: double check should be unneccessary, refactor!
|
#TODO: double check should be unneccessary, refactor!
|
||||||
if ts.${tn}.${cn}.rules or null != null then
|
if ts.${tn}.${cn}.rules or null != null then
|
||||||
concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
|
concatMapStringsSep "\n" (rule: "\n-A ${cn} ${rule}") ([]
|
||||||
++ map (buildRule tn cn) sortedRules
|
++ map (buildRule tn cn) filteredRules
|
||||||
)
|
)
|
||||||
else
|
else
|
||||||
""
|
""
|
||||||
|
@ -159,7 +159,9 @@ let
|
|||||||
) cfg.repos;
|
) cfg.repos;
|
||||||
|
|
||||||
krebs.systemd.services = mapAttrs' (name: _:
|
krebs.systemd.services = mapAttrs' (name: _:
|
||||||
nameValuePair "repo-sync-${name}" {}
|
nameValuePair "repo-sync-${name}" {
|
||||||
|
restartIfCredentialsChange = true;
|
||||||
|
}
|
||||||
) cfg.repos;
|
) cfg.repos;
|
||||||
|
|
||||||
systemd.services = mapAttrs' (name: repo:
|
systemd.services = mapAttrs' (name: repo:
|
||||||
|
@ -3,14 +3,28 @@
|
|||||||
|
|
||||||
body.options.krebs.systemd.services = lib.mkOption {
|
body.options.krebs.systemd.services = lib.mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = lib.types.attrsOf (lib.types.submodule {
|
type = lib.types.attrsOf (lib.types.submodule (cfg_: let
|
||||||
|
serviceName = cfg_.config._module.args.name;
|
||||||
|
cfg = config.systemd.services.${serviceName} // cfg_.config;
|
||||||
|
in {
|
||||||
options = {
|
options = {
|
||||||
|
credentialPaths = lib.mkOption {
|
||||||
|
default =
|
||||||
|
lib.sort
|
||||||
|
lib.lessThan
|
||||||
|
(lib.filter
|
||||||
|
lib.types.absolute-pathname.check
|
||||||
|
(map
|
||||||
|
(lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
|
||||||
|
(lib.toList cfg.serviceConfig.LoadCredential)));
|
||||||
|
readOnly = true;
|
||||||
|
};
|
||||||
|
credentialUnitName = lib.mkOption {
|
||||||
|
default = "trigger-${lib.systemd.encodeName serviceName}";
|
||||||
|
readOnly = true;
|
||||||
|
};
|
||||||
restartIfCredentialsChange = lib.mkOption {
|
restartIfCredentialsChange = lib.mkOption {
|
||||||
# Enabling this by default only makes sense here as the user already
|
default = false;
|
||||||
# bothered to write down krebs.systemd.services.* = {}. If this
|
|
||||||
# functionality gets upstreamed to systemd.services, restarting
|
|
||||||
# should be disabled by default.
|
|
||||||
default = true;
|
|
||||||
description = ''
|
description = ''
|
||||||
Whether to restart the service whenever any of its credentials
|
Whether to restart the service whenever any of its credentials
|
||||||
change. Only credentials with an absolute path in LoadCredential=
|
change. Only credentials with an absolute path in LoadCredential=
|
||||||
@ -19,30 +33,40 @@
|
|||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
}));
|
||||||
};
|
};
|
||||||
|
|
||||||
body.config = {
|
body.config.systemd = lib.mkMerge (lib.mapAttrsToList (serviceName: cfg: {
|
||||||
systemd.paths = lib.mapAttrs' (serviceName: _:
|
paths.${cfg.credentialUnitName} = {
|
||||||
lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
pathConfig.PathChanged =
|
pathConfig.PathChanged = cfg.credentialPaths;
|
||||||
lib.filter
|
};
|
||||||
lib.types.absolute-pathname.check
|
services.${cfg.credentialUnitName} = {
|
||||||
(map
|
|
||||||
(lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
|
|
||||||
(lib.toList
|
|
||||||
config.systemd.services.${serviceName}.serviceConfig.LoadCredential));
|
|
||||||
}
|
|
||||||
) config.krebs.systemd.services;
|
|
||||||
|
|
||||||
systemd.services = lib.mapAttrs' (serviceName: cfg:
|
|
||||||
lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
ExecStart = "${pkgs.systemd}/bin/systemctl restart ${lib.shell.escape serviceName}";
|
StateDirectory = "credentials";
|
||||||
|
ExecStart = pkgs.writeDash "${cfg.credentialUnitName}.sh" ''
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
PATH=${lib.makeBinPath [
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.diffutils
|
||||||
|
pkgs.systemd
|
||||||
|
]}
|
||||||
|
|
||||||
|
cache=/var/lib/credentials/${lib.shell.escape serviceName}.sha1sum
|
||||||
|
tmpfile=$(mktemp -t "$(basename "$cache")".XXXXXXXX)
|
||||||
|
trap 'rm -f "$tmpfile"' EXIT
|
||||||
|
|
||||||
|
sha1sum ${toString cfg.credentialPaths} > "$tmpfile"
|
||||||
|
if test -f "$cache" && cmp -s "$tmpfile" "$cache"; then
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
mv "$tmpfile" "$cache"
|
||||||
|
|
||||||
|
systemctl restart ${lib.shell.escape serviceName}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
|
||||||
) config.krebs.systemd.services;
|
|
||||||
};
|
};
|
||||||
|
}) config.krebs.systemd.services);
|
||||||
}
|
}
|
||||||
|
@ -232,6 +232,7 @@ with import <stockholm/lib>;
|
|||||||
) config.krebs.tinc;
|
) config.krebs.tinc;
|
||||||
|
|
||||||
krebs.systemd.services = mapAttrs (netname: cfg: {
|
krebs.systemd.services = mapAttrs (netname: cfg: {
|
||||||
|
restartIfCredentialsChange = true;
|
||||||
}) config.krebs.tinc;
|
}) config.krebs.tinc;
|
||||||
|
|
||||||
systemd.services = mapAttrs (netname: cfg: {
|
systemd.services = mapAttrs (netname: cfg: {
|
||||||
|
@ -23,7 +23,6 @@ pkgs.writers.writeDashBin "generate-secrets" ''
|
|||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
$HOSTNAME = {
|
$HOSTNAME = {
|
||||||
cores = 1;
|
|
||||||
owner = config.krebs.users.krebs;
|
owner = config.krebs.users.krebs;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
|
24
krebs/5pkgs/simple/git-assembler.nix
Normal file
24
krebs/5pkgs/simple/git-assembler.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{ pkgs, stdenv }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "git-assembler";
|
||||||
|
version = "1.3";
|
||||||
|
|
||||||
|
src = pkgs.fetchFromGitLab {
|
||||||
|
owner = "wavexx";
|
||||||
|
repo = "git-assembler";
|
||||||
|
rev = "v${version}";
|
||||||
|
hash = "sha256-A+ygt6Fxiu6EkVoQU5L1rhxu2e1HU0nbqJFzLzXzHBo=";
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
pkgs.python3
|
||||||
|
];
|
||||||
|
|
||||||
|
buildPhase = ":";
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp git-assembler $out/bin
|
||||||
|
'';
|
||||||
|
}
|
@ -16,7 +16,7 @@
|
|||||||
<stockholm/lass/2configs/steam.nix>
|
<stockholm/lass/2configs/steam.nix>
|
||||||
<stockholm/lass/2configs/wine.nix>
|
<stockholm/lass/2configs/wine.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
<stockholm/lass/2configs/prism-mounts/samba.nix>
|
<stockholm/lass/2configs/yellow-mounts/samba.nix>
|
||||||
<stockholm/lass/2configs/pass.nix>
|
<stockholm/lass/2configs/pass.nix>
|
||||||
<stockholm/lass/2configs/mail.nix>
|
<stockholm/lass/2configs/mail.nix>
|
||||||
<stockholm/lass/2configs/bitcoin.nix>
|
<stockholm/lass/2configs/bitcoin.nix>
|
||||||
|
@ -57,7 +57,7 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
|
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||||
{ predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
|
{ predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
# workaround for ssh access from yubikey via android
|
# workaround for ssh access from yubikey via android
|
||||||
|
@ -41,6 +41,7 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/lass/2configs/ppp/umts-stick.nix>
|
<stockholm/lass/2configs/ppp/umts-stick.nix>
|
||||||
# <stockholm/lass/2configs/remote-builder/morpheus.nix>
|
# <stockholm/lass/2configs/remote-builder/morpheus.nix>
|
||||||
# <stockholm/lass/2configs/remote-builder/prism.nix>
|
# <stockholm/lass/2configs/remote-builder/prism.nix>
|
||||||
|
<stockholm/lass/2configs/autotether.nix>
|
||||||
{
|
{
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
#risk of rain
|
#risk of rain
|
||||||
|
18
lass/1systems/neoprism/config.nix
Normal file
18
lass/1systems/neoprism/config.nix
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
|
||||||
|
# sync-containers
|
||||||
|
<stockholm/lass/2configs/consul.nix>
|
||||||
|
<stockholm/lass/2configs/yellow-host.nix>
|
||||||
|
<stockholm/lass/2configs/radio/container-host.nix>
|
||||||
|
|
||||||
|
# other containers
|
||||||
|
<stockholm/lass/2configs/riot.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.neoprism;
|
||||||
|
}
|
116
lass/1systems/neoprism/disk.nix
Normal file
116
lass/1systems/neoprism/disk.nix
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
{ lib, ... }:
|
||||||
|
{
|
||||||
|
disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: {
|
||||||
|
type = "disk";
|
||||||
|
device = disk;
|
||||||
|
content = {
|
||||||
|
type = "table";
|
||||||
|
format = "gpt";
|
||||||
|
partitions = [
|
||||||
|
{
|
||||||
|
name = "boot";
|
||||||
|
type = "partition";
|
||||||
|
start = "0";
|
||||||
|
end = "1M";
|
||||||
|
part-type = "primary";
|
||||||
|
flags = ["bios_grub"];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
type = "partition";
|
||||||
|
name = "ESP";
|
||||||
|
start = "1M";
|
||||||
|
end = "1GiB";
|
||||||
|
fs-type = "fat32";
|
||||||
|
bootable = true;
|
||||||
|
content = {
|
||||||
|
type = "mdraid";
|
||||||
|
name = "boot";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
type = "partition";
|
||||||
|
name = "zfs";
|
||||||
|
start = "1GiB";
|
||||||
|
end = "100%";
|
||||||
|
content = {
|
||||||
|
type = "zfs";
|
||||||
|
pool = "zroot";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
})) // {
|
||||||
|
hdd1 = {
|
||||||
|
type = "disk";
|
||||||
|
device = "/dev/sda";
|
||||||
|
content = {
|
||||||
|
type = "zfs";
|
||||||
|
pool = "tank";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mdadm = {
|
||||||
|
boot = {
|
||||||
|
type = "mdadm";
|
||||||
|
level = 1;
|
||||||
|
metadata = "1.0";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
zpool = {
|
||||||
|
zroot = {
|
||||||
|
type = "zpool";
|
||||||
|
mode = "mirror";
|
||||||
|
mountpoint = "/";
|
||||||
|
rootFsOptions = {
|
||||||
|
};
|
||||||
|
datasets.reserved = {
|
||||||
|
zfs_type = "filesystem";
|
||||||
|
options.refreservation = "1G";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
tank = {
|
||||||
|
type = "zpool";
|
||||||
|
datasets = {
|
||||||
|
reserved = {
|
||||||
|
zfs_type = "filesystem";
|
||||||
|
options.refreservation = "1G";
|
||||||
|
};
|
||||||
|
containers = {
|
||||||
|
zfs_type = "filesystem";
|
||||||
|
mountpoint = "/var/lib/containers";
|
||||||
|
};
|
||||||
|
home = {
|
||||||
|
zfs_type = "filesystem";
|
||||||
|
