Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
e57841421b
@ -8,15 +8,15 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["144.76.172.188"];
|
||||
ip4.addr = "144.76.172.188";
|
||||
aliases = [
|
||||
"dishfire.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.133.99"];
|
||||
addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"];
|
||||
ip4.addr = "10.243.133.99";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233";
|
||||
aliases = [
|
||||
"dishfire.retiolum"
|
||||
"dishfire.r"
|
||||
@ -40,15 +40,15 @@ with config.krebs.lib;
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["162.252.241.33"];
|
||||
ip4.addr = "162.252.241.33";
|
||||
aliases = [
|
||||
"echelon.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.206.103"];
|
||||
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
|
||||
ip4.addr = "10.243.206.103";
|
||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
|
||||
aliases = [
|
||||
"echelon.retiolum"
|
||||
"echelon.r"
|
||||
@ -75,15 +75,15 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["213.239.205.240"];
|
||||
ip4.addr = "213.239.205.240";
|
||||
aliases = [
|
||||
"prism.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.0.103"];
|
||||
addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
|
||||
ip4.addr = "10.243.0.103";
|
||||
ip6.addr = "42:0000:0000:0000:0000:0000:0000:15ab";
|
||||
aliases = [
|
||||
"prism.retiolum"
|
||||
"prism.r"
|
||||
@ -107,15 +107,15 @@ with config.krebs.lib;
|
||||
fastpoke = {
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["193.22.164.36"];
|
||||
ip4.addr = "193.22.164.36";
|
||||
aliases = [
|
||||
"fastpoke.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.253.152"];
|
||||
addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"];
|
||||
ip4.addr = "10.243.253.152";
|
||||
ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
|
||||
aliases = [
|
||||
"fastpoke.retiolum"
|
||||
"fastpoke.r"
|
||||
@ -139,15 +139,15 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["104.167.113.104"];
|
||||
ip4.addr = "104.167.113.104";
|
||||
aliases = [
|
||||
"cloudkrebs.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.206.102"];
|
||||
addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"];
|
||||
ip4.addr = "10.243.206.102";
|
||||
ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762";
|
||||
aliases = [
|
||||
"cloudkrebs.retiolum"
|
||||
"cloudkrebs.r"
|
||||
@ -172,12 +172,12 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.12"];
|
||||
ip4.addr = "10.23.1.12";
|
||||
aliases = ["uriel.gg23"];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.81.176"];
|
||||
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
|
||||
ip4.addr = "10.243.81.176";
|
||||
ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56";
|
||||
aliases = [
|
||||
"uriel.retiolum"
|
||||
"uriel.r"
|
||||
@ -203,12 +203,12 @@ with config.krebs.lib;
|
||||
cores = 2;
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.11"];
|
||||
ip4.addr = "10.23.1.11";
|
||||
aliases = ["mors.gg23"];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.2"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:dea7"];
|
||||
ip4.addr = "10.243.0.2";
|
||||
ip6.addr = "42:0:0:0:0:0:0:dea7";
|
||||
aliases = [
|
||||
"mors.retiolum"
|
||||
"mors.r"
|
||||
@ -234,8 +234,8 @@ with config.krebs.lib;
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.3"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:7105"];
|
||||
ip4.addr = "10.243.0.3";
|
||||
ip6.addr = "42:0:0:0:0:0:0:7105";
|
||||
aliases = [
|
||||
"helios.retiolum"
|
||||
"helios.r"
|
||||
|
@ -8,8 +8,8 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.210"];
|
||||
addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0001"];
|
||||
ip4.addr = "10.243.0.210";
|
||||
ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0001";
|
||||
aliases = [
|
||||
"pnp.retiolum"
|
||||
"cgit.pnp.retiolum"
|
||||
@ -31,8 +31,8 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.84"];
|
||||
addrs6 = ["42:ff6b:5f0b:460d:2cee:4d05:73f7:5566"];
|
||||
ip4.addr = "10.243.0.84";
|
||||
ip6.addr = "42:ff6b:5f0b:460d:2cee:4d05:73f7:5566";
|
||||
aliases = [
|
||||
"darth.retiolum"
|
||||
"darth.r"
|
||||
@ -54,8 +54,8 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.212"];
|
||||
addrs6 = ["42:f9f1:0000:0000:0000:0000:0000:0002"];
|
||||
ip4.addr = "10.243.0.212";
|
||||
ip6.addr = "42:f9f1:0000:0000:0000:0000:0000:0002";
|
||||
aliases = [
|
||||
"tsp.retiolum"
|
||||
];
|
||||
@ -81,8 +81,8 @@ with config.krebs.lib;
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.91"];
|
||||
addrs6 = ["42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db"];
|
||||
ip4.addr = "10.243.0.91";
|
||||
ip6.addr = "42:0b2c:d90e:e717:03dc:9ac1:7c30:a4db";
|
||||
aliases = [
|
||||
"pornocauster.retiolum"
|
||||
"pornocauster.r"
|
||||
@ -108,8 +108,8 @@ with config.krebs.lib;
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.1.91"];
|
||||
addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
|
||||
ip4.addr = "10.243.1.91";
|
||||
ip6.addr = "42:0b2c:d90e:e717:03dd:9ac1:0000:a400";
|
||||
aliases = [
|
||||
"vbob.retiolum"
|
||||
];
|
||||
@ -135,22 +135,22 @@ with config.krebs.lib;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
euer IN MX 1 aspmx.l.google.com.
|
||||
pigstarter IN A ${head nets.internet.addrs4}
|
||||
gold IN A ${head nets.internet.addrs4}
|
||||
boot IN A ${head nets.internet.addrs4}
|
||||
pigstarter IN A ${nets.internet.ip4.addr}
|
||||
gold IN A ${nets.internet.ip4.addr}
|
||||
boot IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = {
|
||||
internet = {
|
||||
addrs4 = ["192.40.56.122"];
|
||||
addrs6 = ["2604:2880::841f:72c"];
|
||||
ip4.addr = "192.40.56.122";
|
||||
ip6.addr = "2604:2880::841f:72c";
|
||||
aliases = [
|
||||
"pigstarter.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.153"];
|
||||
addrs6 = ["42:9143:b4c0:f981:6030:7aa2:8bc5:4110"];
|
||||
ip4.addr = "10.243.0.153";
|
||||
ip6.addr = "42:9143:b4c0:f981:6030:7aa2:8bc5:4110";
|
||||
aliases = [
|
||||
"pigstarter.retiolum"
|
||||
];
|
||||
@ -171,18 +171,18 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
euer IN A ${head nets.internet.addrs4}
|
||||
wiki.euer IN A ${head nets.internet.addrs4}
|
||||
wry IN A ${head nets.internet.addrs4}
|
||||
euer IN A ${nets.internet.ip4.addr}
|
||||
wiki.euer IN A ${nets.internet.ip4.addr}
|
||||
wry IN A ${nets.internet.ip4.addr}
|
||||
io IN NS wry.krebsco.de.
