NWO
This commit is contained in:
commit
d213df5c00
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
/.graveyard
|
4
0make/tv/cd.makefile
Normal file
4
0make/tv/cd.makefile
Normal file
@ -0,0 +1,4 @@
|
||||
deploy_host := root@cd-global
|
||||
nixpkgs_url := https://github.com/NixOS/nixpkgs
|
||||
nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870
|
||||
secrets_dir := /home/tv/secrets/cd
|
4
0make/tv/mkdir.makefile
Normal file
4
0make/tv/mkdir.makefile
Normal file
@ -0,0 +1,4 @@
|
||||
deploy_host := root@mkdir
|
||||
nixpkgs_url := https://github.com/NixOS/nixpkgs
|
||||
nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870
|
||||
secrets_dir := /home/tv/secrets/mkdir
|
4
0make/tv/nomic.makefile
Normal file
4
0make/tv/nomic.makefile
Normal file
@ -0,0 +1,4 @@
|
||||
deploy_host := root@nomic-local
|
||||
nixpkgs_url := https://github.com/NixOS/nixpkgs
|
||||
nixpkgs_rev := 4e5e44140bfc27211dffbb3cd727842ab02eb9d6
|
||||
secrets_dir := /home/tv/secrets/nomic
|
4
0make/tv/rmdir.makefile
Normal file
4
0make/tv/rmdir.makefile
Normal file
@ -0,0 +1,4 @@
|
||||
deploy_host := root@rmdir
|
||||
nixpkgs_url := https://github.com/NixOS/nixpkgs
|
||||
nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870
|
||||
secrets_dir := /home/tv/secrets/rmdir
|
4
0make/tv/wu.makefile
Normal file
4
0make/tv/wu.makefile
Normal file
@ -0,0 +1,4 @@
|
||||
deploy_host := root@wu
|
||||
nixpkgs_url := https://github.com/NixOS/nixpkgs
|
||||
nixpkgs_rev := e1af50c4c4c0332136283e9231f0a32ac11f2b90
|
||||
secrets_dir := /home/tv/secrets/wu
|
98
1systems/tv/cd.nix
Normal file
98
1systems/tv/cd.nix
Normal file
@ -0,0 +1,98 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/CAC-Developer-2.nix
|
||||
../../2configs/tv/CAC-CentOS-7-64bit.nix
|
||||
../../2configs/tv/base.nix
|
||||
../../2configs/tv/consul-server.nix
|
||||
../../2configs/tv/exim-smarthost.nix
|
||||
../../2configs/tv/git-public.nix
|
||||
{
|
||||
imports = [ ../../3modules/tv/ejabberd.nix ];
|
||||
tv.ejabberd = {
|
||||
enable = true;
|
||||
hosts = [ "jabber.viljetic.de" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/identity.nix ];
|
||||
tv.identity = {
|
||||
enable = true;
|
||||
self = config.tv.identity.hosts.cd;
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/iptables.nix ];
|
||||
tv.iptables = {
|
||||
enable = true;
|
||||
input-internet-accept-new-tcp = [
|
||||
"ssh"
|
||||
"tinc"
|
||||
"smtp"
|
||||
"xmpp-client"
|
||||
"xmpp-server"
|
||||
];
|
||||
input-retiolum-accept-new-tcp = [
|
||||
"http"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/retiolum.nix ];
|
||||
tv.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"fastpoke"
|
||||
"pigstarter"
|
||||
"ire"
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = "cd";
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = "162.219.7.216";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = "162.219.7.1";
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git # required for ./deploy, clone_or_update
|
||||
htop
|
||||
iftop
|
||||
iotop
|
||||
iptables
|
||||
mutt # for mv
|
||||
nethogs
|
||||
rxvt_unicode.terminfo
|
||||
tcpdump
|
||||
];
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
|
||||
users.extraUsers = {
|
||||
mv = {
|
||||
uid = 1338;
|
||||
group = "users";
|
||||
home = "/home/mv";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
openssh.authorizedKeys.keys = map readFile [
|
||||
../../Zpubkeys/mv_vod.ssh.pub
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
76
1systems/tv/mkdir.nix
Normal file
76
1systems/tv/mkdir.nix
Normal file
@ -0,0 +1,76 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/CAC-Developer-1.nix
|
||||
../../2configs/tv/CAC-CentOS-7-64bit.nix
|
||||
../../2configs/tv/base.nix
|
||||
../../2configs/tv/consul-server.nix
|
||||
../../2configs/tv/exim-smarthost.nix
|
||||
../../2configs/tv/git-public.nix
|
||||
{
|
||||
imports = [ ../../3modules/tv/identity.nix ];
|
||||
tv.identity = {
|
||||
enable = true;
|
||||
self = config.tv.identity.hosts.mkdir;
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/iptables.nix ];
|
||||
tv.iptables = {
|
||||
enable = true;
|
||||
input-internet-accept-new-tcp = [
|
||||
"ssh"
|
||||
"tinc"
|
||||
"smtp"
|
||||
];
|
||||
input-retiolum-accept-new-tcp = [
|
||||
"http"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/retiolum.nix ];
|
||||
tv.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"cd"
|
||||
"fastpoke"
|
||||
"pigstarter"
|
||||
"ire"
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = "mkdir";
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = "162.248.167.241";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = "162.248.167.1";
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git # required for ./deploy, clone_or_update
|
||||
htop
|
||||
iftop
|
||||
iotop
|
||||
iptables
|
||||
nethogs
|
||||
rxvt_unicode.terminfo
|
||||
tcpdump
|
||||
];
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
}
|
111
1systems/tv/nomic.nix
Normal file
111
1systems/tv/nomic.nix
Normal file
@ -0,0 +1,111 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/AO753.nix
|
||||
../../2configs/tv/base.nix
|
||||
../../2configs/tv/consul-server.nix
|
||||
../../2configs/tv/exim-retiolum.nix
|
||||
../../2configs/tv/git-public.nix
|
||||
{
|
||||
imports = [ ../../3modules/tv/identity.nix ];
|
||||
tv.identity = {
|
||||
enable = true;
|
||||
self = config.tv.identity.hosts.nomic;
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/iptables.nix ];
|
||||
tv.iptables = {
|
||||
enable = true;
|
||||
input-internet-accept-new-tcp = [
|
||||
"ssh"
|
||||
"http"
|
||||
"tinc"
|
||||
"smtp"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/nginx.nix ];
|
||||
tv.nginx = {
|
||||
enable = true;
|
||||
retiolum-locations = [
|
||||
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||
alias /home/$1/public_html$2;
|
||||
'')
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/retiolum.nix ];
|
||||
tv.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
boot.initrd.luks = {
|
||||
cryptoModules = [ "aes" "sha1" "xts" ];
|
||||
devices = [
|
||||
{
|
||||
name = "luks1";
|
||||
device = "/dev/disk/by-uuid/cac73902-1023-4906-8e95-3a8b245337d4";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/de4780fc-0473-4708-81df-299b7383274c";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/be3a1d80-3157-4d7c-86cc-ef01b64eff5e";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/9db9c8ff-51da-4cbd-9f0a-0cd3333bbaff";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix = {
|
||||
buildCores = 2;
|
||||
maxJobs = 2;
|
||||
daemonIONiceLevel = 1;
|
||||
daemonNiceLevel = 1;
|
||||
};
|
||||
|
||||
# TODO base
|
||||
boot.tmpOnTmpfs = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
(writeScriptBin "play" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
mpv() { exec ${mpv}/bin/mpv "$@"; }
|
||||
case $1 in
|
||||
deepmix) mpv http://deepmix.ru/deepmix128.pls;;
|
||||
groovesalad) mpv http://somafm.com/play/groovesalad;;
|
||||
ntslive) mpv http://listen2.ntslive.co.uk/listen.pls;;
|
||||
*)
|
||||
echo "$0: bad argument: $*" >&2
|
||||
exit 23
|
||||
esac
|
||||
'')
|
||||
rxvt_unicode.terminfo
|
||||
tmux
|
||||
];
|
||||
|
||||
networking.hostName = "nomic";
|
||||
}
|
77
1systems/tv/rmdir.nix
Normal file
77
1systems/tv/rmdir.nix
Normal file
@ -0,0 +1,77 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/CAC-Developer-1.nix
|
||||
../../2configs/tv/CAC-CentOS-7-64bit.nix
|
||||
../../2configs/tv/base.nix
|
||||
../../2configs/tv/consul-server.nix
|
||||
../../2configs/tv/exim-smarthost.nix
|
||||
../../2configs/tv/git-public.nix
|
||||
{
|
||||
imports = [ ../../3modules/tv/identity.nix ];
|
||||
tv.identity = {
|
||||
enable = true;
|
||||
self = config.tv.identity.hosts.rmdir;
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/iptables.nix ];
|
||||
tv.iptables = {
|
||||
enable = true;
|
||||
input-internet-accept-new-tcp = [
|
||||
"ssh"
|
||||
"tinc"
|
||||
"smtp"
|
||||
];
|
||||
input-retiolum-accept-new-tcp = [
|
||||
"http"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/retiolum.nix ];
|
||||
tv.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"cd"
|
||||
"mkdir"
|
||||
"fastpoke"
|
||||
"pigstarter"
|
||||
"ire"
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
networking.hostName = "rmdir";
|
||||
networking.interfaces.enp2s1.ip4 = [
|
||||
{
|
||||
address = "167.88.44.94";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway = "167.88.44.1";
|
||||
networking.nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git # required for ./deploy, clone_or_update
|
||||
htop
|
||||
iftop
|
||||
iotop
|
||||
iptables
|
||||
nethogs
|
||||
rxvt_unicode.terminfo
|
||||
tcpdump
|
||||
];
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
}
|
388
1systems/tv/wu.nix
Normal file
388
1systems/tv/wu.nix
Normal file
@ -0,0 +1,388 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/w110er.nix
|
||||
../../2configs/tv/base.nix
|
||||
../../2configs/tv/consul-client.nix
|
||||
../../2configs/tv/exim-retiolum.nix
|
||||
../../2configs/tv/git-public.nix
|
||||
# TODO git-private.nix
|
||||
../../2configs/tv/xserver.nix
|
||||
../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled
|
||||
{
|
||||
imports = [ ../../3modules/tv/identity.nix ];
|
||||
tv.identity = {
|
||||
enable = true;
|
||||
self = config.tv.identity.hosts.wu;
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/iptables.nix ];
|
||||
tv.iptables = {
|
||||
enable = true;
|
||||
input-internet-accept-new-tcp = [
|
||||
"ssh"
|
||||
"http"
|
||||
"tinc"
|
||||
"smtp"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/nginx.nix ];
|
||||
tv.nginx = {
|
||||
enable = true;
|
||||
retiolum-locations = [
|
||||
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||
alias /home/$1/public_html$2;
|
||||
'')
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/retiolum.nix ];
|
||||
tv.retiolum = {
|
||||
enable = true;
|
||||
hosts = ../../Zhosts;
|
||||
connectTo = [
|
||||
"gum"
|
||||
"pigstarter"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [ ../../3modules/tv/urlwatch.nix ];
|
||||
tv.urlwatch = {
|
||||
enable = true;
|
||||
mailto = "tv@wu.retiolum"; # TODO
|
||||
onCalendar = "*-*-* 05:00:00";
|
||||
urls = [
|
||||
## nixpkgs maintenance
|
||||
|
||||
# 2014-07-29 when one of the following urls change
|
||||
# then we have to update the package
|
||||
|
||||
# ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
|
||||
http://simple-evcorr.sourceforge.net/
|
||||
|
||||
# ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix
|
||||
https://thp.io/2008/urlwatch/
|
||||
|
||||
# 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
|
||||
https://api.github.com/repos/ioerror/tlsdate/tags
|
||||
|
||||
# 2015-02-18
|
||||
# ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix
|
||||
http://www.fourmilab.ch/webtools/qprint/
|
||||
|
||||
# 2014-09-24 ref https://github.com/4z3/xintmap
|
||||
http://www.mathstat.dal.ca/~selinger/quipper/
|
||||
|
||||
# 2014-12-12 remove nixopsUnstable when nixops get's bumped to 1.3
|
||||
# ref https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/package-management/nixops/unstable.nix
|
||||
http://nixos.org/releases/nixops/
|
||||
|
||||
## other
|
||||
|
||||
https://nixos.org/channels/nixos-unstable/git-revision
|
||||
|
||||
## 2014-10-17
|
||||
## TODO update ~/src/login/default.nix
|
||||
#http://hackage.haskell.org/package/bcrypt
|
||||
#http://hackage.haskell.org/package/cron
|
||||
#http://hackage.haskell.org/package/hyphenation
|
||||
#http://hackage.haskell.org/package/iso8601-time
|
||||
#http://hackage.haskell.org/package/ixset-typed
|
||||
#http://hackage.haskell.org/package/system-command
|
||||
#http://hackage.haskell.org/package/transformers
|
||||
#http://hackage.haskell.org/package/web-routes-wai
|
||||
#http://hackage.haskell.org/package/web-page
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
users.extraGroups = {
|
||||
tv-sub.gid = 1337;
|
||||
};
|
||||
|
||||
users.extraUsers =
|
||||
mapAttrs (name: user: user // {
|
||||
inherit name;
|
||||
home = "/home/${name}";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
}) {
|
||||
ff = {
|
||||
uid = 13378001;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
];
|
||||
};
|
||||
|
||||
cr = {
|
||||
uid = 13378002;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
vimb = {
|
||||
uid = 13378003;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
fa = {
|
||||
uid = 2300001;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
rl = {
|
||||
uid = 2300002;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
tief = {
|
||||
uid = 2300702;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
btc-bitcoind = {
|
||||
uid = 2301001;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
btc-electrum = {
|
||||
uid = 2301002;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
ltc-litecoind = {
|
||||
uid = 2301101;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
eth = {
|
||||
uid = 2302001;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
emse-hsdb = {
|
||||
uid = 4200101;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
wine = {
|
||||
uid = 13370400;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
# dwarffortress
|
||||
df = {
|
||||
uid = 13370401;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
# XXX visudo: Warning: Runas_Alias `FTL' referenced but not defined
|
||||
FTL = {
|
||||
uid = 13370402;
|
||||
#group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"bumblebee"
|
||||
];
|
||||
};
|
||||
|
||||
freeciv = {
|
||||
uid = 13370403;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
xr = {
|
||||
uid = 13370061;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
];
|
||||
};
|
||||
|
||||
"23" = {
|
||||
uid = 13370023;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
electrum = {
|
||||
uid = 13370102;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
Reaktor = {
|
||||
uid = 4230010;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
gitolite = {
|
||||
uid = 7700;
|
||||
};
|
||||
|
||||
skype = {
|
||||
uid = 6660001;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
];
|
||||
};
|
||||
|
||||
onion = {
|
||||
uid = 6660010;
|
||||
group = "tv-sub";
|
||||
};
|
||||
|
||||
zalora = {
|
||||
uid = 1000301;
|
||||
group = "tv-sub";
|
||||
extraGroups = [
|
||||
"audio"
|
||||
# TODO remove vboxusers when hardening is active
|
||||
"vboxusers"
|
||||
"video"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraConfig =
|
||||
let
|
||||
inherit (import ../../4lib/tv { inherit lib pkgs; })
|
||||
isSuffixOf;
|
||||
|
||||
hasMaster = { group ? "", ... }:
|
||||
isSuffixOf "-sub" group;
|
||||
|
||||
masterOf = user : removeSuffix "-sub" user.group;
|
||||
in
|
||||
concatStringsSep "\n"
|
||||
(map (u: "${masterOf u} ALL=(${u.name}) NOPASSWD: ALL")
|
||||
(filter hasMaster (attrValues config.users.extraUsers)));
|
||||
}
|
||||
];
|
||||
|
||||
boot.initrd.luks = {
|
||||
cryptoModules = [ "aes" "sha512" "xts" ];
|
||||
devices = [
|
||||
{ name = "home"; device = "/dev/vg840/enchome"; preLVM = false; }
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/mapper/vg840-wuroot";
|
||||
fsType = "btrfs";
|
||||
options = "defaults,noatime,ssd,compress=lzo";
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/mapper/home";
|
||||
options = "defaults,noatime,ssd,compress=lzo";
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = "nosuid,nodev,noatime";
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||
nixpkgs.config.chromium.enablePepperFlash = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.bumblebee.enable = true;
|
||||
hardware.bumblebee.group = "video";
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
|
||||
networking.hostName = "wu";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
xlibs.fontschumachermisc
|
||||
slock
|
||||
ethtool
|
||||
#firefoxWrapper # with plugins
|
||||
#chromiumDevWrapper
|
||||
tinc
|
||||
iptables
|
||||
#jack2
|
||||
];
|
||||
|
||||
security.setuidPrograms = [
|
||||
"sendmail" # for cron
|
||||
"slock"
|
||||
];
|
||||
|
||||
services.printing.enable = true;
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
|
||||
# see tmpfiles.d(5)
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
|
||||
];
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
networking.extraHosts = ''
|
||||
192.168.1.1 wrt.gg23 wrt
|
||||
192.168.1.11 mors.gg23
|
||||
192.168.1.12 uriel.gg23
|
||||
192.168.1.23 raspi.gg23 raspi
|
||||
192.168.1.37 wu.gg23
|
||||
192.168.1.110 nomic.gg23
|
||||
192.168.1.124 schnabeldrucker.gg23 schnabeldrucker
|
||||
'';
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
|
||||
|
||||
# for jack
|
||||
KERNEL=="rtc0", GROUP="audio"
|
||||
KERNEL=="hpet", GROUP="audio"
|
||||
'';
|
||||
|
||||
services.bitlbee.enable = true;
|
||||
services.tor.client.enable = true;
|
||||
services.tor.enable = true;
|
||||
services.virtualboxHost.enable = true;
|
||||
|
||||
# TODO w110er if xserver is enabled
|
||||
services.xserver.vaapiDrivers = [ pkgs.vaapiIntel ];
|
||||
}
|
39
2configs/tv/AO753.nix
Normal file
39
2configs/tv/AO753.nix
Normal file
@ -0,0 +1,39 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/smartd.nix
|
||||
];
|
||||
|
||||
boot.loader.grub = {
|
||||
device = "/dev/sda";
|
||||
splashImage = null;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ahci"
|
||||
];
|
||||
|
||||
boot.kernelModules = [
|
||||
"kvm-intel"
|
||||
"wl"
|
||||
];
|
||||
|
||||
boot.extraModulePackages = [
|
||||
config.boot.kernelPackages.broadcom_sta
|
||||
];
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleHibernateKey=ignore
|
||||
HandleLidSwitch=ignore
|
||||
HandlePowerKey=ignore
|
||||
HandleSuspendKey=ignore
|
||||
'';
|
||||
|
||||
nixpkgs.config = {
|
||||
allowUnfree = false;
|
||||
allowUnfreePredicate = (x: pkgs.lib.hasPrefix "broadcom-sta-" x.name);
|
||||
};
|
||||
}
|
47
2configs/tv/CAC-CentOS-7-64bit.nix
Normal file
47
2configs/tv/CAC-CentOS-7-64bit.nix
Normal file
@ -0,0 +1,47 @@
|
||||
_:
|
||||
|
||||
{
|
||||
boot.loader.grub = {
|
||||
device = "/dev/sda";
|
||||
splashImage = null;
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = [
|
||||
"ata_piix"
|
||||
"vmw_pvscsi"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/centos/root";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/centos/swap"; }
|
||||
];
|
||||
|
||||
users.extraGroups = {
|
||||
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
|
||||
# Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
|
||||
# Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
|
||||
# Docs: man:tmpfiles.d(5)
|
||||
# man:systemd-tmpfiles(8)
|
||||
# Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
|
||||
# Main PID: 19272 (code=exited, status=1/FAILURE)
|
||||
#
|
||||
# Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
|
||||
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
|
||||
# Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
|
||||
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
|
||||
# Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
|
||||
# Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
|
||||
# Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
|
||||
# warning: error(s) occured while switching to the new configuration
|
||||
lock.gid = 10001;
|
||||
};
|
||||
}
|
6
2configs/tv/CAC-Developer-1.nix
Normal file
6
2configs/tv/CAC-Developer-1.nix
Normal file
@ -0,0 +1,6 @@
|
||||
_:
|
||||
|
||||
{
|
||||
nix.maxJobs = 1;
|
||||
sound.enable = false;
|
||||
}
|
6
2configs/tv/CAC-Developer-2.nix
Normal file
6
2configs/tv/CAC-Developer-2.nix
Normal file
@ -0,0 +1,6 @@
|
||||
_:
|
||||
|
||||
{
|
||||
nix.maxJobs = 2;
|
||||
sound.enable = false;
|
||||
}
|
175
2configs/tv/base.nix
Normal file
175
2configs/tv/base.nix
Normal file
@ -0,0 +1,175 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
# "7.4.335" -> "74"
|
||||
majmin = x: concatStrings (take 2 (splitString "." x));
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
(import /root/src/secrets/hashedPasswords.nix);
|
||||
}
|
||||
{
|
||||
users.defaultUserShell = "/run/current-system/sw/bin/bash";
|
||||
users.mutableUsers = false;
|
||||
}
|
||||
{
|
||||
users.extraUsers = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = map readFile [
|
||||
../../Zpubkeys/tv_wu.ssh.pub
|
||||
];
|
||||
};
|
||||
tv = {
|
||||
uid = 1337;
|
||||
group = "users";
|
||||
home = "/home/tv";
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"wheel"
|
||||
];
|
||||
openssh.authorizedKeys.keys = map readFile [
|
||||
../../Zpubkeys/tv_wu.ssh.pub
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults mailto="tv@wu.retiolum"
|
||||
'';
|
||||
time.timeZone = "Europe/Berlin";
|
||||
}
|
||||
{
|
||||
# TODO check if both are required:
|
||||
nix.chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||
|
||||
nix.trustedBinaryCaches = [
|
||||
"https://cache.nixos.org"
|
||||
"http://cache.nixos.org"
|
||||
"http://hydra.nixos.org"
|
||||
];
|
||||
|
||||
nix.useChroot = true;
|
||||
}
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
];
|
||||
|
||||
environment.etc."vim/vimrc".text = ''
|
||||
set nocp
|
||||
'';
|
||||
|
||||
environment.etc."vim/vim${majmin pkgs.vim.version}".source =
|
||||
"${pkgs.vim}/share/vim/vim${majmin pkgs.vim.version}";
|
||||
|
||||
# multiple-definition-problem when defining environment.variables.EDITOR
|
||||
environment.extraInit = ''
|
||||
EDITOR=vim
|
||||
'';
|
||||
|
||||
environment.shellAliases = {
|
||||
# alias cal='cal -m3'
|
||||
gp = "${pkgs.pari}/bin/gp -q";
|
||||
df = "df -h";
|
||||
du = "du -h";
|
||||
# alias grep='grep --color=auto'
|
||||
|
||||
# TODO alias cannot contain #\'
|
||||
# "ps?" = "ps ax | head -n 1;ps ax | fgrep -v ' grep --color=auto ' | grep";
|
||||
|
||||
# alias la='ls -lA'
|
||||
lAtr = "ls -lAtr";
|
||||
# alias ll='ls -l'
|
||||
ls = "ls -h --color=auto --group-directories-first";
|
||||
# alias vim='vim -p'
|
||||
# alias vi='vim'
|
||||
# alias view='vim -R'
|
||||
dmesg = "dmesg -L --reltime";
|
||||
};
|
||||
|
||||
environment.variables.VIM = "/etc/vim";
|
||||
|
||||
programs.bash = {
|
||||
interactiveShellInit = ''
|
||||
HISTCONTROL='erasedups:ignorespace'
|
||||
HISTSIZE=65536
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
|
||||
shopt -s checkhash
|
||||
shopt -s histappend histreedit histverify
|
||||
shopt -s no_empty_cmd_completion
|
||||
complete -d cd
|
||||
|
||||
# TODO source bridge
|
||||
'';
|
||||
promptInit = ''
|
||||
case $UID in
|
||||
0)
|
||||
PS1='\[\e[1;31m\]\w\[\e[0m\] '
|
||||
;;
|
||||
1337)
|
||||
PS1='\[\e[1;32m\]\w\[\e[0m\] '
|
||||
;;
|
||||
*)
|
||||
PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] '
|
||||
;;
|
||||
esac
|
||||
if test -n "$SSH_CLIENT"; then
|
||||
PS1='\[\e[35m\]\h'" $PS1"
|
||||
fi
|
||||
if test -n "$SSH_AGENT_PID"; then
|
||||
PS1="ssh-agent[$SSH_AGENT_PID] $PS1"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
}
|
||||
|
||||
{
|
||||
nixpkgs.config.packageOverrides = pkgs:
|
||||
{
|
||||
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
||||
};
|
||||
|
||||
services.cron.enable = false;
|
||||
services.nscd.enable = false;
|
||||
services.ntp.enable = false;
|
||||
}
|
||||
|
||||
{
|
||||
boot.kernel.sysctl = {
|
||||
# Enable IPv6 Privacy Extensions
|
||||
"net.ipv6.conf.all.use_tempaddr" = 2;
|
||||
"net.ipv6.conf.default.use_tempaddr" = 2;
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
hostKeys = [
|
||||
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
# TODO: exim
|
||||
security.setuidPrograms = [
|
||||
"sendmail" # for sudo
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
9
2configs/tv/consul-client.nix
Normal file
9
2configs/tv/consul-client.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ./consul-server.nix ];
|
||||
|
||||
tv.consul = {
|
||||
server = pkgs.lib.mkForce false;
|
||||
};
|
||||
}
|
22
2configs/tv/consul-server.nix
Normal file
22
2configs/tv/consul-server.nix
Normal file
@ -0,0 +1,22 @@
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
imports = [ ../../3modules/tv/consul.nix ];
|
||||
tv.consul = rec {
|
||||
enable = true;
|
||||
|
||||
inherit (config.tv.identity) self;
|
||||
inherit (self) dc;
|
||||
|
||||
server = true;
|
||||
|
||||
hosts = with config.tv.identity.hosts; [
|
||||
# TODO get this list automatically from each host where tv.consul.enable is true
|
||||
cd
|
||||
mkdir
|
||||
nomic
|
||||
rmdir
|
||||
#wu
|
||||
];
|
||||
};
|
||||
}
|
4
2configs/tv/cryptoroot.nix
Normal file
4
2configs/tv/cryptoroot.nix
Normal file
@ -0,0 +1,4 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
}
|
126
2configs/tv/exim-retiolum.nix
Normal file
126
2configs/tv/exim-retiolum.nix
Normal file
@ -0,0 +1,126 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.exim =
|
||||
# This configuration makes only sense for retiolum-enabled hosts.
|
||||
# TODO modular configuration
|
||||
assert config.tv.retiolum.enable;
|
||||
let
|
||||
# TODO get the hostname from config.tv.retiolum.
|
||||
retiolumHostname = "${config.networking.hostName}.retiolum";
|
||||
in
|
||||
{ enable = true;
|
||||
config = ''
|
||||
primary_hostname = ${retiolumHostname}
|
||||
domainlist local_domains = @ : localhost
|
||||
domainlist relay_to_domains = *.retiolum
|
||||
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
|
||||
host_lookup = *
|
||||
rfc1413_hosts = *
|
||||
rfc1413_query_timeout = 5s
|
||||
|
||||
log_file_path = syslog
|
||||
syslog_timestamp = false
|
||||
syslog_duplication = false
|
||||
|
||||
begin acl
|
||||
|
||||
acl_check_rcpt:
|
||||
accept hosts = :
|
||||
control = dkim_disable_verify
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = +local_domains
|
||||
local_parts = ^[.] : ^.*[@%!/|]
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = !+local_domains
|
||||
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
#accept
|
||||
# hosts = *.retiolum
|
||||
# domains = *.retiolum
|
||||
# control = dkim_disable_verify
|
||||
|
||||
#require verify = sender
|
||||
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
require message = relay not permitted
|
||||
domains = +local_domains : +relay_to_domains
|
||||
|
||||
require verify = recipient
|
||||
|
||||
accept
|
||||
|
||||
|
||||
acl_check_data:
|
||||
accept
|
||||
|
||||
|
||||
begin routers
|
||||
|
||||
retiolum:
|
||||
driver = manualroute
|
||||
domains = ! ${retiolumHostname} : *.retiolum
|
||||
transport = remote_smtp
|
||||
route_list = ^.* $0 byname
|
||||
no_more
|
||||
|
||||
nonlocal:
|
||||
debug_print = "R: nonlocal for $local_part@$domain"
|
||||
driver = redirect
|
||||
domains = ! +local_domains
|
||||
allow_fail
|
||||
data = :fail: Mailing to remote domains not supported
|
||||
no_more
|
||||
|
||||
local_user:
|
||||
# debug_print = "R: local_user for $local_part@$domain"
|
||||
driver = accept
|
||||
check_local_user
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
transport = home_maildir
|
||||
cannot_route_message = Unknown user
|
||||
|
||||
|
||||
begin transports
|
||||
|
||||
remote_smtp:
|
||||
driver = smtp
|
||||
|
||||
home_maildir:
|
||||
driver = appendfile
|
||||
maildir_format
|
||||
directory = $home/Maildir
|
||||
directory_mode = 0700
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
# group = mail
|
||||
# mode = 0660
|
||||
|
||||
begin retry
|
||||
*.retiolum * F,42d,1m
|
||||
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
|
||||
begin rewrite
|
||||
|
||||
begin authenticators
|
||||
'';
|
||||
};
|
||||
}
|
474
2configs/tv/exim-smarthost.nix
Normal file
474
2configs/tv/exim-smarthost.nix
Normal file
@ -0,0 +1,474 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) toFile;
|
||||
inherit (pkgs.lib.attrsets) mapAttrs;
|
||||
inherit (pkgs.lib.strings) concatMapStringsSep;
|
||||
in
|
||||
|
||||
{
|
||||
services.exim =
|
||||
let
|
||||
retiolumHostname = "${config.networking.hostName}.retiolum";
|
||||
|
||||
internet-aliases = [
|
||||
{ from = "tomislav@viljetic.de"; to = "tv@wu.retiolum"; }
|
||||
|
||||
# (mindestens) lisp-stammtisch und elli haben die:
|
||||
{ from = "tv@viljetic.de"; to = "tv@wu.retiolum"; }
|
||||
|
||||
{ from = "tv@destroy.dyn.shackspace.de"; to = "tv@wu.retiolum"; }
|
||||
|
||||
{ from = "mirko@viljetic.de"; to = "mv@cd.retiolum"; }
|
||||
|
||||
# TODO killme (wo wird die benutzt?)
|
||||
{ from = "tv@cd.retiolum"; to = "tv@wu.retiolum"; }
|
||||
|
||||
{ from = "postmaster@krebsco.de"; to = "tv@wu.retiolum"; }
|
||||
];
|
||||
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
{ from = "postmaster"; to = "root"; }
|
||||
{ from = "nobody"; to = "root"; }
|
||||
{ from = "hostmaster"; to = "root"; }
|
||||
{ from = "usenet"; to = "root"; }
|
||||
{ from = "news"; to = "root"; }
|
||||
{ from = "webmaster"; to = "root"; }
|
||||
{ from = "www"; to = "root"; }
|
||||
{ from = "ftp"; to = "root"; }
|
||||
{ from = "abuse"; to = "root"; }
|
||||
{ from = "noc"; to = "root"; }
|
||||
{ from = "security"; to = "root"; }
|
||||
{ from = "root"; to = "tv"; }
|
||||
{ from = "mirko"; to = "mv"; }
|
||||
];
|
||||
|
||||
to-lsearch = concatMapStringsSep "\n" ({ from, to }: "${from}: ${to}");
|
||||
lsearch =
|
||||
mapAttrs (name: set: toFile name (to-lsearch set)) {
|
||||
inherit internet-aliases;
|
||||
inherit system-aliases;
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
config =
|
||||
''
|
||||
primary_hostname = ${retiolumHostname}
|
||||
|
||||
# HOST_REDIR contains the real destinations for "local_domains".
|
||||
#HOST_REDIR = /etc/exim4/host_redirect
|
||||
|
||||
|
||||
# Domains not listed in local_domains need to be deliverable remotely.
|
||||
# XXX We abuse local_domains to mean "domains, we're the gateway for".
|
||||
domainlist local_domains = @ : localhost
|
||||
#: viljetic.de : SHACK_REDIR_HOSTNAME
|
||||
domainlist relay_to_domains =
|
||||
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
|
||||
|
||||
acl_smtp_rcpt = acl_check_rcpt
|
||||
acl_smtp_data = acl_check_data
|
||||
|
||||
# av_scanner = clamd:/tmp/clamd
|
||||
# spamd_address = 127.0.0.1 783
|
||||
|
||||
# tls_advertise_hosts = *
|
||||
# tls_certificate = /etc/ssl/exim.crt
|
||||
# tls_privatekey = /etc/ssl/exim.pem
|
||||
# (debian) tls_verify_certificates (to check client certs)
|
||||
|
||||
# daemon_smtp_ports = 25 : 465 : 587
|
||||
# tls_on_connect_ports = 465
|
||||
|
||||
# qualify_domain defaults to primary_hostname
|
||||
# qualify_recipient defaults to qualify_domain
|
||||
|
||||
# allow_domain_literals
|
||||
|
||||
never_users = root
|
||||
|
||||
host_lookup = *
|
||||
|
||||
# ident callbacks for all incoming SMTP calls
|
||||
rfc1413_hosts = *
|
||||
rfc1413_query_timeout = 5s
|
||||
|
||||
# sender_unqualified_hosts =
|
||||
# recipient_unqualified_hosts =
|
||||
|
||||
# percent_hack_domains =
|
||||
|
||||
# arch & debian
|
||||
#ignore_bounce_errors_after = 2d
|
||||
#timeout_frozen_after = 7d
|
||||
# debian
|
||||
#smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
|
||||
#freeze_tell = postmaster
|
||||
#trusted_users = uucp
|
||||
# arch
|
||||
#split_spool_directory = true
|
||||
|
||||
log_selector = -queue_run +address_rewrite +all_parents +queue_time
|
||||
log_file_path = syslog
|
||||
syslog_timestamp = false
|
||||
syslog_duplication = false
|
||||
|
||||
begin acl
|
||||
|
||||
acl_check_rcpt:
|
||||
# Accept if the source is local SMTP (i.e. not over TCP/IP).
|
||||
# We do this by testing for an empty sending host field.
|
||||
accept hosts = :
|
||||
# arch & debian:
|
||||
control = dkim_disable_verify
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = +local_domains
|
||||
local_parts = ^[.] : ^.*[@%!/|]
|
||||
|
||||
deny message = Restricted characters in address
|
||||
domains = !+local_domains
|
||||
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
|
||||
accept local_parts = postmaster
|
||||
domains = +local_domains
|
||||
|
||||
## feature RETIOLUM_MAIL
|
||||
#accept
|
||||
# hosts = *.retiolum
|
||||
# domains = *.retiolum
|
||||
# control = dkim_disable_verify
|
||||
|
||||
#require verify = sender
|
||||
|
||||
accept hosts = +relay_from_hosts
|
||||
control = submission
|
||||
# debian: control = submission/sender_retain
|
||||
# arch & debian:
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept authenticated = *
|
||||
control = submission
|
||||
control = dkim_disable_verify
|
||||
|
||||
accept message = relay not permitted 2
|
||||
recipients = lsearch;${lsearch.internet-aliases}
|
||||
|
||||
require message = relay not permitted
|
||||
domains = +local_domains : +relay_to_domains
|
||||
|
||||
require
|
||||
message = unknown user
|
||||
verify = recipient/callout
|
||||
|
||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||
# dnslists = black.list.example
|
||||
#
|
||||
# warn dnslists = black.list.example
|
||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||
# log_message = found in $dnslist_domain
|
||||
|
||||
# Client SMTP Authorization (csa) checks on the sending host.
|
||||
# Such checks do DNS lookups for special SRV records.
|
||||
# require verify = csa
|
||||
|
||||
accept
|
||||
|
||||
|
||||
acl_check_data:
|
||||
# see av_scanner
|
||||
#deny malware = *
|
||||
# message = This message contains a virus ($malware_name).
|
||||
|
||||
# Add headers to a message if it is judged to be spam. Before enabling this,
|
||||
# you must install SpamAssassin. You may also need to set the spamd_address
|
||||
# option above.
|
||||
#
|
||||
# warn spam = nobody
|
||||
# add_header = X-Spam_score: $spam_score\n\
|
||||
# X-Spam_score_int: $spam_score_int\n\
|
||||
# X-Spam_bar: $spam_bar\n\
|
||||
# X-Spam_report: $spam_report
|
||||
|
||||
# feature HELO_REWRITE
|
||||
# XXX note that the public ip (162.219.5.183) resolves to viljetic.de
|
||||
warn
|
||||
sender_domains = viljetic.de : shackspace.de
|
||||
set acl_m_special_dom = $sender_address_domain
|
||||
|
||||
accept
|
||||
|
||||
|
||||
begin routers
|
||||
|
||||
# feature RETIOLUM_MAIL
|
||||
retiolum:
|
||||
debug_print = "R: retiolum for $local_part@$domain"
|
||||
driver = manualroute
|
||||
domains = ! ${retiolumHostname} : *.retiolum
|
||||
transport = retiolum_smtp
|
||||
route_list = ^.* $0 byname
|
||||
no_more
|
||||
|
||||
internet_aliases:
|
||||
debug_print = "R: internet_aliases for $local_part@$domain"
|
||||
driver = redirect
|
||||
data = ''${lookup{$local_part@$domain}lsearch{${lsearch.internet-aliases}}}
|
||||
|
||||
dnslookup:
|
||||
debug_print = "R: dnslookup for $local_part@$domain"
|
||||
driver = dnslookup
|
||||
domains = ! +local_domains
|
||||
transport = remote_smtp
|
||||
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
|
||||
# if ipv6-enabled then instead use:
|
||||
# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
|
||||
|
||||
# (debian) same_domain_copy_routing = yes
|
||||
# (debian) ignore private rfc1918 and APIPA addresses
|
||||
# (debian) ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
|
||||
# 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
|
||||
# 255.255.255.255
|
||||
|
||||
# Fail and bounce if the router does not find the domain in the DNS.
|
||||
# I.e. no more routers are tried.
|
||||
# There are a few cases where a dnslookup router will decline to accept an
|
||||
# address; if such a router is expected to handle "all remaining non-local
|
||||
# domains", then it is important to set no_more.
|
||||
no_more
|
||||
|
||||
# XXX this is only used because these "well known aliases" goto tv@cd.retiolum
|
||||
# TODO bounce everything, there is no @cd.retiolum
|
||||
system_aliases:
|
||||
debug_print = "R: system_aliases for $local_part@$domain"
|
||||
driver = redirect
|
||||
data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}}
|
||||
|
||||
# TODO this is only b/c mv here... send mv's mails somewhere else...
|
||||
local_user:
|
||||
debug_print = "R: local_user for $local_part@$domain"
|
||||
driver = accept
|
||||
check_local_user
|
||||
# local_part_suffix = +* : -*
|
||||
# local_part_suffix_optional
|
||||
transport = home_maildir
|
||||
cannot_route_message = Unknown user
|
||||
|
||||
begin transports
|
||||
|
||||
retiolum_smtp:
|
||||
driver = smtp
|
||||
retry_include_ip_address = false
|
||||
# serialize_hosts = TODO-all-slow-hosts
|
||||
|
||||
remote_smtp:
|
||||
driver = smtp
|
||||
# debian has also stuff for tls, headers_rewrite and more here
|
||||
|
||||
# feature HELO_REWRITE
|
||||
# XXX note that the public ip (162.219.5.183) resolves to viljetic.de
|
||||
helo_data = ''${if eq{$acl_m_special_dom}{} \
|
||||
{$primary_hostname} \
|
||||
{$acl_m_special_dom} }
|
||||
|
||||
home_maildir:
|
||||
driver = appendfile
|
||||
maildir_format
|
||||
maildir_use_size_file
|
||||
directory = $home/Mail
|
||||
directory_mode = 0700
|
||||
delivery_date_add
|
||||
envelope_to_add
|
||||
return_path_add
|
||||
|
||||
begin retry
|
||||
*.retiolum * F,42d,1m
|
||||
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
|
||||
begin rewrite
|
||||
begin authenticators
|
||||
'';
|
||||
|
||||
|
||||
# group = mail
|
||||
# mode = 0660
|
||||
|
||||
|
||||
#address_pipe:
|
||||
# driver = pipe
|
||||
# return_output
|
||||
#
|
||||
#address_file:
|
||||
# driver = appendfile
|
||||
# delivery_date_add
|
||||
# envelope_to_add
|
||||
# return_path_add
|
||||
#
|
||||
#address_reply:
|
||||
# driver = autoreply
|
||||
|
||||
|
||||
#maildrop_pipe:
|
||||
# debug_print = "T: maildrop_pipe for $local_part@$domain"
|
||||
# driver = pipe
|
||||
# path = "/bin:/usr/bin:/usr/local/bin"
|
||||
# command = "/usr/bin/maildrop"
|
||||
# return_path_add
|
||||
# delivery_date_add
|
||||
# envelope_to_add
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
##begin retry
|
||||
# Address or Domain Error Retries
|
||||
|
||||
# Our host_redirect destinations might be offline a lot.
|
||||
# TODO define fallback destinations(?)
|
||||
#lsearch;${lsearch.internet-aliases} * F,42d,1m
|
||||
|
||||
|
||||
## begin rewrite
|
||||
|
||||
# just in case (shackspace.de should already do this)
|
||||
#tv@shackspace.de tv@SHACK_REDIR_HOSTNAME T
|
||||
|
||||
|
||||
## begin authenticators
|
||||
#PLAIN:
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth2
|
||||
# server_prompts = :
|
||||
# server_condition = Authentication is not yet configured
|
||||
# server_advertise_condition = ''${if def:tls_in_cipher }
|
||||
|
||||
#LOGIN:
|
||||
# driver = plaintext
|
||||
# server_set_id = $auth1
|
||||
# server_prompts = <| Username: | Password:
|
||||
# server_condition = Authentication is not yet configured
|
||||
# server_advertise_condition = ''${if def:tls_in_cipher }
|
||||
|
||||
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
# config = ''
|
||||
# primary_hostname = ${retiolumHostname}
|
||||
# domainlist local_domains = @ : localhost
|
||||
# domainlist relay_to_domains = *.retiolum
|
||||
# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
|
||||
#
|
||||
# acl_smtp_rcpt = acl_check_rcpt
|
||||
# acl_smtp_data = acl_check_data
|
||||
#
|
||||
# host_lookup = *
|
||||
# rfc1413_hosts = *
|
||||
# rfc1413_query_timeout = 5s
|
||||
#
|
||||
# log_file_path = syslog
|
||||
# syslog_timestamp = false
|
||||
# syslog_duplication = false
|
||||
#
|
||||
# begin acl
|
||||
#
|
||||
# acl_check_rcpt:
|
||||
# accept hosts = :
|
||||
# control = dkim_disable_verify
|
||||
#
|
||||
# deny message = Restricted characters in address
|
||||
# domains = +local_domains
|
||||
# local_parts = ^[.] : ^.*[@%!/|]
|
||||
#
|
||||
# deny message = Restricted characters in address
|
||||
# domains = !+local_domains
|
||||
# local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
|
||||
#
|
||||
# accept local_parts = postmaster
|
||||
# domains = +local_domains
|
||||
#
|
||||
# #accept
|
||||
# # hosts = *.retiolum
|
||||
# # domains = *.retiolum
|
||||
# # control = dkim_disable_verify
|
||||
#
|
||||
# #require verify = sender
|
||||
#
|
||||
# accept hosts = +relay_from_hosts
|
||||
# control = submission
|
||||
# control = dkim_disable_verify
|
||||
#
|
||||
# accept authenticated = *
|
||||
# control = submission
|
||||
# control = dkim_disable_verify
|
||||
#
|
||||
# require message = relay not permitted
|
||||
# domains = +local_domains : +relay_to_domains
|
||||
#
|
||||
# require verify = recipient
|
||||
#
|
||||
# accept
|
||||
#
|
||||
#
|
||||
# acl_check_data:
|
||||
# accept
|
||||
#
|
||||
#
|
||||
# begin routers
|
||||
#
|
||||
# retiolum:
|
||||
# driver = manualroute
|
||||
# domains = ! ${retiolumHostname} : *.retiolum
|
||||
# transport = remote_smtp
|
||||
# route_list = ^.* $0 byname
|
||||
# no_more
|
||||
#
|
||||
# nonlocal:
|
||||
# debug_print = "R: nonlocal for $local_part@$domain"
|
||||
# driver = redirect
|
||||
# domains = ! +local_domains
|
||||
# allow_fail
|
||||
# data = :fail: Mailing to remote domains not supported
|
||||
# no_more
|
||||
#
|
||||
# local_user:
|
||||
# # debug_print = "R: local_user for $local_part@$domain"
|
||||
# driver = accept
|
||||
# check_local_user
|
||||
# # local_part_suffix = +* : -*
|
||||
# # local_part_suffix_optional
|
||||
# transport = home_maildir
|
||||
# cannot_route_message = Unknown user
|
||||
#
|
||||
#
|
||||
# begin transports
|
||||
#
|
||||
# remote_smtp:
|
||||
# driver = smtp
|
||||
#
|
||||
# home_maildir:
|
||||
# driver = appendfile
|
||||
# maildir_format
|
||||
# directory = $home/Maildir
|
||||
# directory_mode = 0700
|
||||
# delivery_date_add
|
||||
# envelope_to_add
|
||||
# return_path_add
|
||||
# # group = mail
|
||||
# # mode = 0660
|
||||
#
|
||||
# begin retry
|
||||
# *.retiolum * F,42d,1m
|
||||
# * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
|
||||
#
|
||||
# begin rewrite
|
||||
#
|
||||
# begin authenticators
|
||||
# '';
|
||||
# };
|
||||
#}
|
83
2configs/tv/git-public.nix
Normal file
83
2configs/tv/git-public.nix
Normal file
@ -0,0 +1,83 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
inherit (builtins) map readFile;
|
||||
inherit (lib) concatMap listToAttrs;
|
||||
# TODO lib should already include our stuff
|
||||
inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git;
|
||||
|
||||
public-git-repos = [
|
||||
(public "cgserver")
|
||||
(public "crude-mail-setup")
|
||||
(public "dot-xmonad")
|
||||
(public "hack")
|
||||
(public "load-env")
|
||||
(public "make-snapshot")
|
||||
(public "mime")
|
||||
(public "much")
|
||||
(public "nixos-infest")
|
||||
(public "nixpkgs")
|
||||
(public "painload")
|
||||
(public "regfish")
|
||||
(public' {
|
||||
name = "shitment";
|
||||
desc = "turn all the computers into one computer!";
|
||||
})
|
||||
(public "wai-middleware-time")
|
||||
(public "web-routes-wai-custom")
|
||||
];
|
||||
|
||||
users = addNames {
|
||||
tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; };
|
||||
lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; };
|
||||
uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; };
|
||||
makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; };
|
||||
};
|
||||
|
||||
repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) public-git-repos);
|
||||
|
||||
rules = concatMap ({ rules, ... }: rules) public-git-repos;
|
||||
|
||||
public' = { name, desc }:
|
||||
let
|
||||
x = public name;
|
||||
in
|
||||
x // { repo = x.repo // { inherit desc; }; };
|
||||
|
||||
public = repo-name:
|
||||
rec {
|
||||
repo = {
|
||||
name = repo-name;
|
||||
hooks = {
|
||||
post-receive = git.irc-announce {
|
||||
nick = config.networking.hostName; # TODO make this the default
|
||||
channel = "#retiolum";
|
||||
server = "ire.retiolum";
|
||||
};
|
||||
};
|
||||
public = true;
|
||||
};
|
||||
rules = with git; with users; [
|
||||
{ user = tv;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
}
|
||||
{ user = [ lass makefu uriel ];
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../3modules/tv/git.nix
|
||||
];
|
||||
tv.git = {
|
||||
enable = true;
|
||||
inherit repos rules users;
|
||||
};
|
||||
}
|
17
2configs/tv/smartd.nix
Normal file
17
2configs/tv/smartd.nix
Normal file
@ -0,0 +1,17 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
devices = [
|
||||
{
|
||||
device = "DEVICESCAN";
|
||||
options = toString [
|
||||
"-a"
|
||||
"-m tv@wu.retiolum"
|
||||
"-s (O/../.././09|S/../.././04|L/../../6/05)"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
14
2configs/tv/synaptics.nix
Normal file
14
2configs/tv/synaptics.nix
Normal file
@ -0,0 +1,14 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
# TODO this is host specific
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
accelFactor = "0.035";
|
||||
additionalOptions = ''
|
||||
Option "FingerHigh" "60"
|
||||
Option "FingerLow" "60"
|
||||
'';
|
||||
};
|
||||
}
|
24
2configs/tv/urxvt.nix
Normal file
24
2configs/tv/urxvt.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
|
||||
let
|
||||
users = [ "tv" ];
|
||||
urxvt = pkgs.rxvt_unicode;
|
||||
mkService = user: {
|
||||
description = "urxvt terminal daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
restartIfChanged = false;
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
User = user;
|
||||
ExecStart = "${urxvt}/bin/urxvtd";
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
environment.systemPackages = [ urxvt ];
|
||||
systemd.services = listToAttrs (map (u: { name = "${u}-urxvtd"; value = mkService u; }) users);
|
||||
}
|
42
2configs/tv/w110er.nix
Normal file
42
2configs/tv/w110er.nix
Normal file
@ -0,0 +1,42 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/smartd.nix
|
||||
];
|
||||
|
||||
boot.extraModprobeConfig = ''
|
||||
options kvm_intel nested=1
|
||||
'';
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
boot.loader.gummiboot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.wireless.enable = true;
|
||||
|
||||
nix = {
|
||||
buildCores = 4;
|
||||
maxJobs = 4;
|
||||
daemonIONiceLevel = 1;
|
||||
daemonNiceLevel = 1;
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleHibernateKey=ignore
|
||||
HandleLidSwitch=ignore
|
||||
HandlePowerKey=ignore
|
||||
HandleSuspendKey=ignore
|
||||
'';
|
||||
|
||||
system.activationScripts.powertopTunables = ''
|
||||
echo 1 > /sys/module/snd_hda_intel/parameters/power_save
|
||||
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
|
||||
(cd /sys/bus/pci/devices
|
||||
for i in *; do
|
||||
echo auto > $i/power/control # defaults to 'on'
|
||||
done)
|
||||
'';
|
||||
}
|
41
2configs/tv/xserver.nix
Normal file
41
2configs/tv/xserver.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../2configs/tv/urxvt.nix # TODO via xserver
|
||||
];
|
||||
|
||||
services.xserver.enable = true;
|
||||
|
||||
|
||||
#fonts.enableFontConfig = true;
|
||||
#fonts.enableFontDir = true;
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
#services.xfs.enable = true;
|
||||
#services.xserver.useXFS = "unix/:7100";
|
||||
|
||||
services.xserver.displayManager.desktopManagerHandlesLidAndPower = true;
|
||||
|
||||
#services.xserver.display = 11;
|
||||
#services.xserver.tty = 11;
|
||||
# services.xserver.layout = "us";
|
||||
# services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
#services.xserver.multitouch.enable = true;
|
||||
|
||||
services.xserver.windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
|
||||
X11-xshape
|
||||
];
|
||||
services.xserver.windowManager.xmonad.enable = true;
|
||||
services.xserver.windowManager.xmonad.enableContribAndExtras = true;
|
||||
services.xserver.windowManager.default = "xmonad";
|
||||
services.xserver.desktopManager.default = "none";
|
||||
services.xserver.desktopManager.xterm.enable = false;
|
||||
|
||||
services.xserver.displayManager.slim.enable = true;
|
||||
#services.xserver.displayManager.auto.enable = true;
|
||||
#services.xserver.displayManager.auto.user = "tv";
|
||||
#services.xserver.displayManager.job.logsXsession = true;
|
||||
}
|
122
3modules/tv/consul.nix
Normal file
122
3modules/tv/consul.nix
Normal file
@ -0,0 +1,122 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# if quorum gets lost, then start any node with a config that doesn't contain bootstrap_expect
|
||||
# but -bootstrap
|
||||
# TODO consul-bootstrap HOST that actually does is
|
||||
# TODO tools to inspect state of a cluster in outage state
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.tv.consul;
|
||||
|
||||
out = {
|
||||
imports = [ ../../3modules/tv/iptables.nix ];
|
||||
options.tv.consul = api;
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
imp
|
||||
{ tv.iptables.input-retiolum-accept-new-tcp = [ "8300" "8301" ]; }
|
||||
# TODO udp for 8301
|
||||
]);
|
||||
};
|
||||
|
||||
api = {
|
||||
# TODO inherit (lib) api.options.enable; oder so
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "enable tv.consul";
|
||||
};
|
||||
dc = mkOption {
|
||||
type = types.unspecified;
|
||||
};
|
||||
hosts = mkOption {
|
||||
type = with types; listOf unspecified;
|
||||
};
|
||||
encrypt-file = mkOption {
|
||||
type = types.str; # TODO path (but not just into store)
|
||||
default = "/root/src/secrets/consul-encrypt.json";
|
||||
};
|
||||
data-dir = mkOption {
|
||||
type = types.str; # TODO path (but not just into store)
|
||||
default = "/var/lib/consul";
|
||||
};
|
||||
self = mkOption {
|
||||
type = types.unspecified;
|
||||
};
|
||||
server = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
GOMAXPROCS = mkOption {
|
||||
type = types.int;
|
||||
default = cfg.self.cores;
|
||||
};
|
||||
};
|
||||
|
||||
consul-config = {
|
||||
datacenter = cfg.dc;
|
||||
data_dir = cfg.data-dir;
|
||||
log_level = "INFO";
|
||||
#node_name =
|
||||
server = cfg.server;
|
||||
bind_addr = cfg.self.addr; # TODO cfg.addr
|
||||
enable_syslog = true;
|
||||
retry_join = map (getAttr "addr") (filter (host: host.fqdn != cfg.self.fqdn) cfg.hosts);
|
||||
leave_on_terminate = true;
|
||||
} // optionalAttrs cfg.server {
|
||||
bootstrap_expect = length cfg.hosts;
|
||||
leave_on_terminate = false;
|
||||
};
|
||||
|
||||
imp = {
|
||||
environment.systemPackages = with pkgs; [
|
||||
consul
|
||||
];
|
||||
|
||||
systemd.services.consul = {
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = with pkgs; [
|
||||
consul
|
||||
];
|
||||
environment = {
|
||||
GOMAXPROCS = toString cfg.GOMAXPROCS;
|
||||
};
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = "true";
|
||||
SyslogIdentifier = "consul";
|
||||
User = user.name;
|
||||
PrivateTmp = "true";
|
||||
Restart = "always";
|
||||
ExecStartPre = pkgs.writeScript "consul-init" ''
|
||||
#! /bin/sh
|
||||
mkdir -p ${cfg.data-dir}
|
||||
chown consul: ${cfg.data-dir}
|
||||
install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json
|
||||
'';
|
||||
ExecStart = pkgs.writeScript "consul-service" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
exec >/dev/null
|
||||
exec consul agent \
|
||||
-config-file=${toFile "consul.json" (toJSON consul-config)} \
|
||||
-config-file=/tmp/encrypt.json
|
||||
'';
|
||||
#-node=${cfg.self.fqdn} \
|
||||
#ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers = singleton {
|
||||
inherit (user) name uid;
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
name = "consul";
|
||||
uid = 2983239726; # genid consul
|
||||
};
|
||||
|
||||
in
|
||||
out
|
171
3modules/tv/ejabberd.nix
Normal file
171
3modules/tv/ejabberd.nix
Normal file
@ -0,0 +1,171 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.tv.ejabberd;
|
||||
|
||||
out = {
|
||||
options.tv.ejabberd = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
certFile = mkOption {
|
||||
type = types.str;
|
||||
default = "/root/src/secrets/ejabberd.pem";
|
||||
};
|
||||
|
||||
hosts = mkOption {
|
||||
type = with types; listOf str;
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
environment.systemPackages = [ my-ejabberdctl ];
|
||||
|
||||
systemd.services.ejabberd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
PermissionsStartOnly = "true";
|
||||
SyslogIdentifier = "ejabberd";
|
||||
User = user.name;
|
||||
PrivateTmp = "true";
|
||||
ExecStartPre = pkgs.writeScript "ejabberd-start" ''
|
||||
#! /bin/sh
|
||||
install -o ${user.name} -m 0400 ${cfg.certFile} /tmp/certfile.pem
|
||||
'';
|
||||
ExecStart = pkgs.writeScript "ejabberd-service" ''
|
||||
#! /bin/sh
|
||||
${my-ejabberdctl}/bin/ejabberdctl start
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers = singleton {
|
||||
inherit (user) name uid;
|
||||
home = "/var/ejabberd";
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
name = "ejabberd";
|
||||
uid = 405222;
|
||||
# TODO uid = 3483034447; # genid ejabberd
|
||||
};
|
||||
|
||||
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
exec env \
|
||||
SPOOLDIR=/var/ejabberd \
|
||||
EJABBERD_CONFIG_PATH=${config-file} \
|
||||
${pkgs.ejabberd}/bin/ejabberdctl \
|
||||
--logs /var/ejabberd \
|
||||
"$@"
|
||||
'';
|
||||
|
||||
config-file = pkgs.writeText "ejabberd.cfg" ''
|
||||
{loglevel, 3}.
|
||||
{hosts, ${toErlang cfg.hosts}}.
|
||||
{listen,
|
||||
[
|
||||
{5222, ejabberd_c2s, [
|
||||
starttls,
|
||||
{certfile, "/tmp/certfile.pem"},
|
||||
{access, c2s},
|
||||
{shaper, c2s_shaper},
|
||||
{max_stanza_size, 65536}
|
||||
]},
|
||||
{5269, ejabberd_s2s_in, [
|
||||
{shaper, s2s_shaper},
|
||||
{max_stanza_size, 131072}
|
||||
]},
|
||||
{5280, ejabberd_http, [
|
||||
captcha,
|
||||
http_bind,
|
||||
http_poll,
|
||||
web_admin
|
||||
]}
|
||||
]}.
|
||||
{s2s_use_starttls, required}.
|
||||
{s2s_certfile, "/tmp/certfile.pem"}.
|
||||
{auth_method, internal}.
|
||||
{shaper, normal, {maxrate, 1000}}.
|
||||
{shaper, fast, {maxrate, 50000}}.
|
||||
{max_fsm_queue, 1000}.
|
||||
{acl, local, {user_regexp, ""}}.
|
||||
{access, max_user_sessions, [{10, all}]}.
|
||||
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
|
||||
{access, local, [{allow, local}]}.
|
||||
{access, c2s, [{deny, blocked},
|
||||
{allow, all}]}.
|
||||
{access, c2s_shaper, [{none, admin},
|
||||
{normal, all}]}.
|
||||
{access, s2s_shaper, [{fast, all}]}.
|
||||
{access, announce, [{allow, admin}]}.
|
||||
{access, configure, [{allow, admin}]}.
|
||||
{access, muc_admin, [{allow, admin}]}.
|
||||
{access, muc_create, [{allow, local}]}.
|
||||
{access, muc, [{allow, all}]}.
|
||||
{access, pubsub_createnode, [{allow, local}]}.
|
||||
{access, register, [{allow, all}]}.
|
||||
{language, "en"}.
|
||||
{modules,
|
||||
[
|
||||
{mod_adhoc, []},
|
||||
{mod_announce, [{access, announce}]},
|
||||
{mod_blocking,[]},
|
||||
{mod_caps, []},
|
||||
{mod_configure,[]},
|
||||
{mod_disco, []},
|
||||
{mod_irc, []},
|
||||
{mod_http_bind, []},
|
||||
{mod_last, []},
|
||||
{mod_muc, [
|
||||
{access, muc},
|
||||
{access_create, muc_create},
|
||||
{access_persistent, muc_create},
|
||||
{access_admin, muc_admin}
|
||||
]},
|
||||
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
|
||||
{mod_ping, []},
|
||||
{mod_privacy, []},
|
||||
{mod_private, []},
|
||||
{mod_pubsub, [
|
||||
{access_createnode, pubsub_createnode},
|
||||
{ignore_pep_from_offline, true},
|
||||
{last_item_cache, false},
|
||||
{plugins, ["flat", "hometree", "pep"]}
|
||||
]},
|
||||
{mod_register, [
|
||||
{welcome_message, {"Welcome!",
|
||||
"Hi.\nWelcome to this XMPP server."}},
|
||||
{ip_access, [{allow, "127.0.0.0/8"},
|
||||
{deny, "0.0.0.0/0"}]},
|
||||
{access, register}
|
||||
]},
|
||||
{mod_roster, []},
|
||||
{mod_shared_roster,[]},
|
||||
{mod_stats, []},
|
||||
{mod_time, []},
|
||||
{mod_vcard, []},
|
||||
{mod_version, []}
|
||||
]}.