mountpoint = "/home";
|
||||||
|
};
|
||||||
|
srv = {
|
||||||
|
zfs_type = "filesystem";
|
||||||
|
mountpoint = "/srv";
|
||||||
|
};
|
||||||
|
libvirt = {
|
||||||
|
zfs_type = "filesystem";
|
||||||
|
mountpoint = "/var/lib/libvirt";
|
||||||
|
};
|
||||||
|
# encrypted = {
|
||||||
|
# zfs_type = "filesystem";
|
||||||
|
# options = {
|
||||||
|
# mountpoint = "none";
|
||||||
|
# encryption = "aes-256-gcm";
|
||||||
|
# keyformat = "passphrase";
|
||||||
|
# keylocation = "prompt";
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
# "encrypted/download" = {
|
||||||
|
# zfs_type = "filesystem";
|
||||||
|
# mountpoint = "/var/download";
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
42
lass/1systems/neoprism/physical.nix
Normal file
42
lass/1systems/neoprism/physical.nix
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
disko.devices = import ./disk.nix;
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.efiSupport = true;
|
||||||
|
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
# networking config
|
||||||
|
boot.kernelParams = [ "net.ifnames=0" ];
|
||||||
|
networking.bridges."ext-br".interfaces = [ "eth0" ];
|
||||||
|
networking = {
|
||||||
|
hostId = "2283aaae";
|
||||||
|
defaultGateway = "95.217.192.1";
|
||||||
|
defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
|
||||||
|
# Use google's public DNS server
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
interfaces.ext-br.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "95.217.192.59";
|
||||||
|
prefixLength = 26;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
interfaces.ext-br.ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a01:4f9:4a:4f1a::1";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
@ -33,9 +33,9 @@ with import <stockholm/lib>;
|
|||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
|
||||||
{ v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
@ -97,9 +97,35 @@ with import <stockholm/lib>;
|
|||||||
localAddress = "10.233.2.2";
|
localAddress = "10.233.2.2";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts."radio.lassul.us" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
# recommendedProxySettings = true;
|
||||||
|
proxyWebsockets = true;
|
||||||
|
proxyPass = "http://radio.r";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host radio.r;
|
||||||
|
# get source ip for weather reports
|
||||||
|
proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.htgen.radio-redirect = {
|
||||||
|
port = 8000;
|
||||||
|
scriptFile = pkgs.writers.writeDash "redir" ''
|
||||||
|
printf 'HTTP/1.1 301 Moved Permanently\r\n'
|
||||||
|
printf "Location: http://radio.lassul.us''${Request_URI}\r\n"
|
||||||
|
printf '\r\n'
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
||||||
<stockholm/lass/2configs/exim-smarthost.nix>
|
<stockholm/lass/2configs/exim-smarthost.nix>
|
||||||
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
<stockholm/lass/2configs/privoxy-retiolum.nix>
|
||||||
<stockholm/lass/2configs/radio>
|
|
||||||
<stockholm/lass/2configs/binary-cache/server.nix>
|
<stockholm/lass/2configs/binary-cache/server.nix>
|
||||||
<stockholm/lass/2configs/iodined.nix>
|
<stockholm/lass/2configs/iodined.nix>
|
||||||
<stockholm/lass/2configs/paste.nix>
|
<stockholm/lass/2configs/paste.nix>
|
||||||
@ -227,13 +253,13 @@ with import <stockholm/lib>;
|
|||||||
imports = [
|
imports = [
|
||||||
<stockholm/lass/2configs/wiregrill.nix>
|
<stockholm/lass/2configs/wiregrill.nix>
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = mkOrder 999 [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||||
{ v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
|
{ v4 = false; predicate = "-s 42:1::/32"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
|
||||||
{ precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
|
{ predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
|
||||||
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
{ v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
|
{ v4 = false; predicate = "-s 42:1::/32 ! -d 42:1::/48"; target = "MASQUERADE"; }
|
||||||
@ -252,7 +278,7 @@ with import <stockholm/lib>;
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
<stockholm/lass/2configs/murmur.nix>
|
<stockholm/lass/2configs/murmur.nix>
|
||||||
|
24
lass/1systems/radio/config.nix
Normal file
24
lass/1systems/radio/config.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
|
||||||
|
<stockholm/lass/2configs/syncthing.nix>
|
||||||
|
<stockholm/lass/2configs/radio>
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.radio;
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "acme@lassul.us";
|
||||||
|
};
|
||||||
|
|
||||||
|
lass.sync-containers3.inContainer = {
|
||||||
|
enable = true;
|
||||||
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt";
|
||||||
|
};
|
||||||
|
}
|
7
lass/1systems/radio/physical.nix
Normal file
7
lass/1systems/radio/physical.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
];
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = true;
|
||||||
|
}
|
@ -16,7 +16,7 @@
|
|||||||
<stockholm/lass/2configs/blue-host.nix>
|
<stockholm/lass/2configs/blue-host.nix>
|
||||||
<stockholm/lass/2configs/green-host.nix>
|
<stockholm/lass/2configs/green-host.nix>
|
||||||
<stockholm/krebs/2configs/news-host.nix>
|
<stockholm/krebs/2configs/news-host.nix>
|
||||||
<stockholm/lass/2configs/prism-mounts/samba.nix>
|
<stockholm/lass/2configs/yellow-mounts/samba.nix>
|
||||||
<stockholm/lass/2configs/fetchWallpaper.nix>
|
<stockholm/lass/2configs/fetchWallpaper.nix>
|
||||||
<stockholm/lass/2configs/consul.nix>
|
<stockholm/lass/2configs/consul.nix>
|
||||||
<stockholm/lass/2configs/red-host.nix>
|
<stockholm/lass/2configs/red-host.nix>
|
||||||
|
@ -9,20 +9,23 @@ in {
|
|||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.yellow;
|
krebs.build.host = config.krebs.hosts.yellow;
|
||||||
|
|
||||||
|
lass.sync-containers3.inContainer = {
|
||||||
|
enable = true;
|
||||||
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
|
||||||
|
};
|
||||||
|
|
||||||
users.groups.download.members = [ "transmission" ];
|
users.groups.download.members = [ "transmission" ];
|
||||||
|
|
||||||
networking.useHostResolvConf = false;
|
networking.useHostResolvConf = false;
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
|
|
||||||
systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
|
|
||||||
services.transmission = {
|
services.transmission = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
home = "/var/state/transmission";
|
||||||
group = "download";
|
group = "download";
|
||||||
downloadDirPermissions = "775";
|
downloadDirPermissions = "775";
|
||||||
settings = {
|
settings = {
|
||||||
download-dir = "/var/download/finished";
|
download-dir = "/var/download/transmission";
|
||||||
incomplete-dir = "/var/download/incoming";
|
incomplete-dir-enabled = false;
|
||||||
incomplete-dir-enable = true;
|
|
||||||
rpc-bind-address = "::";
|
rpc-bind-address = "::";
|
||||||
message-level = 1;
|
message-level = 1;
|
||||||
umask = 18;
|
umask = 18;
|
||||||
@ -31,6 +34,12 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme.defaults.email = "spam@krebsco.de";
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
|
||||||
|
security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
|
||||||
|
security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
|
||||||
|
security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nginx.override {
|
package = pkgs.nginx.override {
|
||||||
@ -38,13 +47,12 @@ in {
|
|||||||
fancyindex
|
fancyindex
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
virtualHosts.default = {
|
virtualHosts."yellow.r" = {
|
||||||
default = true;
|
default = true;
|
||||||
locations."/dl".extraConfig = ''
|
enableACME = true;
|
||||||
return 301 /;
|
addSSL = true;
|
||||||
'';
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
root = "/var/download/finished";
|
root = "/var/download";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
fancyindex on;
|
fancyindex on;
|
||||||
fancyindex_footer "/fancy.html";
|
fancyindex_footer "/fancy.html";
|
||||||
@ -136,9 +144,87 @@ in {
|
|||||||
''};
|
''};
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
virtualHosts."jelly.r" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://localhost:8096/;
|
||||||
|
proxy_set_header Accept-Encoding "";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
virtualHosts."radar.r" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyWebsockets = true;
|
||||||
|
proxyPass = "http://localhost:7878";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualHosts."sonar.r" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyWebsockets = true;
|
||||||
|
proxyPass = "http://localhost:8989";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.bruellwuerfel = {
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
enableNmbd = false;
|
||||||
|
extraConfig = ''
|
||||||
|
workgroup = WORKGROUP
|
||||||
|
server string = ${config.networking.hostName}
|
||||||
|
# only allow retiolum addresses
|
||||||
|
hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16
|
||||||
|
|
||||||
|
# Use sendfile() for performance gain
|
||||||
|
use sendfile = true
|
||||||
|
|
||||||
|
# No NetBIOS is needed
|
||||||
|
disable netbios = true
|
||||||
|
|
||||||
|
# Only mangle non-valid NTFS names, don't care about DOS support
|
||||||
|
mangled names = illegal
|
||||||
|
|
||||||
|
# Performance optimizations
|
||||||
|
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
|
||||||
|
|
||||||
|
# Disable all printing
|
||||||
|
load printers = false
|
||||||
|
disable spoolss = true
|
||||||
|
printcap name = /dev/null
|
||||||
|
|
||||||
|
map to guest = Bad User
|
||||||
|
max log size = 50
|
||||||
|
dns proxy = no
|
||||||
|
security = user
|
||||||
|
|
||||||
|
[global]
|
||||||
|
syslog only = yes
|
||||||
|
'';
|
||||||
|
shares.public = {
|
||||||
|
comment = "Warez";
|
||||||
|
path = "/var/download";
|
||||||
|
public = "yes";
|
||||||
|
"only guest" = "yes";
|
||||||
|
"create mask" = "0644";
|
||||||
|
"directory mask" = "2777";
|
||||||
|
writable = "no";
|
||||||
|
printable = "no";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.bruellwuerfel =
|
||||||
|
let
|
||||||
|
bruellwuerfelSrc = pkgs.fetchFromGitHub {
|
||||||
|
owner = "krebs";
