From f786e5a22f4dcf6a852d8cf87695e6fd90faf888 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Feb 2019 23:27:39 +0100
Subject: [PATCH] ma: make extensive use of defaults for inventory

---
 krebs/3modules/makefu/default.nix             | 189 ++++++------------
 .../makefu/{tinc => retiolum}/cake.pub        |   0
 .../makefu/{tinc => retiolum}/crapi.pub       |   0
 .../makefu/{tinc => retiolum}/filebitch.pub   |   0
 .../makefu/{tinc => retiolum}/fileleech.pub   |   0
 .../makefu/{tinc => retiolum}/filepimp.pub    |   0
 .../makefu/{tinc => retiolum}/firecracker.pub |   0
 .../makefu/{tinc => retiolum}/flap.pub        |   0
 .../makefu/{tinc => retiolum}/gum.pub         |   0
 .../makefu/{tinc => retiolum}/nukular.pub     |   0
 .../makefu/{tinc => retiolum}/omo.pub         |   0
 .../makefu/{tinc => retiolum}/sdev.pub        |   0
 .../{tinc => retiolum}/senderechner.pub       |   0
 .../makefu/{tinc => retiolum}/studio.pub      |   0
 .../makefu/{tinc => retiolum}/tsp.pub         |   0
 .../makefu/{tinc => retiolum}/wbob.pub        |   0
 .../3modules/makefu/{tinc => retiolum}/x.pub  |   0
 krebs/3modules/makefu/wiregrill/gum.pub       |   1 +
 krebs/3modules/makefu/wiregrill/x.pub         |   1 +
 19 files changed, 65 insertions(+), 126 deletions(-)
 rename krebs/3modules/makefu/{tinc => retiolum}/cake.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/crapi.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/filebitch.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/fileleech.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/filepimp.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/firecracker.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/flap.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/gum.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/nukular.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/omo.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/sdev.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/senderechner.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/studio.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/tsp.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/wbob.pub (100%)
 rename krebs/3modules/makefu/{tinc => retiolum}/x.pub (100%)
 create mode 100644 krebs/3modules/makefu/wiregrill/gum.pub
 create mode 100644 krebs/3modules/makefu/wiregrill/x.pub

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 8c7e415cb..c65b27973 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -5,128 +5,103 @@
 with import <stockholm/lib>;
 { config, ... }: let
 
-  hostDefaults = hostName: host: flip recursiveUpdate host ({
-    owner = config.krebs.users.makefu;
-  } // optionalAttrs (host.nets?retiolum) {
-    nets.retiolum.ip6.addr =
-      (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
-  });
+  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+    {
+      owner = config.krebs.users.makefu;
+    }
+    # Retiolum defaults
+    (let
+      pubkey-path = ./retiolum + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      nets.retiolum = {
+        tinc.pubkey = readFile pubkey-path;
+        aliases = [
+          "${hostName}.r"
+        ];
+        ip6.addr =
+          (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+      };
+    })
+    # Wiregrill defaults
+    (let
+      pubkey-path = ./wiregrill + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      nets.wiregrill = {
+        aliases = [
+          "${hostName}.w"
+        ];
+        ip6.addr =
+          (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
+        wireguard.pubkey = readFile pubkey-path;
+      };
+    })
+    # SSHD defaults
+    (let
+      pubkey-path = ./sshd + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      ssh.pubkey = readFile pubkey-path;
+      # We assume that if the sshd pubkey exits then there must be a privkey in
+      # the screts store as well
+      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+    })
+    host
+  ];
 
   pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
-  sshd-for = name: builtins.readFile (./sshd + "/${name}.pub");
-  tinc-for= name: builtins.readFile (./tinc + "/${name}.pub");
-
+  w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
 in {
   hosts = mapAttrs hostDefaults {
     cake = rec {
       cores = 4;
       ci = false;
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.136.236";
-          aliases = [
-            "cake.r"
-          ];
-          tinc.pubkey = tinc-for "cake";
-        };
+        retiolum.ip4.addr = "10.243.136.236";
       };
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-      ssh.pubkey = sshd-for "cake";
     };
     crapi = rec { # raspi1
       cores = 1;
       ci = false;
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.136.237";
-          aliases = [
-            "crapi.r"
-          ];
-          tinc.pubkey = tinc-for "crapi";
-        };
+        retiolum.ip4.addr = "10.243.136.237";
       };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = sshd-for "crapi";
     };
     firecracker = {
       cores = 4;
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.12.12";
-          ip6.addr = "42:0:0:0:0:0:0:12";
-          aliases = [
-            "firecracker.r"
-          ];
-          tinc.pubkey = tinc-for "firecracker";
-        };
+        retiolum.ip4.addr = "10.243.12.12";
       };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = sshd-for "firecracker";
     };
 