|
||||
graphs IN A ${head nets.internet.addrs4}
|
||||
paste 60 IN A ${head nets.internet.addrs4}
|
||||
tinc IN A ${head nets.internet.addrs4}
|
||||
graphs IN A ${nets.internet.ip4.addr}
|
||||
paste 60 IN A ${nets.internet.ip4.addr}
|
||||
tinc IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["104.233.87.86"];
|
||||
ip4.addr = "104.233.87.86";
|
||||
aliases = [
|
||||
"wry.internet"
|
||||
"paste.internet"
|
||||
@ -190,8 +190,8 @@ with config.krebs.lib;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.29.169"];
|
||||
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
|
||||
ip4.addr = "10.243.29.169";
|
||||
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
|
||||
aliases = [
|
||||
"graphs.wry.retiolum"
|
||||
"graphs.retiolum"
|
||||
@ -228,8 +228,8 @@ with config.krebs.lib;
|
||||
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.153.102"];
|
||||
addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
|
||||
ip4.addr = "10.243.153.102";
|
||||
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
|
||||
aliases = [
|
||||
"filepimp.retiolum"
|
||||
];
|
||||
@ -252,8 +252,8 @@ with config.krebs.lib;
|
||||
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.89"];
|
||||
addrs6 = ["42:f9f0::10"];
|
||||
ip4.addr = "10.243.0.89";
|
||||
ip6.addr = "42:f9f0::10";
|
||||
aliases = [
|
||||
"omo.retiolum"
|
||||
"omo.r"
|
||||
@ -277,8 +277,8 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.214.15"];
|
||||
addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"];
|
||||
ip4.addr = "10.243.214.15";
|
||||
ip6.addr = "42:5a02:2c30:c1b1:3f2e:7c19:2496:a732";
|
||||
aliases = [
|
||||
"wbob.retiolum"
|
||||
];
|
||||
@ -301,24 +301,24 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
share.euer IN A ${head nets.internet.addrs4}
|
||||
mattermost.euer IN A ${head nets.internet.addrs4}
|
||||
git.euer IN A ${head nets.internet.addrs4}
|
||||
gum IN A ${head nets.internet.addrs4}
|
||||
cgit.euer IN A ${head nets.internet.addrs4}
|
||||
share.euer IN A ${nets.internet.ip4.addr}
|
||||
mattermost.euer IN A ${nets.internet.ip4.addr}
|
||||
git.euer IN A ${nets.internet.ip4.addr}
|
||||
gum IN A ${nets.internet.ip4.addr}
|
||||
cgit.euer IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["195.154.108.70"];
|
||||
ip4.addr = "195.154.108.70";
|
||||
aliases = [
|
||||
"gum.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.0.211"];
|
||||
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
|
||||
ip4.addr = "10.243.0.211";
|
||||
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d2";
|
||||
aliases = [
|
||||
"gum.r"
|
||||
"gum.retiolum"
|
||||
@ -346,20 +346,20 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
extraZones = {
|
||||
"krebsco.de" = ''
|
||||
mediengewitter IN A ${head nets.internet.addrs4}
|
||||
flap IN A ${head nets.internet.addrs4}
|
||||
mediengewitter IN A ${nets.internet.ip4.addr}
|
||||
flap IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = {
|
||||
internet = {
|
||||
addrs4 = ["162.248.11.162"];
|
||||
ip4.addr = "162.248.11.162";
|
||||
aliases = [
|
||||
"flap.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.211.172"];
|
||||
addrs6 = ["42:472a:3d01:bbe4:4425:567e:592b:065d"];
|
||||
ip4.addr = "10.243.211.172";
|
||||
ip6.addr = "42:472a:3d01:bbe4:4425:567e:592b:065d";
|
||||
aliases = [
|
||||
"flap.retiolum"
|
||||
"flap.r"
|
||||
@ -382,8 +382,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.231.219"];
|
||||
addrs6 = ["42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72"];
|
||||
ip4.addr = "10.243.231.219";
|
||||
ip6.addr = "42:f7bf:178d:4b68:1c1b:42e8:6b27:6a72";
|
||||
aliases = [
|
||||
"nukular.r"
|
||||
];
|
||||
@ -405,8 +405,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.124.21"];
|
||||
addrs6 = ["42:9898:a8be:ce56:0ee3:b99c:42c5:109e"];
|
||||
ip4.addr = "10.243.124.21";
|
||||
ip6.addr = "42:9898:a8be:ce56:0ee3:b99c:42c5:109e";
|
||||
aliases = [
|
||||
"heidi.r"
|
||||
];
|
||||
@ -428,7 +428,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.69.184"];
|
||||
ip4.addr = "10.243.69.184";
|
||||
aliases = [
|
||||
"soundflower.r"
|
||||
];
|
||||
@ -450,7 +450,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.120.19"];
|
||||
ip4.addr = "10.243.120.19";
|
||||
aliases = [
|
||||
"falk.r"
|
||||
];
|
||||
@ -472,8 +472,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.189.130"];
|
||||
addrs6 = ["42:c64e:011f:9755:31e1:c3e6:73c0:af2d"];
|
||||
ip4.addr = "10.243.189.130";
|
||||
ip6.addr = "42:c64e:011f:9755:31e1:c3e6:73c0:af2d";
|
||||
aliases = [
|
||||
"filebitch.r"
|
||||
];
|
||||
@ -495,8 +495,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.26.29"];
|
||||
addrs6 = ["42:927a:3d59:1cb3:29d6:1a08:78d3:812e"];
|
||||
ip4.addr = "10.243.26.29";
|
||||
ip6.addr = "42:927a:3d59:1cb3:29d6:1a08:78d3:812e";
|
||||
aliases = [
|
||||
"excobridge.r"
|
||||
];
|
||||
@ -518,14 +518,14 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
cores = 1;
|
||||
nets = {
|
||||
internet = {
|
||||
addrs4 = ["148.251.47.69"];
|
||||
ip4.addr = "148.251.47.69";
|
||||
aliases = [
|
||||
"wooki.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.57.85"];
|
||||
addrs6 = ["42:2f06:b899:a3b5:1dcf:51a4:a02b:8731"];
|
||||
ip4.addr = "10.243.57.85";
|
||||
ip6.addr = "42:2f06:b899:a3b5:1dcf:51a4:a02b:8731";
|
||||
aliases = [
|
||||
"wooki.r"
|
||||
];
|
||||
@ -543,18 +543,41 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
|
||||
};
|
||||
};
|
||||
|
||||
senderechner = rec {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.163";
|
||||