|
||||||
|
repo = "bruellwuerfel";
|
||||||
|
rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015";
|
||||||
|
sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd";
|
||||||
|
};
|
||||||
|
in {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
environment = {
|
environment = {
|
||||||
IRC_CHANNEL = "#flix";
|
IRC_CHANNEL = "#flix";
|
||||||
@ -147,7 +233,7 @@ in {
|
|||||||
IRC_HISTORY_FILE = "/tmp/bruelli.history";
|
IRC_HISTORY_FILE = "/tmp/bruelli.history";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.bruellwuerfel}/bin/bruellwuerfel";
|
ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -155,15 +241,36 @@ in {
|
|||||||
enable = true;
|
enable = true;
|
||||||
tables.filter.INPUT.rules = [
|
tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
|
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
|
||||||
|
{ predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
|
||||||
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
|
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
|
||||||
{ predicate = "-p tcp --dport 9092"; target = "ACCEPT"; } # magnetico webinterface
|
|
||||||
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
|
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
|
||||||
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
|
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
|
||||||
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
|
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
|
||||||
|
{ predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr
|
||||||
|
{ predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr
|
||||||
|
{ predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr
|
||||||
|
{ predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr
|
||||||
|
|
||||||
|
# smbd
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
tables.filter.OUTPUT = {
|
tables.filter.OUTPUT = {
|
||||||
policy = "DROP";
|
policy = "DROP";
|
||||||
rules = [
|
rules = [
|
||||||
|
{ predicate = "-o lo"; target = "ACCEPT"; }
|
||||||
{ v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; }
|
||||||
{ predicate = "-o tun0"; target = "ACCEPT"; }
|
{ predicate = "-o tun0"; target = "ACCEPT"; }
|
||||||
{ predicate = "-o retiolum"; target = "ACCEPT"; }
|
{ predicate = "-o retiolum"; target = "ACCEPT"; }
|
||||||
@ -271,7 +378,7 @@ in {
|
|||||||
ExecStart = pkgs.writers.writeDash "flix-index" ''
|
ExecStart = pkgs.writers.writeDash "flix-index" ''
|
||||||
set -efu
|
set -efu
|
||||||
|
|
||||||
DIR=/var/download/finished
|
DIR=/var/download
|
||||||
cd "$DIR"
|
cd "$DIR"
|
||||||
while inotifywait -rq -e create -e move -e delete "$DIR"; do
|
while inotifywait -rq -e create -e move -e delete "$DIR"; do
|
||||||
find . -type f > "$DIR"/index.tmp
|
find . -type f > "$DIR"/index.tmp
|
||||||
@ -286,9 +393,22 @@ in {
|
|||||||
group = "download";
|
group = "download";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.magnetico = {
|
services.radarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
web.address = "0.0.0.0";
|
group = "download";
|
||||||
web.port = 9092;
|
};
|
||||||
|
|
||||||
|
services.sonarr = {
|
||||||
|
enable = true;
|
||||||
|
group = "download";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.prowlarr = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.bazarr = {
|
||||||
|
enable = true;
|
||||||
|
group = "download";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -68,8 +68,8 @@ in {
|
|||||||
{ v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
{ v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
|
||||||
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
{ v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
#TODO find out what this is about?
|
#TODO find out what this is about?
|
||||||
|
16
lass/2configs/autotether.nix
Normal file
16
lass/2configs/autotether.nix
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
systemd.services.usb_tether = {
|
||||||
|
script = ''
|
||||||
|
${pkgs.android-tools}/bin/adb -s QV770FAMEK wait-for-device
|
||||||
|
${pkgs.android-tools}/bin/adb -s QV770FAMEK shell svc usb setFunctions rndis
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="fce/320d/510", TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service"
|
||||||
|
'';
|
||||||
|
systemd.network.networks.android = {
|
||||||
|
matchConfig.Name = "enp0s20u1";
|
||||||
|
DHCP = "yes";
|
||||||
|
};
|
||||||
|
}
|
@ -1,97 +1,115 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (import <stockholm/lib>) genid;
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
users.extraUsers = {
|
|
||||||
cbasevpn = rec {
|
|
||||||
name = "cbasevpn";
|
|
||||||
uid = genid "cbasevpn";
|
|
||||||
description = "user for running c-base openvpn";
|
|
||||||
home = "/home/${name}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.extraGroups.cbasevpn.gid = genid "cbasevpn";
|
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.cifs-utils
|
pkgs.cifs-utils
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openvpn.servers = {
|
systemd.network.networks.c-base = {
|
||||||
c-base = {
|
matchConfig.Name = "c-base";
|
||||||
|
networkConfig = {
|
||||||
|
IgnoreCarrierLoss = "3s";
|
||||||
|
KeepConfiguration = "static";
|
||||||
|
DNS = "10.0.1.254";
|
||||||
|
Domains = "cbrp3.c-base.org";
|
||||||
|
};
|
||||||
|
routes = [
|
||||||
|
{ routeConfig = {
|
||||||
|
Destination = "10.0.1.0/24";
|
||||||
|
Gateway = "172.31.77.1";
|
||||||
|
};}
|
||||||
|
{ routeConfig = {
|
||||||
|
Destination = "91.102.9.99/32"; # vorstand.c-base.org
|
||||||
|
Gateway = "172.31.77.1";
|
||||||
|
};}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.openvpn.servers.c-base = {
|
||||||
config = ''
|
config = ''
|
||||||
client
|
|
||||||
dev tap
|
|
||||||
proto tcp
|
|
||||||
remote vpn.ext.c-base.org 1194
|
remote vpn.ext.c-base.org 1194
|
||||||
|
verify-x509-name vpn.ext.c-base.org name
|
||||||
|
client
|
||||||
|
proto udp
|
||||||
|
dev-type tun
|
||||||
|
dev c-base
|
||||||
resolv-retry infinite
|
resolv-retry infinite
|
||||||
nobind
|
nobind
|
||||||
user cbasevpn
|
# user openvpn
|
||||||
group cbasevpn
|
# group openvpn
|
||||||
persist-key
|
persist-key
|
||||||
persist-tun
|
persist-tun
|
||||||
|
|
||||||
auth-nocache
|
|
||||||
#auth-user-pass
|
|
||||||
auth-user-pass ${toString <secrets/cbase.txt>}
|
|
||||||
|
|
||||||
comp-lzo
|
comp-lzo
|
||||||
verb 3
|
# register-dns
|
||||||
|
# block-outside-dns
|
||||||
#script-security 2
|
script-security 2
|
||||||
#up /etc/openvpn/update-resolv-conf
|
auth-user-pass ${toString <secrets/cbase.txt>}
|
||||||
#down /etc/openvpn/update-resolv-conf
|
#auth-user-pass
|
||||||
|
|
||||||
<ca>
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
|
|
||||||
BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj
|
|
||||||
LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ
|
|
||||||
ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1
|
|
||||||
MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu
|
|
||||||
MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf
|
|
||||||
MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF
|
|
||||||
AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7
|
|
||||||
IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co
|
|
||||||
uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA
|
|
||||||
AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB
|
|
||||||
pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw
|
|
||||||
CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ
|
|
||||||
BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA
|
|
||||||
Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
|
|
||||||
BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5
|
|
||||||
ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK
|
|
||||||
wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
</ca>
|
|
||||||
key-direction 1
|
key-direction 1
|
||||||
<tls-auth>
|
<tls-auth>
|
||||||
#
|
#
|
||||||
# 2048 bit OpenVPN static key
|
# 2048 bit OpenVPN static key
|
||||||
#
|
#
|
||||||
-----BEGIN OpenVPN Static key V1-----
|
-----BEGIN OpenVPN Static key V1-----
|
||||||
5d49aa8c9cec18de7ab6e0b5cd09a368
|
54a66ed1048bed7508703347e89d68d6
|
||||||
d3f1b8b77e055e448804fa0e14f487cb
|
5586e6a5d1218cf8675941031d540be6
|
||||||
491681742f96b54a23fb8639aa9ed14e
|
993e07200a16ad3b770b659932ee71e5
|
||||||
c40b86a5546b888c4f3873f23c956e87
|
f8080b5c9fa2acb3893abd40fad2552c
|
||||||
169076ec869127ffc85353fd5928871c
|
fdaf17565e617ae450efcccf5652dca5
|
||||||
da19776b79f723abb366fae6cdfe4ad6
|
a16419509024b075941098731eb25ac0
|
||||||
7ef667b7d05a7b78dfd5ea1d2da276dc
|
a64f963ece3dca1d2a64a9c5e17839d7
|
||||||
5f6c82313fe9c1178c7256b8d1d081b0
|
5b5080165a9b2dc90ef111879d7d3173
|
||||||
4c80bc8f21add61fbc52c158579edc1d
|
2d1027ae42d869394aca08da4472a9d0
|
||||||
bbde230afb9d0e531624ce289a17098a
|
6b724b4ed43a957feef7d6dfc86da241
|
||||||
3261f9144a9a2a6f0da4250c9eed4086
|
74828fa0e1240941586f0d937cac32fc
|
||||||
187ec6fa757a454de743a349e32af193
|
13cc81e7bed58817353d6afaff7e6a26
|
||||||
e9f8b49b010014bdfb3240d992f2f234
|
4f9cc086af79c1cdca660d86e18cff96
|
||||||
581d0ce05d4e07a2b588ad9b0555b704
|
69dd3d392caf09a468894a8504f4cc7c
|
||||||
9d5edc28efde59226ec8942feed690a1
|
7ae0072e6d9ad90b166ad13a39c57b3c
|
||||||
2acd0c8bc9424d6074d0d495391023b6
|
3a869e27a1d89deb161c255227551713
|
||||||
-----END OpenVPN Static key V1-----
|
-----END OpenVPN Static key V1-----
|
||||||
</tls-auth>
|
</tls-auth>
|
||||||
|
<ca>
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGsDCCBJigAwIBAgIJAPkM1l2zA306MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
|
||||||
|
VQQGEwJERTEPMA0GA1UEBxMGQmVybGluMRswGQYDVQQLExJ2cG4uZXh0LmMtYmFz
|
||||||
|
ZS5vcmcxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEbMBkGA1UEKRMSdnBu
|
||||||
|
LmV4dC5jLWJhc2Uub3JnMR8wHQYJKoZIhvcNAQkBFhBhZG1heEBjLWJhc2Uub3Jn
|
||||||
|
MB4XDTE2MDcwOTE4MjkyMFoXDTI2MDcxMDE4MjkyMFowgZYxCzAJBgNVBAYTAkRF
|
||||||
|
MQ8wDQYDVQQHEwZCZXJsaW4xGzAZBgNVBAsTEnZwbi5leHQuYy1iYXNlLm9yZzEb
|
||||||
|
MBkGA1UEAxMSdnBuLmV4dC5jLWJhc2Uub3JnMRswGQYDVQQpExJ2cG4uZXh0LmMt
|
||||||
|
YmFzZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGFkbWF4QGMtYmFzZS5vcmcwggIiMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXEs+uWCXLNmm+lgP9x7u3FqWa4pPI
|
||||||
|
