summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix189
-rw-r--r--krebs/3modules/makefu/retiolum/cake.pub (renamed from krebs/3modules/makefu/tinc/cake.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/crapi.pub (renamed from krebs/3modules/makefu/tinc/crapi.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/filebitch.pub (renamed from krebs/3modules/makefu/tinc/filebitch.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/fileleech.pub (renamed from krebs/3modules/makefu/tinc/fileleech.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/filepimp.pub (renamed from krebs/3modules/makefu/tinc/filepimp.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/firecracker.pub (renamed from krebs/3modules/makefu/tinc/firecracker.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/flap.pub (renamed from krebs/3modules/makefu/tinc/flap.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/gum.pub (renamed from krebs/3modules/makefu/tinc/gum.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/nukular.pub (renamed from krebs/3modules/makefu/tinc/nukular.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/omo.pub (renamed from krebs/3modules/makefu/tinc/omo.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/sdev.pub (renamed from krebs/3modules/makefu/tinc/sdev.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/senderechner.pub (renamed from krebs/3modules/makefu/tinc/senderechner.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/studio.pub (renamed from krebs/3modules/makefu/tinc/studio.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/tsp.pub (renamed from krebs/3modules/makefu/tinc/tsp.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/wbob.pub (renamed from krebs/3modules/makefu/tinc/wbob.pub)0
-rw-r--r--krebs/3modules/makefu/retiolum/x.pub (renamed from krebs/3modules/makefu/tinc/x.pub)0
-rw-r--r--krebs/3modules/makefu/wiregrill/gum.pub1
-rw-r--r--krebs/3modules/makefu/wiregrill/x.pub1
19 files changed, 65 insertions, 126 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 8c7e415cb..c65b27973 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -5,128 +5,103 @@
with import <stockholm/lib>;
{ config, ... }: let
- hostDefaults = hostName: host: flip recursiveUpdate host ({
- owner = config.krebs.users.makefu;
- } // optionalAttrs (host.nets?retiolum) {
- nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
- });
+ hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+ {
+ owner = config.krebs.users.makefu;
+ }
+ # Retiolum defaults
+ (let
+ pubkey-path = ./retiolum + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.retiolum = {
+ tinc.pubkey = readFile pubkey-path;
+ aliases = [
+ "${hostName}.r"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+ };
+ })
+ # Wiregrill defaults
+ (let
+ pubkey-path = ./wiregrill + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.wiregrill = {
+ aliases = [
+ "${hostName}.w"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
+ wireguard.pubkey = readFile pubkey-path;
+ };
+ })
+ # SSHD defaults
+ (let
+ pubkey-path = ./sshd + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ ssh.pubkey = readFile pubkey-path;
+ # We assume that if the sshd pubkey exits then there must be a privkey in
+ # the screts store as well
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ })
+ host
+ ];
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
- sshd-for = name: builtins.readFile (./sshd + "/${name}.pub");
- tinc-for= name: builtins.readFile (./tinc + "/${name}.pub");
-
+ w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
in {
hosts = mapAttrs hostDefaults {
cake = rec {
cores = 4;
ci = false;
nets = {
- retiolum = {
- ip4.addr = "10.243.136.236";
- aliases = [
- "cake.r"
- ];
- tinc.pubkey = tinc-for "cake";
- };
+ retiolum.ip4.addr = "10.243.136.236";
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "cake";
};
crapi = rec { # raspi1
cores = 1;
ci = false;
nets = {
- retiolum = {
- ip4.addr = "10.243.136.237";