ip6.addr = "42:b67b:5752:a730:5f28:d80d:6b37:5bda";
|
||||
aliases = [
|
||||
"senderechner.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
|
||||
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
|
||||
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
|
||||
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
|
||||
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
|
||||
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
muhbaasu = rec {
|
||||
cores = 1;
|
||||
nets = {
|
||||
internet = {
|
||||
addrs4 = ["217.160.206.154"];
|
||||
ip4.addr = "217.160.206.154";
|
||||
aliases = [
|
||||
"muhbaasu.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.139.184"];
|
||||
addrs6 = ["42:d568:6106:ba30:753b:0f2a:8225:b1fb"];
|
||||
ip4.addr = "10.243.139.184";
|
||||
ip6.addr = "42:d568:6106:ba30:753b:0f2a:8225:b1fb";
|
||||
aliases = [
|
||||
"muhbaasu.r"
|
||||
];
|
||||
|
@ -8,8 +8,8 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.111.112"];
|
||||
addrs6 = ["42:0:0:0:0:0:111:112"];
|
||||
ip4.addr = "10.243.111.112";
|
||||
ip6.addr = "42:0:0:0:0:0:111:112";
|
||||
aliases = [
|
||||
"bobby.retiolum"
|
||||
"cgit.bobby.retiolum"
|
||||
|
@ -8,8 +8,8 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.111.111"];
|
||||
addrs6 = ["42:0:0:0:0:0:111:111"];
|
||||
ip4.addr = "10.243.111.111";
|
||||
ip6.addr = "42:0:0:0:0:0:111:111";
|
||||
aliases = [
|
||||
"stro.retiolum"
|
||||
"cgit.stro.retiolum"
|
||||
|
@ -117,28 +117,24 @@ let
|
||||
}
|
||||
'';
|
||||
|
||||
to-server = { server-names, listen, locations, extraConfig, ssl, ... }:
|
||||
let
|
||||
_extraConfig = if ssl.enable then
|
||||
extraConfig + ''
|
||||
ssl_certificate ${ssl.certificate};
|
||||
ssl_certificate_key ${ssl.certificate_key};
|
||||
${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"}
|
||||
ssl_ciphers ${ssl.ciphers};
|
||||
ssl_protocols ${toString ssl.protocols};
|
||||
''
|
||||
else
|
||||
extraConfig
|
||||
;
|
||||
|
||||
in ''
|
||||
server {
|
||||
${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")}
|
||||
server_name ${toString server-names};
|
||||
${indent _extraConfig}
|
||||
${indent (concatMapStrings to-location locations)}
|
||||
}
|
||||
'';
|
||||
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
|
||||
server {
|
||||
server_name ${toString server-names};
|
||||
${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
|
||||
${optionalString ssl.enable (indent ''
|
||||
listen 443 ssl;
|
||||
ssl_certificate ${ssl.certificate};
|
||||
ssl_certificate_key ${ssl.certificate_key};
|
||||
${optionalString ssl.prefer_server_ciphers ''
|
||||
ssl_prefer_server_ciphers On;
|
||||
''}
|
||||
ssl_ciphers ${ssl.ciphers};
|
||||
ssl_protocols ${toString ssl.protocols};
|
||||
'')}
|
||||
${indent extraConfig}
|
||||
${indent (concatMapStrings to-location locations)}
|
||||
}
|
||||
'';
|
||||
|
||||
in
|
||||
out
|
||||
|
@ -11,26 +11,13 @@ let
|
||||
api = {
|
||||
enable = mkEnableOption "krebs.retiolum";
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = config.networking.hostName;
|
||||
# Description stolen from tinc.conf(5).
|
||||
description = ''
|
||||
This is the name which identifies this tinc daemon. It must
|
||||
be unique for the virtual private network this daemon will
|
||||
connect to. The Name may only consist of alphanumeric and
|
||||
underscore characters. If Name starts with a $, then the
|
||||
contents of the environment variable that follows will be
|
||||
used. In that case, invalid characters will be converted to
|
||||
underscores. If Name is $HOST, but no such environment
|
||||
variable exist, the hostname will be read using the
|
||||
gethostnname() system call This is the name which identifies
|
||||
the this tinc daemon.
|
||||
'';
|
||||
host = mkOption {
|
||||
type = types.host;
|
||||
default = config.krebs.build.host;
|
||||
};
|
||||
|
||||
netname = mkOption {
|
||||
type = types.str;
|
||||
type = types.enum (attrNames cfg.host.nets);
|
||||
default = "retiolum";
|
||||
description = ''
|
||||
The tinc network name.
|
||||
@ -99,17 +86,13 @@ let
|
||||
description = "Iproute2 package to use.";
|
||||
};
|
||||
|
||||
|
||||
privateKeyFile = mkOption {
|
||||
# TODO if it's types.path then it gets copied to /nix/store with
|
||||
# bad unsafe permissions...
|
||||
type = types.str;
|
||||
default = toString <secrets/retiolum.rsa_key.priv>;
|
||||
description = ''
|
||||
Generate file with <literal>tincd -K</literal>.
|
||||
This file must exist on the local system. The default points to
|
||||
<secrets/retiolum.rsa_key.priv>.
|
||||
'';
|
||||
privkey = mkOption {
|
||||
type = types.secret-file;
|
||||
default = {
|
||||
path = "${cfg.user.home}/tinc.rsa_key.priv";
|
||||
owner = cfg.user;
|
||||
source-path = toString <secrets> + "/${cfg.netname}.rsa_key.priv";
|
||||
};
|
||||
};
|
||||
|
||||
connectTo = mkOption {
|
||||
@ -122,81 +105,67 @@ let
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = cfg.netname;
|
||||
home = "/var/lib/${cfg.user.name}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
imp = {
|
||||
krebs.secret.files."${cfg.netname}.rsa_key.priv" = cfg.privkey;
|
||||
|
||||
environment.systemPackages = [ tinc iproute ];
|
||||
|
||||
systemd.services.retiolum = {
|
||||
systemd.services.${cfg.netname} = {
|
||||
description = "Tinc daemon for Retiolum";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "secret.service" ];
|
||||
path = [ tinc iproute ];
|
||||
serviceConfig = rec {
|
||||
PermissionsStartOnly = "true";
|
||||
PrivateTmp = "true";
|
||||
Restart = "always";
