Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

:Merge branch 'master' of prism.r:stockholm

Browse Source
This commit is contained in:
jeschli 2019-04-02 19:38:35 +02:00
commit f8b88080d5
119 changed files with 2054 additions and 1253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
jeschli/1systems/brauerei/config.nix
View File

@ -103,7 +103,9 @@ in
gotools
# rust
cargo
rustc
rustracer
rustup
vscode
# orga tools
taskwarrior
# xorg
@ -143,19 +145,11 @@ in
'';
}
];
# xmonad = {
# enable = true;
# enableContribAndExtras = true;
# extraPackages = haskellPackages: [
# haskellPackages.xmonad-contrib
# haskellPackages.xmonad-extras
# haskellPackages.xmonad
# ];
# }
};
};
services.xserver.windowManager.i3.enable = true;
users.extraUsers.jeschli = { # TODO: define as krebs.users
isNormalUser = true;
extraGroups = ["docker" "vboxusers" "audio"];

3
krebs/2configs/reaktor2.nix
View File

@ -61,7 +61,7 @@ let
];
hooks.PRIVMSG = [
{
pattern = "^bier bal(ance)*$";
pattern = "^bier bal(an(ce)?)?$";
activate = "match";
command = {
env = {
@ -134,6 +134,7 @@ in {
};
r = {
nick = "reaktor2|krebs";
sendDelaySec = null;
plugins = [
{
plugin = "register";

3
krebs/3modules/default.nix
View File

@ -45,10 +45,10 @@ let
./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
./syncthing.nix
./tinc.nix
./tinc_graphs.nix
./urlwatch.nix
@ -101,6 +101,7 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {

84
krebs/3modules/external/default.nix vendored
View File

@ -16,7 +16,33 @@ with import <stockholm/lib>;
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
catullus = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.3";
aliases = [ "catullus.r" ];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx
CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF
GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K
WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu
vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7
9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon
DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M
vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH
b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8
r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn
Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B
BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
@ -176,32 +202,6 @@ in {
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.29.201";
aliases = [
"kruck.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
/RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@ -299,6 +299,33 @@ in {
};
};
};
toastbrot = {
owner = config.krebs.users.jan;
nets = {
retiolum = {
ip4.addr = "10.243.117.12";
aliases = [
"toastbrot.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
-----END PUBLIC KEY-----
'';
};
};
};
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
@ -411,6 +438,9 @@ in {
mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco";
};
jan = {
mail = "jan.heidbrink@posteo.de";
};
kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
@ -419,8 +449,6 @@ in {
mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {
};
qubasa = {
mail = "luis.nixos@gmail.com";
};

84
krebs/3modules/external/palo.nix vendored Normal file
View File

@ -0,0 +1,84 @@
with import <stockholm/lib>;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
hosts = mapAttrs hostDefaults {
pepe = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.1";
tinc.port = 720;
aliases = [ "pepe.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
kruck = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.3";
tinc.port = 720;
aliases = [ "kruck.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
schasch = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.2";
tinc.port = 720;
aliases = [ "schasch.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workhorse = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.5";
tinc.port = 720;
aliases = [ "workhorse.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
workout = {
owner = config.krebs.users.palo;
nets = {
retiolum = {
ip4.addr = "10.243.23.4";
tinc.port = 720;
aliases = [ "workout.r" ];
tinc.pubkey = tinc-for "palo";
};
};
};
};
users = {
palo = {
};
palo-pepe = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCe3j1dk8o7e0cFn+RepOjdeYcS0YcG0d6NnsMoq8pjqzLRuvOVN4CmsuRo4UJtWOUVv8kIWLcegks2RXbKOSTFAnvEIpPlSmL3BgvFGmUiOmPw1w93yxdVnfd9kJ6SBNuS+kFspKPvOEV9yVpjTywKZ0qKWjRd89Vz2+8aFJ/R3hyE+YqpzlzYbrucEIXbEWESqnzrx61NrWwd1ueHj0RYMDBjIJjVfIIK3W32vQ//pYJio1di0PpOPK2Ya0yugSixymuQBvzCgaedVeLdJ0k1d7d5iVb4LjCR8zg0Jnf1RLfpqRrFYwMJpwuhtIEevfNrhzqZA58QgHO6iOg50FeaD5k1rlWfoOvX2rcV5iqCC9jClIfMKzePdm+MeVorBXp+bflOhyPJG+Qrz6NTE9Ohe5A71Z0bBa96MEoW1hyrLCn0+z+Cx5kt7n2QzAAa/VPNjRDZeHbsu26MrvViEoh+FcPqx4DUIUaDRs/TNIvMGAl14E6gur68AI01a0PZJ/gnqZeOJKuyz4pKT0nIcg0EvkjXM2uEJ9m8h4IBAqTUYMZYm7iJBfpbwT6ePxFfah4q960orBUwW87CyPu/wDGmDblQ7dpkuw+skpzNgOGzerDyGAGKOsjGfYZpqsv9303S2f7884NAIK1ohgpMELytEYpY4YNi2KQYfHhgoQRJ5w== palo@pepe";
};
};
}

13
krebs/3modules/external/tinc/palo.pub vendored Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
-----END RSA PUBLIC KEY-----

61
krebs/3modules/hosts.nix
View File

@ -1,6 +1,5 @@
with import <stockholm/lib>;
{ config, ... }: let
# TODO dedup functions with ./retiolum-hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
@ -30,6 +29,66 @@ in {
map (addr: { ${addr} = aliases; }) net.addrs)
(attrValues host.nets))
(attrValues config.krebs.hosts)));
nixpkgs.config.packageOverrides = super: let
# nameValuePair name value : { "name" : name, "value" : value }
# addr : str
# aliase : str
# hostname : str
# netname : str
# addrAliases : nameValuePair addr [alias]
# hostNetAliases : host -> { ${netname} : [addrAliases] }
hostNetAliases = host:
mapAttrs (_: net: filter (x: x.name != null && x.value != []) [
{ name = net.ip4.addr or null; value = net.aliases; }
{ name = net.ip6.addr or null; value = net.aliases; }
]) host.nets;
# netAliases : { ${netname} : [addrAliases] }
netAliases =
foldl'
(result: host:
foldl'
# λ netAliases -> [addrAliases] -> netAliases
(result: { name, value }: result // {
${name} = result.${name} or [] ++ value;
})
result
(mapAttrsToList nameValuePair (hostNetAliases host))
)
{}
(attrValues config.krebs.hosts);
# writeHosts : str -> [addrAliases] -> package
writeHosts = name: addrAliases: super.writeText name ''
${concatMapStringsSep
"\n"
({ name, value }: "${name} ${toString value}")
addrAliases}
'';
in
{
# hosts file for all krebs networks
krebs-hosts =
writeHosts "krebs-hosts" (concatLists [
netAliases.internet
netAliases.retiolum
netAliases.wiregrill
]);
# combined hosts file for all networks (even custom ones)
krebs-hosts_combined =
writeHosts "krebs-hosts_combined"
(concatLists (attrValues netAliases));
}
//
genAttrs' (attrNames netAliases) (netname: rec {
name = "krebs-hosts-${netname}";
value = writeHosts name netAliases.${netname};
});
};
}

13
krebs/3modules/lass/default.nix
View File

@ -204,6 +204,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
};
shodan = {
cores = 2;
@ -270,6 +271,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
};
daedalus = {
cores = 2;
@ -328,6 +330,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
};
littleT = {
cores = 2;
@ -365,10 +368,18 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "771e";
aliases = [
"littleT.w"
];
wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
};
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
};
red = {
monitoring = false;
@ -474,6 +485,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
};
phone = {
nets = {
@ -487,6 +499,7 @@ in {
};
external = true;
ci = false;
syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7";
};
morpheus = {
cores = 1;