- aliases = [
- "crapi.r"
- ];
- tinc.pubkey = tinc-for "crapi";
- };
+ retiolum.ip4.addr = "10.243.136.237";
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "crapi";
};
firecracker = {
cores = 4;
nets = {
- retiolum = {
- ip4.addr = "10.243.12.12";
- ip6.addr = "42:0:0:0:0:0:0:12";
- aliases = [
- "firecracker.r"
- ];
- tinc.pubkey = tinc-for "firecracker";
- };
+ retiolum.ip4.addr = "10.243.12.12";
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "firecracker";
};
studio = rec {
ci = false;
cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "studio";
nets = {
- retiolum = {
- ip4.addr = "10.243.227.163";
- aliases = [
- "studio.r"
- ];
- tinc.pubkey = tinc-for "studio";
- };
+ retiolum.ip4.addr = "10.243.227.163";
};
};
fileleech = rec {
ci = false;
cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "";
nets = {
- retiolum = {
- ip4.addr = "10.243.113.98";
- aliases = [
- "fileleech.r"
- ];
- tinc.pubkey = tinc-for "fileleech";
- };
+ retiolum.ip4.addr = "10.243.113.98";
};
};
tsp = {
ci = true;
cores = 1;
nets = {
- retiolum = {
- ip4.addr = "10.243.0.212";
- aliases = [
- "tsp.r"
- ];
- tinc.pubkey = tinc-for "tsp";
- };
+ retiolum.ip4.addr = "10.243.0.212";
};
};
x = {
ci = true;
cores = 4;
nets = {
- retiolum = {
- ip4.addr = "10.243.0.91";
- aliases = [
- "x.r"
- ];
- tinc.pubkey = tinc-for "x";
+ retiolum.ip4.addr = "10.243.0.91";
+ wiregrill = {
+ # defaults
};
- #wiregrill = {
- # aliases = [
- # "x.w"
- # ];
- # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- #};
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "x";
};
filepimp = rec {
@@ -139,13 +114,7 @@ in {
"filepimp.lan"
];
};
- retiolum = {
- ip4.addr = "10.243.153.102";
- aliases = [
- "filepimp.r"
- ];
- tinc.pubkey = tinc-for "filepimp";
- };
+ retiolum.ip4.addr = "10.243.153.102";
};
};
@@ -163,15 +132,11 @@ in {
retiolum = {
ip4.addr = "10.243.0.89";
aliases = [
- "omo.r"
"dcpp.omo.r"
"torrent.omo.r"
];
- tinc.pubkey = tinc-for "omo";
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "omo";
};
wbob = rec {
ci = true;
@@ -180,14 +145,10 @@ in {
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
- "wbob.r"
"hydra.wbob.r"
];
- tinc.pubkey = tinc-for "wbob";
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = sshd-for "wbob";
};
gum = rec {
ci = true;
@@ -231,13 +192,16 @@ in {
"nextgum.i"
];
};
- #wiregrill = {
- # via = internet;
- # aliases = [
- # "gum.w"
- # ];
- # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
- #};
+ wiregrill = {
+ via = internet;
+ ip6.addr = w6 "1";
+ wireguard = {
+ subnets = [
+ (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+ (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+ ];
+ };
+ };
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
@@ -250,7 +214,6 @@ in {
"dcpp.gum.r"
"dcpp.nextgum.r"
"graph.r"
- "gum.r"
"logs.makefu.r"
"netdata.makefu.r"
"nextgum.r"
@@ -262,25 +225,15 @@ in {
"wiki.gum.r"
"wiki.makefu.r"
];
- tinc.pubkey = tinc-for "gum";
};
};
- ssh.pubkey = sshd-for "gum";
};
sdev = rec {
ci = true;
cores = 1;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = sshd-for "sdev";
nets = {
- retiolum = {
- ip4.addr = "10.243.83.237";
- aliases = [
- "sdev.r"
- ];
- tinc.pubkey = tinc-for "sdev";
- };
+ retiolum.ip4.addr = "10.243.83.237";
};
};
@@ -304,10 +257,6 @@ in {
};
retiolum = {
ip4.addr = "10.243.211.172";
- aliases = [
- "flap.r"
- ];
- tinc.pubkey = tinc-for "flap";
};
};
};
@@ -317,10 +266,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.231.219";
- aliases = [
- "nukular.r"
- ];
- tinc.pubkey = tinc-for "nukular";
};
};
};
@@ -330,10 +275,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.189.130";
- aliases = [
- "filebitch.r"
- ];
- tinc.pubkey = tinc-for "filebitch";
};
};
};
@@ -343,10 +284,6 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.0.163";
- aliases = [
- "senderechner.r"
- ];
- tinc.pubkey = tinc-for "senderechner";
};
};
};
diff --git a/krebs/3modules/makefu/tinc/cake.pub b/krebs/3modules/makefu/retiolum/cake.pub