|
||||
'';
|
||||
|
||||
|
||||
# XXX this is a placeholder that happens to work the default strings.
|
||||
toErlang = builtins.toJSON;
|
||||
|
||||
in
|
||||
out
|
406
3modules/tv/git.nix
Normal file
406
3modules/tv/git.nix
Normal file
@ -0,0 +1,406 @@
|
||||
arg@{ config, pkgs, lib, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.tv.git;
|
||||
|
||||
out = {
|
||||
imports = [
|
||||
../../3modules/tv/nginx.nix
|
||||
];
|
||||
options.tv.git = api;
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
imp
|
||||
]);
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable Git repository hosting.";
|
||||
};
|
||||
cgit = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable cgit."; # TODO better desc; talk about nginx
|
||||
};
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/git";
|
||||
description = "Directory used to store repositories.";
|
||||
};
|
||||
etcDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/etc/git";
|
||||
};
|
||||
rules = mkOption {
|
||||
type = types.unspecified;
|
||||
};
|
||||
repos = mkOption {
|
||||
type = types.attrsOf (types.submodule ({
|
||||
options = {
|
||||
desc = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Repository description.
|
||||
'';
|
||||
};
|
||||
section = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Repository section.
|
||||
'';
|
||||
};
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Repository name.
|
||||
'';
|
||||
};
|
||||
hooks = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
description = ''
|
||||
Repository-specific hooks.
|
||||
'';
|
||||
};
|
||||
public = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Allow everybody to read the repository via HTTP if cgit enabled.
|
||||
'';
|
||||
# TODO allow every configured user to fetch the repository via SSH.
|
||||
};
|
||||
};
|
||||
}));
|
||||
|
||||
default = {};
|
||||
|
||||
example = literalExample ''
|
||||
{
|
||||
testing = {
|
||||
name = "testing";
|
||||
hooks.post-update = '''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
echo post-update hook: $* >&2
|
||||
''';
|
||||
};
|
||||
testing2 = { name = "testing2"; };
|
||||
}
|
||||
'';
|
||||
|
||||
description = ''
|
||||
Repositories.
|
||||
'';
|
||||
};
|
||||
users = mkOption {
|
||||
type = types.unspecified;
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
system.activationScripts.git-init = "${init-script}";
|
||||
|
||||
# TODO maybe put all scripts here and then use PATH?
|
||||
environment.etc."${etc-base}".source =
|
||||
scriptFarm "git-ssh-authorizers" {
|
||||
authorize-command = makeAuthorizeScript (map ({ repo, user, perm }: [
|
||||
(map getName (ensureList user))
|
||||
(map getName (ensureList repo))
|
||||
(map getName perm.allow-commands)
|
||||
]) cfg.rules);
|
||||
|
||||
authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [
|
||||
(map getName (ensureList user))
|
||||
(map getName (ensureList repo))
|
||||
(ensureList perm.allow-receive-ref)
|
||||
(map getName perm.allow-receive-modes)
|
||||
]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
|
||||
};
|
||||
|
||||
users.extraUsers = singleton {
|
||||
description = "Git repository hosting user";
|
||||
name = "git";
|
||||
shell = "/bin/sh";
|
||||
openssh.authorizedKeys.keys =
|
||||
mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
|
||||
uid = 112606723; # genid git
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
ensureList = x:
|
||||
if typeOf x == "list" then x else [x];
|
||||
|
||||
getName = x: x.name;
|
||||
|
||||
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
|
||||
|
||||
makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }:
|
||||
# TODO assert name
|
||||
# TODO assert pubkey
|
||||
let
|
||||
options = concatStringsSep "," [
|
||||
''command="exec ${git-ssh-command} ${name}"''
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
in
|
||||
"${options} ${pubkey}";
|
||||
|
||||
# [case-pattern] -> shell-script
|
||||
# Create a shell script that succeeds (exit 0) when all its arguments
|
||||
# match the case patterns (in the given order).
|
||||
makeAuthorizeScript =
|
||||
let
|
||||
# TODO escape
|
||||
to-pattern = x: concatStringsSep "|" (ensureList x);
|
||||
go = i: ps:
|
||||
if ps == []
|
||||
then "exit 0"
|
||||
else ''
|
||||
case ''$${toString i} in ${to-pattern (head ps)})
|
||||
${go (i + 1) (tail ps)}
|
||||
esac'';
|
||||
in
|
||||
patterns: ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
${concatStringsSep "\n" (map (go 1) patterns)}
|
||||
exit -1
|
||||
'';
|
||||
|
||||
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
|
||||
|
||||
# TODO makeGitHooks that uses runCommand instead of scriptFarm?
|
||||
scriptFarm =
|
||||
farm-name: scripts:
|
||||
let
|
||||
makeScript = script-name: script-string: {
|
||||
name = script-name;
|
||||
path = pkgs.writeScript "${farm-name}_${script-name}" script-string;
|
||||
};
|
||||
in
|
||||
pkgs.linkFarm farm-name (mapAttrsToList makeScript scripts);
|
||||
|
||||
|
||||
git-ssh-command = pkgs.writeScript "git-ssh-command" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
coreutils
|
||||
git
|
||||
gnugrep
|
||||
gnused
|
||||
systemd
|
||||
])}
|
||||
|
||||
abort() {
|
||||
echo "error: $1" >&2
|
||||
systemd-cat -p err -t git echo "error: $1"
|
||||
exit -1
|
||||
}
|
||||
|
||||
GIT_SSH_USER=$1
|
||||
|
||||
systemd-cat -p info -t git echo \
|
||||
"authorizing $GIT_SSH_USER $SSH_CONNECTION $SSH_ORIGINAL_COMMAND"
|
||||
|
||||
# References: The Base Definitions volume of
|
||||
# POSIX.1‐2013, Section 3.278, Portable Filename Character Set
|
||||
portable_filename_bre="^[A-Za-z0-9._-]\\+$"
|
||||
|
||||
command=$(echo "$SSH_ORIGINAL_COMMAND" \
|
||||
| sed -n 's/^\([^ ]*\) '"'"'\(.*\)'"'"'/\1/p' \
|
||||
| grep "$portable_filename_bre" \
|
||||
|| abort 'cannot read command')
|
||||
|
||||
GIT_SSH_REPO=$(echo "$SSH_ORIGINAL_COMMAND" \
|
||||
| sed -n 's/^\([^ ]*\) '"'"'\(.*\)'"'"'/\2/p' \
|
||||
| grep "$portable_filename_bre" \
|
||||
|| abort 'cannot read reponame')
|
||||
|
||||
${cfg.etcDir}/authorize-command \
|
||||
"$GIT_SSH_USER" "$GIT_SSH_REPO" "$command" \
|
||||
|| abort 'access denied'
|
||||
|
||||
repodir=${escapeShellArg cfg.dataDir}/$GIT_SSH_REPO
|
||||
|
||||
systemd-cat -p info -t git \
|
||||
echo "authorized exec $command $repodir"
|
||||
|
||||
export GIT_SSH_USER
|
||||
export GIT_SSH_REPO
|
||||
exec "$command" "$repodir"
|
||||
'';
|
||||
|
||||
init-script = pkgs.writeScript "git-init" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
coreutils
|
||||
findutils
|
||||
gawk
|
||||
git
|
||||
gnugrep
|
||||
gnused
|
||||
])}
|
||||
|
||||
dataDir=${escapeShellArg cfg.dataDir}
|
||||
mkdir -p "$dataDir"
|
||||
|
||||
# Notice how the presence of hooks symlinks determine whether
|
||||
# we manage a repositry or not.
|
||||
|
||||
# Make sure that no existing repository has hooks. We can delete
|
||||
# symlinks because we assume we created them.
|
||||
find "$dataDir" -mindepth 2 -maxdepth 2 -name hooks -type l -delete
|
||||
bad_hooks=$(find "$dataDir" -mindepth 2 -maxdepth 2 -name hooks)
|
||||
if echo "$bad_hooks" | grep -q .; then
|
||||
printf 'error: unknown hooks:\n%s\n' \
|
||||
"$(echo "$bad_hooks" | sed 's/^/ /')" \
|
||||
>&2
|
||||
exit -1
|
||||
fi
|
||||
|
||||
# Initialize repositories.
|
||||
${concatMapStringsSep "\n" (repo:
|
||||
let
|
||||
hooks = scriptFarm "git-hooks" (makeHooks repo);
|
||||
in
|
||||
''
|
||||
reponame=${escapeShellArg repo.name}
|
||||
repodir=$dataDir/$reponame
|
||||
mode=${toString (if isPublicRepo repo then 0711 else 0700)}
|
||||
if ! test -d "$repodir"; then
|
||||
mkdir -m "$mode" "$repodir"
|
||||
git init --bare --template=/var/empty "$repodir"
|
||||
chown -R git:nogroup "$repodir"
|
||||
fi
|
||||
ln -s ${hooks} "$repodir/hooks"
|
||||
''
|
||||
) (attrValues cfg.repos)}
|
||||
|
||||
# Warn about repositories that exist but aren't mentioned in the
|
||||
# current configuration (and thus didn't receive a hooks symlink).
|
||||
unknown_repos=$(find "$dataDir" -mindepth 1 -maxdepth 1 \
|
||||
-type d \! -exec test -e '{}/hooks' \; -print)
|
||||
if echo "$unknown_repos" | grep -q .; then
|
||||
printf 'warning: stale repositories:\n%s\n' \
|
||||
"$(echo "$unknown_repos" | sed 's/^/ /')" \
|
||||
>&2
|
||||
fi
|
||||
'';
|
||||
|
||||
makeHooks = repo: removeAttrs repo.hooks [ "pre-receive" ] // {
|
||||
pre-receive = ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
coreutils # env
|
||||
git
|
||||
systemd
|
||||
])}
|
||||
|
||||
accept() {
|
||||
#systemd-cat -p info -t git echo "authorized $1"
|
||||
accept_string="''${accept_string+$accept_string
|
||||
}authorized $1"
|
||||
}
|
||||
reject() {
|
||||
#systemd-cat -p err -t git echo "denied $1"
|
||||
#echo 'access denied' >&2
|
||||
#exit_code=-1
|
||||
reject_string="''${reject_string+$reject_string
|
||||
}access denied: $1"
|
||||
}
|
||||
|
||||
empty=0000000000000000000000000000000000000000
|
||||
|
||||
accept_string=
|
||||
reject_string=
|
||||
while read oldrev newrev ref; do
|
||||
|
||||
if [ $oldrev = $empty ]; then
|
||||
receive_mode=create
|
||||
elif [ $newrev = $empty ]; then
|
||||
receive_mode=delete
|
||||
elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then
|
||||
receive_mode=fast-forward
|
||||
else
|
||||
receive_mode=non-fast-forward
|
||||
fi
|
||||
|
||||
if ${cfg.etcDir}/authorize-push \
|
||||
"$GIT_SSH_USER" "$GIT_SSH_REPO" "$ref" "$receive_mode"; then
|
||||
accept "$receive_mode $ref"
|
||||
else
|
||||
reject "$receive_mode $ref"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$reject_string" ]; then
|
||||
systemd-cat -p err -t git echo "$reject_string"
|
||||
exit -1
|
||||
fi
|
||||
|
||||
systemd-cat -p info -t git echo "$accept_string"
|
||||
|
||||
${optionalString (hasAttr "post-receive" repo.hooks) ''
|
||||
# custom post-receive hook
|
||||
${repo.hooks.post-receive}''}
|
||||
'';
|
||||
};
|
||||
|
||||
etc-base =
|
||||
assert (hasPrefix "/etc/" cfg.etcDir);
|
||||
removePrefix "/etc/" cfg.etcDir;
|
||||
|
||||
in
|
||||
out
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#let
|
||||
# inherit (lib) mkIf mkMerge;
|
||||
#
|
||||
# cfg = config.tv.git;
|
||||
# arg' = arg // { inherit cfg; };
|
||||
#in
|
||||
#
|
||||
## TODO unify logging of shell scripts to user and journal
|
||||
## TODO move all scripts to ${etcDir}, so ControlMaster connections
|
||||
## immediately pick up new authenticators
|
||||
## TODO when authorized_keys changes, then restart ssh
|
||||
## (or kill already connected users somehow)
|
||||
#
|
||||
#{
|
||||
# imports = [
|
||||
# ../../3modules/tv/nginx.nix
|
||||
# ];
|
||||
#
|
||||
# options.tv.git = import ./options.nix arg';
|
||||
#
|
||||
# config = mkIf cfg.enable (mkMerge [
|
||||
# (import ./config.nix arg')
|
||||
# (mkIf cfg.cgit (import ./cgit.nix arg'))
|
||||
# ]);
|
||||
#}
|
71
3modules/tv/identity.nix
Normal file
71
3modules/tv/identity.nix
Normal file
@ -0,0 +1,71 @@
|
||||
{ lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.tv.identity;
|
||||
|
||||
out = {
|
||||
options.tv.identity = api;
|
||||
#config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
self = mkOption {
|
||||
type = types.unspecified;
|
||||
};
|
||||
hosts = mkOption {
|
||||
type = with types; attrsOf unspecified;
|
||||
default = {
|
||||
cd = {
|
||||
#dc = "cac";
|
||||
dc = "tv";
|
||||
fqdn = "cd.retiolum";
|
||||
addr = "10.243.113.222";
|
||||
#addr6 = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
|
||||
#internet-addr = "162.219.5.183";
|
||||
cores = 2;
|
||||
};
|
||||
mkdir = {
|
||||
#dc = "cac";
|
||||
dc = "tv";
|
||||
fqdn = "mkdir.retiolum";
|
||||
addr = "10.243.113.223";
|
||||
cores = 1;
|
||||
};
|
||||
nomic = {
|
||||
#dc = "gg";
|
||||
dc = "tv";
|
||||
fqdn = "nomic.retiolum";
|
||||
addr = "10.243.0.110";
|
||||
cores = 2;
|
||||
};
|
||||
rmdir = {
|
||||
#dc = "cac";
|
||||
dc = "tv";
|
||||
fqdn = "rmdir.retiolum";
|
||||
addr = "10.243.113.224";
|
||||
#addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
|
||||
cores = 1;
|
||||
};
|
||||
wu = {
|
||||
#dc = "gg";
|
||||
dc = "tv";
|
||||
fqdn = "wu.retiolum";
|
||||
addr = "10.243.13.37";
|
||||
cores = 8;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
#imp = {
|
||||
#};
|
||||
|
||||
in
|
||||
out
|
129
3modules/tv/iptables.nix
Normal file
129
3modules/tv/iptables.nix
Normal file
@ -0,0 +1,129 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.tv.iptables;
|
||||
|
||||
out = {
|
||||
options.tv.iptables = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
input-internet-accept-new-tcp = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
|
||||
input-retiolum-accept-new-tcp = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
networking.firewall.enable = false;
|
||||
|
||||
systemd.services.tv-iptables = {
|
||||
description = "tv-iptables";
|
||||
wantedBy = [ "network-pre.target" ];
|
||||
before = [ "network-pre.target" ];
|
||||
after = [ "systemd-modules-load.service" ];
|
||||
|
||||
path = with pkgs; [
|
||||
iptables
|
||||
];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
RemainAfterExit = true;
|
||||
Restart = "always";
|
||||
ExecStart = "@${startScript} tv-iptables_start";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
accept-new-tcp = port:
|
||||
"-p tcp -m tcp --dport ${port} -m conntrack --ctstate NEW -j ACCEPT";
|
||||
|
||||
rules = iptables-version:
|
||||
pkgs.writeText "tv-iptables-rules${toString iptables-version}" ''
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
${concatMapStringsSep "\n" (rule: "-A PREROUTING ${rule}") ([]
|
||||
++ [
|
||||
"! -i retiolum -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0"
|
||||
"-p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22"
|
||||
]
|
||||
)}
|
||||
COMMIT
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:Retiolum - [0:0]
|
||||
${concatMapStringsSep "\n" (rule: "-A INPUT ${rule}") ([]
|
||||
++ [
|
||||
"-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
|
||||
"-i lo -j ACCEPT"
|
||||
]
|
||||
++ map accept-new-tcp cfg.input-internet-accept-new-tcp
|
||||
++ ["-i retiolum -j Retiolum"]
|
||||
)}
|
||||
${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([]
|
||||
++ {
|
||||
ip4tables = [
|
||||
"-p icmp -m icmp --icmp-type echo-request -j ACCEPT"
|
||||
];
|
||||
ip6tables = [
|
||||
"-p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT"
|
||||
];
|
||||
}."ip${toString iptables-version}tables"
|
||||
++ map accept-new-tcp cfg.input-retiolum-accept-new-tcp
|
||||
++ {
|
||||
ip4tables = [
|
||||
"-p tcp -j REJECT --reject-with tcp-reset"
|
||||
"-p udp -j REJECT --reject-with icmp-port-unreachable"
|
||||
"-j REJECT --reject-with icmp-proto-unreachable"
|
||||
];
|
||||
ip6tables = [
|
||||
"-p tcp -j REJECT --reject-with tcp-reset"
|
||||
"-p udp -j REJECT --reject-with icmp6-port-unreachable"
|
||||
"-j REJECT"
|
||||
];
|
||||
}."ip${toString iptables-version}tables"
|
||||
)}
|
||||
COMMIT
|
||||
'';
|
||||
|
||||
startScript = pkgs.writeScript "tv-iptables_start" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
iptables-restore < ${rules 4}
|
||||
ip6tables-restore < ${rules 6}
|
||||
'';
|
||||
|
||||
in
|
||||
out
|
||||
|
||||
#let
|
||||
# cfg = config.tv.iptables;
|
||||
# arg' = arg // { inherit cfg; };
|
||||
#in
|
||||
#
|
||||
#{
|
||||
# options.tv.iptables = import ./options.nix arg';
|
||||
# config = lib.mkIf cfg.enable (import ./config.nix arg');
|
||||
#}
|
83
3modules/tv/nginx.nix
Normal file
83
3modules/tv/nginx.nix
Normal file
@ -0,0 +1,83 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.tv.nginx;
|
||||
|
||||
out = {
|
||||
options.tv.nginx = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable nginx.";
|
||||
};
|
||||
|
||||
retiolum-locations = mkOption {
|
||||
type = with types; listOf (attrsOf str);
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
services.nginx =
|
||||
let
|
||||
name = config.tv.retiolum.name;
|
||||
qname = "${name}.retiolum";
|
||||
in
|
||||
assert config.tv.retiolum.enable;
|
||||
{
|
||||
enable = true;
|
||||
httpConfig = ''
|
||||
include ${pkgs.nginx}/conf/mime.types;
|
||||
default_type application/octet-stream;
|
||||
sendfile on;
|
||||
keepalive_timeout 65;
|
||||
gzip on;
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${name} ${qname};
|
||||
|
||||
${indent (concatStrings (map to-location cfg.retiolum-locations))}
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
indent = replaceChars ["\n"] ["\n "];
|
||||
|
||||
to-location = { name, value }: ''
|
||||
location ${name} {
|
||||
${indent value}
|
||||
}
|
||||
'';
|
||||
|
||||
in
|
||||
out
|
||||
|
||||
|
||||
#let
|
||||
# cfg = config.tv.nginx;
|
||||
# arg' = arg // { inherit cfg; };
|
||||
#in
|
||||
#
|
||||
#{
|
||||
# options.tv.nginx = import ./options.nix arg';
|
||||
# config = lib.mkIf cfg.enable (import ./config.nix arg');
|
||||
#}
|
241
3modules/tv/retiolum.nix
Normal file
241
3modules/tv/retiolum.nix
Normal file
@ -0,0 +1,241 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.tv.retiolum;
|
||||
|
||||
out = {
|
||||
options.tv.retiolum = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable tinc daemon for Retiolum.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config.networking.hostName;
|
||||
# Description stolen from tinc.conf(5).
|
||||
description = ''
|
||||
This is the name which identifies this tinc daemon. It must
|
||||
be unique for the virtual private network this daemon will
|
||||
connect to. The Name may only consist of alphanumeric and
|
||||
underscore characters. If Name starts with a $, then the
|
||||
contents of the environment variable that follows will be
|
||||
used. In that case, invalid characters will be converted to
|
||||
underscores. If Name is $HOST, but no such environment
|
||||
variable exist, the hostname will be read using the
|
||||
gethostnname() system call This is the name which identifies
|
||||
the this tinc daemon.