h64c6EWIULMATrhEw+Ej4fpCXwU9otFaO04fAeJmZGkDcnAYdBDiCeI0luOSdj44
|
||||||
|
Bg9KecSei/TskqjhDVnEBp65hiz0rZE6c1baPdLYmD5xrXWb3i0zrlBYFawuL6C2
|
||||||
|
lwVCEm3cadvkDJ2DleMuu3NblV8ViIDN0HZqzJNP72g1I0MgohkpetACXlf7MzQV
|
||||||
|
PFHfzvb04Rj2lJ8BDhceQ0WmjtVV/Ag6nka5oi954OeHMujRuH+rZYiQZDZpJLHK
|
||||||
|
Kh1KWTVlWPRy+AvCi9lweDWSmLccq7Ug4xMtDF4I5qW3tjCd0xqpZ21Xmo2JyKtY
|
||||||
|
4h8wEDPqiJvgwvkXsH17GLn5ZxiMcQuRJQYZqJephkzR9uccJeWSS76kwm/vLqG3
|
||||||
|
+eORlYnyjiNXtiMIhmAEFjpWUrGH8v4CijpUNP6E63ynGrRVXK684YQXkqL+xPAt
|
||||||
|
t6dsMBUwf94a2S1o2kgvuRCim1wlHvf1QsHrO/Hwgpzc8no/daWL+Z9Rq9okTHNK
|
||||||
|
nc1G5dv8TkmxIDYnLm07QMzzBoOT36BcGtkEBA+0xhQlX5PyQdM5/jnZVhdSBmoP
|
||||||
|
MbZXPoU/gJAIuuBuwdTlgCzYf44/9/YU/AnW8eLrbhm9KtMtoMpatrWorKqk/GPv
|
||||||
|
/lGNRQuNffrbiQIDAQABo4H+MIH7MB0GA1UdDgQWBBTf5cYbK+KCF9u9aobFlLbu
|
||||||
|
ilwX4jCBywYDVR0jBIHDMIHAgBTf5cYbK+KCF9u9aobFlLbuilwX4qGBnKSBmTCB
|
||||||
|
ljELMAkGA1UEBhMCREUxDzANBgNVBAcTBkJlcmxpbjEbMBkGA1UECxMSdnBuLmV4
|
||||||
|
dC5jLWJhc2Uub3JnMRswGQYDVQQDExJ2cG4uZXh0LmMtYmFzZS5vcmcxGzAZBgNV
|
||||||
|
BCkTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhAYy1i
|
||||||
|
YXNlLm9yZ4IJAPkM1l2zA306MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
|
||||||
|
ggIBAMs1moiS7UZ4neOivQjqwKrBbm1j3tgmPLhDfNMmXYarGhnBGAlLxLAQWtG+
|
||||||
|
Fnbx8KcsJnrsWcGfZcst1z45S4a5oBdVNKOfgkMOG0glZorIDO8Odrb51rpyzU0v
|
||||||
|
0wcNumMNWhkFuo2OTBHPnnJIWEAFwwCCSCL0I0hQxxoaV36kphjuIwzrMJhd+XAT
|
||||||
|
24En58cNp6sPRDd+FzOH08uFINevyzKWYxkMgVj+e3fbuiyOB8RqvndKvtfBBcpB
|
||||||
|
cCO86lGnj/ETMDciTczUShxaMn9wV1zr1KH1xvT3ohUeOcQZGbGTcjG4mxlns8ZO
|
||||||
|
U5J3Yrcd1eMfJq9Bwd3zPsTLnT8LwIS8vfYRav9b34XdqcBG73dhrjsicMK0Qy0z
|
||||||
|
Qz7vKJzcvrEnKuaMyB3mCxz/UvbNc2Bupwm4FmzN5eFjDs+7paYFdfOzqMjoRP+8
|
||||||
|
bcXSqDN5P2eUd7cdsZXaFNcsf1FkWlE3GudVBOmNJqz9zBab/T5J+l4Z90Pd6OUX
|
||||||
|
GNozEvLhcJkvPKA526TegHTGC8hMquxKc9tpOzNRqZJMFa+UG1mgMrMepRmM/B3s
|
||||||
|
QrKI1C11iCVYfb9J0tQUkfENHMx4J7mG2DZAhnKWQDU2awM41qU4A7aBYaJvDPnQ
|
||||||
|
RRcbaT0D794lKUQwH/mZuyKzF22oZNk1o1TV2SaFXqgX5tDt
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
</ca>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -8,8 +8,8 @@
|
|||||||
{ v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
{ v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
{ v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = lib.mkBefore [
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; precedence = 1000; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
{ v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||||
|
@ -69,7 +69,6 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = config.krebs.build.host.name;
|
networking.hostName = config.krebs.build.host.name;
|
||||||
nix.maxJobs = config.krebs.build.host.cores;
|
|
||||||
|
|
||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@ -190,28 +189,34 @@ with import <stockholm/lib>;
|
|||||||
enable = true;
|
enable = true;
|
||||||
tables = {
|
tables = {
|
||||||
nat.PREROUTING.rules = [
|
nat.PREROUTING.rules = [
|
||||||
{ predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
|
{ predicate = "-i retiolum -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
|
||||||
{ predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; }
|
{ predicate = "-i wiregrill -p tcp -m tcp --dport 22"; target = "ACCEPT"; }
|
||||||
{ predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
{ predicate = "-p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; }
|
||||||
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; }
|
||||||
];
|
];
|
||||||
nat.OUTPUT.rules = [
|
nat.OUTPUT.rules = [
|
||||||
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; }
|
||||||
];
|
];
|
||||||
filter.INPUT.policy = "DROP";
|
filter.INPUT.policy = "DROP";
|
||||||
filter.FORWARD.policy = "DROP";
|
filter.FORWARD.policy = "DROP";
|
||||||
filter.INPUT.rules = [
|
filter.INPUT.rules = mkMerge [
|
||||||
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
|
(mkBefore [
|
||||||
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||||
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
{ predicate = "-p icmp"; target = "ACCEPT"; }
|
||||||
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
|
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; }
|
||||||
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
{ predicate = "-i lo"; target = "ACCEPT"; }
|
||||||
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; }
|
||||||
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
|
])
|
||||||
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
(mkOrder 1000 [
|
||||||
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
{ predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT"; }
|
||||||
{ predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -p udp -m udp --dport 53"; target = "ACCEPT"; }
|
||||||
{ predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -p tcp --dport 19999"; target = "ACCEPT"; }
|
||||||
|
])
|
||||||
|
(mkAfter [
|
||||||
|
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; }
|
||||||
|
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; }
|
||||||
|
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; }
|
||||||
|
])
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -2,37 +2,56 @@
|
|||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
{
|
{
|
||||||
|
systemd.network.networks."50-et0" = {
|
||||||
|
matchConfig.Name = "et0";
|
||||||
|
DHCP = "yes";
|
||||||
|
# dhcpV4Config.UseDNS = false;
|
||||||
|
# dhcpV6Config.UseDNS = false;
|
||||||
|
linkConfig = {
|
||||||
|
RequiredForOnline = "routable";
|
||||||
|
};
|
||||||
|
# networkConfig = {
|
||||||
|
# LinkLocalAddressing = "no";
|
||||||
|
# };
|
||||||
|
# dhcpV6Config = {
|
||||||
|
# PrefixDelegationHint = "::/60";
|
||||||
|
# };
|
||||||
|
# networkConfig = {
|
||||||
|
# IPv6AcceptRA = true;
|
||||||
|
# };
|
||||||
|
# ipv6PrefixDelegationConfig = {
|
||||||
|
# Managed = true;
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
systemd.network.networks."50-int0" = {
|
||||||
|
name = "int0";
|
||||||
|
address = [
|
||||||
|
"10.42.0.1/24"
|
||||||
|
];
|
||||||
|
networkConfig = {
|
||||||
|
IPForward = "yes";
|
||||||
|
IPMasquerade = "both";
|
||||||
|
ConfigureWithoutCarrier = true;
|
||||||
|
DHCPServer = "yes";
|
||||||
|
# IPv6SendRA = "yes";
|
||||||
|
# DHCPPrefixDelegation = "yes";
|
||||||
|
};
|
||||||
|
};
|
||||||
networking.networkmanager.unmanaged = [ "int0" ];
|
networking.networkmanager.unmanaged = [ "int0" ];
|
||||||
networking.interfaces.int0.ipv4.addresses = [{
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
address = "10.42.0.1";
|
{ predicate = "-i int0"; target = "ACCEPT"; }
|
||||||
prefixLength = 24;
|
];
|
||||||
}];
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ predicate = "-i int0"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-o int0"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
|
||||||
|
{ v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
|
||||||
networking.domain = "gg23";
|
networking.domain = "gg23";
|
||||||
|
|
||||||
services.dhcpd4 = {
|
|
||||||
enable = true;
|
|
||||||
interfaces = [ "int0" ];
|
|
||||||
extraConfig = ''
|
|
||||||
option subnet-mask 255.255.255.0;
|
|
||||||
option routers 10.42.0.1;
|
|
||||||
option domain-name-servers 10.42.0.1;
|
|
||||||
subnet 10.42.0.0 netmask 255.255.255.0 {
|
|
||||||
range 10.42.0.100 10.42.0.200;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
machines = [
|
|
||||||
{ ethernetAddress = "a8:a6:48:65:ce:4c"; hostName = "tv"; ipAddress = "10.42.0.3"; }
|
|
||||||
{ ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; }
|
|
||||||
{ ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-tv"; ipAddress = "10.42.0.10"; }
|
|
||||||
{ ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; }
|
|
||||||
{ ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-wasch"; ipAddress = "10.42.0.12"; }
|
|
||||||
{ ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; }
|
|
||||||
{ ethernetAddress = "ec:b5:fa:07:78:16"; hostName = "hue-bridge"; ipAddress = "10.42.0.21"; }
|
|
||||||
{ ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.dnsmasq = {
|
services.dnsmasq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
resolveLocalQueries = false;
|
resolveLocalQueries = false;
|
||||||
@ -45,22 +64,4 @@ with import <stockholm/lib>;
|
|||||||
interface=int0
|
interface=int0
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns
|
|
||||||
];
|
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
|
||||||
{ v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
|
||||||
{ v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; }
|
|
||||||
{ v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
|
||||||
{ v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
|
|
||||||
];
|
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
|
||||||
{ v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; }
|
|
||||||
];
|
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
|
||||||
{ v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; }
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,22 +18,22 @@ with import <stockholm/lib>;
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
|
{ v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
|
{ v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
|
{ v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
|
{ v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.iptables.tables.nat.OUTPUT.rules = [
|
krebs.iptables.tables.nat.OUTPUT.rules = mkBefore [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
|
{ v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO use bridge interfaces instead of this crap
|
# TODO use bridge interfaces instead of this crap
|
||||||
|
@ -20,8 +20,8 @@
|
|||||||
krebs.iptables.tables.filter.OUTPUT.rules = [
|
krebs.iptables.tables.filter.OUTPUT.rules = [
|
||||||
{ v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
|
{ v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
krebs.iptables.tables.nat.PREROUTING.rules = lib.mkBefore [
|
||||||
{ v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; precedence = 1000; }
|
{ v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
{ v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; }
|
||||||
|
23
lass/2configs/radio/container-host.nix
Normal file
23