842
krebs/3modules/makefu/default.nix
View File

@ -5,443 +5,105 @@
with import <stockholm/lib>;
{ config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({
owner = config.krebs.users.makefu;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
});
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
{
owner = config.krebs.users.makefu;
}
# Retiolum defaults
(let
pubkey-path = ./retiolum + "/${hostName}.pub";
in optionalAttrs (pathExists pubkey-path) {
nets.retiolum = {
tinc.pubkey = readFile pubkey-path;
aliases = [
"${hostName}.r"
];
ip6.addr =
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
};
})
# Wiregrill defaults
(let
pubkey-path = ./wiregrill + "/${hostName}.pub";
in optionalAttrs (pathExists pubkey-path) {
nets.wiregrill = {
aliases = [
"${hostName}.w"
];
ip6.addr =
(krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
wireguard.pubkey = readFile pubkey-path;
};
})
# SSHD defaults
(let
pubkey-path = ./sshd + "/${hostName}.pub";
in optionalAttrs (pathExists pubkey-path) {
ssh.pubkey = readFile pubkey-path;
# We assume that if the sshd pubkey exits then there must be a privkey in
# the screts store as well
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
})
host
];
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
in {
hosts = mapAttrs hostDefaults {
cake = rec {
cores = 4;
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.136.236";
aliases = [
"cake.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.136.236";
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
};
crapi = rec { # raspi1
cores = 1;
ci = false;
nets = {
retiolum = {
ip4.addr = "10.243.136.237";
aliases = [
"crapi.r"
];
tinc.pubkey = ''
Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.136.237";
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
};
drop = rec {
ci = false;
cores = 1;
firecracker = {
cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.177.9";
aliases = [
"drop.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.12.12";
};
};
studio = rec {
ci = false;
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
nets = {
retiolum = {
ip4.addr = "10.243.227.163";
aliases = [
"studio.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.227.163";
};
};
fileleech = rec {
ci = false;
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
aliases = [
"fileleech.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
latte = rec {
ci = false;
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
# ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
nets = {
internet = {
ip4.addr = "185.215.224.160";
aliases = [
"latte.i"
];
};
retiolum = {
ip4.addr = "10.243.80.249";
aliases = [
"latte.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
pnp = {
ci = false;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.210";
aliases = [
"pnp.r"
"cgit.pnp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
darth = {
ci = false;
cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.0.84";
aliases = [
"darth.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq
qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX
yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi
3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8
q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE
u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
siem = {
ip4.addr = "10.8.10.2";
ip4.prefix = "10.8.10.0/24";
aliases = [
"darth.siem"
];
tinc.pubkey = ''
Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK
-----BEGIN RSA PUBLIC KEY-----
MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW
TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb
fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS
Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21
kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh
rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE=
-----END RSA PUBLIC KEY-----
'';
};
};
};
ossim = { # vm on darth
nets = {
siem = {
ip4.addr = "10.8.10.6";
ip4.prefix = "10.8.10.0/24";
aliases = [
"ossim.siem"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl
RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL
cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand
mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd
dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL
WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
honeydrive = { # vm on darth
nets = {
internet = { # via shoney
ip4.addr = "64.137.234.232";
aliases = [
"honeydrive.i"
];
};
retiolum.ip4.addr = "10.243.113.98";
};
};
tsp = {
ci = true;
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.0.212";
aliases = [
"tsp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.0.212";
};
};
x = {
ci = true;
cores = 4;
nets = {
retiolum = {
ip4.addr = "10.243.0.91";
aliases = [
"x.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
-----END RSA PUBLIC KEY-----
'';
retiolum.ip4.addr = "10.243.0.91";
wiregrill = {
# defaults
};
siem = {
ip4.addr = "10.8.10.4";
ip4.prefix = "10.8.10.0/24";
aliases = [
"makefu.siem"
];
tinc.pubkey = ''
Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI
-----BEGIN RSA PUBLIC KEY-----
MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p
XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y
ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O
vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm
t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR
56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE=
-----END RSA PUBLIC KEY-----
'';
};
#wiregrill = {
# aliases = [
# "x.w"
# ];
# wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
#};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
};
vbob = {
ci = true;
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.1.91";
aliases = [
"vbob.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos";
};
pigstarter = rec {
cores = 1;
extraZones = {
"krebsco.de" = ''
euer IN MX 1 aspmx.l.google.com.
nixos.unstable IN CNAME krebscode.github.io.
boot IN A ${nets.internet.ip4.addr}
'';
};
nets = {
internet = {
ip4.addr = "192.40.56.122";
ip6.addr = "2604:2880::841f:72c";
aliases = [
"pigstarter.i"
];
};
retiolum = {
ip4.addr = "10.243.0.153";
aliases = [
"pigstarter.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA/efJuJRLUIZROe3QE8WYTD/zyNGRh9I2/yw+5It9HSNVDMIOV1FZ
9PaspsC+YQSBUQRN8SJ95G4RM6TIn/+ei7LiUYsf1Ik+uEOpP5EPthXqvdJEeswv
3QFwbpBeOMNdvmGvQLeR1uJKVyf39iep1wWGOSO1sLtUA+skUuN38QKc1BPASzFG
4ATM6rd2Tkt8+9hCeoePJdLr3pXat9BBuQIxImgx7m5EP02SH1ndb2wttQeAi9cE
DdJadpzOcEgFatzXP3SoKVV9loRHz5HhV4WtAqBIkDvgjj2j+NnXolAUY25Ix+kv
sfqfIw5aNLoIX4kDhuDEVBIyoc7/ofSbkQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
wry = rec {
ci = false;
cores = 1;
extraZones = {
"krebsco.de" = ''
wry IN A ${nets.internet.ip4.addr}
tinc IN A ${nets.internet.ip4.addr}
'';
};
nets = rec {
internet = {
ip4.addr = "104.233.87.86";
aliases = [
"wry.i"
];
};
retiolum = {
via = internet;
ip4.addr = "10.243.29.169";
aliases = [
"wry.r"
"graph.wry.r"
"paste.wry.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn
U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms
ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA
7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2
8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ
j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF
TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw
RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC
zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack
86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT
Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
};
filepimp = rec {
ci = false;
cores = 1;
@ -452,22 +114,7 @@ in {
"filepimp.lan"
];
};
retiolum = {
ip4.addr = "10.243.153.102";
aliases = [
"filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.153.102";
};
};
@ -489,68 +136,27 @@ in {
"dcpp.omo.r"
"torrent.omo.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
};
wbob = rec {
ci = true;
cores = 4;
nets = {
siem = {
ip4.addr = "10.8.10.7";
ip4.prefix = "10.8.10.0/24";
aliases = [ "display.siem" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5
6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J
+1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7
FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg
LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW
LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB
-----END RSA PUBLIC KEY-----
-----BEGIN ED25519 PUBLIC KEY-----
3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO
-----END ED25519 PUBLIC KEY-----
'';
};
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
"wbob.r"
"hydra.wbob.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
gum = rec {
ci = true;
extraZones = {
"krebsco.de" = ''
boot IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
@ -558,6 +164,7 @@ in {
dl.euer IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
euer IN MX 1 aspmx.l.google.com.
ghook IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
@ -566,6 +173,7 @@ in {
iso.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
netdata.euer IN A ${nets.internet.ip4.addr}
nixos.unstable IN CNAME krebscode.github.io.
o.euer IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
pigstarter IN A ${nets.internet.ip4.addr}
@ -586,17 +194,21 @@ in {
"nextgum.i"
];
};
#wiregrill = {
# via = internet;
# aliases = [
# "gum.w"
# ];
# wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
#};
wiregrill = {
via = internet;
ip6.addr = w6 "1";
wireguard = {
subnets = [
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
];
};
};
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
aliases = [
"gum.r"
"backup.makefu.r"
"blog.gum.r"
"blog.makefu.r"
@ -605,7 +217,6 @@ in {
"dcpp.gum.r"
"dcpp.nextgum.r"
"graph.r"
"gum.r"
"logs.makefu.r"
"netdata.makefu.r"
"nextgum.r"
@ -617,91 +228,15 @@ in {
"wiki.gum.r"
"wiki.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
shoney = rec {
ci = false;
cores = 1;
nets = rec {
siem = {
via = internet;
ip4.addr = "10.8.10.1";
ip4.prefix = "10.8.10.0/24";
aliases = [
"shoney.siem"
"graph.siem"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu
74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU
l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB
CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4
fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z
L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB
-----END RSA PUBLIC KEY-----
'';
tinc.port = 1655;
};
internet = {
ip4.addr = "64.137.234.215";
aliases = [
"shoney.i"
];
};
retiolum = {
ip4.addr = "10.243.205.131";
aliases = [
"shoney.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
+DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
sdev = rec {
ci = true;
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
nets = {
retiolum = {
ip4.addr = "10.243.83.237";
aliases = [
"sdev.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
retiolum.ip4.addr = "10.243.83.237";
};
};
@ -725,19 +260,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.211.172";
aliases = [
"flap.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
@ -747,108 +269,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.231.219";
aliases = [
"nukular.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
heidi = rec {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.124.21";
aliases = [
"heidi.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqRLnAJNZ1OoO1bTS58DQgxi1VKgITHIuTW0fVGDvbXnsjPUB3cgx
1GEVtLc0LN6R9wrPKDaqHS6mkiRSDVScaW/FqkdFhTDaBJy8LfomL9ZmkU9DzkvQ
jncDjr0WoR+49rJHYsUULp1fe98Ev+y3VwVdJOOH92pAj1CAAUdtfG7XcGyHznYY
ZNLriGZe3l1AwsWMEflzHLeXcKQ/ZPOrjZ4EFVvfGfdQdJ24UUF3r4sBypYnasmA
q8lCw9rCrFh1OS6mHLC9qsvGfal6X4x2/xKc5VxZD4MQ/Bp7pBi1kwfHpKoREFKo
w/Jr3oG/uDxMGIzphGX185ObIkZ1wl/9DwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
lariat = rec {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.64.7";
aliases = [
"lariat.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
soundflower = rec {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.69.184";
aliases = [
"soundflower.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0a0oenAy9MDa2M6NoLtB8elduGgc3oLtUwsm3iUu6w8L+Je5TndN
H8dPn3sByUk1Jkd8tGGRk/vSFj/mtUn7xXKCnFXfKDqVowu/0KS3Q+6o4mcoATeb
Ax7e6Cz1YH5+qhQjR7apuase9X9Dzp56//5VW2gaScvWevvzrij2x7eNvJRF+W/l
FDXc8zBPkFW5TLFHOizRoLl4mK1hz2NrUiqcq5Ghs2yPsFxl/o5+e2MOwtdI49T6
lMkeshAeNOSMKYfP9nmHZoKI/MIpGak0EF3ZQtLvyv+tM2Q0nuwH3RvxlK/Xf6U+
8SoQu4yRIeK+pMiLEHhFPzBpk+sblUlG7QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
falk = rec {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.120.19";
aliases = [
"falk.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA961eCQE562VPYjuZtd0+FNRfUghvD2ccjUlihMjzg46GAK+duqK+
4peWklGOL4eRYQBg6G2VDzWiU2MxXVbXUZaMrxh7fTc3G3LdbqTxzAv3GQKR/6iA
9bGUf6u4ztVNAcj2mrY3mfs4gMlBQyQ2wcM0ZUpiAMaRB4cdq7I4GVHbYTFYfQuI
2zdnr0w8AjlMpFFcD0ExsWeppiJsE7iiME/S2VVfh2NrEpAKQbLH9fKrfkiJA/+9
0VIH9wLLIYngUtQKbvEQ5xgx6ybrg0vO8ZqZ1ZGXYxOQZzWzPP0tvDU0QHSKYSWb
FjcOf1lWSWjsjHxMl/Gh57hjNJFCbs8yjQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
@ -858,91 +278,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.189.130";
aliases = [
"filebitch.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
bridge = rec {
cores = 1;
nets = {
retiolum = {
ip4.addr = "10.243.26.29";
aliases = [
"excobridge.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEApeeMSYMuXg4o/fNHnG2ftp2WskZLrt63zhRag7U1HqYUnuPqY60d
VVy9MBTawm6N02nC2Svm3V07ZXaRp/XsXQLx+evZcDjPjnDYgl2ZGX0ir5Cn50bm
UzhJiMW6/J7AYvucgeAaVJ0YmIwRw6ndYGcxmXWi4TK0jSzhuSLgookWM6iJfbdB
oaYsjiXisEvNxt7rBlCfacaHMlPhz3gr1gc4IDCwF+RAMM29NUN3OinI+/f56d7b
/hLZWbimiwtvGVsGLiA2EIcfxQ7aD/LINu+XXMaq7f8QByXj/Lzi7456tDi3pdJg
lyg9yqRJYt4Zle5PVejn08qiofTUmlEhnwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
horisa = rec {
cores = 2;
nets = {
retiolum = {
ip4.addr = "10.243.226.213";
aliases = [
"horisa.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1hhBqCku98gimv0yXr6DFwE2HUemigyqX8o7IsPOW5XT/K8o+V40
Oxk3r0+c7IYREvug/raxoullf5TMJFzTzqzX4njgsiTs25V8D7hVT4jcRKTcXmBn
XpjtD+tIeDW1E6dIMMDbxKCyfd/qaeg83G7gPobeFYr4JNqQLXrnotlWMO9S13UT
+EgSP2pixv/dGIqX8WRg23YumO8jZKbso/sKKFMIEOJvnh/5EcWb24+q2sDRCitP
sWJ5j/9M1Naec/Zl27Ac2HyMWRk39F9Oo+iSbc47QvjKTEmn37P4bBg3hY9FSSFo
M90wG/NRbw1Voz6BgGlwOAoA+Ln0rVKqDQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tahoe = rec {
cores = 1;
nets = {
internet = {
ip4.addr = "148.251.47.69";
aliases = [
"wooki.i"
];
};
retiolum = {
ip4.addr = "10.243.57.85";
aliases = [
"wooki.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx6R+CuJu4Bql+DgGPpE7wI+iasRY6ltxW0/L04uW9XiOKiEjx66y
QMMaW18bcb0SOfTE8qYo8pOsZ5E9FFPY6cKH4DGi8g1FpaODle9V8RrVg3F7RuZ8
dXDXeZxvYvJ2LwPBvlr1aisqJqgxAwF2ipPPX97rAYbp46a/vkgU5bPF1OFlTDaH
9jjThuidiEwY4EMtJGKisnTGx8yS5iQibDMqzrcRpCxCLcl68FgFNKCTtSIj1mo6
hgO1ZKmHw73ysmrL2tImmalHYcqDJnq/KInG2ZkCZI/2ZqfJyrRSTk86t5ubfD6p
egC5N0Y5dQHJd66AytNwXxymiAcWuYth9QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
@ -952,43 +287,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.163";
aliases = [
"senderechner.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
tcac-0-1 = rec {
cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
";
nets = {
retiolum = {
ip4.addr = "10.243.144.142";
aliases = [
"tcac-0-1.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};