|
||||
# TODO we cannot chroot (-R) b/c we use symlinks to hosts
|
||||
# and the private key.
|
||||
ExecStartPre = pkgs.writeScript "retiolum-init" ''
|
||||
#! /bin/sh
|
||||
install -o ${user.name} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv
|
||||
'';
|
||||
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
|
||||
SyslogIdentifier = "retiolum";
|
||||
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
|
||||
SyslogIdentifier = cfg.netname;
|
||||
};
|
||||
};
|
||||
|
||||
users.extraUsers = singleton {
|
||||
inherit (user) name uid;
|
||||
users.users.${cfg.user.name} = {
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
user = rec {
|
||||
name = "retiolum";
|
||||
uid = genid name;
|
||||
};
|
||||
net = cfg.host.nets.${cfg.netname};
|
||||
|
||||
tinc = cfg.tincPackage;
|
||||
|
||||
iproute = cfg.iproutePackage;
|
||||
|
||||
confDir = pkgs.runCommand "retiolum" {
|
||||
# TODO text
|
||||
executable = true;
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
set -euf
|
||||
|
||||
mkdir -p $out
|
||||
|
||||
ln -s ${cfg.hostsPackage} $out/hosts
|
||||
|
||||
cat > $out/tinc.conf <<EOF
|
||||
Name = ${cfg.name}
|
||||
Device = /dev/net/tun
|
||||
Interface = ${cfg.netname}
|
||||
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
|
||||
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
|
||||
${cfg.extraConfig}
|
||||
EOF
|
||||
|
||||
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
|
||||
cat > $out/tinc-up <<EOF
|
||||
host=$out/hosts/${cfg.name}
|
||||
${iproute}/sbin/ip link set \$INTERFACE up
|
||||
|
||||
addr4=\$(sed -n 's|^ *Subnet *= *\(10[.][^ ]*\) *$|\1|p' \$host)
|
||||
if [ -n "\$addr4" ];then
|
||||
${iproute}/sbin/ip -4 addr add \$addr4 dev \$INTERFACE
|
||||
${iproute}/sbin/ip -4 route add 10.243.0.0/16 dev \$INTERFACE
|
||||
fi
|
||||
addr6=\$(sed -n 's|^ *Subnet *= *\(42[:][^ ]*\) *$|\1|p' \$host)
|
||||
${iproute}/sbin/ip -6 addr add \$addr6 dev \$INTERFACE
|
||||
${iproute}/sbin/ip -6 route add 42::/16 dev \$INTERFACE
|
||||
EOF
|
||||
|
||||
chmod +x $out/tinc-up
|
||||
'';
|
||||
confDir = let
|
||||
namePathPair = name: path: { inherit name path; };
|
||||
in pkgs.linkFarm "${cfg.netname}-etc-tinc" (mapAttrsToList namePathPair {
|
||||
"hosts" = cfg.hostsPackage;
|
||||
"tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
|
||||
Name = ${cfg.host.name}
|
||||
Interface = ${cfg.netname}
|
||||
${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
|
||||
PrivateKeyFile = ${cfg.privkey.path}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
"tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
|
||||
${iproute}/sbin/ip link set ${cfg.netname} up
|
||||
${optionalString (net.ip4 != null) ''
|
||||
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
|
||||
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
|
||||
''}
|
||||
${optionalString (net.ip6 != null) ''
|
||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
|
||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
|
||||
''}
|
||||
'';
|
||||
});
|
||||
|
||||
in out
|
||||
|
@ -12,8 +12,8 @@ let
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.111.111"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:7357"];
|
||||
ip4.addr = "10.243.111.111";
|
||||
ip6.addr = "42:0:0:0:0:0:0:7357";
|
||||
aliases = [
|
||||
"test.r"
|
||||
"test.retiolum"
|
||||
@ -36,7 +36,7 @@ in {
|
||||
wolf = {
|
||||
nets = {
|
||||
shack = {
|
||||
addrs4 = [ "10.42.2.150" ];
|
||||
ip4.addr = "10.42.2.150" ;
|
||||
aliases = [
|
||||
"wolf.shack"
|
||||
"graphite.shack"
|
||||
@ -45,8 +45,8 @@ in {
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.77.1"];
|
||||
addrs6 = ["42:0:0:0:0:0:77:1"];
|
||||
ip4.addr = "10.243.77.1";
|
||||
ip6.addr = "42:0:0:0:0:0:77:1";
|
||||
aliases = [
|
||||
"wolf.retiolum"
|
||||
"cgit.wolf.retiolum"
|
||||
|
@ -13,15 +13,15 @@ with config.krebs.lib;
|
||||
# TODO generate krebsco.de zone from nets and don't use extraZones at all
|
||||
"krebsco.de" = ''
|
||||
krebsco.de. 60 IN MX 5 mx23
|
||||
mx23 60 IN A ${elemAt nets.internet.addrs4 0}
|
||||
cd 60 IN A ${elemAt nets.internet.addrs4 0}
|
||||
cgit 60 IN A ${elemAt nets.internet.addrs4 0}
|
||||
cgit.cd 60 IN A ${elemAt nets.internet.addrs4 0}
|
||||
mx23 60 IN A ${nets.internet.ip4.addr}
|
||||
cd 60 IN A ${nets.internet.ip4.addr}
|
||||
cgit 60 IN A ${nets.internet.ip4.addr}
|
||||
cgit.cd 60 IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["162.219.7.216"];
|
||||
ip4.addr = "162.219.7.216";
|
||||
aliases = [
|
||||
"cd.i"
|
||||
"cd.internet"
|
||||
@ -34,8 +34,8 @@ with config.krebs.lib;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.113.222"];
|
||||
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
|
||||
ip4.addr = "10.243.113.222";
|
||||
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
|
||||
aliases = [
|
||||
"cd.r"
|
||||
"cd.retiolum"
|
||||
@ -62,11 +62,46 @@ with config.krebs.lib;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
|
||||
};
|
||||
doppelbock = rec {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "45.62.237.203";
|
||||
aliases = [
|
||||
"doppelbock.i"
|
||||
"doppelbock.internet"
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.113.224";
|
||||
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
|
||||
aliases = [
|
||||
"doppelbock.r"
|
||||
"doppelbock.retiolum"
|
||||
"cgit.doppelbock.r"
|
||||
"cgit.doppelbock.retiolum"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIIBCgKCAQEAq/luvzH4CQX5qRuucUqR3aLwXtzsRmBOdd2hvrPG1z8ML2kKV+IG
|
||||
0aBfyJmQ8csfeGhOj0y0LEBv4bkEjEtYObs+LJfdWZC5e39eAVUE0z8QbSPOx4di
|
||||
/7Bo+9sFRELP1kYb47eLR8quiIkslMWQMbTLM5RHoXJ5jE8fQSitfp4WUZYiSPDF
|
||||
d5F7RU/ZQfTZuh8gv7RmSn/6N6bXAQWrueK6ZqMuImIjBrmYyXUWxgsDnpeHxR5j
|
||||
j/0F2Bda5lyp+Qzv24PREdPT8FazUfmIQwZTTArXHxiqLq+SEVT21E4WEf2sJRan
|
||||
dti9yVUW3eiqpu8b9BRpvxOB3YdkyqlrGwIDAQAB