lass/2configs/radio/container-host.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
lass.sync-containers3.containers.radio = {
|
||||||
|
sshKey = "${toString <secrets>}/radio.sync.key";
|
||||||
|
};
|
||||||
|
containers.radio = {
|
||||||
|
bindMounts."/var/music" = {
|
||||||
|
hostPath = "/var/music";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.htgen.radio-redirect = {
|
||||||
|
port = 8000;
|
||||||
|
scriptFile = pkgs.writers.writeDash "redir" ''
|
||||||
|
printf 'HTTP/1.1 301 Moved Permanently\r\n'
|
||||||
|
printf "Location: http://radio.lassul.us''${Request_URI}\r\n"
|
||||||
|
printf '\r\n'
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -3,7 +3,7 @@
|
|||||||
let
|
let
|
||||||
name = "radio";
|
name = "radio";
|
||||||
|
|
||||||
music_dir = "/home/radio/music";
|
music_dir = "/var/music";
|
||||||
|
|
||||||
skip_track = pkgs.writers.writeBashBin "skip_track" ''
|
skip_track = pkgs.writers.writeBashBin "skip_track" ''
|
||||||
set -eu
|
set -eu
|
||||||
@ -113,7 +113,7 @@ in {
|
|||||||
LIMIT=1000 #how many tracks to keep in the history
|
LIMIT=1000 #how many tracks to keep in the history
|
||||||
HISTORY_FILE=/var/lib/radio/recent
|
HISTORY_FILE=/var/lib/radio/recent
|
||||||
|
|
||||||
listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl |
|
listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl |
|
||||||
${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0)
|
${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0)
|
||||||
echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE"
|
echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE"
|
||||||
echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
|
echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
|
||||||
@ -128,6 +128,18 @@ in {
|
|||||||
serviceConfig.User = lib.mkForce "radio";
|
serviceConfig.User = lib.mkForce "radio";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = opkgs: {
|
||||||
|
icecast = opkgs.icecast.overrideAttrs (old: rec {
|
||||||
|
version = "2.5-beta3";
|
||||||
|
|
||||||
|
src = pkgs.fetchurl {
|
||||||
|
url = "http://downloads.xiph.org/releases/icecast/icecast-${version}.tar.gz";
|
||||||
|
sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8=";
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = old.buildInputs ++ [ pkgs.pkg-config ];
|
||||||
|
});
|
||||||
|
};
|
||||||
services.icecast = {
|
services.icecast = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hostname = "radio.lassul.us";
|
hostname = "radio.lassul.us";
|
||||||
@ -135,7 +147,14 @@ in {
|
|||||||
extraConf = ''
|
extraConf = ''
|
||||||
<authentication>
|
<authentication>
|
||||||
<source-password>hackme</source-password>
|
<source-password>hackme</source-password>
|
||||||
|
<admin-user>admin</admin-user>
|
||||||
|
<admin-password>hackme</admin-password>
|
||||||
</authentication>
|
</authentication>
|
||||||
|
<logging>
|
||||||
|
<accesslog>-</accesslog>
|
||||||
|
<errorlog>-</errorlog>
|
||||||
|
<loglevel>3</loglevel>
|
||||||
|
</logging>
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -234,18 +253,38 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."radio.lassul.us" = {
|
virtualHosts."radio.r" = {
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
# https://github.com/aswild/icecast-notes#core-nginx-config
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass http://localhost:8000;
|
proxy_pass http://localhost:8000;
|
||||||
|
# Disable request size limit, very important for uploading large files
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
# Enable support `Transfer-Encoding: chunked`
|
||||||
|
chunked_transfer_encoding on;
|
||||||
|
|
||||||
|
# Disable request and response buffering, minimize latency to/from Icecast
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_request_buffering off;
|
||||||
|
|
||||||
|
# Icecast needs HTTP/1.1, not 1.0 or 2
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
# Forward all original request headers
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
|
||||||
|
# Set some standard reverse proxy headers. Icecast server currently ignores these,
|
||||||
|
# but may support them in a future version so that access logs are more useful.
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# get source ip for weather reports
|
||||||
|
proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
|
||||||
'';
|
'';
|
||||||
locations."= /recent".extraConfig = ''
|
locations."= /recent".extraConfig = ''
|
||||||
default_type "text/plain";
|
default_type "text/plain";
|
||||||
@ -266,7 +305,7 @@ in {
|
|||||||
while sleep 1; do
|
while sleep 1; do
|
||||||
mpv \
|
mpv \
|
||||||
--cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \
|
--cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \
|
||||||
'http://lassul.us:8000/radio.ogg'
|
'http://radio.lassul.us/radio.ogg'
|
||||||
done
|
done
|
||||||
'';
|
'';
|
||||||
locations."= /controls".extraConfig = ''
|
locations."= /controls".extraConfig = ''
|
||||||
@ -278,35 +317,12 @@ in {
|
|||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let
|
|
||||||
html = pkgs.writeText "index.html" ''
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta charset="utf-8">
|
|
||||||
<title>lassulus playlist</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
|
|
||||||
<iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
|
|
||||||
</div>
|
|
||||||
<div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
|
|
||||||
<audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
|
|
||||||
</div>
|
|
||||||
<!-- page content -->
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
'';
|
|
||||||
in ''
|
|
||||||
default_type "text/html";
|
|
||||||
alias ${html};
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
services.syncthing.declarative.folders."the_playlist" = {
|
services.syncthing.declarative.folders."the_playlist" = {
|
||||||
path = "/home/radio/music/the_playlist";
|
path = "/var/music/the_playlist";
|
||||||
devices = [ "mors" "phone" "prism" "omo" ];
|
devices = [ "mors" "phone" "prism" "omo" "radio" ];
|
||||||
};
|
};
|
||||||
krebs.acl."/home/radio/music/the_playlist"."u:syncthing:X".parents = true;
|
krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true;
|
||||||
krebs.acl."/home/radio/music/the_playlist"."u:syncthing:rwX" = {};
|
krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {};
|
||||||
krebs.acl."/home/radio/music/the_playlist"."u:radio:rwX" = {};
|
krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {};
|
||||||
}
|
}
|
||||||
|
@ -10,7 +10,7 @@ def stringify_attrs(attrs) =
|
|||||||
out
|
out
|
||||||
end
|
end
|
||||||
|
|
||||||
def filter_graveyard(req) =
|
def filter_music(req) =
|
||||||
filename = request.filename(req)
|
filename = request.filename(req)
|
||||||
if string.match(pattern = '.*/\\.graveyard/.*', filename) then
|
if string.match(pattern = '.*/\\.graveyard/.*', filename) then
|
||||||
false
|
false
|
||||||
@ -27,7 +27,7 @@ end
|
|||||||
env = environment()
|
env = environment()
|
||||||
port = string.to_int(env["RADIO_PORT"], default = 8000)
|
port = string.to_int(env["RADIO_PORT"], default = 8000)
|
||||||
|
|
||||||
all_music = playlist(env["MUSIC"], check_next = filter_graveyard)
|
all_music = playlist(env["MUSIC"], check_next = filter_music)
|
||||||
wishlist = request.queue()
|
wishlist = request.queue()
|
||||||
tracks = fallback(track_sensitive = true, [wishlist, all_music])
|
tracks = fallback(track_sensitive = true, [wishlist, all_music])
|
||||||
tracks = blank.eat(tracks)
|
tracks = blank.eat(tracks)
|
||||||
@ -36,7 +36,7 @@ last_metadata = ref([])
|
|||||||
def on_metadata(m) =
|
def on_metadata(m) =
|
||||||
last_metadata := m
|
last_metadata := m
|
||||||
print("changing tracks")
|
print("changing tracks")
|
||||||
out = process.read(env["HOOK_TRACK_CHANGE"], env = m)
|
out = process.read(env["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0)
|
||||||
print(out)
|
print(out)
|
||||||
end
|
end
|
||||||
tracks.on_metadata(on_metadata)
|
tracks.on_metadata(on_metadata)
|
||||||
|
@ -10,19 +10,24 @@ let
|
|||||||
export PATH="${lib.makeBinPath [
|
export PATH="${lib.makeBinPath [
|
||||||
pkgs.coreutils
|
pkgs.coreutils
|
||||||
pkgs.curl
|
pkgs.curl
|
||||||
pkgs.iproute2
|
|
||||||
pkgs.jc
|
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
]}"
|
]}"
|
||||||
curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
|
curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
|
||||||
MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
|
MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
|
||||||
OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
|
OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
|
||||||
ss -no 'sport = :8000' |
|
(
|
||||||
jc --ss | jq -r '.[] |
|
curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg'
|
||||||
select(
|
curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3'
|
||||||
.local_address != "[::ffff:127.0.0.1]"
|
curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus'
|
||||||
and .local_address != "[::1]"
|
) | jq -rs '
|
||||||
) | .peer_address | gsub("[\\[\\]]"; "")
|
[
|
||||||
|
.[][].source|values|to_entries[].value |
|
||||||
|
(.listener//[]) [] |
|
||||||
|
(.useragent | capture("client-ip=(?<ip>[a-f0-9.:]+)")).ip // .ip
|
||||||
|
] |
|
||||||
|
unique[] |
|
||||||
|
select(. != "127.0.0.1") |
|
||||||
|
select(. != "::1")
|
||||||
' |
|
' |
|
||||||
${weather_for_ips}/bin/weather_for_ips
|
${weather_for_ips}/bin/weather_for_ips
|
||||||
'';
|
'';
|
||||||
|
@ -3,12 +3,24 @@ import fileinput
|
|||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
import os
|
import os
|
||||||
|
import random
|
||||||
|
|
||||||
|
|
||||||
geoip = geoip2.database.Reader(os.environ['MAXMIND_GEOIP_DB'])
|
geoip = geoip2.database.Reader(os.environ['MAXMIND_GEOIP_DB'])
|
||||||
seen = {}
|
seen = {}
|
||||||
output = []
|
output = []
|
||||||
for ip in fileinput.input():
|
for ip in fileinput.input():
|
||||||
|
if "80.147.140.51" in ip:
|
||||||
|
output.append(
|
||||||
|
'Weather report for c-base, space.'
|
||||||
|
'It is empty space outside '
|
||||||
|
'with a temperature of -270 degrees, '
|
||||||
|
'a lightspeed of 299792 kilometers per second '
|
||||||
|
'and a humidity of Not a Number percent. '
|
||||||
|
f'The probability of reincarnation is {random.randrange(0, 100)} percent.'