8
krebs/3modules/makefu/retiolum/cake.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
-----END RSA PUBLIC KEY-----

9
krebs/3modules/makefu/retiolum/crapi.pub Normal file
View File

@ -0,0 +1,9 @@
Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/filebitch.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/fileleech.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/filepimp.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----

14
krebs/3modules/makefu/retiolum/firecracker.pub Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuZaPnN4pQVpKWKG1Yylx
JghzOphuQMuzstedqKFo3MTUtgra27ul8IyqljJxVH+hnpObhDwzYS3Zz1BAp/WF
SFAslLbpPEG7UrwmvZHa3jqE4m/uIMtgYK65iIfB8bs17lkvRchfTfzTvwdtPSkM
zbgjq4HttI2aMoNggadfMSGdzv7hEhxFpRBAiXxJHOFTNa//ov/DehrW88blYQ3l
lSS2ZR+WHNVYfRPvfejDnstGenNCJXkpMYPe5YD9CZa0sy639ejTGs+nluU5+uId
lp+0QW5i8E3JvZDiIu9NF9cT+GZhKcgWyvwoA/yRFqRVWHUcK7w8MN1hmbExXFub
pS3GW2/f50USjT2jvK6zg2/KzTio2yEfd/FpQwTmyzAUJbwBkJNyD1YmFGv54tWS
/xDyn3+OsKT4VztfTPrH59MVZZd12WMavB3Y0VIEkVHhrK2BNIoMuJ9e96VDFZ14
9N6ouRAchIydQweESiBzHr0DUXeZO1jNLlNM0q8+aaS/bONkiFzRrKkYnbqB6ION
Ln6pg+5NtrZ/Cb7/UWwSNeooiiOnjzVLsZv3mEzt3IjcJO5iW3IOZhT29S9E3CwG
0rqK7CiByJJXPB/LqwKZdN3WtZgCfPJ48abmzobHhEKTsVG230G4jMF/dLpV3sZT
tIsbd9vYVSSP0Rg/K4hmsOMCAwEAAQ==
-----END PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/flap.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwtLD+sgTQGO+eh2Ipq2r54J1I0byvfkaTBeBwhtUmWst+lUQUoGy
2fGReRYsb4ThDLeyK439jZuQBeXSc5r2g0IHBJCSWj3pVxc1HRTa8LASY7QuprQM
8rSQa2XUtx/KpfM2eVX0yIvLuPTxBoOf/AwklIf+NmL7WCfN7sfZssoakD5a1LGn
3EtZ2M/4GyoXJy34+B8v7LugeClnW3WDqUBZnNfUnsNWvoldMucxsl4fAhvEehrL
hGgQMjHFOdKaLyatZOx6Pq4jAna+kiJoq3mVDsB4rcjLuz8XkAUZmVpe5fXAG4hr
Ig8l/SI6ilu0zCWNSJ/v3wUzksm0P9AJkwIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/gum.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/nukular.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnt/d9Ys9gmQMGEPzPydAs0Etp9aPb5PreogzVilvazFCZ8HiQHl/
gRGlNBImcPPAPGgLjQ49TZ6V1s0bX0GMlu9gJxqU7Nz/TPbAaDJSmEDPkXnaMC97
gLoluwJHURKPP6+0VNQuK/IOjjDLzLjRDiVeIg6NR0nFAQPlxUhrCN/PhxqNV5WP
H1nR+a4UDoLcKbtgQP+4Eu09iEm+H6o5eCFTX2Ov9Ok2m948Jm0rAqUbPAISf9m4
tOOhhUhn0xvQy5iNHI72ndLvogQ968rnFwBpZM7HF1FsiaQfOF9Nhf11rHCJod3P
meq9GsIUyppZmEKecnTtVfG1oUHMbt1GxQIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/omo.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/sdev.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/senderechner.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7
lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X
rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL
inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT
BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO
OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/studio.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
-----END RSA PUBLIC KEY-----

13
krebs/3modules/makefu/retiolum/tsp.pub Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi
HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3
mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+
n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG
R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr
Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi
aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo
ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE
KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v
XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ
teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ==
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/wbob.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
-----END RSA PUBLIC KEY-----

8
krebs/3modules/makefu/retiolum/x.pub Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG
RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA
kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD
JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2
2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf
+h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB
-----END RSA PUBLIC KEY-----

1
krebs/3modules/makefu/sshd/cake.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake

1
krebs/3modules/makefu/sshd/crapi.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi

1
krebs/3modules/makefu/sshd/fileleech.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech

1
krebs/3modules/makefu/sshd/firecracker.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGk+QqJEPoBNP9KbPiivCI5YJ9psAKnujRrUL4bNqxwe firecracker