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLhrVTEmbtuTsgRTHHxsLrq7ai1Yt7+oKFevr1gzktCQqHuyucXzxn60F00kuNDkNiKIF5fHmWy6ajU+6PKD3TfiFMagT9ah0x0RSB0+0tevxnlOp6VdHhrdM5YrBduWMiELmOiI1lvYhRqKd/ZE7b2mra6KYe5VtTi9UX3wQp8qN+bI01KCxv0p6ciUgEO8fnwLKDBUuFJ2UfE7Ais9XrXFIBFXB+MKcpLnIXvrV6dSXdUEiaswg8wo0Q0Y3tMaQ0dNJdH2yp3FVn1aiX3E/vVnffmDKMWYWqn78klujdEdmLm8/8NkXnc/jpgu8ZlSpQHECO2ZUJzd35yRnVKALv";
|
||||
};
|
||||
mkdir = rec {
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["104.167.114.142"];
|
||||
ip4.addr = "104.167.114.142";
|
||||
aliases = [
|
||||
"mkdir.i"
|
||||
"mkdir.internet"
|
||||
@ -74,8 +109,8 @@ with config.krebs.lib;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.113.223"];
|
||||
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
|
||||
ip4.addr = "10.243.113.223";
|
||||
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4";
|
||||
aliases = [
|
||||
"mkdir.r"
|
||||
"mkdir.retiolum"
|
||||
@ -101,12 +136,12 @@ with config.krebs.lib;
|
||||
extraZones = {
|
||||
# TODO generate krebsco.de zone from nets and don't use extraZones at all
|
||||
"krebsco.de" = ''
|
||||
ire 60 IN A ${elemAt nets.internet.addrs4 0}
|
||||
ire 60 IN A ${nets.internet.ip4.addr}
|
||||
'';
|
||||
};
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["198.147.22.115"];
|
||||
ip4.addr = "198.147.22.115";
|
||||
aliases = [
|
||||
"ire.i"
|
||||
"ire.internet"
|
||||
@ -116,8 +151,8 @@ with config.krebs.lib;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.231.66"];
|
||||
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
|
||||
ip4.addr = "10.243.231.66";
|
||||
ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c";
|
||||
aliases = [
|
||||
"ire.r"
|
||||
"ire.retiolum"
|
||||
@ -140,7 +175,7 @@ with config.krebs.lib;
|
||||
kaepsele = {
|
||||
nets = {
|
||||
internet = {
|
||||
addrs4 = ["92.222.10.169"];
|
||||
ip4.addr = "92.222.10.169";
|
||||
aliases = [
|
||||
"kaepsele.i"
|
||||
"kaepsele.internet"
|
||||
@ -148,8 +183,8 @@ with config.krebs.lib;
|
||||
];
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.166.2"];
|
||||
addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"];
|
||||
ip4.addr = "10.243.166.2";
|
||||
ip6.addr = "42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
|
||||
aliases = [
|
||||
"kaepsele.r"
|
||||
"kaepsele.retiolum"
|
||||
@ -169,10 +204,11 @@ with config.krebs.lib;
|
||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
|
||||
};
|
||||
mu = {
|
||||
cores = 2;
|
||||
nets = {
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.20.1"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:2001"];
|
||||
ip4.addr = "10.243.20.1";
|
||||
ip6.addr = "42:0:0:0:0:0:0:2001";
|
||||
aliases = [
|
||||
"mu.r"
|
||||
"mu.retiolum"
|
||||
@ -189,18 +225,20 @@ with config.krebs.lib;
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
|
||||
};
|
||||
nomic = {
|
||||
cores = 2;
|
||||
nets = rec {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.110"];
|
||||
ip4.addr = "10.23.1.110";
|
||||
aliases = ["nomic.gg23"];
|
||||
ssh.port = 11423;
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.0.110"];
|
||||
addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
|
||||
ip4.addr = "10.243.0.110";
|
||||
ip6.addr = "42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec";
|
||||
aliases = [
|
||||
"nomic.r"
|
||||
"nomic.retiolum"
|
||||
@ -226,7 +264,7 @@ with config.krebs.lib;
|
||||
ok = {
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.1"];
|
||||
ip4.addr = "10.23.1.1";
|
||||
aliases = ["ok.gg23"];
|
||||
};
|
||||
};
|
||||
@ -235,7 +273,7 @@ with config.krebs.lib;
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
internet = {
|
||||
addrs4 = ["167.88.34.182"];
|
||||
ip4.addr = "167.88.34.182";
|
||||
aliases = [
|
||||
"rmdir.i"
|
||||
"rmdir.internet"
|
||||
@ -243,8 +281,8 @@ with config.krebs.lib;
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
addrs4 = ["10.243.113.224"];
|
||||
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
|
||||
ip4.addr = "10.243.113.224";
|
||||
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
|
||||
aliases = [
|
||||
"rmdir.r"
|
||||
"rmdir.retiolum"
|
||||
@ -269,7 +307,7 @@ with config.krebs.lib;
|
||||
schnabeldrucker = {
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.21"];
|
||||
ip4.addr = "10.23.1.21";
|
||||
aliases = ["schnabeldrucker.gg23"];
|
||||
};
|
||||
};
|
||||
@ -277,7 +315,7 @@ with config.krebs.lib;
|
||||
schnabelscanner = {
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.22"];
|
||||
ip4.addr = "10.23.1.22";
|
||||
aliases = ["schnabelscanner.gg23"];
|
||||
};
|
||||
};
|
||||
@ -286,7 +324,7 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.37"];
|
||||
ip4.addr = "10.23.1.37";
|
||||
aliases = [
|
||||
"wu.gg23"
|
||||
"cache.wu.gg23"
|
||||
@ -294,8 +332,8 @@ with config.krebs.lib;
|
||||
ssh.port = 11423;
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.13.37"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:1337"];
|
||||
ip4.addr = "10.243.13.37";
|
||||
ip6.addr = "42:0:0:0:0:0:0:1337";
|
||||
aliases = [
|
||||
"wu.r"
|
||||
"wu.retiolum"
|
||||
@ -322,13 +360,13 @@ with config.krebs.lib;
|
||||
cores = 4;
|
||||
nets = {
|
||||
gg23 = {
|
||||
addrs4 = ["10.23.1.38"];
|
||||
ip4.addr = "10.23.1.38";
|
||||
aliases = ["xu.gg23"];
|
||||
ssh.port = 11423;
|
||||
};
|
||||
retiolum = {
|
||||
addrs4 = ["10.243.13.38"];
|
||||
addrs6 = ["42:0:0:0:0:0:0:1338"];
|
||||
ip4.addr = "10.243.13.38";
|
||||
ip6.addr = "42:0:0:0:0:0:0:1338";
|
||||
aliases = [
|
||||
"xu.r"
|
||||
"xu.retiolum"
|
||||
@ -387,7 +425,7 @@ with config.krebs.lib;
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
'';
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
|
||||
uid = 1337; # TODO use default
|
||||
uid = 1337; # TODO use default and document what has to be done (for vv)
|
||||
};
|
||||
tv-nomic = {
|
||||
inherit (tv) mail;
|
||||
@ -397,5 +435,9 @@ with config.krebs.lib;
|
||||
inherit (tv) mail;
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
|
||||
};
|
||||
vv = {
|
||||
mail = "vv@mu.r";
|
||||
uid = 2000; # TODO use default
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -63,28 +63,56 @@ types // rec {