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
try:
|
||||||
location = geoip.city(ip.strip())
|
location = geoip.city(ip.strip())
|
||||||
if location.city.geoname_id not in seen:
|
if location.city.geoname_id not in seen:
|
||||||
seen[location.city.geoname_id] = True
|
seen[location.city.geoname_id] = True
|
||||||
@ -30,5 +42,7 @@ for ip in fileinput.input():
|
|||||||
f'and a humidity of {weather["current"]["humidity"]} percent. '
|
f'and a humidity of {weather["current"]["humidity"]} percent. '
|
||||||
f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
|
f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
|
||||||
)
|
)
|
||||||
|
except: # noqa E722
|
||||||
|
pass
|
||||||
|
|
||||||
print('\n'.join(output))
|
print('\n'.join(output))
|
||||||
|
@ -27,6 +27,15 @@
|
|||||||
LocalDiscovery = no
|
LocalDiscovery = no
|
||||||
''}
|
''}
|
||||||
'';
|
'';
|
||||||
|
tincUp = lib.mkIf config.systemd.network.enable "";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks.retiolum = {
|
||||||
|
matchConfig.Name = "retiolum";
|
||||||
|
address = [
|
||||||
|
"${config.krebs.build.host.nets.retiolum.ip4.addr}/16"
|
||||||
|
"${config.krebs.build.host.nets.retiolum.ip6.addr}/16"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
59
lass/2configs/riot.nix
Normal file
59
lass/2configs/riot.nix
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
containers.riot = {
|
||||||
|
config = {
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.dhcpcd
|
||||||
|
pkgs.git
|
||||||
|
pkgs.jq
|
||||||
|
];
|
||||||
|
services.openssh.enable = true;
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
||||||
|
];
|
||||||
|
networking.defaultGateway = "10.233.1.1";
|
||||||
|
systemd.services.autoswitch = {
|
||||||
|
environment = {
|
||||||
|
NIX_REMOTE = "daemon";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
|
||||||
|
set -efu
|
||||||
|
if test -e /var/src/nixos-config; then
|
||||||
|
/run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
unitConfig.X-StopOnRemoval = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
autoStart = true;
|
||||||
|
enableTun = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.233.1.1";
|
||||||
|
localAddress = "10.233.1.2";
|
||||||
|
forwardPorts = [
|
||||||
|
{ hostPort = 45622; containerPort = 22; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."50-ve-riot" = {
|
||||||
|
matchConfig.Name = "ve-riot";
|
||||||
|
|
||||||
|
networkConfig = {
|
||||||
|
IPForward = "yes";
|
||||||
|
# weirdly we have to use POSTROUTING MASQUERADE here
|
||||||
|
# IPMasquerade = "both";
|
||||||
|
LinkLocalAddressing = "no";
|
||||||
|
KeepConfiguration = "static";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# networking.nat can be used instead of this
|
||||||
|
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||||
|
{ v6 = false; predicate = "-s ${config.containers.riot.localAddress}"; target = "MASQUERADE"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ predicate = "-i ve-riot"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-o ve-riot"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
}
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
services.syncthing.folders.the_playlist = {
|
services.syncthing.folders.the_playlist = {
|
||||||
path = "/home/lass/tmp/the_playlist";
|
path = "/home/lass/tmp/the_playlist";
|
||||||
devices = [ "mors" "phone" "prism" "omo" ];
|
devices = [ "mors" "phone" "prism" "omo" "radio" ];
|
||||||
};
|
};
|
||||||
krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true;
|
krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true;
|
||||||
krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {};
|
krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {};
|
||||||
|
@ -16,13 +16,20 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
|
|||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
{ predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
|
{ predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
|
||||||
];
|
];
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
|
krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter (mkBefore [
|
||||||
{ precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
|
{ predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
|
||||||
{ precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
|
{ predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
|
||||||
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
|
{ predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
|
||||||
{ precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
|
{ predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
|
||||||
{ precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
{ predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||||
];
|
]);
|
||||||
|
systemd.network.networks.wiregrill = {
|
||||||
|
matchConfig.Name = "wiregrill";
|
||||||
|
address =
|
||||||
|
(optional (!isNull self.ip4) "${self.ip4.addr}/16") ++
|
||||||
|
(optional (!isNull self.ip6) "${self.ip6.addr}/48")
|
||||||
|
;
|
||||||
|
};
|
||||||
|
|
||||||
networking.wireguard.interfaces.wiregrill = {
|
networking.wireguard.interfaces.wiregrill = {
|
||||||
ips =
|
ips =
|
||||||
|
14
lass/2configs/yellow-host.nix
Normal file
14
lass/2configs/yellow-host.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
lass.sync-containers3.containers.yellow = {
|
||||||
|
sshKey = "${toString <secrets>}/yellow.sync.key";
|
||||||
|
};
|
||||||
|
containers.yellow.bindMounts."/var/lib" = {
|
||||||
|
hostPath = "/var/lib/sync-containers3/yellow/state";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
containers.yellow.bindMounts."/var/download" = {
|
||||||
|
hostPath = "/var/download";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
fileSystems."/mnt/prism" = {
|
fileSystems."/mnt/yellow" = {
|
||||||
device = "//prism.r/public";
|
device = "//yellow.r/public";
|
||||||
fsType = "cifs";
|
fsType = "cifs";
|
||||||
options = [
|
options = [
|
||||||
"guest"
|
"guest"
|
@ -28,6 +28,10 @@ in {
|
|||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
};
|
};
|
||||||
|
runContainer = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
};
|
};
|
||||||
@ -50,7 +54,8 @@ in {
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
|
serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
|
||||||
set -efu
|
set -efu
|
||||||
ln -frs /var/state/var_src /var/src
|
mkdir -p /var/state/var_src
|
||||||
|
ln -Tfrs /var/state/var_src /var/src
|
||||||
if test -e /var/src/nixos-config; then
|
if test -e /var/src/nixos-config; then
|
||||||
/run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
|
/run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
|
||||||
fi
|
fi
|
||||||
@ -64,7 +69,6 @@ in {
|
|||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostBridge = "ctr0";
|
hostBridge = "ctr0";
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/etc/resolv.conf".hostPath = "/etc/resolv.conf";
|
|
||||||
"/var/lib/self/disk" = {
|
"/var/lib/self/disk" = {
|
||||||
hostPath = "/var/lib/sync-containers3/${ctr.name}/disk";
|
hostPath = "/var/lib/sync-containers3/${ctr.name}/disk";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
@ -74,7 +78,7 @@ in {
|
|||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}) cfg.containers;
|
}) (lib.filterAttrs (_: ctr: ctr.runContainer) cfg.containers);
|
||||||
|
|
||||||
systemd.services = lib.foldr lib.recursiveUpdate {} (lib.flatten (map (ctr: [
|
systemd.services = lib.foldr lib.recursiveUpdate {} (lib.flatten (map (ctr: [
|
||||||
{ "${ctr.name}_syncer" = {
|
{ "${ctr.name}_syncer" = {
|
||||||
@ -101,14 +105,14 @@ in {
|
|||||||
set -efux
|
set -efux
|
||||||
if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then
|
if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then
|
||||||
touch "$HOME"/incomplete
|
touch "$HOME"/incomplete
|
||||||
rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk
|
rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace container_sync@${ctr.name}.r:disk "$HOME"/disk
|
||||||
rm "$HOME"/incomplete
|
rm "$HOME"/incomplete
|
||||||
fi
|
fi
|
||||||
''}
|
''}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}; }
|
}; }
|
||||||
{ "${ctr.name}_watcher" = {
|
{ "${ctr.name}_watcher" = lib.mkIf ctr.runContainer {
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
consul
|
consul
|
||||||
@ -136,7 +140,8 @@ in {
|
|||||||
;;
|
;;
|
||||||
200)
|
200)
|
||||||
# echo 'got 200 from kv, will check payload'
|
# echo 'got 200 from kv, will check payload'
|
||||||
export payload=$(consul kv get containers/${ctr.name})
|
payload=$(consul kv get containers/${ctr.name}) || continue
|
||||||
|
export payload
|
||||||
if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then
|
if [ "$(jq -rn 'env.payload | fromjson.host')" = '${config.networking.hostName}' ]; then
|
||||||
# echo 'we are the host, trying to reach container'
|
# echo 'we are the host, trying to reach container'
|
||||||
if $(retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null); then
|
if $(retry -t 10 -d 10 -- /run/wrappers/bin/ping -q -c 1 ${ctr.name}.r > /dev/null); then
|
||||||
@ -163,7 +168,7 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}; }
|
}; }
|
||||||
{ "${ctr.name}_scheduler" = {
|
{ "${ctr.name}_scheduler" = lib.mkIf ctr.runContainer {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
coreutils
|
coreutils
|
||||||
@ -246,7 +251,7 @@ in {
|
|||||||
users.groups = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" {
|
users.groups = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" {
|
||||||
}) cfg.containers;
|
}) cfg.containers;
|
||||||
users.users = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" ({
|
users.users = lib.mapAttrs' (_: ctr: lib.nameValuePair "${ctr.name}_container" ({
|
||||||
group = "container_${ctr.name}";
|
group = "${ctr.name}_container";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
uid = slib.genid_uint31 "container_${ctr.name}";
|
uid = slib.genid_uint31 "container_${ctr.name}";
|
||||||
home = "/var/lib/sync-containers3/${ctr.name}";
|
home = "/var/lib/sync-containers3/${ctr.name}";
|
||||||
@ -254,47 +259,51 @@ in {
|
|||||||
homeMode = "705";
|
homeMode = "705";
|
||||||
})) cfg.containers;
|
})) cfg.containers;
|
||||||
|
|
||||||
|
environment.systemPackages = lib.mapAttrsToList (_: ctr: (pkgs.writers.writeDashBin "${ctr.name}_init" ''
|
||||||
|
set -efux
|
||||||
|
export PATH=${lib.makeBinPath [
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.cryptsetup
|
||||||
|
pkgs.libxfs.bin
|
||||||
|
]}:$PATH
|
||||||
|
truncate -s 5G /var/lib/sync-containers3/${ctr.name}/disk