1
krebs/3modules/makefu/sshd/gum.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum

1
krebs/3modules/makefu/sshd/omo.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH

1
krebs/3modules/makefu/sshd/sdev.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev

1
krebs/3modules/makefu/sshd/studio.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio

1
krebs/3modules/makefu/sshd/wbob.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr

1
krebs/3modules/makefu/sshd/x.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x

1
krebs/3modules/makefu/wiregrill/gum.pub Normal file
View File

@ -0,0 +1 @@
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=

1
krebs/3modules/makefu/wiregrill/x.pub Normal file
View File

@ -0,0 +1 @@
fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=

3
krebs/3modules/power-action.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
with lib;
let
cfg = config.krebs.power-action;

4
krebs/3modules/reaktor2.nix
View File

@ -33,6 +33,10 @@ with import <stockholm/lib>;
default = "reaktor2${optionalString (name != "default") "-${name}"}";
type = types.filename;
};
sendDelaySec = mkOption {
default = 0.7;
type = types.nullOr types.float;
};
username = mkOption {
default = self.config.systemd-service-name;
type = types.username;

28
krebs/3modules/retiolum-hosts.nix
View File

@ -1,28 +0,0 @@
with import <stockholm/lib>;
{ config, ... }: let
# TODO dedup functions with ./hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
nixpkgs.config.packageOverrides = super: {
retiolum-hosts =
super.writeText "retiolum-hosts" ''
${
concatStringsSep
"\n"
(flatten
(map
(host: let
net = host.nets.retiolum;
aliases = longs;
longs = filter check net.aliases;
in
optionals
(aliases != [])
(map (addr: "${addr} ${toString aliases}") net.addrs))
(filter (host: hasAttr "retiolum" host.nets)
(attrValues config.krebs.hosts))))
}
'';
};
}

149
krebs/3modules/syncthing.nix Normal file
View File

@ -0,0 +1,149 @@
{ config, pkgs, ... }: with import <stockholm/lib>;
let
cfg = config.krebs.syncthing;
devices = mapAttrsToList (name: peer: {
name = name;
deviceID = peer.id;
addresses = peer.addresses;
}) cfg.peers;
folders = map (folder: {
inherit (folder) path type;
id = folder.path;
devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch;
fsWatcherDelayS = folder.watchDelay;
ignorePerms = folder.ignorePerms;
}) cfg.folders;
getApiKey = pkgs.writeDash "getAPIKey" ''
${pkgs.libxml2}/bin/xmllint \
--xpath 'string(configuration/gui/apikey)'\
${config.services.syncthing.dataDir}/config.xml
'';
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
set -efu
# wait for service to restart
${pkgs.untilport}/bin/untilport localhost 8384
API_KEY=$(${getApiKey})
CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
"devices": ${builtins.toJSON devices},
"folders": ${builtins.toJSON folders}
}' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
'';
in
{
options.krebs.syncthing = {
enable = mkEnableOption "syncthing-init";
id = mkOption {
type = types.str;
default = config.krebs.build.host.name;
};
cert = mkOption {
type = types.nullOr types.absolute-pathname;
default = null;
};
key = mkOption {
type = types.nullOr types.absolute-pathname;
default = null;
};
peers = mkOption {
default = {};
type = types.attrsOf (types.submodule ({
options = {
# TODO make into addr + port submodule
addresses = mkOption {
type = types.listOf types.str;
default = [];
};
#TODO check
id = mkOption {
type = types.str;
};
};
}));
};
folders = mkOption {
default = [];
type = types.listOf (types.submodule ({
options = {
path = mkOption {
type = types.absolute-pathname;
};
peers = mkOption {
type = types.listOf types.str;
default = [];
};
rescanInterval = mkOption {
type = types.int;
default = 3600;
};
type = mkOption {
type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
default = "sendreceive";
};
watch = mkOption {
type = types.bool;
default = true;
};
watchDelay = mkOption {
type = types.int;
default = 10;
};
ignorePerms = mkOption {
type = types.bool;
default = true;
};
};
}));
};
};
config = (mkIf cfg.enable) {
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
preStart = ''
${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
'';
};
systemd.services.syncthing-init = {
after = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = config.services.syncthing.user;
RemainAfterExit = true;
Type = "oneshot";
ExecStart = updateConfig;
};
};
};
}

14
krebs/5pkgs/default.nix
View File

@ -13,15 +13,6 @@ foldl' mergeAttrs {}
//
{
# https://github.com/NixOS/nixpkgs/pull/30065
brscan4 = overrideDerivation super.brscan4 (original: rec {
name = "brscan4-0.4.4-4";
src = super.fetchurl {
url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb";
sha256 = "0xy5px96y1saq9l80vwvfn6anr2q42qlxdhm6ci2a0diwib5q9fd";
};
});
reaktor2 = self.haskellPackages.reaktor2;
ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
@ -31,9 +22,4 @@ foldl' mergeAttrs {}
export PROOT_NO_SECCOMP=1
exec ${super.proot}/bin/proot "$@"
'';
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = super.symlinkJoin args;
in if typeOf x != "lambda" then x else super.symlinkJoin name paths;
}

9
krebs/5pkgs/haskell/blessings.nix
View File

@ -1,5 +1,5 @@
with import <stockholm/lib>;
{ mkDerivation, base, fetchgit, stdenv }: let
{ mkDerivation, base, fetchgit, hspec, QuickCheck, stdenv, text }: let
cfg = {
"18.03" = {
@ -7,8 +7,8 @@ with import <stockholm/lib>;
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
"18.09" = {
version = "2.1.0";
sha256 = "0wc8v48bb0bkvypc0j6imvnf8xc8572hykk9sgjhzf2w0ggqxv5d";
version = "2.2.0";
sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
};
}.${versions.majorMinor nixpkgsVersion};
@ -20,7 +20,8 @@ in mkDerivation {
rev = "refs/tags/v${cfg.version}";
sha256 = cfg.sha256;
};
libraryHaskellDepends = [ base ];
libraryHaskellDepends = [ base text ];
testHaskellDepends = [ base hspec QuickCheck ];
doHaddock = false;
# WTFPL is the true license, which is unknown to cabal.
license = stdenv.lib.licenses.wtfpl;

21
krebs/5pkgs/haskell/flameshot-once.nix Normal file
View File

@ -0,0 +1,21 @@
{ mkDerivation, async, base, blessings, bytestring, dbus, fetchgit
, iso8601-time, process, random, stdenv, text, time, unagi-chan
, unix
}:
mkDerivation {
pname = "flameshot-once";
version = "1.1.0";
src = fetchgit {
url = "https://cgit.krebsco.de/flameshot-once";
sha256 = "158ha1yyj3p3mdjjga62j91ml83nhrsg34xbg3dir5cb399j8pxx";
rev = "9d688b6ffad14912bd1afe42555747cb3d213d95";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
async base blessings bytestring dbus iso8601-time process random
text time unagi-chan unix
];
license = stdenv.lib.licenses.mit;
}

6
krebs/5pkgs/haskell/reaktor2.nix
View File

@ -7,11 +7,11 @@
}:
mkDerivation {
pname = "reaktor2";
version = "0.2.1";
version = "0.2.2";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
sha256 = "0wg76wlzfi893rl0lzhfs6bkpdcvwvgl6mpnz6w7r8f7znr4a9vr";
rev = "0e199f7a357a4c5973e5837ec67699cf224ca69c";
sha256 = "1kyr5i5zdzvc7fcyac1i1yvi88kcxafrgp8p79c1b9l4g9sjnv78";
rev = "9f4e2644188f985d7cd806c13e2c0dee1688b9f0";
fetchSubmodules = true;
};
isLibrary = false;

4
krebs/5pkgs/simple/Reaktor/default.nix
View File

@ -2,7 +2,7 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
version = "0.7.0";
version = "0.7.1";
doCheck = false;
@ -14,7 +14,7 @@ python3Packages.buildPythonPackage rec {
owner = "krebs";
repo = "Reaktor";
rev = "v${version}";
sha256 = "12yy06vk0smjs0rmahrn2kd4bcdh1yjw1fz6rifw6nmgx889d9hj";
sha256 = "0cv5a4x73ls6sk8qj2qi6gqn31rv8kvdg13dsf3jv92xdfx6brjn";
};
meta = {
homepage = http://krebsco.de/;

27
krebs/5pkgs/simple/flameshot-once/default.nix Normal file
View File

@ -0,0 +1,27 @@
with import <stockholm/lib>;
{ pkgs, ... }@args:
let
# config cannot be declared in the input attribute set because that would
# cause callPackage to inject the wrong config. Instead, get it from ...
# via args.
config = args.config or {};
in
pkgs.symlinkJoin {
name = "flameshot-once-wrapper";
paths = [
(pkgs.writeDashBin "flameshot-once" ''
export PATH=${makeBinPath [
pkgs.flameshot
pkgs.qt5.qtbase
pkgs.xclip
]}
${optionalString (config != null) /* sh */ ''
. ${import ./profile.nix { inherit config pkgs; }}
''}
exec ${pkgs.haskellPackages.flameshot-once}/bin/flameshot-once "$@"
'')
pkgs.haskellPackages.flameshot-once
];
}