|
||||
'';
|
||||
};
|
||||
|
||||
generateEtcHosts = mkOption {
|
||||
type = types.str;
|
||||
default = "both";
|
||||
description = ''
|
||||
If set to <literal>short</literal>, <literal>long</literal>, or <literal>both</literal>,
|
||||
then generate entries in <filename>/etc/hosts</filename> from subnets.
|
||||
'';
|
||||
};
|
||||
|
||||
network = mkOption {
|
||||
type = types.str;
|
||||
default = "retiolum";
|
||||
description = ''
|
||||
The tinc network name.
|
||||
It is used to generate long host entries,
|
||||
derive the name of the user account under which tincd runs,
|
||||
and name the TUN device.
|
||||
'';
|
||||
};
|
||||
|
||||
tincPackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.tinc;
|
||||
description = "Tincd package to use.";
|
||||
};
|
||||
|
||||
hosts = mkOption {
|
||||
default = null;
|
||||
description = ''
|
||||
Hosts package or path to use.
|
||||
If a path is given, then it will be used to generate an ad-hoc package.
|
||||
'';
|
||||
};
|
||||
|
||||
iproutePackage = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.iproute;
|
||||
description = "Iproute2 package to use.";
|
||||
};
|
||||
|
||||
|
||||
privateKeyFile = mkOption {
|
||||
# TODO if it's types.path then it gets copied to /nix/store with
|
||||
# bad unsafe permissions...
|
||||
type = types.str;
|
||||
default = "/root/src/secrets/retiolum.rsa_key.priv";
|
||||
description = "Generate file with <literal>tincd -K</literal>.";
|
||||
};
|
||||
|
||||
connectTo = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "fastpoke" "pigstarter" "kheurop" ];
|
||||
description = "TODO describe me";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
imp = {
|
||||
environment.systemPackages = [ tinc hosts iproute ];
|
||||
|
||||
networking.extraHosts = retiolumExtraHosts;
|
||||
|
||||
systemd.services.retiolum = {
|
||||
description = "Tinc daemon for Retiolum";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ tinc iproute ];
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = "true";
|
||||
PrivateTmp = "true";
|
||||
Restart = "always";
|
||||
# TODO we cannot chroot (-R) b/c we use symlinks to hosts
|
||||
# and the private key.
|
||||
ExecStartPre = pkgs.writeScript "retiolum-init" ''
|
||||
#! /bin/sh
|
||||
install -o ${user} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv
|
||||
'';
|
||||
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D";
|
||||
SyslogIdentifier = "retiolum";
|
||||
};
|
||||
};
|
||||
|
||||
# TODO user.name = "retiolum"
|
||||
users.extraUsers = singleton {
|
||||
name = user;
|
||||
uid = 2961822815; # bin/genid retiolum-tinc
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
tinc = cfg.tincPackage;
|
||||
hostsType = builtins.typeOf cfg.hosts;
|
||||
hosts =
|
||||
if hostsType == "package" then
|
||||
# use package as is
|
||||
cfg.hosts
|
||||
else if hostsType == "path" then
|
||||
# use path to generate a package
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "custom-retiolum-hosts";
|
||||
src = cfg.hosts;
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
find . -name .git -prune -o -type f -print0 | xargs -0 cp --target-directory $out
|
||||
'';
|
||||
}
|
||||
else
|
||||
abort "The option `services.retiolum.hosts' must be set to a package or a path"
|
||||
;
|
||||
iproute = cfg.iproutePackage;
|
||||
|
||||
retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts"
|
||||
{ }
|
||||
''
|
||||
generate() {
|
||||
(cd ${hosts}
|
||||
printf \'\'
|
||||
for i in `ls`; do
|
||||
names=$(hostnames $i)
|
||||
for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do
|
||||
names="$names $(hostnames $j)"
|
||||
done
|
||||
sed -En '
|
||||
s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1 '"$names"'|p
|
||||
' $i
|
||||
done | sort
|
||||
printf \'\'
|
||||
)
|
||||
}
|
||||
|
||||
case ${cfg.generateEtcHosts} in
|
||||
short)
|
||||
hostnames() { echo "$1"; }
|
||||
generate
|
||||
;;
|
||||
long)
|
||||
hostnames() { echo "$1.${cfg.network}"; }
|
||||
generate
|
||||
;;
|
||||
both)
|
||||
hostnames() { echo "$1.${cfg.network} $1"; }
|
||||
generate
|
||||
;;
|
||||
*)
|
||||
echo '""'
|
||||
;;
|
||||
esac > $out
|
||||
'');
|
||||
|
||||
|
||||
confDir = pkgs.runCommand "retiolum" {
|
||||
# TODO text
|
||||
executable = true;
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
set -euf
|
||||
|
||||
mkdir -p $out
|
||||
|
||||
ln -s ${hosts} $out/hosts
|
||||
|
||||
cat > $out/tinc.conf <<EOF
|
||||
Name = ${cfg.name}
|
||||
Device = /dev/net/tun
|
||||
Interface = ${cfg.network}
|
||||
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
|
||||
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
|
||||
EOF
|
||||
|
||||
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
|
||||
cat > $out/tinc-up <<EOF
|
||||
host=$out/hosts/${cfg.name}
|
||||
${iproute}/sbin/ip link set \$INTERFACE up
|
||||
|
||||
addr4=\$(sed -n 's|^ *Subnet *= *\(10[.][^ ]*\) *$|\1|p' \$host)
|
||||
if [ -n "\$addr4" ];then
|
||||
${iproute}/sbin/ip -4 addr add \$addr4 dev \$INTERFACE
|
||||
${iproute}/sbin/ip -4 route add 10.243.0.0/16 dev \$INTERFACE
|
||||
fi
|
||||
addr6=\$(sed -n 's|^ *Subnet *= *\(42[:][^ ]*\) *$|\1|p' \$host)
|
||||
${iproute}/sbin/ip -6 addr add \$addr6 dev \$INTERFACE
|
||||
${iproute}/sbin/ip -6 route add 42::/16 dev \$INTERFACE
|
||||
EOF
|
||||
|
||||
chmod +x $out/tinc-up
|
||||
'';
|
||||
|
||||
|
||||
user = cfg.network + "-tinc";
|
||||
|
||||
in
|
||||
out
|
||||
|
||||
|
||||
|
||||
#let
|
||||
# cfg = config.tv.retiolum;
|
||||
# arg' = arg // { inherit cfg; };
|
||||
#in
|
||||
#
|
||||
#{
|
||||
# options.tv.retiolum = import ./options.nix arg';
|
||||
# config = lib.mkIf cfg.enable (import ./config.nix arg');
|
||||
#}
|
156
3modules/tv/urlwatch.nix
Normal file
156
3modules/tv/urlwatch.nix
Normal file
@ -0,0 +1,156 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# TODO multiple users
|
||||
# TODO inform about unused caches
|
||||
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
|
||||
# TODO hooks.py
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.tv.urlwatch;
|
||||
|
||||
api = {
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/urlwatch";
|
||||
description = ''
|
||||
Directory where the urlwatch service should store its state.
|
||||
'';
|
||||
};
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the urlwatch service.
|
||||
If enabled, then create a timer that calls urlwatch and sends mails
|
||||
whenever something has changed or an error occurs.
|
||||
'';
|
||||
};
|
||||
from = mkOption {
|
||||
type = types.str;
|
||||
default = "${cfg.user}@${config.networking.hostName}.retiolum";
|
||||
description = ''
|
||||
Content of the From: header of the generated mails.
|
||||
'';
|
||||
};
|
||||
mailto = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Content of the To: header of the generated mails. [AKA recipient :)]
|
||||
'';
|
||||
};
|
||||
onCalendar = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Run urlwatch at this interval.
|
||||
The format is described in systemd.time(7), CALENDAR EVENTS.
|
||||
'';
|
||||
example = "04:23";
|
||||
};
|
||||
urls = mkOption {
|
||||
type = with types; listOf str;
|
||||
description = "URL to watch.";
|
||||
example = [
|
||||
https://nixos.org/channels/nixos-unstable/git-revision
|
||||
];
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "urlwatch";
|
||||
description = "User under which urlwatch runs.";
|
||||
};
|
||||
};
|
||||
|
||||
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
|
||||
|
||||
impl = {
|
||||
systemd.timers.urlwatch = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = cfg.onCalendar;
|
||||
Persistent = "true";
|
||||
};
|
||||
};
|
||||
systemd.services.urlwatch = {
|
||||
path = with pkgs; [
|
||||
coreutils
|
||||
gnused
|
||||
urlwatch
|
||||
];
|
||||
environment = {
|
||||
HOME = cfg.dataDir;
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
|
||||
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
};
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
PermissionsStartOnly = "true";
|
||||
PrivateTmp = "true";
|
||||
Type = "oneshot";
|
||||
ExecStartPre =
|
||||
pkgs.writeScript "urlwatch-prestart" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
dataDir=$HOME
|
||||
user=${escapeShellArg cfg.user}
|
||||
|
||||
if ! test -e "$dataDir"; then
|
||||
mkdir -m 0700 -p "$dataDir"
|
||||
chown "$user": "$dataDir"
|
||||
fi
|
||||
'';
|
||||
ExecStart = pkgs.writeScript "urlwatch" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
from=${escapeShellArg cfg.from}
|
||||
mailto=${escapeShellArg cfg.mailto}
|
||||
urlsFile=${escapeShellArg urlsFile}
|
||||
user=${escapeShellArg cfg.user}
|
||||
|
||||
cd /tmp
|
||||
|
||||
urlwatch -e --urls="$urlsFile" > changes 2>&1 || :
|
||||
|
||||
if test -s changes; then
|
||||
date=$(date -R)
|
||||
subject=$(sed -n 's/^\(CHANGED\|ERROR\|NEW\): //p' changes \
|
||||
| tr \\n \ )
|
||||
{
|
||||
echo "Date: $date"
|
||||
echo "From: $from"
|
||||
echo "Subject: $subject"
|
||||
echo "To: $mailto"
|
||||
echo
|
||||
cat changes
|
||||
} | /var/setuid-wrappers/sendmail -t
|
||||
fi
|
||||
'';
|
||||
};
|
||||
};
|
||||
users.extraUsers = optionals (cfg.user == "urlwatch") (singleton {
|
||||
name = "urlwatch";
|
||||
uid = 3450919516; # bin/genid urlwatch
|
||||
});
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
# TODO
|
||||
#imports = [
|
||||
# ./exim
|
||||
#];
|
||||
#config = mkIf cfg.enable
|
||||
# (if config.tv.exim.enable
|
||||
# then impl
|
||||
# else throw "tv.exim must be enabled when enabling tv.urlwatch");
|
||||
|
||||
options.tv.urlwatch = api;
|
||||
|
||||
config = impl;
|
||||
}
|
62
4lib/tv/default.nix
Normal file
62
4lib/tv/default.nix
Normal file
@ -0,0 +1,62 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
|
||||
let
|
||||
inherit (lib) mapAttrs stringAsChars;
|
||||
in
|
||||
|
||||
rec {
|
||||
git = import ./git.nix {
|
||||
lib = lib // {
|
||||
inherit addNames;
|
||||
};
|
||||
inherit pkgs;
|
||||
};
|
||||
|
||||
addName = name: set:
|
||||
set // { inherit name; };
|
||||
|
||||
addNames = mapAttrs addName;
|
||||
|
||||
|
||||
# "7.4.335" -> "74"
|
||||
majmin = with lib; x : concatStrings (take 2 (splitString "." x));
|
||||
|
||||
|
||||
concat = xs :
|
||||
if xs == []
|
||||
then ""
|
||||
else head xs + concat (tail xs)
|
||||
;
|
||||
|
||||
flip = f : x : y : f y x;
|
||||
|
||||
# isSuffixOf :: String -> String -> Bool
|
||||
isSuffixOf =
|
||||
s : xs :
|
||||
let
|
||||
sn = stringLength s;
|
||||
xsn = stringLength xs;
|
||||
in
|
||||
xsn >= sn && substring (xsn - sn) sn xs == s ;
|
||||
|
||||
removeSuffix =
|
||||
s : xs : substring 0 (stringLength xs - stringLength s) xs;
|
||||
|
||||
# setMap :: (String -> a -> b) -> Set String a -> [b]
|
||||
#setMap = f: xs: map (k : f k (getAttr k xs)) (attrNames xs);
|
||||
|
||||
# setToList :: Set k a -> [a]
|
||||
#setToList = setMap (_: v: v);
|
||||
|
||||
shell-escape =
|
||||
let
|
||||
isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null;
|
||||
in
|
||||
stringAsChars (c:
|
||||
if isSafeChar c then c
|
||||
else if c == "\n" then "'\n'"
|
||||
else "\\${c}");
|
||||
|
||||
}
|
181
4lib/tv/git.nix
Normal file
181
4lib/tv/git.nix
Normal file
@ -0,0 +1,181 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) addNames escapeShellArg makeSearchPath;
|
||||
|
||||
commands = addNames {
|
||||
git-receive-pack = {};
|
||||
git-upload-pack = {};
|
||||
};
|
||||
|
||||
receive-modes = addNames {
|
||||
fast-forward = {};
|
||||
non-fast-forward = {};
|
||||
create = {};
|
||||
delete = {};
|
||||
merge = {}; # TODO implement in git.nix
|
||||
};
|
||||
|
||||
permissions = {
|
||||
fetch = {
|
||||
allow-commands = [
|
||||
commands.git-upload-pack
|
||||
];
|
||||
};
|
||||
|
||||
push = ref: extra-modes: {
|
||||
allow-commands = [
|
||||
commands.git-receive-pack
|
||||
commands.git-upload-pack
|
||||
];
|
||||
allow-receive-ref = ref;
|
||||
allow-receive-modes = [ receive-modes.fast-forward ] ++ extra-modes;
|
||||
};
|
||||
};
|
||||
|
||||
refs = {
|
||||
master = "refs/heads/master";
|
||||
all-heads = "refs/heads/*";
|
||||
};
|
||||
|
||||
irc-announce-script = pkgs.writeScript "irc-announce-script" ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
coreutils
|
||||
gawk
|
||||
gnused
|
||||
netcat
|
||||
nettools
|
||||
])}
|
||||
|
||||
IRC_SERVER=$1
|
||||
IRC_PORT=$2
|
||||
IRC_NICK=$3$$
|
||||
IRC_CHANNEL=$4
|
||||
message=$5
|
||||
|
||||
export IRC_CHANNEL # for privmsg_cat
|
||||
|
||||
# echo2 and cat2 are used output to both, stdout and stderr
|
||||
# This is used to see what we send to the irc server. (debug output)
|
||||
echo2() { echo "$*"; echo "$*" >&2; }
|
||||
cat2() { tee /dev/stderr; }
|
||||
|
||||
# privmsg_cat transforms stdin to a privmsg
|
||||
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
||||
|
||||
# ircin is used to feed the output of netcat back to the "irc client"
|
||||
# so we can implement expect-like behavior with sed^_^
|
||||
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
|
||||
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
|
||||
cd "$tmpdir"
|
||||
mkfifo ircin
|
||||
trap "
|
||||
rm ircin
|
||||
cd '$OLDPWD'
|
||||
rmdir '$tmpdir'
|
||||
trap - EXIT INT QUIT
|
||||
" EXIT INT QUIT
|
||||
|
||||
{
|
||||
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
|
||||
echo2 "NICK $IRC_NICK"
|
||||
|
||||
# wait for MODE message
|
||||
sed -n '/^:[^ ]* MODE /q'
|
||||
|
||||
echo2 "JOIN $IRC_CHANNEL"
|
||||
|
||||
printf '%s' "$message" \
|
||||
| privmsg_cat \
|
||||
| cat2
|
||||
|
||||
echo2 "PART $IRC_CHANNEL"
|
||||
|
||||
# wait for PART confirmation
|
||||
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
|
||||
|
||||
echo2 'QUIT :Gone to have lunch'
|
||||
} < ircin \
|
||||
| nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
|
||||
'';
|
||||
|
||||
hooks = {
|
||||
# TODO make this a package?
|
||||
irc-announce = { nick, channel, server, port ? 6667 }: ''
|
||||
#! /bin/sh
|
||||
set -euf
|
||||
|
||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
coreutils
|
||||
git
|
||||
gnused
|
||||
])}
|
||||
|
||||
nick=${escapeShellArg nick}
|
||||
channel=${escapeShellArg channel}
|
||||
server=${escapeShellArg server}
|
||||
port=${toString port}
|
||||
|
||||
host=$nick
|
||||
|
||||
empty=0000000000000000000000000000000000000000
|
||||
|
||||
unset message
|
||||
while read oldrev newrev ref; do
|
||||
|
||||
if [ $oldrev = $empty ]; then
|
||||
receive_mode=create
|
||||
elif [ $newrev = $empty ]; then
|
||||
receive_mode=delete
|
||||
elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then
|
||||
receive_mode=fast-forward
|
||||
else
|
||||
receive_mode=non-fast-forward
|
||||
fi
|
||||
|
||||
h=$(echo $ref | sed 's:^refs/heads/::')
|
||||
|
||||
# empty_tree=$(git hash-object -t tree /dev/null
|
||||
empty_tree=4b825dc6
|
||||
|
||||
id=$(echo $newrev | cut -b-7)
|
||||
id2=$(echo $oldrev | cut -b-7)
|
||||
if [ $newrev = $empty ]; then id=$empty_tree; fi
|
||||
if [ $oldrev = $empty ]; then id2=$empty_tree; fi
|
||||
|
||||
case $receive_mode in
|
||||
create)
|
||||
#git log --oneline $id2
|
||||
link="http://$host/cgit/$GIT_SSH_REPO/?h=$h"
|
||||
;;
|
||||
delete)
|
||||
#git log --oneline $id2
|
||||
link="http://$host/cgit/$GIT_SSH_REPO/ ($h)"
|
||||
;;
|
||||
fast-forward|non-fast-forward)
|
||||
#git diff --stat $id..$id2
|
||||
link="http://$host/cgit/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
|
||||
;;
|
||||
esac
|
||||
|
||||
#$host $GIT_SSH_REPO $ref $link
|
||||
message="''${message+$message
|
||||
}$GIT_SSH_USER $receive_mode $link"
|
||||
done
|
||||
|
||||
if test -n "''${message-}"; then
|
||||
exec ${irc-announce-script} \
|
||||
"$server" \
|
||||
"$port" \
|
||||
"$nick" \
|
||||
"$channel" \
|
||||
"$message"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
commands // receive-modes // permissions // refs // hooks
|
21
4lib/tv/modules.nix
Normal file
21
4lib/tv/modules.nix
Normal file
@ -0,0 +1,21 @@
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
inherit (pkgs.lib) concatMap hasAttr;
|
||||
in rec {
|
||||
|
||||
no-touch-args = {
|
||||
config = throw "no-touch-args: can't touch config!";
|
||||
lib = throw "no-touch-args: can't touch lib!";
|
||||
pkgs = throw "no-touch-args: can't touch pkgs!";
|
||||
};
|
||||
|
||||
# list-imports : path -> [path]
|
||||
# Return a module's transitive list of imports.
|
||||
# XXX duplicates won't get eliminated from the result.
|
||||
list-imports = path:
|
||||
let module = import path no-touch-args;
|
||||
imports = if hasAttr "imports" module
|
||||
then concatMap list-imports module.imports
|
||||
else [];
|
||||
in [path] ++ imports;
|
||||
}
|
70
Makefile
Normal file
70
Makefile
Normal file
@ -0,0 +1,70 @@
|
||||
ifndef system
|
||||
$(error unbound variable: system)
|
||||
else
|
||||
include 0make/tv/$(system).makefile
|
||||
.ONESHELL:
|
||||
.SHELLFLAGS := -eufc
|
||||
.PHONY: deploy
|
||||
deploy:;@
|
||||
system_name=$(system)
|
||||
deploy_host=$(deploy_host)
|
||||
nixpkgs_url=$(nixpkgs_url)
|
||||
nixpkgs_rev=$(nixpkgs_rev)
|
||||
secrets_dir=$(secrets_dir)
|
||||
|
||||
prepush(){(
|
||||
dst=$$1
|
||||
src=$$2
|
||||
rsync \
|
||||
--exclude .git \
|
||||
--rsync-path="mkdir -p \"$$dst\" && rsync" \
|
||||
--usermap=\*:0 \
|
||||
--groupmap=\*:0 \
|
||||
--delete-excluded \
|
||||
-vrLptgoD \
|
||||
"$$src/" "$$deploy_host:$$dst"
|
||||
)}
|
||||
|
||||
prepush /root/src/shitment "$$PWD"
|
||||
prepush /root/src/secrets "$$secrets_dir"
|
||||
|
||||
ssh -S none "$$deploy_host" -T env \
|
||||
nixpkgs_url="$$nixpkgs_url" \
|
||||
nixpkgs_rev="$$nixpkgs_rev" \
|
||||
system_name="$$system_name" \
|
||||
sh -euf \
|
||||
<<-\EOF
|
||||
prefetch(){(
|
||||
dst=$$1
|
||||
url=$$2
|
||||
rev=$$3
|
||||
mkdir -p "$$dst"
|
||||
cd "$$dst"
|
||||
if ! test -e .git; then
|
||||
git init
|
||||
fi
|
||||
if ! cur_url=$$(git config remote.origin.url 2>/dev/null); then
|
||||
git remote add origin "$$url"
|
||||
elif test "$$cur_url" != "$$url"; then
|
||||
git remote set-url origin "$$url"
|
||||
fi
|
||||
if test "$$(git rev-parse --verify HEAD 2>/dev/null)" != "$$rev"; then
|
||||
git fetch origin
|
||||
git checkout "$$rev" -- .