|
||||||
|
cryptsetup luksFormat /var/lib/sync-containers3/${ctr.name}/disk ${ctr.luksKey}
|
||||||
|
cryptsetup luksOpen --key-file ${ctr.luksKey} /var/lib/sync-containers3/${ctr.name}/disk ${ctr.name}
|
||||||
|
mkfs.xfs /dev/mapper/${ctr.name}
|
||||||
|
mkdir -p /var/lib/sync-containers3/${ctr.name}/state
|
||||||
|
mountpoint /var/lib/sync-containers3/${ctr.name}/state || mount /dev/mapper/${ctr.name} /var/lib/sync-containers3/${ctr.name}/state
|
||||||
|
/run/current-system/sw/bin/nixos-container start ${ctr.name}
|
||||||
|
/run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "init" ''
|
||||||
|
mkdir -p /var/state
|
||||||
|
''}
|
||||||
|
'')) cfg.containers;
|
||||||
})
|
})
|
||||||
(lib.mkIf (cfg.containers != {}) {
|
(lib.mkIf (cfg.containers != {}) {
|
||||||
# networking
|
# networking
|
||||||
networking.networkmanager.unmanaged = [ "ctr0" ];
|
systemd.network.networks.ctr0 = {
|
||||||
networking.interfaces.dummy0.virtual = true;
|
name = "ctr0";
|
||||||
networking.bridges.ctr0.interfaces = [ "dummy0" ];
|
address = [
|
||||||
networking.interfaces.ctr0.ipv4.addresses = [{
|
"10.233.0.1/24"
|
||||||
address = "10.233.0.1";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
systemd.services."dhcpd-ctr0" = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "forking";
|
|
||||||
Restart = "always";
|
|
||||||
DynamicUser = true;
|
|
||||||
StateDirectory = "dhcpd-ctr0";
|
|
||||||
User = "dhcpd-ctr0";
|
|
||||||
Group = "dhcpd-ctr0";
|
|
||||||
AmbientCapabilities = [
|
|
||||||
"CAP_NET_RAW" # to send ICMP messages
|
|
||||||
"CAP_NET_BIND_SERVICE" # to bind on DHCP port (67)
|
|
||||||
];
|
];
|
||||||
ExecStartPre = "${pkgs.coreutils}/bin/touch /var/lib/dhcpd-ctr0/dhcpd.leases";
|
networkConfig = {
|
||||||
ExecStart = "${pkgs.dhcp}/bin/dhcpd -4 -lf /var/lib/dhcpd-ctr0/dhcpd.leases -cf ${pkgs.writeText "dhpd.conf" ''
|
IPForward = "yes";
|
||||||
default-lease-time 600;
|
IPMasquerade = "both";
|
||||||
max-lease-time 7200;
|
ConfigureWithoutCarrier = true;
|
||||||
authoritative;
|
DHCPServer = "yes";
|
||||||
ddns-update-style interim;
|
|
||||||
log-facility local1; # see dhcpd.nix
|
|
||||||
|
|
||||||
option subnet-mask 255.255.255.0;
|
|
||||||
option routers 10.233.0.1;
|
|
||||||
# option domain-name-servers 8.8.8.8; # TODO configure dns server
|
|
||||||
subnet 10.233.0.0 netmask 255.255.255.0 {
|
|
||||||
range 10.233.0.10 10.233.0.250;
|
|
||||||
}
|
|
||||||
''} ctr0";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
systemd.network.netdevs.ctr0.netdevConfig = {
|
||||||
|
Kind = "bridge";
|
||||||
|
Name = "ctr0";
|
||||||
|
};
|
||||||
|
networking.networkmanager.unmanaged = [ "ctr0" ];
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-i ctr0"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
|
{ predicate = "-i ctr0"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-o ctr0"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
})
|
})
|
||||||
(lib.mkIf cfg.inContainer.enable {
|
(lib.mkIf cfg.inContainer.enable {
|
||||||
users.groups.container_sync = {};
|
users.groups.container_sync = {};
|
||||||
@ -308,6 +317,17 @@ in {
|
|||||||
cfg.inContainer.pubkey
|
cfg.inContainer.pubkey
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.useHostResolvConf = false;
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
networks.eth0 = {
|
||||||
|
matchConfig.Name = "eth0";
|
||||||
|
DHCP = "yes";
|
||||||
|
dhcpV4Config.UseDNS = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -1,26 +0,0 @@
|
|||||||
{ yarn2nix-moretea, fetchFromGitHub, nodePackages, nodejs }: let
|
|
||||||
#src = ~/src/bruellwuerfel;
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "krebs";
|
|
||||||
repo = "bruellwuerfel";
|
|
||||||
rev = "57e20e630f732ce4e15b495ec5f9bf72a121b959";
|
|
||||||
sha256 = "08zwwl24sq21r497a03lqpy2x10az8frrsh6d38xm92snd1yf85b";
|
|
||||||
};
|
|
||||||
|
|
||||||
in yarn2nix-moretea.mkYarnModules rec {
|
|
||||||
pname = "bruellwuerfel";
|
|
||||||
version = "1.0";
|
|
||||||
name = "${pname}-${version}";
|
|
||||||
packageJSON = "${src}/package.json";
|
|
||||||
yarnLock = "${src}/yarn.lock";
|
|
||||||
postBuild = ''
|
|
||||||
cp -r ${src}/{src,tsconfig.json} $out/
|
|
||||||
cd $out
|
|
||||||
${nodePackages.typescript}/bin/tsc || :
|
|
||||||
mkdir -p $out/bin
|
|
||||||
echo '#!/bin/sh' > $out/bin/bruellwuerfel
|
|
||||||
echo "export NODE_PATH=$out/dist" >> $out/bin/bruellwuerfel
|
|
||||||
echo "${nodejs}/bin/node $out/dist/index.js" >> $out/bin/bruellwuerfel
|
|
||||||
chmod +x $out/bin/bruellwuerfel
|
|
||||||
'';
|
|
||||||
}
|
|
26
lass/5pkgs/install-system/default.nix
Normal file
26
lass/5pkgs/install-system/default.nix
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
{ pkgs }:
|
||||||
|
pkgs.writers.writeDashBin "install-system" ''
|
||||||
|
set -efux
|
||||||
|
SYSTEM=$1
|
||||||
|
TARGET=$2
|
||||||
|
# format
|
||||||
|
if ! (sshn "$TARGET" -- mountpoint /mnt); then
|
||||||
|
nix run github:numtide/nixos-remote -- --stop-after-disko --store-paths "$(nix-build --no-out-link -I stockholm="$HOME"/sync/stockholm -I nixos-config="$HOME"/sync/stockholm/lass/1systems/"$SYSTEM"/physical.nix '<nixpkgs/nixos>' -A config.system.build.diskoNoDeps)" /dev/null "$TARGET"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# install dependencies
|
||||||
|
sshn "$TARGET" << SSH
|
||||||
|
nix-channel --update
|
||||||
|
nix-env -iA nixos.git
|
||||||
|
SSH
|
||||||
|
|
||||||
|
# populate
|
||||||
|
$(nix-build --no-out-link "$HOME"/sync/stockholm/lass/krops.nix -A populate --argstr name "$SYSTEM" --argstr target "$TARGET"/mnt/var/src --arg force true)
|
||||||
|
|
||||||
|
# install
|
||||||
|
sshn "$TARGET" << SSH
|
||||||
|
ln -s /mnt/var/src /var/src
|
||||||
|
NIXOS_CONFIG=/var/src/nixos-config nixos-install --no-root-password -I /var/src
|
||||||
|
zpool export -fa
|
||||||
|
SSH
|
||||||
|
''
|
@ -1,31 +1,59 @@
|
|||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
pkgs.writeDashBin "l-gen-secrets" ''
|
pkgs.writers.writeDashBin "l-gen-secrets" ''
|
||||||
HOSTNAME="$1"
|
set -efu
|
||||||
|
HOSTNAME=$1
|
||||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||||
|
if [ "''${DRYRUN-n}" = "n" ]; then
|
||||||
|
trap 'rm -rf $TMPDIR' EXIT
|
||||||
|
else
|
||||||
|
echo "$TMPDIR"
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
mkdir -p $TMPDIR/out
|
||||||
|
|
||||||
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
|
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
|
||||||
HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
|
HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
|
||||||
|
|
||||||
|
# ssh
|
||||||
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
|
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
|
||||||
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
|
${pkgs.coreutils}/bin/mv $TMPDIR/ssh.id_ed25519 $TMPDIR/out/
|
||||||
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
|
|
||||||
${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/wiregrill.key
|
# tor
|
||||||
${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub
|
${pkgs.coreutils}/bin/timeout 1 ${pkgs.tor}/bin/tor --HiddenServiceDir $TMPDIR/tor --HiddenServicePort 1 --SocksPort 0 >/dev/null || :
|
||||||
cat <<EOF > $TMPDIR/hashedPasswords.nix
|
${pkgs.coreutils}/bin/mv $TMPDIR/tor/hs_ed25519_secret_key $TMPDIR/out/ssh-tor.priv
|
||||||
|
|
||||||
|
# tinc
|
||||||
|
${pkgs.coreutils}/bin/mkdir -p $TMPDIR/tinc
|
||||||
|
${pkgs.tinc_pre}/bin/tinc --config $TMPDIR/tinc generate-keys 4096 </dev/null
|
||||||
|
${pkgs.coreutils}/bin/mv $TMPDIR/tinc/ed25519_key.priv $TMPDIR/out/retiolum.ed25519_key.priv
|
||||||
|
${pkgs.coreutils}/bin/mv $TMPDIR/tinc/rsa_key.priv $TMPDIR/out/retiolum.rsa_key.priv
|
||||||
|
|
||||||
|
# wireguard
|
||||||
|
${pkgs.wireguard-tools}/bin/wg genkey > $TMPDIR/out/wiregrill.key
|
||||||
|
${pkgs.coreutils}/bin/cat $TMPDIR/out/wiregrill.key | ${pkgs.wireguard-tools}/bin/wg pubkey > $TMPDIR/wiregrill.pub
|
||||||
|
|
||||||
|
# system passwords
|
||||||
|
cat <<EOF > $TMPDIR/out/hashedPasswords.nix
|
||||||
{
|
{
|
||||||
root = "$HASHED_PASSWORD";
|
root = "$HASHED_PASSWORD";
|
||||||
mainUser = "$HASHED_PASSWORD";
|
mainUser = "$HASHED_PASSWORD";
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cd $TMPDIR
|
set +f
|
||||||
|
if [ "''${DRYRUN-n}" = "n" ]; then
|
||||||
|
cd $TMPDIR/out
|
||||||
for x in *; do
|
for x in *; do
|
||||||
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
|
${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null
|
||||||
done
|
done
|
||||||
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
|
echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null
|
||||||
|
${pkgs.coreutils}/bin/cat $TMPDIR/tor/hostname | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/torname > /dev/null
|
||||||
|
fi
|
||||||
|
set -f
|
||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
$HOSTNAME = {
|
{ r6, w6, ... }:
|
||||||
cores = 1;
|
{
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.0.changeme";
|
ip4.addr = "10.243.0.changeme";
|
||||||
@ -34,8 +62,9 @@ pkgs.writeDashBin "l-gen-secrets" ''
|
|||||||
"$HOSTNAME.r"
|
"$HOSTNAME.r"
|
||||||
];
|
];
|
||||||
tinc.pubkey = ${"''"}
|
tinc.pubkey = ${"''"}
|
||||||
$(cat $TMPDIR/retiolum.rsa_key.pub)
|
$(cat $TMPDIR/tinc/rsa_key.pub | sed 's/^/ /')
|
||||||
${"''"};
|
${"''"};
|
||||||
|
tinc.pubkey_ed25519 = "$(cat $TMPDIR/tinc/ed25519_key.pub | ${pkgs.gnused}/bin/sed 's/.* = //')";
|
||||||
};
|
};
|
||||||
wiregrill = {
|
wiregrill = {
|
||||||
ip6.addr = w6 "changeme";
|
ip6.addr = w6 "changeme";
|
||||||
@ -47,11 +76,7 @@ pkgs.writeDashBin "l-gen-secrets" ''
|
|||||||
${"''"};
|
${"''"};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
|
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
|
||||||
};
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
rm -rf $TMPDIR
|
|
||||||
''
|
''
|
||||||
|
|
||||||
|
@ -39,6 +39,8 @@ let
|
|||||||
ne = x: y: x != y;
|
ne = x: y: x != y;
|
||||||
mod = x: y: x - y * (x / y);
|
mod = x: y: x - y * (x / y);
|
||||||
|
|
||||||
|
on = b: u: x: y: b (u x) (u y);
|
||||||
|
|
||||||
genid = lib.genid_uint32; # TODO remove
|
genid = lib.genid_uint32; # TODO remove
|
||||||
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
|
genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2;
|
||||||
genid_uint32 = import ./genid.nix { inherit lib; };
|
genid_uint32 = import ./genid.nix { inherit lib; };
|
||||||
@ -185,6 +187,30 @@ let
|
|||||||
in
|
in
|
||||||
filter (x: x != []) ([acc.chunk] ++ acc.chunks);
|
filter (x: x != []) ([acc.chunk] ++ acc.chunks);