     studio = rec {
       ci = false;
       cores = 4;
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-      ssh.pubkey = sshd-for "studio";
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.227.163";
-          aliases = [
-            "studio.r"
-          ];
-          tinc.pubkey = tinc-for "studio";
-        };
+        retiolum.ip4.addr = "10.243.227.163";
       };
     };
     fileleech = rec {
       ci = false;
       cores = 4;
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-      ssh.pubkey = "";
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.113.98";
-          aliases = [
-            "fileleech.r"
-          ];
-          tinc.pubkey = tinc-for "fileleech";
-        };
+        retiolum.ip4.addr = "10.243.113.98";
       };
     };
     tsp = {
       ci = true;
       cores = 1;
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.0.212";
-          aliases = [
-            "tsp.r"
-          ];
-          tinc.pubkey = tinc-for "tsp";
-        };
+        retiolum.ip4.addr = "10.243.0.212";
       };
     };
     x = {
       ci = true;
       cores = 4;
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.0.91";
-          aliases = [
-            "x.r"
-          ];
-          tinc.pubkey = tinc-for "x";
+        retiolum.ip4.addr = "10.243.0.91";
+        wiregrill = {
+          # defaults
         };
-        #wiregrill = {
-        #  aliases = [
-        #    "x.w"
-        #  ];
-        #  wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
-        #};
       };
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-      ssh.pubkey = sshd-for "x";
 
     };
     filepimp = rec {
@@ -139,13 +114,7 @@ in {
             "filepimp.lan"
           ];
         };
-        retiolum = {
-          ip4.addr = "10.243.153.102";
-          aliases = [
-            "filepimp.r"
-          ];
-          tinc.pubkey = tinc-for "filepimp";
-        };
+        retiolum.ip4.addr = "10.243.153.102";
       };
     };
 
@@ -163,15 +132,11 @@ in {
         retiolum = {
           ip4.addr = "10.243.0.89";
           aliases = [
-            "omo.r"
             "dcpp.omo.r"
             "torrent.omo.r"
           ];
-          tinc.pubkey = tinc-for "omo";
         };
       };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = sshd-for "omo";
     };
     wbob = rec {
       ci = true;
@@ -180,14 +145,10 @@ in {
         retiolum = {
           ip4.addr = "10.243.214.15";
           aliases = [
-            "wbob.r"
             "hydra.wbob.r"
           ];
-          tinc.pubkey = tinc-for "wbob";
         };
       };
-      ssh.privkey.path = <secrets/ssh.id_ed25519>;
-      ssh.pubkey = sshd-for "wbob";
     };
     gum = rec {
       ci = true;
@@ -231,13 +192,16 @@ in {
             "nextgum.i"
           ];
         };
-        #wiregrill = {
-        #  via = internet;
-        #  aliases = [
-        #    "gum.w"
-        #  ];
-        #  wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
-        #};
+        wiregrill = {
+          via = internet;
+          ip6.addr = w6 "1";
+          wireguard = {
+            subnets = [
+              (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+              (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+            ];
+          };
+        };
         retiolum = {
           via = internet;
           ip4.addr = "10.243.0.213";
@@ -250,7 +214,6 @@ in {
             "dcpp.gum.r"
             "dcpp.nextgum.r"
             "graph.r"
-            "gum.r"
             "logs.makefu.r"
             "netdata.makefu.r"
             "nextgum.r"
@@ -262,25 +225,15 @@ in {
             "wiki.gum.r"
             "wiki.makefu.r"
           ];
-          tinc.pubkey = tinc-for "gum";
         };
       };
-      ssh.pubkey = sshd-for "gum";
     };
 
     sdev = rec {
       ci = true;
       cores = 1;
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-      ssh.pubkey = sshd-for "sdev";
       nets = {
-        retiolum = {
-          ip4.addr = "10.243.83.237";
-          aliases = [
-            "sdev.r"
-          ];
-          tinc.pubkey = tinc-for "sdev";
-        };
+        retiolum.ip4.addr = "10.243.83.237";
       };
     };
 