|
||||
git checkout -q "$$rev"
|
||||
git submodule init
|
||||
git submodule update
|
||||
fi
|
||||
git clean -dxf
|
||||
)}
|
||||
|
||||
prefetch /root/src/nixpkgs "$$nixpkgs_url" "$$nixpkgs_rev"
|
||||
|
||||
echo build system...
|
||||
NIXOS_CONFIG=/root/src/shitment/1systems/tv/$$system_name.nix \
|
||||
NIX_PATH=src \
|
||||
nix-build -Q -A system '<nixpkgs/nixos>'
|
||||
|
||||
result/bin/switch-to-configuration switch
|
||||
EOF
|
||||
endif
|
10
Zhosts/Styx
Normal file
10
Zhosts/Styx
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 10.243.0.42/32
|
||||
Compression = 9
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA4jbOi+HZIGOGNm4aBSwnq4m3Vg3IXHmYUbJx1AzP4a/yvEgswfk6
|
||||
MP5FXvoY/hZ0NQ0IRzbbJxGbcUdulz0WSjX1C+8uQUZstz+lvYZ4FeCXcdE5cuFM
|
||||
ROKAbA4qxO3WOFhPAs4G+K6srDqswmmBSfgPAfOBexEZxHweoBQLOYKUPnBCWf5q
|
||||
I1gKWgMVWv6KY/pgYxloarycb8gEd2GsNZcNwoNhRd2G/Tn6idh1qRBI96eaasbV
|
||||
P24FEVkPVFVgIGrvFZCICCeQzA4g+Sn4TmgxnTWLQxG4hAHOZQX/ld8u7NHTU9Qm
|
||||
PwmjESwfas9Z8UjknrbcaZvuqKrnMp7JwwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
9
Zhosts/ThinkArmageddon
Normal file
9
Zhosts/ThinkArmageddon
Normal file
@ -0,0 +1,9 @@
|
||||
Subnet = 10.243.0.137/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1EAiyBWICkyB1zHE31fHSbGR1nJJmXSfnrqm9yXRZSGweIKrbsof
|
||||
QVcRzM4vsFBRUMBeKW7fzlGcvgXULFRnGelvEl4GRiBMO9odBlBI3t8CjZW7X2N7
|
||||
JqCMkB+CRuiHbNYQdRFTozQEfPq+DNh8accD5LjUM6gF0dKUdby5qNeHCfZSxU4v
|
||||
YZDRqq/haO4up6m8/S6YhnHPOSaIAu7R7hFaUeB/FPT+s5irKk6WtAiWnIdXb22q
|
||||
0zxT4+t9sWFb4V9u/MImggYQVWjk+TfF5KpihBOvExEQsSR8JJcRUJAtN4W0w2Pc
|
||||
S4/j9ArKcBj5Wf2qHcJMN5MbwUFW1oMkGwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/TriBot
Normal file
11
Zhosts/TriBot
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.117.163
|
||||
Subnet = 42:ff05:504f:f27a:3534:9be1:4343:5e95
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAz8pZtvSqDEKo/8IHt71GzWa2oTqZPUv2kRoipUXbJGv3eWpkbd4n
|
||||
OpaLuY7MjUveZ39m830t5RAkgB9iChU5wurszgfLrxJ15uibJe+yFJl9O6kuYJr1
|
||||
69s12F/v/pPno5eWuXWJ+CdMW8srZB1I/ZIL1/GaptuDoMxu7uBnDbL/NJrpPBSr
|
||||
JxCJGHET8jh2++B3cqsBWNGkQjQTM8NwwAup6HQjBrbOQYOAQbcOTMmalc/9JFfO
|
||||
LUz63LrCPk5pIeLi+876IdAJBuJsVWwmTbl/D9R6D34Z8bYHIv9mDmO/omckcxX2
|
||||
JJgEq5/xlLb2gHt/qfUunbYHIstp/s2bSwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/ach
Normal file
11
Zhosts/ach
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.32.89
|
||||
Subnet = 42:6bb3:0a07:6777:9aa5:e39c:e140:cb68
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsTyjNQ5aO2aIKXgkgZSiUb0POtEVoAPFrIkSv5Ci+7AYv+CLXsIr
|
||||
TKBfFIg474KZ4MCrX0oA3Z66s9d2UW6mcH5JufW8siRPJvdydqaANyF6Fvk++59R
|
||||
+GMKR0MGdPGfcxjaw64ChemOZx1T6ODHF7KTgaWRI+Aiz+jWsvVCSKutSwVDJTgJ
|
||||
4lub95/gbWckRY6fchkh7rSTfNXXYevbysQYdZaAR/qgquUNt23/ewlagF7uqgZt
|
||||
CQx7MHMU2quEdvIfZuUPFWe0yHBb1bZCHYxKXo6XG8I7WdUAFRuwFLTjqgSYPD1j
|
||||
EpUyU0+xxfyXB3vWrM/jcw8XKzi04wWHuQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/air
Normal file
11
Zhosts/air
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.0.99
|
||||
Subnet = 42:32d7:b589:8ae8:57a5:4cde:f49e:851d/128
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1yNqMyy9C1O031M518kzLYLh+Ox0D2r9UgVSSb9OgpQ85ZJgl7Kb
|
||||
SUzlZLbC9CX4O+PmtWvZwtPfLjua9VbVOtUJTB6zTB9Oqe4hTmX0oKIgheGf1rKS
|
||||
ylOaLfSz7PaPR3zGms17F4ovLDUBG2rpOyoHJM54T9LyJbPny/t7v/fjAFqu6atK
|
||||
1RgER3j3s5oPaRPw0pYR0kiGXayZRL6q7Qc6AXMlMi22sdRI9e1YCMCyC4u1oU6U
|
||||
grw7khyPWoEaue9B7fKfG5PixRHHlrsVDdwXEVvH87+/X2IU3H3C1/pslenAQ98i
|
||||
qGNJOl2eJ9FHInQjI1cDMgFURcT6i8mGpQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/alarmpi
Normal file
11
Zhosts/alarmpi
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.124.187
|
||||
Subnet = 42:2de9:fab6:7460:2fee:9199:fa1d:70ea
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAunQOFP1mnEmsmnMYjCwbWdbGe0/hHQs2bxIdwO1RXngXgw/TBBhN
|
||||
Xlp75LzPiT0ELF5WBPVclqskT+bl+FOOITH9XDkYzm22jzeLHq3bs3YiZhwzidkO
|
||||
Xhq5pwGY4HL4o3SfFtfOHse688qqLXefoc9CfyAIKMCRRAxlzpqNVuZEg1eUcuUJ
|
||||
z6gugJj+YyA4V3JGq7GuJDiPPOMrGel0rITMlWtYYtm0jf6deYBPjo+ZogDESlez
|
||||
tBmPKNCXynSxb6cV39StUsbUQbLvHgPBrA01T+Hw1DV5eHmWoycvD4IfJqXdfMbc
|
||||
BOqRHOlErXGTG5m2EUoU0VSj75zl06gW6wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/albi10
Normal file
11
Zhosts/albi10
Normal file
@ -0,0 +1,11 @@
|
||||
Address = 74.122.198.15
|
||||
Subnet = 10.243.0.10
|
||||
Subnet = 42:aaa9:4ba3:8c43:bdd8:2cc8:29a0:e8e6/128
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0Jz5rQ7NpIQWwhDsrZHlJYAnC1k1onl2ln/6CJbdV9t3gG2hlx/9
|
||||
0SEARo6sq9fftyzzZd3iY4WK7+zRXJFXHsLmDa6mq8Mme7Yv+YHZoHPTm9c3tN3v
|
||||
laiV/qAdoi/sv43DCo7JywI2lTW1pPxuitXuud2ajd7GXuCoRqFRqLtaURorVKkW
|
||||
4j9UGpMKrEa+CV9wP5jZ57RSPQ7aMq8D4GiMqKDgUeCZnvXxpYWDOEdGNlpuUcWt
|
||||
/erC6u50/vnjUkkHx66OmkZe5AX5MmwNp2q4zC4sTh/BRhqk27AmNl5wbp0kL7/B
|
||||
hg+r0F8ckrdLc21sSU36lUIeeFa/S+A06QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/albi7
Normal file
10
Zhosts/albi7
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 10.243.0.7/32
|
||||
Subnet = 42:6c61:6962:6137:626c:3769:000a:1337/128
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA+SwdWv1anjIaKSnvel9d23tgqye5RguIVfgMnjpMsqOYpFklLIa8
|
||||
4wREhVvpiArnIsoTXbKzdeCFgaAbMS6aQ701Pyv7QriVy8m3iUlgqvB/znogxN8U
|
||||
z1fqL0jAHLkQkoyZ2a6mUgHpByvUqZNcq6istYLwGnXO3JQrS7U54hHPpXbxwFY5
|
||||
0/Wli9OueG4fWaZ9skDa2Faq4c/Lngku+Iv1gBBgII1EDSsgedNWw3YBTmHDFNTZ
|
||||
SsORj2ho5nQgdvw42qEINbxpU01jK8XB+jmVEO+ixZZCsWlOeCjl9Zym4MZDRePg
|
||||
euTLTbgs/809ElM8V+EzRKSPNR2k6FrBXwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/almoehi
Normal file
11
Zhosts/almoehi
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.239.66
|
||||
Subnet = 42:0730:2eed:2bb9:9d4b:eeb1:641c:0fe6
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAtyfcqaDrDmsBVh5w4CksDI1Hn/jDcZVyNWZlqxQojjB2SsxH1VyD
|
||||
VcpmwyzDSE87CCZPN4xjIbrc+KgjiOVSAu+8Ax4dLqVrP96s5lJUIunVcwd3lQVi
|
||||
D7Ol2zDredbXuNi3jb0qBU+/qiK9mp1vTcEXhXmCSTiXIHz0d7vkv9S0h+YgKGMJ
|
||||
xBQsyCsEI9uAeGghVwrLcwY0ea6ZJuYz0miIn9+g4D5PROxImBAJV6uvbG0cP8QG
|
||||
rLY85YYByk2qKPIXrpec4uc1A/P1+1DSl5I+GEkBBhSmQB71UYCDULfuL4Eu6mFN
|
||||
AFAPsSCk8DFo5//lULky24CEkxTtp4rcPwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/alphalabs
Normal file
10
Zhosts/alphalabs
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 42:0:0:0:0:0:0:a1fa/128
|
||||
Subnet = 10.243.1.10/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvUAbMmmOFn+4kOvJAvmi0R/XCQa1YBlkjUvC6Pmt0Q8gV1DodXjB
|
||||
DgwP8yhLcxaVy2Hk82aJvNTUrfMeB2sdt1RJHQiEPQkHthdp8Spm0Px4uTiMjmFB
|
||||
ev91xi00eCCGIKsXdh/qso1K7EDHt9MEVHOvSlkawWzoyJ6AaHStW1ElwDdGjZpl
|
||||
0YWrhx4Gk5X7pCp3LKkQJFfGtqoqGOVg2JjqK3qMsAdRo6QvYDqjFzARed/D0k55
|
||||
kcKXjBJAVxoU/CqGfS/Lr0fL8tdYgXaAXvPO9dbr1t0KyOUY2KRNBePeSvRp/etb
|
||||
H0LBPsO9F7PQiPI3DBoWCYgsuj/hBXapvwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/apfull
Normal file
11
Zhosts/apfull
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.138.112
|
||||
Subnet = 42:0707:afc5:96a3:8215:305e:0474:02fb
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAxNnJB29djjUFUZqM7EQ8kj+IRx/a+2fA0ZdNoUm4ar6t7kTmOc40
|
||||
GzGr0zE+QPqQ3abDk7eTmZbU3yUNiAUDzDMD+iqwKAVJnMb8pjXlGmcpdvMuxwbz
|
||||
bHeTEaVqBmF4seXlwUKL+waa2Yr1t0YsynCUte8dbcauaD9CY61QjDUP7TQBglmk
|
||||
eKq+qbFNKjzIjLQf2iXsl2+dzuFqg4OUaUD0zZJVzjNpKSz24uEK2mD9fSmS3oYF
|
||||
yzsNaOKaXr/j+1Xlosxy9Rde/o54UbtZTPYsNdhNgnXmBan4zTv/QnI67Uf9RqiK
|
||||
PHsSAkfCj/K7iAOKE/A30xYbd8eV2tPANwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/bitchctl
Normal file
11
Zhosts/bitchctl
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.104.101
|
||||
Subnet = 42:5ac9:c698:4d1d:6ec5:45b9:647b:a8ee
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuxd4ZU3y1ZgvI+/7mQkWBlF6VvX6ty8+iKYwmjsSUCclxz3O5DB+
|
||||
clps9k+0tQvtKlsxG3lnFQz9fd4Pj0GIuWsAdHRH/hpnb9nYSRePKWy0RBjAZRr4
|
||||
8rXqI8NOdkQiIQT8gWw3ujzw/Mau/bV6AWqi+CbeExm+J0bPW/QZlAZ4BEKFvuqK
|
||||
U8yOQ38p9s3Dpe4S5JZ3cu54j5f5JygXTZgk2ZW3frJ/JS+lRHfFlIW0ZAuTqn/u
|
||||
GD5ahHLbRZPGsG5aSR+agfOVIAHLBnDoFx6AQUr09m4zyMgPEC+Xq/DvdP/Hvuas
|
||||
RYRol9qHtNeFJViWIUOQPHypTw2a4Ev7fQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/bitchextend
Normal file
11
Zhosts/bitchextend
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.141.142
|
||||
Subnet = 42:f8a6:9f59:381d:eedf:d90d:8611:4a9e
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA02Zp9aYkEn5yLSaOhrmuFzObpmWdZfT5OWzE11LUeoCu4rsEZY9T
|
||||
DB93iliJpxKYuLnmI49vGfSSzqGs6B2yoh6Y60OsrYrvBSQ2Li3aTOqUTL8GpR6Y
|
||||
GivInlr6F5/T+6BEg8paau/1rwRE/r2cJ78AvG1nd+JtRL9Hl4tYPakOVIbRk3D9
|
||||
4qDtWDWZS5BdirbaO66wvYxS8ps14LRvyVkjiT7IPMXf8p6rxumXPIr3JtJ6QC/K
|
||||
DKuP95v0vztZm3U32hO92NB+mDb0XjGSOaspEl2HX45phad6GnGBPqhGpSv47xDa
|
||||
HprcO9uxkGcEhyQtCALWD8THX1SNoNHh0QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/bitchtop
Normal file
11
Zhosts/bitchtop
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.12.178
|
||||
Subnet = 42:4119:cdae:6fb4:0b58:59c6:a993:17ea
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA3NJmRzOn5e8FwhlcdvjIwZSvCL2eJ/lJ6E3/m/BOy7qUneMwfotE
|
||||
DarxHFxd6ccMLK8yH0fUuTC9zKVud6bw5Xfaw8BnFm8QXTr3eSwol3Lq1I8+k06I
|
||||
PZ5a3tkdK7bQxOi+v70jGyR9E/Q1D7fP6L/q9L3W2RmNivlvS5qi5LgfxiEkFvgM
|
||||
EO1FPfXwTKhBCB5LqFY4e+viyGxjZ+nK55QgacU7MMNEJN0ntvSp4pLepL29q7ZN
|
||||
wSRAjZC3PJX5QZtOOtCYAJ0QqsUv8vZPhaObwPfLvGHku2vl9E8TH+HY0DWjvrte
|
||||
E9ZjPn19RWRFExiK2KpbfTJezFULhaAQaQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/box
Normal file
10
Zhosts/box
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 10.243.43.43
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvUMfRZOPb/zKvALZTyxKQuzowqqJ/HW2lm/RIOKL2uoTUgVX1DJB
|
||||
fCLf66e2fHnjnStXuaMDNs1kq2gi4EyK5Q50RxVBq7XayXYqfnFwzTE+Iqape542
|
||||
vYSWKLdrxljln8a2EYU7njtcWkTpW+cJIwSHEUkDLAowF87ElQ0gBmyX4p107pow
|
||||
jg7zcYierVdQXkI7mO4g2zWsywfhwscbu5hdCp1Fw3wHFDatgyhPj1pJruKe+O3c
|
||||
AebF5yQOAsCxAk8ZcwGLmmF5xK7lAeux2Qzu1B4Pkfxi97g1GVLnX+so7PR+vvkQ
|
||||
+OMzQGIWXtaOqov5q2O1N5RJzng/kCjC/QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/bridge
Normal file
12
Zhosts/bridge
Normal file
@ -0,0 +1,12 @@
|
||||
Subnet = 10.243.26.29
|
||||
Subnet = 42:927a:3d59:1cb3:29d6:1a08:78d3:812e
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
|
||||
VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
|
||||
UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
|
||||
oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
|
||||
/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
|
||||
lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
10
Zhosts/c2ft
Normal file
10
Zhosts/c2ft
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 42:e674:8a82:7fe4:fa51:d305:192e:846b/128
|
||||
Subnet = 42.221.17.214/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqS+nvuQnAlhsGHgjKRz0nq2nj9HWwzrA96xnng6UCmkTpFyprM7b
|
||||
20vQ5wqcHFAbuZh1dOOb9G2qqsZYE6V1452YLZZLMsnxiJD8kSorHrF6kJid5JjH
|
||||
xyyqSvkXaHClQItVjo7rIn5P/Tl+BMt64KaPxpu/4GBVHkCE1apLtaVRnEq5t2DG
|
||||
htZuUqzhuLN4TQiSVC++7qY1UQotjLbAQpYxf67np5sKWMOqg5UA+ghuLeO9jpqL
|
||||
qKoh2TMzotGwlYBMXVA0jJtQu5Sq/IWKWAyk9zca2LT0W0ZZWYiTl+Ai5urbJgCV
|
||||
GvWeJCoBKteIKUHRVNK1RLDFl6/ITOu9XQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/c2fthome
Normal file
10
Zhosts/c2fthome
Normal file
@ -0,0 +1,10 @@
|
||||
Address = samularity.mine.nu
|
||||
Subnet = 42.44.64.126/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA4ADumWibheOOocw3diK27ww4xfyptLZzlPcih5BJFUPOljXN33th
|
||||
1rbFwBr0QyRSad5U+/w1qlTCCqadjNdu+0RPGxbCrEqE3bUlrbES3Fw1ZtyIeuRH
|
||||
v6yTQuOzJXyceGGYJpK4JjFgFOggSH35dURDa1+x3pJECyWUAVDknWE5CS7HNufW
|
||||
bcREh18LoTUi7SGPeWauDLvVb/eeuDNJkoFj+HWpNqupFXpXUD7vQ+FBTtKO9FZu
|
||||
vd/QGYv7gkRGQfma3+2XW9fWgIfE1oS0qf4UfbycaEKMFS5Tn7li3tzCcH9Da4iB
|
||||
SsyWm1Hg1UYXccBdDYWYo+vdG59hIjmh8wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/casino
Normal file
11
Zhosts/casino
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.0.233
|
||||
Subnet = 42:3c1f:ea16:e181:7ab2:c51a:8892:7fb7/128
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAzmZ7x4HVpW8RC3ZkwmNKY/6VGlMKQbpBQtmrUzV1XFxKWZRhH3VI
|
||||
NOqlfVpTEaRTorht7R8F1aw9psDDUcg7yuQFcUdoXxBJxwbc1h0FKyZZr5kAIfpS
|
||||
ObE0rbBRRqJVAWgztpQAalWC95D73y/+tpHnQ+LRFq9IWeX5+QobaSym1oG4Y0Jz
|
||||
STSbw2ksjH8CuWHS5TjZr50Nyx6cH99HABDnadxhLBtQriJPSYRYdWyp7tYrW3jd
|
||||
As28mxkyFj0sFV3IJ/bYfZD9KSGg1KjQu+c73xKOBUhNtSHFjUzN5myYGd/nWCw8
|
||||
0PUReLrWC1ZHYPzqiwelTHcNJ3UcojpO9wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/cat1
Normal file
11
Zhosts/cat1
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.244.32
|
||||
Subnet = 42:86cf:a3fb:16b4:edbb:df13:a7a9:cd61
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAyjmB9IyBYexahK+fxSzVNrVxMXroXMc4Fyx16+XOt9hugn24Suht
|
||||
06kQwwbpkwjWfIEONzr0UPAbsOWG/Qj3w+dqiC5iqHZWFW/NdBgwunF5+INnEamj
|
||||
eIIqei1230C/NNpTph9u3UsT+ZgZnc+r4usEmTpZslvtkVwg20jwT4w3Vq1ws1Jc
|
||||
8Ccy8vk4FjgBP88zuvqzjBtTGQMrDgBd68XlGVKOhrvxCebHknbcHWpUz4cN8TX7
|
||||
bRNpSUTCSGd2taY6g4cUxiegbTeK2LDVvW/6XtISvJqVVllLD/p661W6gRUlkspv
|
||||
phLJc+zNLRxOC624JRivt+Ag5iBI4YP4SQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/cband
Normal file
11
Zhosts/cband
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.7.76
|
||||
Subnet = 42:c293:090f:df44:0926:c7af:5012:7cd8
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA11kwqXkkDRmxmoZNFDqtUsxK6d/HzTdFC/v1V3fttePuYFiEOhZl
|
||||