|
||||
|
||||
net = submodule ({ config, ... }: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = label;
|
||||
default = config._module.args.name;
|
||||
};
|
||||
via = mkOption {
|
||||
type = nullOr net;
|
||||
default = null;
|
||||
};
|
||||
addrs = mkOption {
|
||||
type = listOf addr;
|
||||
default = config.addrs4 ++ config.addrs6;
|
||||
# TODO only default addrs make sense
|
||||
};
|
||||
addrs4 = mkOption {
|
||||
type = listOf addr4;
|
||||
default = [];
|
||||
};
|
||||
addrs6 = mkOption {
|
||||
type = listOf addr6;
|
||||
default = [];
|
||||
default =
|
||||
optional (config.ip4 != null) config.ip4.addr ++
|
||||
optional (config.ip6 != null) config.ip6.addr;
|
||||
readOnly = true;
|
||||
};
|
||||
aliases = mkOption {
|
||||
# TODO nonEmptyListOf hostname
|
||||
type = listOf hostname;
|
||||
default = [];
|
||||
};
|
||||
ip4 = mkOption {
|
||||
type = nullOr (submodule {
|
||||
options = {
|
||||
addr = mkOption {
|
||||
type = addr4;
|
||||
};
|
||||
prefix = mkOption ({
|
||||
type = str; # TODO routing prefix (CIDR)
|
||||
} // optionalAttrs (config.name == "retiolum") {
|
||||
default = "10.243.0.0/16";
|
||||
});
|
||||
};
|
||||
});
|
||||
default = null;
|
||||
};
|
||||
ip6 = mkOption {
|
||||
type = nullOr (submodule {
|
||||
options = {
|
||||
addr = mkOption {
|
||||
type = addr6;
|
||||
};
|
||||
prefix = mkOption ({
|
||||
type = str; # TODO routing prefix (CIDR)
|
||||
} // optionalAttrs (config.name == "retiolum") {
|
||||
default = "42::/16";
|
||||
});
|
||||
};
|
||||
});
|
||||
default = null;
|
||||
};
|
||||
ssh = mkOption {
|
||||
type = submodule {
|
||||
options = {
|
||||
@ -186,10 +214,23 @@ types // rec {
|
||||
};
|
||||
});
|
||||
|
||||
# TODO
|
||||
addr = str;
|
||||
addr4 = str;
|
||||
addr6 = str;
|
||||
addr = either addr4 addr6;
|
||||
addr4 = mkOptionType {
|
||||
name = "IPv4 address";
|
||||
check = let
|
||||
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
|
||||
concatMapStringsSep "." (const d) (range 1 4);
|
||||
in x: match IPv4address x != null;
|
||||
merge = mergeOneOption;
|
||||
};
|
||||
addr6 = mkOptionType {
|
||||
name = "IPv6 address";
|
||||
check = let
|
||||
# TODO check IPv6 address harder
|
||||
IPv6address = "[0-9a-f.:]+";
|
||||
in x: match IPv6address x != null;
|
||||
merge = mergeOneOption;
|
||||
};
|
||||
|
||||
pgp-pubkey = str;
|
||||
|
||||
|
@ -1,11 +1,11 @@
|
||||
{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "exim-4.86.2";
|
||||
name = "exim-4.87";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2";
|
||||
sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp";
|
||||
sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl";
|
||||
};
|
||||
|
||||
buildInputs = [ coreutils db openssl pcre perl pkgconfig ];
|
||||
|
@ -2,9 +2,8 @@
|
||||
|
||||
let
|
||||
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
|
||||
inherit (lib) head;
|
||||
|
||||
ip = (head config.krebs.build.host.nets.internet.addrs4);
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
|
@ -2,9 +2,8 @@
|
||||
|
||||
let
|
||||
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
|
||||
inherit (lib) head;
|
||||
|
||||
ip = (head config.krebs.build.host.nets.internet.addrs4);
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
|
@ -1,9 +1,7 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) head;
|
||||
|
||||
ip = (head config.krebs.build.host.nets.internet.addrs4);
|
||||
ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
|
@ -1,8 +1,7 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
r_ip = (head config.krebs.build.host.nets.retiolum.addrs4);
|
||||
inherit (lib) head;
|
||||
r_ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
|
@ -54,7 +54,7 @@ let
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
|
||||
imp = {
|
||||
krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
|
||||
|
@ -10,15 +10,27 @@ let
|
||||
allDisks = [ rootDisk auxDisk ];
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../.
|
||||
../2configs/fs/single-partition-ext4.nix
|
||||
../2configs/zsh-user.nix
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/virtualization.nix
|
||||
];
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 ];
|
||||
networking.firewall.checkReversePath = false;
|
||||
#networking.firewall.enable = false;
|
||||
# virtualisation.nova.enableSingleNode = true;
|
||||
krebs.retiolum.enable = true;
|
||||
|
||||
boot.kernelModules = [ "coretemp" "f71882fg" ];
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking.wireless.enable = true;
|
||||
|
||||
# TODO smartd omo darth gum all-in-one
|
||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||
zramSwap.enable = true;
|
||||
|
@ -2,8 +2,8 @@
|
||||
|
||||
with config.krebs.lib;
|
||||
let
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
|
@ -44,16 +44,21 @@ in {
|
||||
../2configs/smart-monitor.nix
|
||||
../2configs/mail-client.nix
|
||||
../2configs/share-user-sftp.nix
|
||||
../2configs/graphite-standalone.nix
|
||||
../2configs/omo-share.nix
|
||||
];
|
||||
|
||||
krebs.retiolum.enable = true;
|
||||
networking.firewall.trustedInterfaces = [ "enp3s0" ];
|
||||
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
|
||||
# tcp:80 - nginx for sharing files
|
||||
# tcp:655 udp:655 - tinc
|
||||
# tcp:8080 - sabnzbd
|
||||
# tcp:8111 - graphite
|
||||
# tcp:9090 - sabnzbd
|
||||
# tcp:9200 - elasticsearch
|
||||
# tcp:5601 - kibana
|
||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ];
|
||||
|
||||
# services.openssh.allowSFTP = false;
|
||||
|
||||
|
@ -15,11 +15,6 @@
|
||||
];
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
krebs.build.source.upstream-nixpkgs = {
|
||||
url = https://github.com/makefu/nixpkgs;
|
||||
# HTTP Everywhere + libredir
|
||||
rev = "8239ac6";
|
||||
};
|
||||
fileSystems."/nix" = {
|
||||
device ="/dev/disk/by-label/nixstore";
|
||||
fsType = "ext4";
|
||||
|
@ -3,8 +3,8 @@
|
||||
with config.krebs.lib;
|
||||
let
|
||||
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
imports = [
|
||||
../.