@@ -304,10 +257,6 @@ in {
         };
         retiolum = {
           ip4.addr = "10.243.211.172";
-          aliases = [
-            "flap.r"
-          ];
-          tinc.pubkey = tinc-for "flap";
         };
       };
     };
@@ -317,10 +266,6 @@ in {
       nets = {
         retiolum = {
           ip4.addr = "10.243.231.219";
-          aliases = [
-            "nukular.r"
-          ];
-          tinc.pubkey = tinc-for "nukular";
         };
       };
     };
@@ -330,10 +275,6 @@ in {
       nets = {
         retiolum = {
           ip4.addr = "10.243.189.130";
-          aliases = [
-            "filebitch.r"
-          ];
-          tinc.pubkey = tinc-for "filebitch";
         };
       };
     };
@@ -343,10 +284,6 @@ in {
       nets = {
         retiolum = {
           ip4.addr = "10.243.0.163";
-          aliases = [
-            "senderechner.r"
-          ];
-          tinc.pubkey = tinc-for "senderechner";
         };
       };
     };
diff --git a/krebs/3modules/makefu/tinc/cake.pub b/krebs/3modules/makefu/retiolum/cake.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/cake.pub
rename to krebs/3modules/makefu/retiolum/cake.pub
diff --git a/krebs/3modules/makefu/tinc/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/crapi.pub
rename to krebs/3modules/makefu/retiolum/crapi.pub
diff --git a/krebs/3modules/makefu/tinc/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/filebitch.pub
rename to krebs/3modules/makefu/retiolum/filebitch.pub
diff --git a/krebs/3modules/makefu/tinc/fileleech.pub b/krebs/3modules/makefu/retiolum/fileleech.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/fileleech.pub
rename to krebs/3modules/makefu/retiolum/fileleech.pub
diff --git a/krebs/3modules/makefu/tinc/filepimp.pub b/krebs/3modules/makefu/retiolum/filepimp.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/filepimp.pub
rename to krebs/3modules/makefu/retiolum/filepimp.pub
diff --git a/krebs/3modules/makefu/tinc/firecracker.pub b/krebs/3modules/makefu/retiolum/firecracker.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/firecracker.pub
rename to krebs/3modules/makefu/retiolum/firecracker.pub
diff --git a/krebs/3modules/makefu/tinc/flap.pub b/krebs/3modules/makefu/retiolum/flap.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/flap.pub
rename to krebs/3modules/makefu/retiolum/flap.pub
diff --git a/krebs/3modules/makefu/tinc/gum.pub b/krebs/3modules/makefu/retiolum/gum.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/gum.pub
rename to krebs/3modules/makefu/retiolum/gum.pub
diff --git a/krebs/3modules/makefu/tinc/nukular.pub b/krebs/3modules/makefu/retiolum/nukular.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/nukular.pub
rename to krebs/3modules/makefu/retiolum/nukular.pub
diff --git a/krebs/3modules/makefu/tinc/omo.pub b/krebs/3modules/makefu/retiolum/omo.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/omo.pub
rename to krebs/3modules/makefu/retiolum/omo.pub
diff --git a/krebs/3modules/makefu/tinc/sdev.pub b/krebs/3modules/makefu/retiolum/sdev.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/sdev.pub
rename to krebs/3modules/makefu/retiolum/sdev.pub
diff --git a/krebs/3modules/makefu/tinc/senderechner.pub b/krebs/3modules/makefu/retiolum/senderechner.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/senderechner.pub
rename to krebs/3modules/makefu/retiolum/senderechner.pub
diff --git a/krebs/3modules/makefu/tinc/studio.pub b/krebs/3modules/makefu/retiolum/studio.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/studio.pub
rename to krebs/3modules/makefu/retiolum/studio.pub
diff --git a/krebs/3modules/makefu/tinc/tsp.pub b/krebs/3modules/makefu/retiolum/tsp.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/tsp.pub
rename to krebs/3modules/makefu/retiolum/tsp.pub
diff --git a/krebs/3modules/makefu/tinc/wbob.pub b/krebs/3modules/makefu/retiolum/wbob.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/wbob.pub
rename to krebs/3modules/makefu/retiolum/wbob.pub
diff --git a/krebs/3modules/makefu/tinc/x.pub b/krebs/3modules/makefu/retiolum/x.pub
similarity index 100%
rename from krebs/3modules/makefu/tinc/x.pub
rename to krebs/3modules/makefu/retiolum/x.pub
diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub
new file mode 100644
index 000000000..4a5f666cc
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/gum.pub
@@ -0,0 +1 @@
+yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/krebs/3modules/makefu/wiregrill/x.pub
new file mode 100644
index 000000000..cfa9eb254
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/x.pub
@@ -0,0 +1 @@
+fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=