diff options
Diffstat (limited to 'kartei/makefu/default.nix')
| -rw-r--r-- | kartei/makefu/default.nix | 69 |
1 files changed, 31 insertions, 38 deletions
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index f9997b2d..f215f1fc 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -2,11 +2,14 @@ # tinc generate-keys # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host -with import ../../lib; -{ config, ... }: let +{ config, lib, ... }: let + inherit (builtins) foldl' mapAttrs pathExists readFile; + inherit (lib) optionalAttrs recursiveUpdate; + slib = import ../../lib/pure.nix { inherit lib; }; hostDefaults = hostName: host: foldl' recursiveUpdate {} [ { + ci = false; owner = config.krebs.users.makefu; } # Retiolum defaults @@ -19,7 +22,7 @@ with import ../../lib; "${hostName}.r" ]; ip6.addr = - (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + (slib.krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; }; }) # Retiolum ed25519 keys @@ -37,7 +40,7 @@ with import ../../lib; "${hostName}.w" ]; ip6.addr = - (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; + (slib.krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; wireguard.pubkey = readFile pubkey-path; }; }) @@ -48,82 +51,77 @@ with import ../../lib; ssh.pubkey = readFile pubkey-path; # We assume that if the sshd pubkey exits then there must be a privkey in # the screts store as well - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.privkey.path = "${config.krebs.secret.directory}/ssh_host_ed25519_key"; }) host ]; pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); - w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address; + w6 = ip: (slib.krebs.genipv6 "wiregrill" "makefu" ip).address; in { hosts = mapAttrs hostDefaults { cake = rec { - cores = 4; - ci = false; nets = { retiolum.ip4.addr = "10.243.136.236"; }; }; crapi = rec { # raspi1 - cores = 1; - ci = false; nets = { retiolum.ip4.addr = "10.243.136.237"; }; }; firecracker = { - cores = 4; nets = { retiolum.ip4.addr = "10.243.12.12"; }; }; + snake = { + nets = { + retiolum.ip4.addr = "10.243.12.13"; + }; + }; studio = rec { - ci = false; - cores = 4; nets = { retiolum.ip4.addr = "10.243.227.163"; }; }; fileleech = rec { - ci = false; - cores = 4; nets = { retiolum.ip4.addr = "10.243.113.98"; }; }; tsp = { - ci = true; - cores = 1; nets = { retiolum.ip4.addr = "10.243.0.212"; }; }; x = { - ci = true; - cores = 4; syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5"; nets = { retiolum.ip4.addr = "10.243.0.91"; wiregrill = { - # defaults + ip4.addr = "10.243.245.6"; + aliases = [ "x.w" ]; }; }; }; filepimp = rec { - ci = false; - cores = 1; nets = { retiolum.ip4.addr = "10.243.153.102"; }; }; omo = rec { - ci = true; - cores = 2; syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK"; nets = { + wiregrill = { + aliases = ["omo.w" "hass.omo.w" "jelly.omo.w" "jelly.makefu.w" ]; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "omo"; }).address; + ip4.addr = "10.244.245.5"; + + }; retiolum = { ip4.addr = "10.243.0.89"; aliases = [ @@ -138,8 +136,6 @@ in { }; }; wbob = rec { - ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.214.15"; @@ -151,14 +147,19 @@ in { }; }; }; + # pixel3a + telex.nets.wiregrill = { + aliases = ["telex.w"]; + ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + ip4.addr = "10.244.245.4"; + }; + latte = rec { - ci = true; extraZones = { "krebsco.de" = '' latte.euer IN A ${nets.internet.ip4.addr} ''; }; - cores = 4; nets = rec { internet = { ip4.addr = "178.254.30.202"; @@ -191,7 +192,6 @@ in { }; }; gum = rec { - ci = true; extraZones = { "krebsco.de" = '' rss.euer IN A ${nets.internet.ip4.addr} @@ -238,9 +238,9 @@ in { play.work.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} music.euer IN A ${nets.internet.ip4.addr} + ntfy.euer IN A ${nets.internet.ip4.addr} ''; }; - cores = 8; nets = rec { internet = { ip4.addr = "142.132.189.140"; @@ -255,7 +255,7 @@ in { ip6.addr = w6 "1"; wireguard.port = 51821; wireguard.subnets = [ - (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR + (slib.krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR "10.244.245.0/24" # required for routing directly to gum via rockit ]; }; @@ -295,8 +295,6 @@ in { }; sdev = rec { - ci = true; - cores = 1; nets = { retiolum.ip4.addr = "10.243.83.237"; }; @@ -306,7 +304,6 @@ in { # non-stockholm flap = rec { - cores = 1; extraZones = { "krebsco.de" = '' flap IN A ${nets.internet.ip4.addr} @@ -326,7 +323,6 @@ in { }; nukular = rec { - cores = 1; nets = { retiolum = { ip4.addr = "10.243.231.219"; @@ -336,17 +332,14 @@ in { shackdev = rec { # router@shack - cores = 1; nets.wiregrill.ip4.addr = "10.244.245.2"; }; rockit = rec { # router@home - cores = 1; nets.wiregrill.ip4.addr = "10.244.245.3"; }; senderechner = rec { - cores = 2; nets = { retiolum = { ip4.addr = "10.243.0.163"; |