diff options
| author | tv <tv@krebsco.de> | 2023-07-06 20:32:00 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-07-06 20:32:00 +0200 |
| commit | a4ace2b0b35331be531795a351401bc6ca8d827c (patch) | |
| tree | 3402693b9c0deb26df4b9b78f5892c837d02c13d | |
| parent | 143ba5eed02b5441fdd91b7d00dd57bc973fcf27 (diff) | |
| parent | 8e959cc72db31fad948c12e29d9345276013b8a6 (diff) | |
Merge remote-tracking branch 'orange/master'
| -rw-r--r-- | kartei/janik/default.nix | 38 | ||||
| -rw-r--r-- | kartei/lass/default.nix | 2 | ||||
| -rw-r--r-- | kartei/palo/default.nix | 25 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 |
4 files changed, 65 insertions, 1 deletions
diff --git a/kartei/janik/default.nix b/kartei/janik/default.nix new file mode 100644 index 00000000..44ec9b0a --- /dev/null +++ b/kartei/janik/default.nix @@ -0,0 +1,38 @@ +with import ../../lib; +{ config, ... }: let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }); +in { + users.janik = { + mail = "retiolum.janik@aq0.de"; + }; + hosts.hertz = { + owner = config.krebs.users.janik; + nets.retiolum = { + aliases = [ "hertz.janik.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "janik" { hostName = "hertz"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA0mqxrdVU9wFhNZYGWEknJpKV4yIodNlaCIKDPVhU5wmlzh2szKUS + V3PzyEAo4DaQCZXdpj1jS9ddN+yLj68K4k4LRLuCyXep0GcFM1mUKQTBOxa3VF+W + oRaSUAVHib/jUiX08BIxYBDwiCUPSdEBUHWftnc8WYvjthPkOOuGAvs1w9ZBs6qC + ftkVJT5rt8cU9VsXPqRRauVHb9wH1M41p5/3HtBAgVBtCDp/qXmABW0rbXEKtwmv + +hzZoMvxTm05cAE7O2UlluERdnheKkBXWuBYR4aC9BQQH54kIShByOZYYACWuGGA + oHHqITYwWh+42wacAKCkTZ6kHoIQrU+uDypQ24YBhxbqUiGTspGbfO/jDHxxjgrd + Aauxil2YNQNclEZuWFD4Hlt2Y29jDh7uQwBbOl3dmTLvXr8qTA5HQIsf9uuOrvu9 + uejj8VMIUHxdSZi8oH3+4XOH43DAGWM2pZogE+jeZtc2hPjqz1XZ40tXBPfEeUr4 + VE4l1q4m9ynEMZbMZjyDGxX4Yo9htgJmKGk3LQ0ufbOo5CQM/lqzAZVYDKBlW7ka + rTgh9ZwMmd3/5ije3nI94Bd+2x+TLJ8ESCloqLYGZ0HaIRU1b5JX5a44+OPq5obB + sClD3CzaqMDkoEDBWrEyst8VkqZUWKmicnWtZapNWW67mjXBtzUQmOUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "iT84cW45GuGqsEGgtVwGwe36iGFAha/orKcyZp8VbxH"; + }; + }; +} diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index e5b12f1c..d4806534 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -29,7 +29,7 @@ in { users = rec { lass = lass-yubikey; lass-yubikey = { - mail = "lass@lassul.us"; + mail = "lass@green.r"; pubkey = builtins.readFile ./ssh/yubikey.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; }; diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index 487261ac..6004c42c 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -43,6 +43,31 @@ in }; }; }; + centauri = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + tinc.port = 720; + aliases = [ "centauri.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60 + mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC + Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu + lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1 + 7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT + NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV + yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef + Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q + hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr + vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg + uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP"; + }; + }; + }; }; users = { palo = { diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index e5cfad56..f3c0d444 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -22,6 +22,7 @@ ]; krebs.build.host = config.krebs.hosts.hotdog; + krebs.hosts.hotdog.ssh.privkey.path = <secrets/ssh.id_ed25519>; krebs.pages.enable = true; boot.isContainer = true; |