129
krebs/5pkgs/simple/flameshot-once/profile.nix Normal file
View File

@ -0,0 +1,129 @@
with import <stockholm/lib>;
{ config, pkgs }:
let
# Refs https://github.com/lupoDharkael/flameshot/blob/master/src/widgets/capture/capturebutton.h
ButtonType = {
PENCIL = 0;
DRAWER = 1;
ARROW = 2;
SELECTION = 3;
RECTANGLE = 4;
CIRCLE = 5;
MARKER = 6;
SELECTIONINDICATOR = 7;
MOVESELECTION = 8;
UNDO = 9;
COPY = 10;
SAVE = 11;
EXIT = 12;
IMAGEUPLOADER = 13;
OPEN_APP = 14;
BLUR = 15;
REDO = 16;
PIN = 17;
TEXT = 18;
};
cfg = eval.config;
eval = evalModules {
modules = singleton {
_file = toString ./config.nix;
imports = singleton config;
options = {
buttons = mkOption {
apply = map (name: ButtonType.${name});
default = [
"PENCIL"
"DRAWER"
"ARROW"
"SELECTION"
"RECTANGLE"
"CIRCLE"
"MARKER"
"SELECTIONINDICATOR"
"MOVESELECTION"
"UNDO"
"SAVE"
"EXIT"
"BLUR"
];
type = types.listOf (types.enum (attrNames ButtonType));
};
disabledTrayIcon = mkOption {
default = true;
type = types.bool;
};
drawThickness = mkOption {
default = 8;
type = types.positive;
};
filenamePattern = mkOption {
default = "%FT%T%z_flameshot";
type =
# This is types.filename extended by [%:][%:+]*
types.addCheck types.str (test "[%:0-9A-Za-z._][%:+0-9A-Za-z._-]*");
};
savePath = mkOption {
default = "/tmp";
type = types.absolute-pathname;
};
showDesktopNotification = mkOption {
default = false;
type = types.bool;
};
showHelp = mkOption {
default = false;
type = types.bool;
};
};
};
};
hexchars = stringToCharacters "0123456789abcdef";
# Encode integer to C-escaped string of bytes, little endian / LSB 0
le = rec {
x1 = i: let
i0 = mod i 16;
i1 = i / 16;
in
"\\x${elemAt hexchars i1}${elemAt hexchars i0}";
x2 = i: let
i0 = mod i 256;
i1 = i / 256;
in
"${x1 i0}${x1 i1}";
x4 = i: let
i0 = mod i 65536;
i1 = i / 65536;
in
"${x2 i0}${x2 i1}";
};
toQList = t: xs:
assert t == "int";
"QList<${t}>${le.x4 0}${le.x4 (length xs)}${concatMapStrings le.x4 xs}";
XDG_CONFIG_HOME = pkgs.write "flameshot-config" {
"/Dharkael/flameshot.ini".text = ''
[General]
buttons=@Variant(\0\0\0\x7f\0\0\0\v${toQList "int" cfg.buttons})
disabledTrayIcon=${toJSON cfg.disabledTrayIcon}
drawThickness=${toJSON cfg.drawThickness}
filenamePattern=${toJSON cfg.filenamePattern}
savePath=${toJSON cfg.savePath}
showDesktopNotification=${toJSON cfg.showDesktopNotification}
showHelp=${toJSON cfg.showHelp}
'';
};
in
pkgs.writeDash "flameshot.profile" ''
export FLAMESHOT_CAPTURE_PATH=${cfg.savePath}
export XDG_CONFIG_HOME=${XDG_CONFIG_HOME}
''

6
krebs/nixpkgs.json
View File

@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
"rev": "97e0d53d669cd07f0750a42fd535524b3cdd46d1",
"date": "2019-01-15T00:11:44+01:00",
"sha256": "111xa7qn9142dar29cil4br2mvn8f1rbiy310lkhwl73126fq8dw",
"rev": "8abca4bc7b8b313c6e3073d074d623d1095c0dba",
"date": "2019-03-07T09:54:51+01:00",
"sha256": "1qhhlqkwzxwhq8ga4n7p4zg4nrhl79m6x4qd0pgaic6n4z5m82gr",
"fetchSubmodules": false
}

1
lass/1systems/blue/config.nix
View File

@ -8,6 +8,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/blue.nix>
<stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.blue;

1
lass/1systems/icarus/config.nix
View File

@ -17,6 +17,7 @@
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/syncthing.nix>
];
krebs.build.host = config.krebs.hosts.icarus;

2
lass/1systems/icarus/physical.nix
View File

@ -17,4 +17,6 @@
SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
'';
services.thinkfan.enable = true;
}

1
lass/1systems/littleT/config.nix
View File

@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/syncthing.nix>
];
networking.networkmanager.enable = true;

1
lass/1systems/skynet/config.nix
View File

@ -7,6 +7,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/power-action.nix>
<stockholm/lass/2configs/syncthing.nix>
{
services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;

3
lass/2configs/default.nix
View File

@ -218,4 +218,7 @@ with import <stockholm/lib>;
networking.dhcpcd.extraConfig = ''
noipv4ll
'';
services.netdata = {
enable = true;
};
}

9
lass/2configs/syncthing.nix
View File

@ -8,4 +8,13 @@ with import <stockholm/lib>;
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
{ predicate = "-p udp --dport 21027"; target = "ACCEPT";}
];
krebs.syncthing = {
enable = true;
cert = toString <secrets/syncthing.cert>;
key = toString <secrets/syncthing.key>;
peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
folders = [
{ path = "/tmp/testsync"; peers = [ "icarus" "mors" "skynet" ]; }
];
};
}

0
lass/2configs/tests/dummy-secrets/syncthing.cert Normal file
View File

0
lass/2configs/tests/dummy-secrets/syncthing.key Normal file
View File

2
lass/2configs/websites/lassulus.nix
View File

@ -61,7 +61,7 @@ in {
alias ${config.krebs.tinc.retiolum.hostsArchive};
'';
locations."= /retiolum.hosts".extraConfig = ''
alias ${pkgs.retiolum-hosts};
alias ${pkgs.krebs-hosts-retiolum};
'';
locations."= /wireguard-key".extraConfig = ''
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};

6
lib/default.nix
View File

@ -9,6 +9,7 @@ let
krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit lib; };
types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
xml = import ./xml.nix { inherit lib; };
eq = x: y: x == y;
ne = x: y: x != y;
@ -145,6 +146,11 @@ let
in
filter (x: x != []) ([acc.chunk] ++ acc.chunks);
warnOldVersion = oldName: newName:
if compareVersions oldName newName != -1 then
trace "Upstream `${oldName}' gets overridden by `${newName}'." newName
else
newName;
};
in

8
lib/types.nix
View File

@ -86,6 +86,12 @@ rec {
type = nullOr ssh-privkey;
default = null;
};
syncthing.id = mkOption {
# TODO syncthing id type
type = nullOr string;
default = null;
};
};
});
@ -539,7 +545,7 @@ rec {
# POSIX.12013, 3.278 Portable Filename Character Set
filename = mkOptionType {
name = "POSIX filename";
check = test "([0-9A-Za-z._])[0-9A-Za-z._-]*";
check = test "[0-9A-Za-z._][0-9A-Za-z._-]*";
merge = mergeOneOption;
};

88
lib/xml.nix Normal file
View File

@ -0,0 +1,88 @@
{ lib }:
with lib;
with builtins;
rec {
# Use `term` to construct XML.
#
# Examples:
#
# (term "bool" null null)
# (term "cool" null [])
# (term "fool" { hurr = "durr"; } null)
# (term "hool" null [
# (term "tool" null null)
# ])
#
# See `render` for how these get transformed into actuall XML documents.
#
term = name: attrs: content: {
inherit name attrs content;
};
empty = term null null null;
# Ref http://www.w3.org/TR/xml/#syntax
#
# Example:
#
# (quote "<cheez!>") #===> &lt;cheez!&gt;
#
quote = let
sub = {
"&" = "&amp;";
"<" = "&lt;";
">" = "&gt;";
"'" = "&apos;";
"\"" = "&quot;";
};
in
stringAsChars (c: sub.${c} or c);
# Turn an XML element to an XML document string.
doc = t:
"<?xml version='1.0' encoding='UTF-8'?>${render t}";
# Render an XML element to a string.
#
# Rendering `empty` yields the empty string.
#
# Examples:
#
# (term "bool" null null) #===> <bool/>
# (term "cool" null []) #===> <cool></cool>
# (term "fool" { hurr = "durr"; } null) #===> <fool hurr="durr"/>
# (term "hool" null [
# (term "tool" null null)
# ]) #===> <hool><tool/></hool>
#
render = let
render-attrs = attrs:
getAttr (typeOf attrs) {
null = "";
set = concatStrings (mapAttrsToList (n: v: " ${n}=\"${v}\"") attrs);
};
render-content = content:
getAttr (typeOf content) {
bool = toJSON content;
int = toJSON content;
list = concatMapStrings render content;
string = quote content;
};
in
{ name, attrs, content }:
# XXX we're currently encoding too much information with `null`..
if name == null
then
if content == null
then ""
else content
else let
attrs' = render-attrs attrs;
content' = render-content content;
in
if content == null
then "<${name}${attrs'}/>"
else "<${name}${attrs'}>${content'}</${name}>";
}