rLBS3+Eei4CsQrOwnaRBhHdnoOZGEdxJmq3YXDWGoVAn4bEgommCddzssVzWtVMf
|
||||
hIntuCExczEMIY+MGzM3QupYxUgRRVjFtvxoC9kKOSlaq0BhkdJiWygzN/NUfqpv
|
||||
HgDufoAcORLQInTpmQYEkZO+XmXejcCY/C+VD0MENqj3SijGw9tm2YmInwSwZnwX
|
||||
Zjh2xn96QbV9O7bpfGHcLxWhsUyyRC46knbbBXuAdbDsa2TUdzT5D7nb/TLfP412
|
||||
agIhk+cwFM24y/ChHdfoUBakKF4wZI3l4wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
17
Zhosts/cd
Normal file
17
Zhosts/cd
Normal file
@ -0,0 +1,17 @@
|
||||
Address = 162.219.7.216
|
||||
Subnet = 10.243.113.222
|
||||
Subnet = 42:4522:25f8:36bb:8ccb:0150:231a:2af3
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
|
||||
rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
|
||||
e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
|
||||
sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
|
||||
CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
|
||||
PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
|
||||
LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
|
||||
DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
|
||||
ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
|
||||
jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
|
||||
Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/cloudkrebs
Normal file
12
Zhosts/cloudkrebs
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 167.88.34.190
|
||||
Subnet = 10.243.206.102
|
||||
Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f762
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
|
||||
OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
|
||||
QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
|
||||
3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
|
||||
sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
|
||||
TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/darth
Normal file
12
Zhosts/darth
Normal file
@ -0,0 +1,12 @@
|
||||
Subnet = 10.243.0.84
|
||||
Subnet = 42:ff6b:5f0b:460d:2cee:4d05:73f7:5566/128
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAyx5x0jzfhex8EBSFLlOIkP1yJ5cSPLQ3hpPMvN0J7QdVbypU6a9C
|
||||
fzGpzBph1sRwXnaqCMe0og5VT3EdFtngbmm6t/CyMhBojkxMQI08m71JT5c07+1U
|
||||
OSSLXBXYHcN6cAEYEsvTiSuvP9RoAbUeQQbZryI4wpzzQ7ET1l7k/3eeXAwqRKR6
|
||||
xiqn/4597U09QYmllqfplJUBv2pIAIcFlm/KHvNTZGEZS83udfnECwDwgU63PMns
|
||||
38yiCpI79kagXyTOGCbkUatt0KNTzGNLAm0CyeFd1AdgUrj8fVg2jQLQlBrze+Gx
|
||||
jkphgkVEgMtVMTz8WKfz+Dro3jBfQstIjQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
11
Zhosts/dei
Normal file
11
Zhosts/dei
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.247.164
|
||||
Subnet = 42:d702:e261:bf4d:2f5f:00e8:bf56:4d50
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAva8pJ7H+ebQFEpqLZhr6hE6OlCRhSlPQwEoWtQLHT/zsgmUEhXcw
|
||||
9045IAAgALc1Wf6lVWKwNEBNyLNULUgmkXzgjCG1OuLAn7jWtaNQZT+b6ZM/b2Qn
|
||||
hrGdHCcpvW1kpIfho3zMts4dVx28Z85JJlI4ZqfFZWwiuCj+x8OELdqtm2IYryiu
|
||||
6dHRR+4WkgEvqL+1YF2RRxXIcSW2wFdZOggjXYobzC2wl9zWkTBPC6lKQjlKlSrV
|
||||
ZZBKRwuHloHPt7HJTjWZTX28CbC/P+3l5NyMhfmqtFPZuhC4p7EAWwcXXDz1Gkxl
|
||||
w5EbcTz01pePFj5oVfK5aUoi1JFZ9GSZFQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/destroy
Normal file
11
Zhosts/destroy
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 42:9277:1f1e:7599:ae4b:7cca:b4a3:fe47/128
|
||||
Subnet = 10.243.0.31/32
|
||||
Compression = 9
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAofIF/j4ddJEG0sOJJNp6hVXqLpj9FPw6a1vLLqZsn/NuZi3QCZ/w
|
||||
xj1nIsQbc1TnPLluHhpn5kuvzb0lThqmPJvX2uXnbq7WH6OvRyN/FV/Gn40txdni
|
||||
MFWD53zGlAle1/Jdt+to/+0mvRP8U+dKuggemGljX2nrUxaJgVRVzynvkys5l6vZ
|
||||
2oMeO/LnFcAt9ZkMFoqDfKB/RPOqTD9k6Sz8xubVtasQ4ufpQl8Uv6zcYl1PnV7C
|
||||
9Pj5MMtQVtRRV8hljImqpERunU6ZsXhyqI9O/cVw9+QkWf7Qh5E0vUKTT9FISyTV
|
||||
nmQ9v8JGV2zPDVMmwP1ewyA1W9YhGiFd7QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/devstar
Normal file
11
Zhosts/devstar
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.0.133
|
||||
Subnet = 42:2be0:92f5:3546:5f0f:8f22:6244:25f4/128
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwkkmkhGMnI0x5VIgdLwV2SvXO9Bw3Sy1U5AToZiG2dSB+OiwwLir
|
||||
JIrTHv4r73lMLROJjQhznq06VMmNviC82178H7/DZqgSqlGU7d9p1Okd5XCs6LI3
|
||||
eaL5mYTXFuA+PMHVvYqQ5fDQRQ4KoWmlSV65XUPejPlxtl3FXqOSHVuuBSbka+St
|
||||
qLyWLAh9d8AfWjxbAIv41fl6WOyw2IuDc05K36aT/TwzA3ykl+ekNObAjvpI0cxI
|
||||
+d3j8H8JY5jDcg1hvWT06JqpUcTJRkWLL7BBdQvWySaBcET1Flfo8eYVqVQDK4kU
|
||||
XV/tA1ax7YPFBQ7Lh3Ru9nEC45Gv6R4HbwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/eigenserv
Normal file
11
Zhosts/eigenserv
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 42:c9d8:ab9e:c7fe:43ff:0268:f862:42f7/128
|
||||
Subnet = 10.243.0.32/32
|
||||
Compression = 9
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAyy060LWeo6Z+Kp2h5LtyMx+KGdxL9/WjWfc1yf/YZ8lhZutNb+Kd
|
||||
u9AHbnrqTRWRslP+toNiC55aJ/KlTBFQA5nBu2DC1KdG71AX5th7bRvUMfEAEG1+
|
||||
7MpcyuC8Owvleg/b4Ihr+/kQNbIPPhAraPJU780Oy173jnt+PCIYY+aTnEuO3UBh
|
||||
yt3oPhfwMa2ssPL8GfF3YL9Pvh4UEbUu1E7zSOqzCOzH3od5I/G/TjvfHl3u4tEr
|
||||
6kWHVqOYaKMJlqYvb7tnw7QjJNFhVneBJN6eMaWfcmTp2G9S+SwOppW3P4yRxrar
|
||||
GLWPgEU6to1wduAktecWU/oWambgXb/hUQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/elvis
Normal file
12
Zhosts/elvis
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 94.79.154.86
|
||||
Subnet = 10.243.228.181
|
||||
Subnet = 42:42a3:7ad4:f156:906f:f6f3:943b:7b1d
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAv7wpfzpazvXzKJsDkJ8J9zsTZRoI6LnpSIcO8hLQcHNk6LTWjBy1
|
||||
xdnsSe3eQYxNmZPKi28PdbMo4YQlFdewLSB69PP6ZX5ISNXVlCZ5Cend/kfU1fXV
|
||||
tcZ4JQCl/adHqg8niLAODfnXhwVjMpllgq6gCg5mVPILy+CZ08OM6Ij7Q5d+3Jr4
|
||||
1zMvAXyeuNQcL+MkBveblKC6j/e9fqaK86sUh/4unfgmkB7GWjqFwmoHZepR83o9
|
||||
HTBmKxEIDKYjLWVXV1Wph3/JN/65igTtju26cVarUmTtGIhU44NzCi+94+wKuJMU
|
||||
Bbjk/CnuWQoU2ABPsxtW3r6m4pSDhypNZQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
9
Zhosts/exile
Normal file
9
Zhosts/exile
Normal file
@ -0,0 +1,9 @@
|
||||
Subnet = 42.116.243.248/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0H+DslKV6EDCZWBCJs+MFyvTR9Ej0yWthIHKzFrA4qI8rxskrGGP
|
||||
xhb16keQLPCAgBVVVmikh3pQVMq1K6ry5Of0uM7rU7crBzRfJ8zpGZXfYlBDFDAd
|
||||
Vg8wwDvEYsYCAKrZbYIKb88WR0mT7K47ipTbXd9utzmoWGa/SuGtPkYOigcWYMRN
|
||||
4QClPDLdICQvdohVvfd7/LXRNuwrWOJcmtLitTEZY9lo2hhv+ZKs7PBrmpTBhTMY
|
||||
N2Et69tVPQh1t7cljf3Esij5AUczv979C9Lvukj8Kb51Et0T9qcGAs/M3b64X7FO
|
||||
KjWVVQttj3AkjgLZ5OdYlm7uRRmYmKQ95wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/exitium_mobilis
Normal file
10
Zhosts/exitium_mobilis
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 42:0:0:0:0:0:0:AFFF/128
|
||||
Subnet = 42.127.75.187/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1zv7tkHIUxJX2FIFcfakvZZYuI3VH56nkQYlpTUzO9WscMF1BgoH
|
||||
WKOvHy9QzxAJgqmceroZKbV2PIws/PZgwk7vNGPmmZtzkTuNS+RXd2y1WwKTHpxT
|
||||
IZ5TKo9AGuU4dcMLAR2xheCJzTRNoxj4UrUgN1WkAqdKhN0Dysglfb+FuUiMdbop
|
||||
rbzsKhJZKnJOnS00Z9K7ZrTWkYQR6nhMuZ0EMggc+pa5NesHfIoeitXQxB7tz9M4
|
||||
6O7xE8ZkECdKXmRBGhSU2ghnCqiomDj9l6L6S6Ms8Q0ElPM78RTh1a32Euj9Ffob
|
||||
v4gQuzI0fUKe+pbm3VC6B+9awkdd8n1AzwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/falk
Normal file
11
Zhosts/falk
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.120.19
|
||||
Subnet = 42:845f:0432:a816:c623:fa89:8485:8700
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
|
||||
4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
|
||||
9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
|
||||
2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
|
||||
0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
|
||||
FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/fastpoke
Normal file
12
Zhosts/fastpoke
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 193.22.164.36
|
||||
Subnet = 10.243.253.152
|
||||
Subnet = 42:422a:194f:ff3b:e196:2f82:5cf5:bc00
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
|
||||
DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
|
||||
FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
|
||||
ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
|
||||
EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
|
||||
rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/filebitch
Normal file
11
Zhosts/filebitch
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.189.130
|
||||
Subnet = 42:c64e:011f:9755:31e1:c3e6:73c0:af2d
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
|
||||
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
|
||||
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
|
||||
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
|
||||
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
|
||||
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/filepimp
Normal file
11
Zhosts/filepimp
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.153.102
|
||||
Subnet = 42:4b0b:d990:55ba:8da8:630f:dc0e:aae0
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
|
||||
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
|
||||
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
|
||||
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
|
||||
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
|
||||
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/flap
Normal file
11
Zhosts/flap
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.211.172
|
||||
Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
|
||||
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
|
||||
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
|
||||
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
|
||||
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
|
||||
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/foobar
Normal file
11
Zhosts/foobar
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.135.219
|
||||
Subnet = 42:edd1:d518:f7d8:ada3:1ce3:f4f5:a986
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAsCu6xC0OctUKu0UsscOWfyQlMtMrD0Pt/wB+IDOnkEgDKqcTYGXW
|
||||
h6VqMqE2cQhV3ThoxqeIPnQzwiMuVd0n2q3ZDexfYvHmqTZoaMrQZJlgY4rDx8jC
|
||||
USFqnvtkJbOxFBiS3c5yjOIybGSGDXrAaxmn80xewNIsdSqaY1/2FxKwx1Fn+Kf2
|
||||
hIQOEYkdLhwPso+HyNGUwVKjsRVCSWdJSzBHB38cPZRoPpcmRHOTs/Jtx0b4RXQr
|
||||
tVYW8i+Jq6hCt9sDLJexP9unPGl30Gn052noj1t4DRCPFpOYSLJFcGU4n/OzYbzY
|
||||
O8VB5DjgGK0eyEXvtByxvWYPnuRwSLaH3wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/fuerkrebs
Normal file
10
Zhosts/fuerkrebs
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 42:0f19:8a1e:7865:721b:2378:bef7:1159/128
|
||||
Subnet = 10.243.0.144/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1HoKqh7HvXCKybe2FNBI/wuOvkZuftL0/DDZfZtPlCRtdcOA4XFj
|
||||
hQng5+VE3NG0yKcRs59U8iHSeN9b7Is1YF4q0RtM9YQTDhvS/vfpHDq42ftjMs/e
|
||||
MIFvYBGr2WIOzOYPiACURRcaMmoAViqK2Bwda45jORPUGo1afibH9UcDs76lFuaI
|
||||
f3mUZvLlqdJEtG040WoT1douGWtUWkCB6/pVUgLAurncOz/XiSI3GFzkMUY+0pT6
|
||||
0G34AcYqvdQyxH3x0ebclFlfY2aPStf6bGMejcpRJm4M02xF809DVYlUL3mG6krF
|
||||
MdWP85dCQ4V/RL0HdZ9PEjlVhgNOF1aQowIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
13
Zhosts/go
Normal file
13
Zhosts/go
Normal file
@ -0,0 +1,13 @@
|
||||
Subnet = 10.243.109.132
|
||||
Subnet = 42:f9f0:be1f:b191:116a:3db0:d546:70d2
|
||||
# dn42 routing
|
||||
Subnet = 172.22.0.0/15
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEApKt/lYqRgl4KE1ouSi5nbt7n7FEjECkGtkRhLFDJs0uWNvPj7wEh
|
||||
nTtqzk7lJ8upHgmNN+1w98n2bcJ7Qcbz8vCcMEO7MXdlzGH9vet/g6ZgQ/Z1ijHl
|
||||
IxYeH7yyBDLoJ2gghMhiSF0cezFDmNKPMhN+cGr9Lou54igK3I5CMIMN8cx0Fu0G
|
||||
uLAxvnZfxIzzCnrF9xvZ6i3g/rEcaGjxmAysCW8SQdRmBKlkzQaUbLy39V2Z5y6m
|
||||
SWR7gIGgMVCkpSeWUVSi05wgnMhoEu6LEYTBy/3bPK96O/Y7JBVpYUHqk/ya2PNR
|
||||
eaHfEpCrKsek4t/5hcLk64Eo/ydzeU+gAQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
13
Zhosts/gum
Normal file
13
Zhosts/gum
Normal file
@ -0,0 +1,13 @@
|
||||
Address= 195.154.108.70
|
||||
Subnet = 10.243.0.211
|
||||
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
|
||||
Aliases = paste
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
|
||||
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
|
||||
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
|
||||
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
|
||||
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
|
||||
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/heidi
Normal file
11
Zhosts/heidi
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.124.21
|
||||
Subnet = 42:9898:a8be:ce56:0ee3:b99c:42c5:109e
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
|
||||
1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
|
||||
jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
|
||||
ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
|
||||
q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
|
||||
w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/horisa
Normal file
12
Zhosts/horisa
Normal file
@ -0,0 +1,12 @@
|
||||
Subnet = 10.243.226.213
|
||||
Subnet = 42:432e:2379:0cd2:8486:f3b5:335a:5d83
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
|
||||
Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
|
||||
XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
|
||||
+EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
|
||||
sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
|
||||
M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
|
15
Zhosts/horreum_magnus
Normal file
15
Zhosts/horreum_magnus
Normal file
@ -0,0 +1,15 @@
|
||||
Subnet = 42:0:0:0:0:0:0:affe/128
|
||||
Subnet = 42.35.89.21/32
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA4PcEqnw1ZrBgPl0yNO7eQ9aJpV4HKlENVhc/cobLh3dQgbmpw2Qr