|
||||
|
@ -10,16 +10,6 @@
|
||||
#
|
||||
# if this is not enough, check out main-laptop.nix
|
||||
|
||||
## TODO: .Xdefaults:
|
||||
# URxvt*termName: rxvt
|
||||
# URxvt.scrollBar : false
|
||||
# URxvt*scrollBar_right: false
|
||||
# URxvt*borderLess: false
|
||||
# URxvt.foreground: white
|
||||
# URxvt.background: black
|
||||
# URxvt.urgentOnBell: true
|
||||
# URxvt.visualBell: false
|
||||
# URxvt.font : xft:Terminus
|
||||
|
||||
with config.krebs.lib;
|
||||
let
|
||||
@ -83,7 +73,9 @@ in
|
||||
XTerm*FaceName : Terminus:pixelsize=14
|
||||
|
||||
URxvt*termName: rxvt
|
||||
URxvt.scrollBar : False
|
||||
URxvt*saveLines: 10000
|
||||
URxvt*loginShell: false
|
||||
URxvt.scrollBar : false
|
||||
URxvt*scrollBar_right: false
|
||||
URxvt*borderLess: false
|
||||
URxvt.foreground: white
|
||||
|
@ -3,7 +3,7 @@
|
||||
with config.krebs.lib;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
|
||||
in {
|
||||
services.redis.enable = true;
|
||||
|
@ -19,7 +19,7 @@ with config.krebs.lib;
|
||||
"/home" = {
|
||||
device = "/dev/mapper/main-home";
|
||||
fsType = "ext4";
|
||||
options="defaults,discard";
|
||||
options = [ "defaults" "discard" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -18,12 +18,12 @@ with config.krebs.lib;
|
||||
"/" = {
|
||||
device = "/dev/mapper/luksroot";
|
||||
fsType = "ext4";
|
||||
options="defaults,discard";
|
||||
options = [ "defaults" "discard" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-label/nixboot";
|
||||
fsType = "ext4";
|
||||
options="defaults,discard";
|
||||
options = [ "defaults" "discard" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -23,6 +23,7 @@ with config.krebs.lib;
|
||||
services.tlp.enable = true;
|
||||
services.tlp.extraConfig = ''
|
||||
START_CHARGE_THRESH_BAT0=80
|
||||
STOP_CHARGE_THRESH_BAT0=95
|
||||
|
||||
CPU_SCALING_GOVERNOR_ON_AC=performance
|
||||
CPU_SCALING_GOVERNOR_ON_BAT=ondemand
|
||||
|
@ -10,7 +10,7 @@ in {
|
||||
enable = true;
|
||||
domain = domain;
|
||||
ip = "172.16.10.1/24";
|
||||
extraConfig = "-P ${pw} -l ${pkgs.lib.head config.krebs.build.host.nets.internet.addrs4}";
|
||||
extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -7,7 +7,7 @@ with config.krebs.lib;
|
||||
gnupg
|
||||
imapfilter
|
||||
msmtp
|
||||
mutt-kz
|
||||
mutt
|
||||
notmuch
|
||||
offlineimap
|
||||
openssl
|
||||
|
@ -8,8 +8,8 @@ let
|
||||
hostname = config.krebs.build.host.name;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
base-dir = "/var/www/blog.euer";
|
||||
in {
|
||||
# Prepare Blog directory
|
||||
|
@ -5,8 +5,8 @@ let
|
||||
hostname = config.krebs.build.host.name;
|
||||
user = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
|
@ -18,8 +18,8 @@ let
|
||||
# user1 = pass1
|
||||
# userN = passN
|
||||
tw-pass-file = "${sec}/tw-pass.ini";
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
services.phpfpm = {
|
||||
# phpfpm does not have an enable option
|
||||
|
15
makefu/2configs/nginx/public_html.nix
Normal file
15
makefu/2configs/nginx/public_html.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
{
|
||||
krebs.nginx = {
|
||||
enable = true;
|
||||
servers.default.locations = [
|
||||
(nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
|
||||
alias /home/$1/public_html$2;
|
||||
autoindex on;
|
||||
'')
|
||||
];
|
||||
};
|
||||
}
|
@ -3,7 +3,7 @@
|
||||
with config.krebs.lib;
|
||||
let
|
||||
hostname = config.krebs.build.host.name;
|
||||
external-ip = head config.krebs.build.host.nets.internet.addrs4;
|
||||
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in {
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
|
@ -5,7 +5,7 @@ let
|
||||
hostname = config.krebs.build.host.name;
|
||||
# TODO local-ip from the nets config
|
||||
local-ip = "192.168.1.11";
|
||||
# local-ip = head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
# local-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in {
|
||||
krebs.nginx = {
|
||||
enable = mkDefault true;
|
||||
@ -48,6 +48,13 @@ in {
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
|
||||
emu = {
|
||||
path = "/media/crypt1/emu";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
"guest ok" = "yes";
|
||||
};
|
||||
usenet = {
|
||||
path = "/media/crypt0/usenet/dst";
|
||||
"read only" = "yes";
|
||||
|
30
makefu/4lib/default.nix
Normal file
30
makefu/4lib/default.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
addDefaultTime = bku-entry: recursiveUpdate {
|
||||
snapshots = {
|
||||
daily = { format = "%Y-%m-%d"; retain = 7; };
|
||||
weekly = { format = "%YW%W"; retain = 4; };
|
||||
monthly = { format = "%Y-%m"; retain = 12; };
|
||||
yearly = { format = "%Y"; };
|
||||
};
|
||||
startAt = "5:23";
|
||||
} bku-entry;
|
||||
|
||||
backup-host = config.krebs.hosts.omo;
|
||||
backup-path = "/media/backup";
|
||||
in {
|
||||
bku = {
|
||||
inherit addDefaultTime;
|
||||
simplePath = addDefaultTime (path: {
|
||||
method = "pull";
|
||||
src = { host = config.krebs.build.host; inherit path; };
|
||||
dst = {
|
||||
host = backup-host;
|
||||
path = backup-path ++ config.krebs.build.host.name
|
||||
++ builtins.replaceStrings ["/"] ["-"] path;
|
||||
};
|
||||
});
|
||||
};
|
||||
}
|
@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec {
|
||||
src = fetchFromGitHub {
|
||||
owner = "makefu";
|
||||
repo = "mycube-flask";
|
||||
rev = "5f5260a";
|
||||
sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh";
|
||||
rev = "48dc6857";
|
||||
sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v";
|
||||
};
|
||||
meta = {
|
||||
homepage = https://github.com/makefu/mycube-flask;
|
||||
|
@ -1,8 +1,8 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4;
|
||||
internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4;
|
||||
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
|
||||
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
|
23
tv/1systems/doppelbock.nix
Normal file
23
tv/1systems/doppelbock.nix
Normal file
@ -0,0 +1,23 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
with config.krebs.lib;
|
||||
{
|
||||
krebs.build.host = config.krebs.hosts.doppelbock;
|
||||
|
||||
imports = [
|
||||
../.