0
makefu/0tests/data/secrets/hass/adbkey Normal file
View File

0
makefu/0tests/data/secrets/id_nixBuild Normal file
View File

13
makefu/1systems/cake/config.nix
View File

@ -1,9 +1,16 @@
{ config, lib, pkgs, ... }:
{
let
primaryInterface = "eth0";
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
<stockholm/makefu/2configs/tools/core.nix>
# <stockholm/makefu/2configs/tools/core.nix>
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
<stockholm/makefu/2configs/binary-cache/nixos.nix>
#<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/homeautomation/default.nix>
<stockholm/makefu/2configs/homeautomation/google-muell.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
];
@ -12,7 +19,7 @@
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.cake;
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
documentation.info.enable = false;
documentation.man.enable = false;
services.nixosManual.enable = false;

33
makefu/1systems/crapi/config.nix
View File

@ -1,46 +1,15 @@
{ config, pkgs, lib, ... }:
{
# :l <nixpkgs>
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [
<stockholm/makefu>
./hardware-config.nix
<stockholm/makefu/2configs>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/save-diskspace.nix>
];
krebs.build.host = config.krebs.hosts.crapi;
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
system.activationScripts.create-swap = ''
if [ ! -e /swapfile ]; then
fallocate -l 2G /swapfile
mkswap /swapfile
fi
'';
swapDevices = [ { device = "/swapfile"; size = 2048; } ];
nix.package = lib.mkForce pkgs.nixStable;
services.openssh.enable = true;
}

39
makefu/1systems/crapi/hardware-config.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, lib, ... }:
{
#raspi1
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 1;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.uboot.configurationLimit = 1;
boot.loader.generationsDir.enable = lib.mkDefault false;
hardware.enableRedistributableFirmware = true;
boot.cleanTmpDir = true;
environment.systemPackages = [ pkgs.raspberrypi-tools ];
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
system.activationScripts.create-swap = ''
if [ ! -e /swapfile ]; then
fallocate -l 2G /swapfile
mkswap /swapfile
chmod 600 /swapfile
fi
'';
swapDevices = [ { device = "/swapfile"; size = 4096; } ];
}

1
makefu/1systems/gum/config.nix
View File

@ -84,6 +84,7 @@ in {
<stockholm/makefu/2configs/shack/events-publisher>
<stockholm/makefu/2configs/shack/gitlab-runner>
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
<stockholm/makefu/2configs/taskd.nix>
# services

18
makefu/1systems/gum/hardware-config.nix
View File

@ -41,36 +41,36 @@ in {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" ];
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
];
boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ];
boot.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" "kvm-intel" ];
hardware.enableRedistributableFirmware = true;
fileSystems."/" = {
device = "/dev/mapper/nixos-root";
device = "/dev/nixos/root";
fsType = "ext4";
};
fileSystems."/var/lib" = {
device = "/dev/mapper/nixos-lib";
device = "/dev/nixos/lib";
fsType = "ext4";
};
fileSystems."/var/log" = {
device = "/dev/mapper/nixos-log";
device = "/dev/nixos/log";
fsType = "ext4";
};
fileSystems."/var/download" = {
device = "/dev/mapper/nixos-download";
device = "/dev/nixos/download";
fsType = "ext4";
};
fileSystems."/var/www/binaergewitter" = {
device = "/dev/mapper/nixos-binaergewitter";
device = "/dev/nixos/binaergewitter";
fsType = "ext4";
options = [ "nofail" ];
options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ];
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/mapper/nixos-backup";
device = "/dev/nixos/backup";
fsType = "ext4";
};
fileSystems."/boot" = {

3
makefu/1systems/wbob/config.nix
View File

@ -9,6 +9,7 @@ in {
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
@ -39,7 +40,6 @@ in {
<stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/arafetch.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; }
@ -51,6 +51,7 @@ in {
];
}
<stockholm/makefu/2configs/bureautomation>
<stockholm/makefu/2configs/bureautomation/led-fader.nix>
<stockholm/makefu/2configs/bureautomation/mpd.nix>
<stockholm/makefu/2configs/bureautomation/hass.nix>
(let

26
makefu/1systems/x/config.nix
View File

@ -15,6 +15,13 @@
<stockholm/makefu/2configs/extra-fonts.nix>
<stockholm/makefu/2configs/tools/all.nix>
<stockholm/makefu/2configs/dict.nix>
#<stockholm/makefu/3modules/netboot_server.nix>
#{
# netboot_server = {
# network.wan = "wlp3s0";
# network.lan = "enp0s25";
# };
#}
<stockholm/makefu/2configs/backup/state.nix>
# <stockholm/makefu/2configs/dnscrypt/client.nix>
@ -53,20 +60,22 @@
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.nat = {
enable = true;
externalInterface = "wlp3s0";
internalInterfaces = [ "vboxnet0" ];
};
}
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = {
# enable = true;
# externalInterface = "wlp3s0";
# internalInterfaces = [ "vboxnet0" ];
# };
#}
# Services
<stockholm/makefu/2configs/git/brain-retiolum.nix>
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
<stockholm/makefu/2configs/remote-build/aarch64-community.nix>
<stockholm/makefu/2configs/remote-build/gum.nix>
{ nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
@ -162,7 +171,6 @@
"/home/makefu/docs"
"/home/makefu/.password-store"
"/home/makefu/.secrets-pass"
"/home/makefu/autosync/Database.kdb"
];
services.syncthing.user = lib.mkForce "makefu";

147
makefu/2configs/bureautomation/automation/10h_timer.nix Normal file
View File

@ -0,0 +1,147 @@
[
{ alias = "start Felix 10h";
trigger = {
platform = "state";
entity_id = "binary_sensor.redbutton";
to = "on";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.felix_10h";
state = "idle";
}
{
condition = "time";
after = "06:00:00";
before = "12:00:00";
}
];
};
action = [
{ service = "timer.start";
entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ] ;
}
{ service = "homeassistant.turn_on";
entity_id = [
"script.buzz_red_led_fast"
"script.blitz_10s"
];
}
{ service = "light.turn_on";
data = {
effect = "2";
entity_id = [ "light.status_felix" ];
};
}
];
}
{ alias = "Disable Felix timer at button press";
trigger = {
platform = "state";
entity_id = "binary_sensor.redbutton";
to = "on";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.felix_10h";
state = "active";
}
{
condition = "time";
after = "12:00:00";
before = "22:00:00";
}
];
};
action =
[
{
service = "timer.cancel";
entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ];
}
{
service = "homeassistant.turn_on";
entity_id = [ "script.buzz_red_led_fast" ];
}
{
service = "homeassistant.turn_off";
entity_id = [ "light.status_felix" ];
}
];
}
{
alias = "Genug gearbeitet Felix";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_7h";
};
action =
[
{ service = "light.turn_on";
data = {
rgb_color= [0 255 0];
# effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
{
alias = "nun aber nach hause";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_8_30h";
};
action =
[
{ service = "light.turn_on";
data = {
rgb_color= [255 255 0];
# effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
{
alias = "Zu lange Felix!";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_10h";
};
action =
[
# TODO: Pushbullet
{
service = "homeassistant.turn_on";
entity_id = [
"script.buzz_red_led"
"script.blitz_10s"
];
}
{ service = "light.turn_on";
data = {
rgb_color= [255 0 0];
effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
]

55
makefu/2configs/bureautomation/automation/bureau-shutdown.nix Normal file
View File

@ -0,0 +1,55 @@
[
{ alias = "Turn on Fernseher on movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
action = {
service = "homeassistant.turn_on";
entity_id = [
"switch.fernseher"
"switch.feuer"
];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
}
{ # trigger at 20:00 no matter what
# to avoid 'everybody left before 18:00:00'
platform = "time";
at = "18:00:00";
}
];
action = {
service = "homeassistant.turn_off";
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
condition =
{ condition = "and";
conditions = [
{
condition = "time";
before = "06:30:00"; #only turn off between 6:30 and 18:00
after = "18:00:00";
# weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}
{
condition = "state";
entity_id = "binary_sensor.motion";
state = "off";
}
];
};
}
]

43
makefu/2configs/bureautomation/automation/nachtlicht.nix Normal file
View File

@ -0,0 +1,43 @@
[
{
alias = "Turn off Nachtlicht on sunrise";
trigger =
{
platform = "sun";
event = "sunrise";
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ "switch.nachtlicht" ];
};
}
{
alias = "Turn on Nachtlicht on motion and dusk";
trigger =
{
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
condition = # 'when dark'
{
condition = "or";
conditions = [
{ condition = "sun";
after = "sunset";
after_offset = "-00:45:00"; # on dusk
}
{ condition = "sun";
before = "sunrise";
}
];
};
action =
{
service = "homeassistant.turn_on";
entity_id = [ "switch.nachtlicht" ];
};
}
]

17
makefu/2configs/bureautomation/binary_sensor/buttons.nix Normal file
View File