|
||||||
|
|
||||||
|
# Filter adjacent duplicate elements.
|
||||||
|
uniq = uniqBy eq;
|
||||||
|
|
||||||
|
# Filter adjacent duplicate elements determined via the given function.
|
||||||
|
uniqBy = cmp: let
|
||||||
|
f = a: s:
|
||||||
|
if length s == 0 then
|
||||||
|
[]
|
||||||
|
else let
|
||||||
|
b = head s;
|
||||||
|
in
|
||||||
|
if cmp a b then
|
||||||
|
f b (tail s)
|
||||||
|
else
|
||||||
|
[b] ++ f b (tail s);
|
||||||
|
in
|
||||||
|
s:
|
||||||
|
if length s == 0 then
|
||||||
|
[]
|
||||||
|
else let
|
||||||
|
b = head s;
|
||||||
|
in
|
||||||
|
[b] ++ f b (tail s);
|
||||||
|
|
||||||
warnOldVersion = oldName: newName:
|
warnOldVersion = oldName: newName:
|
||||||
if compareVersions oldName newName != -1 then
|
if compareVersions oldName newName != -1 then
|
||||||
trace "Upstream `${oldName}' gets overridden by `${newName}'." newName
|
trace "Upstream `${oldName}' gets overridden by `${newName}'." newName
|
||||||
|
@ -39,7 +39,12 @@ rec {
|
|||||||
in
|
in
|
||||||
if parse == null then
|
if parse == null then
|
||||||
(pkgs.writeText name s).overrideAttrs (old: {
|
(pkgs.writeText name s).overrideAttrs (old: {
|
||||||
dependencies = old.dependencies or [] ++ dependencies;
|
dependencies =
|
||||||
|
lib.uniq
|
||||||
|
(lib.sort (lib.on lib.lessThan (lib.getAttr "name"))
|
||||||
|
(filter
|
||||||
|
(lib.ne null)
|
||||||
|
(old.dependencies or [] ++ dependencies)));
|
||||||
})
|
})
|
||||||
|
|
||||||
else
|
else
|
||||||
|
@ -18,9 +18,6 @@ rec {
|
|||||||
type = label;
|
type = label;
|
||||||
default = config._module.args.name;
|
default = config._module.args.name;
|
||||||
};
|
};
|
||||||
cores = mkOption {
|
|
||||||
type = uint;
|
|
||||||
};
|
|
||||||
nets = mkOption {
|
nets = mkOption {
|
||||||
type = attrsOf net;
|
type = attrsOf net;
|
||||||
default = {};
|
default = {};
|
||||||
@ -149,6 +146,14 @@ rec {
|
|||||||
}.${config._module.args.name} or {
|
}.${config._module.args.name} or {
|
||||||
default = "${ip4.config.addr}/32";
|
default = "${ip4.config.addr}/32";
|
||||||
});
|
});
|
||||||
|
prefixLength = mkOption ({
|
||||||
|
type = uint;
|
||||||
|
} // {
|
||||||
|
retiolum.default = 16;
|
||||||
|
wiregrill.default = 16;
|
||||||
|
}.${config._module.args.name} or {
|
||||||
|
default = 32;
|
||||||
|
});
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
default = null;
|
default = null;
|
||||||
@ -168,6 +173,14 @@ rec {
|
|||||||
}.${config._module.args.name} or {
|
}.${config._module.args.name} or {
|
||||||
default = "${ip6.config.addr}/128";
|
default = "${ip6.config.addr}/128";
|
||||||
});
|
});
|
||||||
|
prefixLength = mkOption ({
|
||||||
|
type = uint;
|
||||||
|
} // {
|
||||||
|
retiolum.default = 32;
|
||||||
|
wiregrill.default = 32;
|
||||||
|
}.${config._module.args.name} or {
|
||||||
|
default = 128;
|
||||||
|
});
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -23,7 +23,6 @@ pkgs.writeDashBin "generate-secrets" ''
|
|||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
$HOSTNAME = {
|
$HOSTNAME = {
|
||||||
cores = 1;
|
|
||||||
owner = config.krebs.users.makefu;
|
owner = config.krebs.users.makefu;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
|
1
submodules/disko
Submodule
1
submodules/disko
Submodule
@ -0,0 +1 @@
|
|||||||
|
Subproject commit df3a607ad7ee431f4831a51af2c464aa8a8813f4
|
@ -4,6 +4,7 @@ with import ./lib;
|
|||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/tv>
|
<stockholm/tv>
|
||||||
|
../../2configs/autotether.nix
|
||||||
<stockholm/tv/2configs/hw/x220.nix>
|
<stockholm/tv/2configs/hw/x220.nix>
|
||||||
<stockholm/tv/2configs/exim-retiolum.nix>
|
<stockholm/tv/2configs/exim-retiolum.nix>
|
||||||
<stockholm/tv/2configs/gitconfig.nix>
|
<stockholm/tv/2configs/gitconfig.nix>
|
||||||
|
19
tv/2configs/autotether.nix
Normal file
19
tv/2configs/autotether.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ config, pkgs, ... }: let
|
||||||
|
cfg.serial = "17e064850405";
|
||||||
|
in {
|
||||||
|
systemd.services.usb_tether.serviceConfig = {
|
||||||
|
SyslogIdentifier = "usb_tether";
|
||||||
|
ExecStartPre = "${pkgs.android-tools}/bin/adb -s ${cfg.serial} wait-for-device";
|
||||||
|
ExecStart = "${pkgs.android-tools}/bin/adb -s ${cfg.serial} shell svc usb setFunctions rndis";
|
||||||
|
};
|
||||||
|
services.udev.extraRules = /* sh */ ''
|
||||||
|
ACTION=="add", SUBSYSTEM=="net", KERNEL=="usb*", NAME="android"
|
||||||
|
|
||||||
|
ACTION=="add", SUBSYSTEM=="usb", ATTR{serial}=="${cfg.serial}", \
|
||||||
|
TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service"
|
||||||
|
'';
|
||||||
|
systemd.network.networks.android = {
|
||||||
|
matchConfig.Name = "android";
|
||||||
|
DHCP = "yes";
|
||||||
|
};
|
||||||
|
}
|
@ -11,6 +11,16 @@ with import ./lib;
|
|||||||
LocalDiscovery = yes
|
LocalDiscovery = yes
|
||||||
'';
|
'';
|
||||||
tincPackage = pkgs.tinc_pre;
|
tincPackage = pkgs.tinc_pre;
|
||||||
|
tincUp = lib.mkIf config.systemd.network.enable "";
|
||||||
|
};
|
||||||
|
systemd.network.networks.retiolum = {
|
||||||
|
matchConfig.Name = "retiolum";
|
||||||
|
address = let
|
||||||
|
inherit (config.krebs.build.host.nets.retiolum) ip4 ip6;
|
||||||
|
in [
|
||||||
|
"${ip4.addr}/${toString ip4.prefixLength}"
|
||||||
|
"${ip6.addr}/${toString ip6.prefixLength}"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
tv.iptables.input-internet-accept-tcp = singleton "tinc";
|
tv.iptables.input-internet-accept-tcp = singleton "tinc";
|
||||||
tv.iptables.input-internet-accept-udp = singleton "tinc";
|
tv.iptables.input-internet-accept-udp = singleton "tinc";
|
||||||
|
@ -127,7 +127,7 @@ in {
|
|||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.systemd.services.ejabberd = {};
|
krebs.systemd.services.ejabberd.restartIfCredentialsChange = true;
|
||||||
|
|
||||||
systemd.services.ejabberd = {
|
systemd.services.ejabberd = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -26,7 +26,7 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
krebs.systemd.services.x0vncserver = {};
|
krebs.systemd.services.x0vncserver.restartIfCredentialsChange = true;
|
||||||
systemd.services.x0vncserver = {
|
systemd.services.x0vncserver = {
|
||||||
after = [ "graphical.target" ];
|
after = [ "graphical.target" ];
|
||||||
requires = [ "graphical.target" ];
|
requires = [ "graphical.target" ];
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user