|
||||
../2configs/hw/CAC-Developer-2.nix
|
||||
../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||
../2configs/retiolum.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
interfaces.enp2s1.ip4 = singleton {
|
||||
address = let
|
||||
addr = "45.62.237.203";
|
||||
in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
|
||||
prefixLength = 24;
|
||||
};
|
||||
defaultGateway = "45.62.237.1";
|
||||
nameservers = ["8.8.8.8"];
|
||||
};
|
||||
}
|
@ -7,12 +7,7 @@ let
|
||||
getDefaultGateway = ip:
|
||||
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
||||
|
||||
|
||||
primary-addr4 =
|
||||
builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0;
|
||||
|
||||
#secondary-addr4 =
|
||||
# builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1;
|
||||
primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in
|
||||
|
||||
{
|
||||
@ -55,10 +50,6 @@ in
|
||||
address = primary-addr4;
|
||||
prefixLength = 24;
|
||||
}
|
||||
#{
|
||||
# address = secondary-addr4;
|
||||
# prefixLength = 24;
|
||||
#}
|
||||
];
|
||||
|
||||
# TODO define gateway in krebs/3modules/default.nix
|
||||
|
169
tv/1systems/mu.nix
Normal file
169
tv/1systems/mu.nix
Normal file
@ -0,0 +1,169 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
with config.krebs.lib;
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../krebs
|
||||
../2configs
|
||||
../3modules
|
||||
../2configs/exim-retiolum.nix
|
||||
../2configs/retiolum.nix
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.mu;
|
||||
krebs.build.user = mkForce config.krebs.users.vv;
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="net", ATTR{address}=="00:90:f5:da:aa:c3", NAME="en0"
|
||||
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:1b:ae:6c", NAME="wl0"
|
||||
|
||||
# for jack
|
||||
KERNEL=="rtc0", GROUP="audio"
|
||||
KERNEL=="hpet", GROUP="audio"
|
||||
'';
|
||||
|
||||
|
||||
# hardware configuration
|
||||
boot.initrd.luks.devices = [
|
||||
{ name = "vgmu1"; device = "/dev/sda2"; }
|
||||
];
|
||||
boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
|
||||
boot.initrd.availableKernelModules = [ "ahci" ];
|
||||
boot.kernelModules = [ "fbcon" "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.extraModprobeConfig = ''
|
||||
options kvm_intel nested=1
|
||||
'';
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/vgmu1/nixroot";
|
||||
fsType = "ext4";
|
||||
options = [ "defaults" "noatime" ];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/vgmu1/home";
|
||||
options = [ "defaults" "noatime" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/sda1";
|
||||
};
|
||||
"/tmp" = {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
options = [ "nosuid" "nodev" "noatime" ];
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices =[ ];
|
||||
|
||||
nixpkgs.config.firefox.enableAdobeFlash = true;
|
||||
nixpkgs.config.chromium.enablePepperFlash = true;
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.opengl.driSupport32Bit = true;
|
||||
|
||||
hardware.pulseaudio.enable = true;
|
||||
|
||||
hardware.enableAllFirmware = true;
|
||||
|
||||
boot.loader.gummiboot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
slock
|
||||
tinc
|
||||
iptables
|
||||
vim
|
||||
gimp
|
||||
xsane
|
||||
firefoxWrapper
|
||||
chromiumDev
|
||||
skype
|
||||
libreoffice
|
||||
kde4.l10n.de
|
||||
kde4.plasma-nm
|
||||
pidgin-with-plugins
|
||||
pidginotr
|
||||
|
||||
kde4.print_manager
|
||||
#foomatic_filters
|
||||
#gutenprint
|
||||
#cups_pdf_filter
|
||||
#ghostscript
|
||||
];
|
||||
|
||||
|
||||
i18n.defaultLocale = "de_DE.UTF-8";
|
||||
|
||||
programs.ssh.startAgent = false;
|
||||
|
||||
security.setuidPrograms = [
|
||||
"sendmail" # for cron
|
||||
"slock"
|
||||
];
|
||||
|
||||
security.pam.loginLimits = [
|
||||
# for jack
|
||||
{ domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
|
||||
{ domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
|
||||
];
|
||||
|
||||
fonts.fonts = [
|
||||
pkgs.xlibs.fontschumachermisc
|
||||
];
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing = {
|
||||
enable = true;
|
||||
#drivers = [
|
||||
# #pkgs.foomatic_filters
|
||||
# #pkgs.gutenprint
|
||||
# #pkgs.cups_pdf_filter
|
||||
# #pkgs.ghostscript
|
||||
#];
|
||||
#cupsdConf = ''
|
||||
# LogLevel debug2
|
||||
#'';
|
||||
};
|
||||
|
||||
services.xserver.enable = true;
|
||||
services.xserver.layout = "de";
|
||||
services.xserver.xkbOptions = "eurosign:e";
|
||||
|
||||
# TODO this is host specific
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
twoFingerScroll = true;
|
||||
};
|
||||
|
||||
services.xserver.desktopManager.kde4.enable = true;
|
||||
services.xserver.displayManager.auto = {
|
||||
enable = true;
|
||||
user = "vv";
|
||||
};
|
||||
|
||||
users.users.vv = {
|
||||
inherit (config.krebs.users.vv) home uid;
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"networkmanager"
|
||||
];
|
||||
};
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemMaxUse=1G
|
||||
RuntimeMaxUse=128M
|
||||
'';
|
||||
|
||||
# see tmpfiles.d(5)
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /tmp 1777 root root - -" # does this work with mounted /tmp?
|
||||
];
|
||||
}
|
@ -7,12 +7,7 @@ let
|
||||
getDefaultGateway = ip:
|
||||
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
||||
|
||||
|
||||
primary-addr4 =
|
||||
builtins.elemAt config.krebs.build.host.nets.internet.addrs4 0;
|
||||
|
||||
#secondary-addr4 =
|
||||
# builtins.elemAt config.krebs.build.host.nets.internet.addrs4 1;
|
||||
primary-addr4 = config.krebs.build.host.nets.internet.ip4.addr;
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -13,7 +13,7 @@ with config.krebs.lib;
|
||||
"shackspace.de"
|
||||
"viljetic.de"
|
||||
];
|
||||
relay_from_hosts = concatMap (host: host.nets.retiolum.addrs4) [
|
||||
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
|
||||
config.krebs.hosts.nomic
|
||||
config.krebs.hosts.wu
|
||||
config.krebs.hosts.xu
|
||||
|
@ -56,9 +56,9 @@ in toFile "charybdis.conf" ''
|
||||
/* On multi-homed hosts you may need the following. These define
|
||||
* the addresses we connect from to other servers. */
|
||||
/* for IPv4 */
|
||||
vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4};
|
||||
vhost = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr};
|
||||
/* for IPv6 */
|
||||
vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6};
|
||||
vhost6 = ${toJSON config.krebs.build.host.nets.retiolum.ip6.addr};
|
||||
|
||||
/* ssl_private_key: our ssl private key */
|
||||
ssl_private_key = ${toJSON cfg.ssl_private_key.path};
|
||||
@ -160,10 +160,7 @@ in toFile "charybdis.conf" ''
|
||||
/* If you want to listen on a specific IP only, specify host.
|
||||
* host definitions apply only to the following port line.
|
||||
*/
|
||||
# XXX This is stupid because only one host is allowed[?]
|
||||
#host = ''${concatMapStringsSep ", " toJSON (
|
||||
# config.krebs.build.host.nets.retiolum.addrs
|
||||
#)};
|
||||
#host = ${toJSON config.krebs.build.host.nets.retiolum.ip4.addr};
|
||||
port = ${toString cfg.port};
|
||||
sslport = ${toString cfg.sslport};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user