|
||||
MQODR5qPxY+WmyZiQeU5sh8WutfpVn6xBCmR7QDqA+xpPhe/Y6uqWGDjxNftnetz
|
||||
gphYv/nPGj0Dv5mo2HGPFK1VG+kp9k+vlZb3r+03OVFrIVHsUg6qE4e8o7pN4OmF
|
||||
O10i85csMyKvSfA/rNHC7RdYP0tVLZTw4ZMTQh5t6zr/foHMr5KPXGVM/hjUWXW+
|
||||
ujSxUam6JxS1wk1zFp72Vd3X+JQH1eaDHidm3BBVAvCynyhUyaQh7nSjIDWZdGqQ
|
||||
GmBcj0M05o1tVGV/7sgQUTNHiLaX6vE35hQoq0Jr2bhfIzjhESLl7HuBMpvDntLE
|
||||
Tv+c/R3qryTNBBHFZOvYU0qx7I0cq5NLx4BqUXd6EykQvLZ53TyjFlINGQuEZXsj
|
||||
LOtyAj4n2EEg6WmSUhrB+tyowqumdT8ltemuhZ2zDmimep9EvMiZOVns8VkTqmBw
|
||||
lRzatTHS5tv6NieDzWTBuMqZiWjgpK8GILUn5e/ecIT2xTSVvo0jzIBwKtFpwf+X
|
||||
CkBB0tNlYYmDmHJxiKWBsgw27BFmQI59h3wGHXHSDRgShLBjNH62Lm6omDwivDJQ
|
||||
CJaTYPIsL8sdoCglCIV9NwUkj8tM+cvxZiZjvB3zizNxL57ZqpAcNGsCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
13
Zhosts/incept
Normal file
13
Zhosts/incept
Normal file
@ -0,0 +1,13 @@
|
||||
Address = 77.95.224.63
|
||||
#Address = incept.krebsco.de
|
||||
Address = 2a00:7b80:3008:3::fafc:241
|
||||
Subnet = 10.243.0.174
|
||||
Subnet = 42:a2fc:1c89:65c7:6e60:1f62:eaf9:e9b6/128
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvy4J8CewsXeFkFOLqDwiTN+3fF0yjmP5ZVtrLrPJn7Ux75elTdn3
|
||||
iLcJYTgaO1/dmw8fPD5DkNnb3wiadZiFGXpsTd1jD69mHcn/6RY/0Fcne9qDiqgp
|
||||
vafpUD5UP7/7S+l5kkD6n7HVRblLXJIJk6Z8RCRN8OGyfjMM1IKeoR8kR1+85fpf
|
||||
C28fnU3Nz3YJDazOaMD7aGiyGZDRyY+wRjbWtMXE/NH8ydN148ZpFaMvBjM7fl/B
|
||||
q8XS5Rs9lFlW2jpex+W2DNq5t4QRMUDrLgD0gug0UiYCYw4IJg7OiI3g6vwjSDtq
|
||||
hRxpQ4nq3avmTR/NWzZ97PP4eXTCIQhiQQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/ire
Normal file
12
Zhosts/ire
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 198.147.23.143
|
||||
Subnet = 10.243.231.66
|
||||
Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7
|
||||
rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt
|
||||
6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU
|
||||
1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K
|
||||
LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu
|
||||
nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
9
Zhosts/ire2
Normal file
9
Zhosts/ire2
Normal file
@ -0,0 +1,9 @@
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwXkn0H/+BUiARYSzZCpjqEwGeDZsbRHoWcRNlmlP6XjPMbKKQBHf
|
||||
gdERPevhoGaNtQdW6SEA5xb1cJDHZILHZtpJ63hs6999gB9x/n4x7eR6C9d7HPDD
|
||||
rGv+tBdwo8QWOIQIVnSAr6WdduSg2CyZbHd6d2Xd12vrfqJxnODSUHibrUusEc/D
|
||||
XBK2n1un3znzk7P+KT0xXMtNPU2678tGuwsvSIOoDfDx9+2xuxGANeqvEOeSAgg/
|
||||
SUH5CbcAFI2/4AKWP4e/yxM26YoKdz1Fu/hx7WqKwYmPERrgcr8ienx4WFGG83AJ
|
||||
CmiYwO23L4qSp1KZT8SbGDh2YpamZg2BZwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/irkel
Normal file
12
Zhosts/irkel
Normal file
@ -0,0 +1,12 @@
|
||||
Subnet = 10.243.253.117
|
||||
Subnet = 42:1970:cb1b:d9e2:4603:c1fe:ee00:8145
|
||||
Address = 2a01:4f8:140:21cb::5
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1i2XcUold9p5aa4qGv2o3hMwlIt4+CBxuOwnzMOp4WjJyGWBrQiM
|
||||
Lw9qpwvc0W6c/MYTAUzkq42766jlYRzA/yse0/DeKJvF5BrCk36eH9R2okK1A7K5
|
||||
tk725pTf6D37mkjbiupo7FFfHNGjFdSH7174ZpK/N81YWgrGo1cQUU8JJKGgFv6S
|
||||
XZWiWbJWKnLW/a4zyg7wnkH3KlvOAthSNgyrVqZazi6gTJ12kZTg9DGg+Q7iTdi5
|
||||
oXc4hilymCdF2fDfmG7M3naaRQKntjlpJmc2Au7wTVXj3525c3Ms+1k//HlX8DQK
|
||||
a93ZJA25nfpoYznx73lz/IASO2n/jn/3mwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/juhulian
Normal file
11
Zhosts/juhulian
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.0.38
|
||||
Subnet = 42:449f:b00a:e973:514c:3e9f:97ed:aac2/128
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAnNyOsNItOzNQndheZ3ppOMWvIOuO1wgLXArINS1ORcgIAJmLpqDI
|
||||
whsZFCVifwAXsdeBJyyZOPZrc2PQ4F3KB9ByX6PQ9jqAhun1aE9SDDqp+woOrTlP
|
||||
BtJ/8zAmRhrfak61TxpeTndLk95xOLaCwvS2P4SJLIcyutTbbFdBCqpu7cFUGOOP
|
||||
qCKLX7/mv2L+GNmQAnWZ5HwXQzBS6gNaNIcQ8mPCUAIZgRU2T83x/tnyH1RlATK2
|
||||
lYUWRM0ie+dRMhiDcwmmZrwYl8wzyvuBPEr/p8ZBM2tua8GlQzJUJl44AiAcx3w9
|
||||
0EB5MIRL5Qb0yBvXD0yR+bDizqvhd40LvQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
28
Zhosts/k2
Normal file
28
Zhosts/k2
Normal file
@ -0,0 +1,28 @@
|
||||
Subnet = 10.243.97.72
|
||||
Subnet = 42:717e:2a17:e7ff:eb6f:b760:5af4:7da9
|
||||
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIECgKCBAEA53djolgdUlLom7SDi+x1jscvLduf+fzPNlVRk0c6UtR54iHpzVrg
|
||||
7OT+PZEAirhWrHyhQQIRoKRK6vRKMwm0PfrMjQXo+1zhBVD/JiPzVGSBfETqVI8E
|
||||
jeCS7EaKsZ8gRdWZ4QkDfaQhdWA2RrvVcwpVVxMkjYsHj3EtaHkWGcJs1JAuOsK5
|
||||
Zo8ZbxpzgcNz3tiFR4PSp+N3ARE7t2sj8U6z2lk/0TIff3To56u8rDasUGAKf3Rp
|
||||
okQmG0EGgTN+qJs/dwIdeKtxcZrRCVd68shphiYE9wC4WXELgJJ8jo4tIiZRu7n4
|
||||
lXRn9zQYY2lax4OlBZSkRiaPEISwv5Vv48/H+I1vRaEhx02QL/PnODWSlqMNGiic
|
||||
wMBh+DdvQIXRm1W0xxlsY2YOo7GdCywJyLDue6v7ykmQBFgYqP/gVrsoR1y68IdS
|
||||
3/dT0lYhrNL+PwKjI0iXPBvA018yw0Dvdgup681C9nzdyvd7y9NorxjeE9Gl9/yd
|
||||
X6W8ZE2WIAsli2wGsZLuedcn0mZ25flXbFn6OhrPhP++Kub5IBid/iT60KvxY6H1
|
||||
l/DEBJJmFJBsBvFPyFXoEkPJSD/Uc/2veMlb/ues4ur0eBMVML1ZaiK0EzdBYfCv
|
||||
kgnVwQG6c5+0XkMk3x5kQ93E0Mr5whILK2upI2tBygAN/SpTsoNXvOFIHw/Ksmcl
|
||||
Eqly4P7DtQ9Lu+1DkoLa4ltcejZj0Jjy1j3AI59v0p3Ygx2OWHFv4H5GVjq1T2Pk
|
||||
1IAU8X2UTNmcQw5UReJxkNdREOw/XI2pNSBKBDOCMKXH4+a7P3GwheadQiVU5z/Z
|
||||
ie/wbsAtp8MGd67aN/i2nrTQfk7RZzIec/UG1XhlQPmJAVIfS5QnFnw+cTAMtYeU
|
||||
wHHe4Q3m2+bikBFoqdhJo93Ut5ywGeueKXSyJX6I5AXiiiWnme+IHuNH0G5568yO
|
||||
bA9OwDLt4C2U6BFEQtHBA0I8Hh2RT9ObrLUVBUK1aAujLvGvfPhq8QYCcWDJsvxm
|
||||
/uAJGb8UdPScTEjftYTWIc1/jikIpK70qOeKiQfxT91hQEBw5mgMCRnAy4m9OjCI
|
||||
ntVpHGpylesZWM/na8gZe4lo2dXI7tc2urpqyOThkbpYXNdlNG4F/QcuP90QmiV1
|
||||
hyriyHPjbSwIRM3aX7Y/WKwzky0swW+J6mW78yqa5Gt4SzDQxd3KHDAP5lZuFgEM
|
||||
aHLOkmOoYlOxWi8eOIWByoH77GFyudeH0EMZV8pwCOTw3GUa1ehhOUlDD6i3CH1/
|
||||
gJOQjoKC/ndny8Qz/S+tCLjRHIpQAx36yLME3AvXoKXctuZsZy/9CAsLt9tLZJI5
|
||||
AqC/vsOcurKsk1i4GtwuCFnu3qr4OvhwywIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/kabinett
Normal file
11
Zhosts/kabinett
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.213.120
|
||||
Subnet = 42:e792:1d5c:c89f:f932:e954:6ada:1dbf
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA1sVtqyeCdKB1nabs0FOC62J+J+grP5B/3/s1cuAxcJmER+NaT/Kv
|
||||
rvQeB13BmrIjfJTBaezdR+wp0RiPB7s/aMPjWwS5rzh3KhSFk2SFpnLjB2WIpKqs
|
||||
N9TQEf2xB0TBWHqcpSqSthjP3SOGNP7gt5l0D13QIHkRQ2xX1PqYikkYi07cQLO4
|
||||
rwXrlEBOY8Dn0GR37NA0k+zt0AIdJ78zXHNjVn5hRj8aLGKB0q/FOtdMNRYEGD40
|
||||
An82Y2sW+b7U6Tnrw43TOO+AP/OrclEjmNDTRqYLiVAeFHXKjwbCsSlof0qmoipZ
|
||||
H+nbsB3qkFpNEy1cA9c/pqHfSpqV3WihRQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/kaepsele
Normal file
11
Zhosts/kaepsele
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.166.2
|
||||
Subnet = 42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
|
||||
Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
|
||||
rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
|
||||
y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
|
||||
yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
|
||||
FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/kalle
Normal file
11
Zhosts/kalle
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.154.218
|
||||
Subnet = 42:05bb:0d2f:4f25:2c6c:1217:6264:dee0
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAtILSBsb+ISWiyUjJHWN5JWNY7Z5hxxxFADQbK/1ZdlCdeIorQI2j
|
||||
gDHdWgck9NasXXa04I+5jw2eDLjU26+r+T1vP/fdOg5yLOgnknL4jkHFVCb/ScRM
|
||||
2JZAEXLSAz6g33ks2snQzuyAPTEvZhp49+PN9VmX0JBr/ErKGZzFKVVU+gREVRKa
|
||||
fOC4+daKrmRzZWg9DFaH5DIrIEiXidixuX/boHprJeULdp81NbnymXxhc929UWbV
|
||||
5g8BnuTlKqDDM7stJC4dwKizrv6wXuH6GD0OsDiU8JcoxV3jvM16NmgtAe9BKH1q
|
||||
tg1fIY6f67eIihr3Lnjb3UPw3UqwFXosGQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/karthus
Normal file
10
Zhosts/karthus
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 10.243.42.13
|
||||
Subnet = 42:42:42:42:23:23:23:23
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAtGL2Gu8Dw/NsgJNcu4XY9eWUM8prL0JC1UfnACXuOCPns+Bdm/dG
|
||||
uVTHdejjxv6y4FjWNCoD+45lP31QfBIqIOtUsfz/4ox9bvyTOUWQCe0NtBs2SMyO
|
||||
O1eWSD4cnNfskYdyOHQbD+KSSiksyzaZdcqqx9FgWo1VT0f+oElnZ4nLBKRNBguN
|
||||
GwVLjreE0GSxhcV2r6oHsaT+udvQ/PlQgn/zia2tKT+OI54WDJGXsKEvwRRnaRz5
|
||||
33Di58g3dffo0i7B3S889sa5B7l1kh229cw24Gc0AOtmm8Vacle6iTw3Eg0uLzxM
|
||||
nKpOma0+K7CoE4IqSZy350iTgheHwq+y0QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/khackplug
Normal file
11
Zhosts/khackplug
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.217.107
|
||||
Subnet = 42:ebe3:90b0:539a:6ef0:0910:b724:00b1
|
||||
│
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvytShP1vgYLDYJhiC26Vc1/cVJOptUnuyTc8Id9vkCkgHZRpKs3T
|
||||
jO2KRaQMDWMXfXkMfVp84/2Q85hpUzYqXQHaNzitg9nHGR2n+a6zfwNKWAm6n2WK
|
||||
AMsPf1weamzs6EfCm5WztqenoHKNUxpzXVyLJES/WK6e5ba7FEpszZx+ydoc5GjL
|
||||
kezqch5p+U/J2JoUx3aIpQuWvc0i/4KYOuGzlWgUYLNyqL1m3gBkahiPuOtzf9Ul
|
||||
EP8QY/GQa1HTFuhLS0Y5nVjZvWnjVVEloXbq9SD2I2fc4GD4+F8wtFMsJyEF2qxY
|
||||
XfSLTlpHaJbSBNiopQyWG62RZda/p0yq3QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/kheurop
Normal file
12
Zhosts/kheurop
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 91.250.101.180
|
||||
Subnet = 10.243.78.78
|
||||
Subnet = 42:bcd9:7340:9628:9604:7068:5061:4976
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAqIFB0Nk2eSg/K/dJGOEegtezhn5P1RUi1ZgxoZoTR6K4T/tSbD2u
|
||||
gjPU53mhRN622lLayMMXtWVKdhO4IUu3mKfemA/8/fy7Qu9T51UUS+NXu/4g5X3W
|
||||
Jg2a37TrnQUrsqNud7QQhPTGF8L0+UT2mHlfRYggtAO1J2pSWtsqDiMAOD+89zvg
|
||||
Gta8aMdaFPhdkfboaHH6mVJBFOkrjQJE4RiUzwZS24PKh6gRJV4cENdcNRYdVwhv
|
||||
dOM+SWzPZXDTAVyG6HptvSdfDUKi4hJY4yS+TIf9j7yR0YpUie3CsbN4a9jP2KVt
|
||||
/NhzZ9nNaEv6O8Nk+7Zu8OaxUPgctEFYfQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
12
Zhosts/kiosk
Normal file
12
Zhosts/kiosk
Normal file
@ -0,0 +1,12 @@
|
||||
Address = 2003:6a:674e:1001:211:25ff:fe05:a54d/64
|
||||
Subnet = 10.243.232.122
|
||||
Subnet = 42:1ad1:b481:00f5:aab8:f8cc:51fe:4b87
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAwohazY/T/cp5Na3zLEWhz9Lnz78PladH7CMN+1TLzNXgK96bPvrN
|
||||
6ktxIFc0s4m/jWW1AZOjxxGZGmwvaGag9XH8NLMmaqtd2NpASI4c801wEVLuNpss
|
||||
gqPAIhDdDWV0WmiDiHe96qQuBVNGv7jlHTuNghwlmgLF0csRDiZZDHn5Bq7plAJB
|
||||
0kQSspvq7UpBzVHVlDefIIe15/Yyt9IC21S1o746ZIZ8RYCG63Mnbcs4vfShVxJX
|
||||
NnD9++HJV39NA9ozR0bDQUw6s0rVHH/n5iWaktJZ23r2TG3O+7ZZj4QHmkng/Xow
|
||||
pgIjcpIWlaqfG29Gl43SWgsVnphemvyP3QIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
10
Zhosts/krebsplug
Normal file
10
Zhosts/krebsplug
Normal file
@ -0,0 +1,10 @@
|
||||
Subnet = 10.243.0.182
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAyd4FnOIEcUDQDudDOhU4wwKT+lqV4RJMfg9QgZC2O3xTGvzsFeRG
|
||||
aSMIDMkPzhJ/ggIWAzC+IM2kBv+YCRhu4zOnzWIo5IaC8Me2TZ1JhZ0nZN1YzEGD
|
||||
LmBsnngO5L1VnWLYSKRALa5Kv6wQHHz0T6PlsvBQ8SWDG3IKIe/gOFz7eh1Z+ss/
|
||||
5XaiYeLMmukEuuilOJZhfDiZPmYOeFI5w7YTM+8Iz/oZRyf8P57pjN21R3feoyTm
|
||||
WusgHUuRLRqSUHdYu/E36EyZ9Oc0WPk5yLUhstkPaS1Y35xMEhZfQQpIruQxOst1
|
||||
fgiOQg/gKmizzgzdCbfAf13dknkWsqoc0wIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/kvasir
Normal file
11
Zhosts/kvasir
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.103.166
|
||||
Subnet = 42:c039:e082:3c01:2577:a367:7097:6824
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA4Jp39vupT7tRf+o6H/ucM01lUwgd0UBCqnapUHZhWKVSAde91lxU
|
||||
Z49unHxUrfQMzuJkY3MgsS/fyIC9eBHexwRpLnhc56p7d+tmLk1WZ2ysLifNi/k+
|
||||
AOvyBcwT3u/59VJGDcAyJwXeoX6CvX9nxUshGqQ2mkVUwbZEt5lLwtiDMnp2K5rg
|
||||
dqQK6tBrmzup/yzppPPRSPwMfGi9Gv8T5OrWqwr78I7WiVkH9LBpudJqJHPFVreF
|
||||
TTsN9a/4OWJGZ01M23IGcO6eCnynOIP7gxsmUEwSSxK7MEy2kxBKi/2+OtsCUOpT
|
||||
QQRFu/MTVEFXl/cl5XyXOMQadMZEB6MjwwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/laqueus
Normal file
11
Zhosts/laqueus
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 42:0:0:0:0:0:0:1a1a/128
|
||||
Subnet = 10.243.0.12/32
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAy9lnH4qDSYeNbpzpcQyq2LzzxkVy2N1vGgKkVttzx0cgMvyRm3aX
|
||||
wlacS+3ILBZ3tw+JuCKR9gjRluwKkqoReEINcAam/GbubJ6QBpV54goYm7YGOIuf
|
||||
GkbWVk7Kts67KWWhZDzEL30GRv94K6e+m8e7rhnqrTgPyPk3oSwHzvPy1oaf6bTI
|
||||
Y/aDQjohFVvQZxF8joKhAE8JrzjKAn8yXmX8VlGW53XBXAb88Ggkr5raMZ24Rcc4
|
||||
pdkOc7sFfVImH/ASwkcPi2xX0adlz937lD7rkn5/Q9B9AwsHb1yQKJgWEeYWOQ8C
|
||||
F0SzpZiwHz5qB+eg3wMT0ZnvPJKitshyjQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/linuxatom
Normal file
11
Zhosts/linuxatom
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 10.243.173.58
|
||||
Subnet = 42:1c07:1a24:1a26:c799:3b44:a8f5:59ea
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAvGy172meTuwHfGZLVHi04+7jb+GRumqNRowffrmMOxFAq6wiL1E6
|
||||
7NfJFSc2/wmLZdTCnAtScVicVFZ8UEK2Uv/WMdevJWP63LxUOXpSFtoxNAlpSk9e
|
||||
rzwxWj3VxHru7EZA6gu45ff4/seApy/jDy+hceOmOiG5z8VudoRYWe98IoO1ua0E
|
||||
rtz415WP0xN+Mb4mGU48JSLYZkOHVIvkf+VVF5jXFbbnH+w0kkTuRMMp6Z7ETvdZ
|
||||
RU9nKJ55sflkPhs1/ttU4cYkci55YPVGl7GCCr6Xw4oerIz/jHnzBGroh/wDpEXm
|
||||
6RxpsC6DnVQUW3zw0DXuSKoAy0UoQPYqQwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
11
Zhosts/luminos
Normal file
11
Zhosts/luminos
Normal file
@ -0,0 +1,11 @@
|
||||
Subnet = 42:23:42:23:42:23:42:23
|
||||
Subnet = 10.243.42.129
|
||||
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAuxgY9SfSCyCuTw2bPtC/He2/NZDYQOcGd8+5Bo6h1/h2pU+qKPQB
|
||||
0digU617dG2NVMaT0qmzEz86e2avr0PQsyfhmHO8JNOTqwjyQzKcv3iA+B0jU7Gh
|
||||
F/PaW+e+0O+a3LO27FCA0uuxEHyWaXqk53a3wKmjo4fuVy1QKOOoiaFaYLaaTgmm
|
||||
8OJG+AKWR/ArihpopgAHFjiqB89xWVw5CgxHDwfzVcmI9SOAaEuTfL065XM4uoH/
|
||||
LnbtoyT8zN+He1AlaEJMUaWdo8SWfjBFyVrT1zRQ+0S47tlTCW8Neb0KKs+m9d0G
|
||||
rAdv6+iFmQzpv76cgYQw2+AkqkUF8Y8xSwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user