@ -0,0 +1,17 @@
let
tasmota_button = name: topic:
# detects a pushbutton press from tasmota
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on = "ON";
payload_off = "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# expire_after = "5"; #expire after 5 seconds
qos = 1;
};
in [
(tasmota_button "RedButton" "redbutton")
]

12
makefu/2configs/bureautomation/binary_sensor/motion.nix Normal file
View File

@ -0,0 +1,12 @@
[
{ platform = "mqtt";
device_class = "motion";
name = "Motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
availability_topic = "/bam/easy2/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
]

14
makefu/2configs/bureautomation/camera/verkehrskamera.nix Normal file
View File

@ -0,0 +1,14 @@
[
{ name = "Baumarkt";
platform = "generic";
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
}
{ name = "Autobahn Heilbronn";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
}
{ name = "Autobahn Singen";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
}
]

317
makefu/2configs/bureautomation/hass.nix
View File

@ -1,76 +1,5 @@
{ pkgs, lib, ... }:
let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/bam/${topic}/stat/Dimmer";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/bam/${topic}/stat/Scheme";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
};
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
device_class = "temperature";
state_topic = "/bam/${name}/dht22/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
{ platform = "mqtt";
device_class = "humidity";
name = "${name} DHT22 Humidity";
state_topic = "/bam/${name}/dht22/Humidity";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}];
espeasy_ds18 = name:
{ platform = "mqtt";
name = "${name} DS18 Temperature";
state_topic = "/bam/${name}/ds18/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
};
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
@ -104,90 +33,43 @@ in {
retain = true;
};
};
switch = [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
(tasmota_plug "Nachtlicht" "plug5")
];
light = [
(tasmota_rgb "Status Felix" "status1")
];
binary_sensor = [
{ platform = "mqtt";
device_class = "motion";
name = "Motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
availability_topic = "/bam/easy2/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
switch = (import ./switch/tasmota_switch.nix);
light = (import ./light/statuslight.nix) ++
(import ./light/buzzer.nix);
timer = {
felix_10h = {
name = "Felix 10h Timer";
duration = "10:00:00";
};
felix_8_30h = {
name = "Felix 8_30h Timer";
duration = "08:30:00";
};
felix_7h = {
name = "Felix 7h Timer";
duration = "07:00:00";
};
};
notify = [
{
platform = "kodi";
name = "wbob";
host = "192.168.8.11";
}
];
sensor =
(espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++
[ (espeasy_ds18 "easy3" )
{ platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
script = (import ./script/multi_blink.nix) {inherit lib;};
binary_sensor =
(import ./binary_sensor/buttons.nix) ++
(import ./binary_sensor/motion.nix);
sensor =
(import ./sensor/espeasy.nix) ++
((import ./sensor/outside.nix) {inherit lib;}) ++
(import ./sensor/influxdb.nix);
camera =
(import ./camera/verkehrskamera.nix);
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"humidity"
"pressure"
"uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
minutes = 30;
seconds = 0;
};
}
#{ platform = "influxdb";
# queries = [
# { name = "mean value of feinstaub P1";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P1";
# }
# { name = "mean value of feinstaub P2";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P2";
# }
# ];
#}
];
camera = [
{ name = "Baumarkt";
platform = "generic";
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
}
{ name = "Autobahn Heilbronn";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
}
{ name = "Autobahn Singen";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
}
];
frontend = { };
http = { };
conversation = {};
@ -203,13 +85,14 @@ in {
"group.outside"
"group.switches"
"group.automation"
"group.camera"
# "group.camera"
];
};
automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement"
"automation.turn_off_nachtlicht_on_sunrise"
"automation.turn_on_nachtlicht_on_motion_and_dusk"
"timer.felix_10h"
"script.blitz_10s"
"script.buzz_red_led_fast"
"camera.Baumarkt"
];
switches = [
"switch.bauarbeiterlampe"
@ -218,125 +101,37 @@ in {
"switch.feuer"
"switch.nachtlicht"
"light.status_felix"
"light.status_daniel"
"light.buslicht"
"light.redbutton_buzzer"
];
camera = [
"camera.Baumarkt"
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
camera = [ ];
sensors = [
"binary_sensor.motion"
"binary_sensor.redbutton"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
];
outside = [
"sensor.ditzingen_pm10"
"sensor.ditzingen_pm25"
# "sensor.ditzingen_pm10"
# "sensor.ditzingen_pm25"
"sensor.dark_sky_temperature"
"sensor.dark_sky_humidity"
"sensor.dark_sky_pressure"
# "sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
"sensor.dark_sky_minutely_summary"
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
};
# only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
automation = [
{ alias = "Turn on Fernseher on movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
action = {
service = "homeassistant.turn_on";
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
}
{
alias = "Turn off Nachtlicht on sunrise";
trigger =
{
platform = "sun";
event = "sunrise";
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ "switch.nachtlicht" ];
};
}
{
alias = "Turn on Nachtlicht on motion and dusk";
trigger =
{
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
condition = # 'when dark'
{
condition = "or";
conditions = [
{ condition = "sun";
after = "sunset";
after_offset = "-00:45:00"; # on dusk
}
{ condition = "sun";
before = "sunrise";
}
];
};
action =
{
service = "homeassistant.turn_on";
entity_id = [ "switch.nachtlicht" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
}
{ # trigger at 20:00 no matter what
# to avoid 'everybody left before 18:00:00'
platform = "time";
at = "18:00:00";
}
];
action = {
service = "homeassistant.turn_off";
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
condition =
{ condition = "and";
conditions = [
{
condition = "time";
before = "06:30:00"; #only turn off between 6:30 and 18:00
after = "18:00:00";
# weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}
{
condition = "state";
entity_id = "binary_sensor.motion";
state = "off";
}
];
};
}
];
# we don't use imports because the expressions do not merge in
# home-assistant
automation = (import ./automation/bureau-shutdown.nix) ++
(import ./automation/nachtlicht.nix) ++
(import ./automation/10h_timer.nix);
};
};
}

2
makefu/2configs/deployment/led-fader.nix → makefu/2configs/bureautomation/led-fader.nix
View File

@ -14,7 +14,7 @@ in {
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
ExecStart = "${pkg}/bin/ampel 4";
ExecStart = "${pkg}/bin/ampel";
Restart = "always";
RestartSec = 10;
PrivateTmp = true;

28
makefu/2configs/bureautomation/light/buzzer.nix Normal file
View File

@ -0,0 +1,28 @@
let
tasmota_pwm = name: topic: pwmid: max:
let
id = "PWM${toString pwmid}";
in { platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/RESULT";
state_value_template = ''{%- if value_json["PWM"]["${id}"]| int > 0 -%} ${toString max} {%- else -%} 0 {%- endif -%}'';
command_topic = "/bam/${topic}/cmnd/${id}";
on_command_type = "brightness";
brightness_command_topic = "/bam/${topic}/cmnd/${id}";
brightness_value_template = ''{{value_json["PWM"]["${id}"]}}'';
brightness_scale = max;
payload_on = "${toString max}";
payload_off = "0";
availability_topic = "/bam/${topic}/tele/LWT";
payload_available= "Online";
payload_not_available= "Offline";
retain = true;
optimistic = false;
qos = 0;
};
in
[
# (tasmota_pwm "RedButton LED" "redbutton" 1 1023) #LED PWM1
(tasmota_pwm "RedButton Buzzer" "redbutton" 2 512) #buzzer PWM2
]

56
makefu/2configs/bureautomation/light/statuslight.nix Normal file
View File

@ -0,0 +1,56 @@
let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/bam/${topic}/stat/Dimmer";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/bam/${topic}/stat/Scheme";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [
0 # single color for LED light
1 # start wake up sequence (same as Wakeup)
2 # cycle up through colors using Speed option
3 # cycle down through colors using Speed option
4 # random cycle through colors using Speed and Fade
5 # clock mode (example)
6 # candlelight pattern
7 # RGB pattern
8 # Christmas pattern
9 # Hannukah pattern
10 # Kwanzaa pattern
11 # rainbow pattern
12 # fire pattern
];
};
in
[
(tasmota_rgb "Status Felix" "status1")
(tasmota_rgb "Status Daniel" "status2")
(tasmota_rgb "Buslicht" "buslicht")
]

37
makefu/2configs/bureautomation/script/multi_blink.nix Normal file
View File

@ -0,0 +1,37 @@
{lib, ... }:
let
# let an entity blink for X times with a delay of Y milliseconds
flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
{
inherit alias;
sequence = lib.flatten (builtins.genList (i: [
{ service = "homeassistant.turn_on";
data.entity_id = entity;
}
{ delay.milliseconds = delay; }
{ service = "homeassistant.turn_off";
data.entity_id = entity;
}
{ delay.milliseconds = delay; }
]
) count);
};
in {
buzz_red_led = (flash_entity {
entity = "light.redbutton_buzzer";
alias = "Red Button Buzz";
count = 4;
});
buzz_red_led_fast = (flash_entity {
entity = "light.redbutton_buzzer";
delay = 250;
count = 2;
alias = "Red Button Buzz fast";
});
blitz_10s = (flash_entity {
entity = "switch.blitzdings";
delay = 10000;
count = 1;
alias = "blitz for 10 seconds";
});
}