index 8a1e4b933..8a1e4b933 100644
--- a/krebs/3modules/makefu/tinc/cake.pub
+++ b/krebs/3modules/makefu/retiolum/cake.pub
diff --git a/krebs/3modules/makefu/tinc/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub
index 2b6104468..2b6104468 100644
--- a/krebs/3modules/makefu/tinc/crapi.pub
+++ b/krebs/3modules/makefu/retiolum/crapi.pub
diff --git a/krebs/3modules/makefu/tinc/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub
index fe31accda..fe31accda 100644
--- a/krebs/3modules/makefu/tinc/filebitch.pub
+++ b/krebs/3modules/makefu/retiolum/filebitch.pub
diff --git a/krebs/3modules/makefu/tinc/fileleech.pub b/krebs/3modules/makefu/retiolum/fileleech.pub
index 1dc6a5b1f..1dc6a5b1f 100644
--- a/krebs/3modules/makefu/tinc/fileleech.pub
+++ b/krebs/3modules/makefu/retiolum/fileleech.pub
diff --git a/krebs/3modules/makefu/tinc/filepimp.pub b/krebs/3modules/makefu/retiolum/filepimp.pub
index 007806230..007806230 100644
--- a/krebs/3modules/makefu/tinc/filepimp.pub
+++ b/krebs/3modules/makefu/retiolum/filepimp.pub
diff --git a/krebs/3modules/makefu/tinc/firecracker.pub b/krebs/3modules/makefu/retiolum/firecracker.pub
index 6f7907829..6f7907829 100644
--- a/krebs/3modules/makefu/tinc/firecracker.pub
+++ b/krebs/3modules/makefu/retiolum/firecracker.pub
diff --git a/krebs/3modules/makefu/tinc/flap.pub b/krebs/3modules/makefu/retiolum/flap.pub
index 8906e659b..8906e659b 100644
--- a/krebs/3modules/makefu/tinc/flap.pub
+++ b/krebs/3modules/makefu/retiolum/flap.pub
diff --git a/krebs/3modules/makefu/tinc/gum.pub b/krebs/3modules/makefu/retiolum/gum.pub
index 73f8563d0..73f8563d0 100644
--- a/krebs/3modules/makefu/tinc/gum.pub
+++ b/krebs/3modules/makefu/retiolum/gum.pub
diff --git a/krebs/3modules/makefu/tinc/nukular.pub b/krebs/3modules/makefu/retiolum/nukular.pub
index eb5891b1b..eb5891b1b 100644
--- a/krebs/3modules/makefu/tinc/nukular.pub
+++ b/krebs/3modules/makefu/retiolum/nukular.pub
diff --git a/krebs/3modules/makefu/tinc/omo.pub b/krebs/3modules/makefu/retiolum/omo.pub
index ce558d10a..ce558d10a 100644
--- a/krebs/3modules/makefu/tinc/omo.pub
+++ b/krebs/3modules/makefu/retiolum/omo.pub
diff --git a/krebs/3modules/makefu/tinc/sdev.pub b/krebs/3modules/makefu/retiolum/sdev.pub
index be500bbab..be500bbab 100644
--- a/krebs/3modules/makefu/tinc/sdev.pub
+++ b/krebs/3modules/makefu/retiolum/sdev.pub
diff --git a/krebs/3modules/makefu/tinc/senderechner.pub b/krebs/3modules/makefu/retiolum/senderechner.pub
index a6cbabc28..a6cbabc28 100644
--- a/krebs/3modules/makefu/tinc/senderechner.pub
+++ b/krebs/3modules/makefu/retiolum/senderechner.pub
diff --git a/krebs/3modules/makefu/tinc/studio.pub b/krebs/3modules/makefu/retiolum/studio.pub
index b8fe8ee23..b8fe8ee23 100644
--- a/krebs/3modules/makefu/tinc/studio.pub
+++ b/krebs/3modules/makefu/retiolum/studio.pub
diff --git a/krebs/3modules/makefu/tinc/tsp.pub b/krebs/3modules/makefu/retiolum/tsp.pub
index 48533da58..48533da58 100644
--- a/krebs/3modules/makefu/tinc/tsp.pub
+++ b/krebs/3modules/makefu/retiolum/tsp.pub
diff --git a/krebs/3modules/makefu/tinc/wbob.pub b/krebs/3modules/makefu/retiolum/wbob.pub
index 8abfa34d4..8abfa34d4 100644
--- a/krebs/3modules/makefu/tinc/wbob.pub
+++ b/krebs/3modules/makefu/retiolum/wbob.pub
diff --git a/krebs/3modules/makefu/tinc/x.pub b/krebs/3modules/makefu/retiolum/x.pub
index da6482eed..da6482eed 100644
--- a/krebs/3modules/makefu/tinc/x.pub
+++ b/krebs/3modules/makefu/retiolum/x.pub
diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub
new file mode 100644
index 000000000..4a5f666cc
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/gum.pub
@@ -0,0 +1 @@
+yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
diff --git a/krebs/3modules/makefu/wiregrill/x.pub b/krebs/3modules/makefu/wiregrill/x.pub
new file mode 100644
index 000000000..cfa9eb254
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/x.pub
@@ -0,0 +1 @@
+fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=