31
makefu/2configs/bureautomation/sensor/espeasy.nix Normal file
View File

@ -0,0 +1,31 @@
let
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
device_class = "temperature";
state_topic = "/bam/${name}/dht22/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
{ platform = "mqtt";
device_class = "humidity";
name = "${name} DHT22 Humidity";
state_topic = "/bam/${name}/dht22/Humidity";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}];
espeasy_ds18 = name:
{ platform = "mqtt";
name = "${name} DS18 Temperature";
state_topic = "/bam/${name}/ds18/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
};
in
(espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++ [
(espeasy_ds18 "easy3" )
]

18
makefu/2configs/bureautomation/sensor/influxdb.nix Normal file
View File

@ -0,0 +1,18 @@
[
#{ platform = "influxdb";
# queries = [
# { name = "mean value of feinstaub P1";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P1";
# }
# { name = "mean value of feinstaub P2";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P2";
# }
# ];
#}
]

25
makefu/2configs/bureautomation/sensor/outside.nix Normal file
View File

@ -0,0 +1,25 @@
{lib,...}: [
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [
"summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"humidity"
"pressure"
"uv_index"
];
units = "si" ;
update_interval = { days = 0; hours = 0; minutes = 30; seconds = 0; };
}
{ platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
]

19
makefu/2configs/bureautomation/switch/tasmota_switch.nix Normal file
View File

@ -0,0 +1,19 @@
let
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
in [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
(tasmota_plug "Nachtlicht" "plug5")
]

1
makefu/2configs/dict.nix
View File

@ -1,5 +1,6 @@
{ pkgs, ... }:
{
environment.shellAliases.dict = "dict -h 127.0.0.1";
services.dictd.enable = true;
services.dictd.DBs = with pkgs.dictdDBs; [ wiktionary wordnet deu2eng eng2deu ];
}

9
makefu/2configs/git/cgit-retiolum.nix
View File

@ -62,6 +62,15 @@ let
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "gum";
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "irc.r";
};
};
};

9
makefu/2configs/home-manager/desktop.nix
View File

@ -11,6 +11,15 @@
services.network-manager-applet.enable = true;
services.blueman-applet.enable = true;
services.pasystray.enable = true;
services.flameshot.enable = true;
home.file.".config/Dharkael/flameshot.ini".text = ''
[General]
disabledTrayIcon=false
drawColor=@Variant(\0\0\0\x43\x1\xff\xff\0\0\0\0\xff\xff\0\0)
drawThickness=0
filenamePattern=%F_%T_shot
'';
systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) );
programs.chromium = {
enable = true;

25
makefu/2configs/home-manager/taskwarrior.nix Normal file
View File

@ -0,0 +1,25 @@
{pkgs, ... }:
let
loc = "/home/makefu/.task";
in {
state = [ "${loc}/keys" ];
home-manager.users.makefu.programs.taskwarrior = {
enable = true;
dataLocation = loc;
config = {
default.command = "list";
taskd = {
server = "gum:53589";
certificate = "${loc}/keys/public.crt";
key = "${loc}/keys/private.key";
ca = "${loc}/keys/ca.crt";
credentials = "home/makefu/0e6c8146-1ddb-4906-9369-8f77e34cdf84";
};
context = {
work = "tags:work";
shack = "tags:shack";
home = "tags:home";
};
};
};
}

3
makefu/2configs/home-manager/zsh.nix
View File

@ -86,7 +86,8 @@
share = true;
};
sessionVariables = {
TERM = "rxvt-unicode-256color";
# TERM = "rxvt-unicode-256color";
TERM = "xterm";
LANG = "en_US.UTF8";
LS_COLORS = ":di=1;31:";
EDITOR = "vim";

69
makefu/2configs/homeautomation/default.nix
View File

@ -55,7 +55,8 @@ let
payload_not_available = "Offline";
};
firetv = "192.168.1.238";
firetv = "192.168.1.183";
hassdir = "/var/lib/hass";
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
@ -105,13 +106,7 @@ in {
imports = [
./mqtt.nix
];
#systemd.services.firetv = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# User = "nobody";
# ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
# };
#};
services.home-assistant = {
config = {
homeassistant = {
@ -133,9 +128,11 @@ in {
{ platform = "kodi";
host = firetv;
}
#{ platform = "firetv";
# # assumes python-firetv running
#}
{ platform = "firetv";
name = "FireTV Stick";
host = firetv;
adbkey = <secrets/hass/adbkey>;
}
];
mqtt = {
broker = "localhost";
@ -211,9 +208,12 @@ in {
flur = [
"light.flurlicht"
"binary_sensor.flur_bewegung"
"automation.dunkel_bei_sonnenuntergang"
"automation.hell_bei_sonnenaufgang"
];
wohnzimmer = [
"media_player.kodi"
"media_player.firetv_stick"
];
draussen = [
"sensor.dark_sky_temperature"
@ -240,6 +240,47 @@ in {
];
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
automation = [
{ alias = "Dunkel bei Sonnenuntergang";
trigger = {
platform = "sun";
event = "sunset";
# offset: "-00:45:00"
};
action = [
{
service= "light.turn_on";
data = {
entity_id= "light.flurlicht";
# rgb_color = [ 0,0,0 ]; <-- TODO default color
brightness_pct = 15;
};
}
{
service= "light.turn_off";
entity_id= "light.flurlicht";
}
];
}
{ alias = "Hell bei Sonnenaufgang";
trigger = {
platform = "sun";
event = "sunrise";
# offset: "-00:00:00"
};
action = [
{
service= "light.turn_on";
data = {
entity_id= "light.flurlicht";
brightness_pct = 85;
};
}
{
service= "light.turn_off";
entity_id= "light.flurlicht";
}
];
}
{ alias = "Staubsauger Strom aus nach 6h";
trigger = {
platform = "state";
@ -255,6 +296,10 @@ in {
];
};
enable = true;
#configDir = "/var/lib/hass";
configDir = hassdir;
};
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.77.2"
];
}

16
makefu/2configs/homeautomation/google-muell.nix
View File

@ -3,13 +3,21 @@ with import <stockholm/lib>;
let
pkg = pkgs.ampel;
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
sec = "${toString <secrets>}/ampel/google-muell.json";
ampelsec = "${home}/google-muell.json";
cred = "${toString <secrets>}/google-muell-creds.json";
cred = "${toString <secrets>}/ampel/google-muell-creds.json";
# TODO: generate this credential file locally
ampelcred = "${home}/google-muell-creds.json";
esp = "192.168.8.204";
sleepval = "1800";
# default-color = "18,63,40";
default-color = "255,127,0";
config_json = toFile "config.json" (toJSON {
mq_hostname = "localhost";
mq_port = 1883;
mq_username = "sensor";
mq_topic = "/ham/flurlicht/cmnd/MEM1";
mq_password = replaceChars ["\n"] [""] (readFile "${toString <secrets>}/mqtt/sensor");
});
in {
users.users.ampel = {
uid = genid "ampel";
@ -27,7 +35,7 @@ in {
install -m600 -o ampel ${sec} ${ampelsec}
install -m600 -o ampel ${cred} ${ampelcred}
'';
ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
ExecStart = "${pkg}/bin/google-muell --config ${config_json} --default-color=${default-color} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;

15
makefu/2configs/remote-build/gum.nix Normal file
View File

@ -0,0 +1,15 @@
{
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "gum.krebsco.de";
maxJobs = 8;
sshKey = toString <secrets/id_nixBuild>;
sshUser = "nixBuild";
system = "x86_64-linux";
supportedFeatures = [ ];
}
];
};
}

1
makefu/2configs/remote-build/slave.nix
View File

@ -5,6 +5,7 @@
useDefaultShell = true;
openssh.authorizedKeys.keys = [
config.krebs.users.buildbotSlave.pubkey
config.krebs.users.makefu-remote-builder.pubkey
];
};
}

4
makefu/2configs/save-diskspace.nix
View File

@ -4,8 +4,8 @@ _:
environment.noXlibs = true;
nix.gc.automatic = true;
nix.gc.dates = "03:10";
programs.info.enable = false;
programs.man.enable = false;
documentation.info.enable = false;
documentation.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false;
}

1
makefu/2configs/tools/core-gui.nix
View File

@ -2,6 +2,7 @@
{
users.users.makefu.packages = with pkgs; [
at_spi2_core
chromium
feh
clipit

2
makefu/2configs/tools/core.nix
View File

@ -8,7 +8,6 @@
( pkgs.writeScriptBin "unknow" ''#!/bin/sh
${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
'')
at_spi2_core
acpi
bc
rsync
@ -17,6 +16,7 @@ ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
lsof
which
binutils
screen
# fs
cifs-utils

1
makefu/2configs/tools/dev.nix
View File

@ -26,5 +26,6 @@
nix-review
# git-related
tig
init-host
];
}

2
makefu/2configs/tools/games.nix
View File

@ -2,7 +2,7 @@
{
imports = [
./steam.nix
# ./steam.nix
];
users.users.makefu.packages = with pkgs; [
games-user-env

Some files were not shown because too many files have changed in this diff Show More