9 files changed, 70 insertions, 38 deletions

diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index f9997b2d..d6134cd8 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -2,11 +2,14 @@
 # tinc generate-keys
 # ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
 
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, ... }: let
+  inherit (builtins) foldl' mapAttrs pathExists readFile;
+  inherit (lib) optionalAttrs recursiveUpdate;
+  slib = import ../../lib/pure.nix { inherit lib; };
 
   hostDefaults = hostName: host: foldl' recursiveUpdate {} [
     {
+      ci = false;
       owner = config.krebs.users.makefu;
     }
     # Retiolum defaults
@@ -19,7 +22,7 @@ with import ../../lib;
           "${hostName}.r"
         ];
         ip6.addr =
-          (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+          (slib.krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
       };
     })
     # Retiolum ed25519 keys
@@ -37,7 +40,7 @@ with import ../../lib;
           "${hostName}.w"
         ];
         ip6.addr =
-          (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
+          (slib.krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
         wireguard.pubkey = readFile pubkey-path;
       };
     })
@@ -48,87 +51,93 @@ with import ../../lib;
       ssh.pubkey = readFile pubkey-path;
       # We assume that if the sshd pubkey exits then there must be a privkey in
       # the screts store as well
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      ssh.privkey.path = "${config.krebs.secret.directory}/ssh_host_ed25519_key";
     })
     host
   ];
 
   pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
-  w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
+  w6 = ip: (slib.krebs.genipv6 "wiregrill" "makefu" ip).address;
 in {
   hosts = mapAttrs hostDefaults {
     cake = rec {
-      cores = 4;
-      ci = false;
       nets = {
         retiolum.ip4.addr = "10.243.136.236";
       };
     };
     crapi = rec { # raspi1
-      cores = 1;
-      ci = false;
       nets = {
         retiolum.ip4.addr = "10.243.136.237";
       };
     };
     firecracker = {
-      cores = 4;
       nets = {
         retiolum.ip4.addr = "10.243.12.12";
       };
     };
+    snake = {
+      nets = {
+        retiolum.ip4.addr = "10.243.12.13";
+      };
+    };
 
     studio = rec {
-      ci = false;
-      cores = 4;
       nets = {
         retiolum.ip4.addr = "10.243.227.163";
       };
     };
     fileleech = rec {
-      ci = false;
-      cores = 4;
       nets = {
         retiolum.ip4.addr = "10.243.113.98";
       };
     };
     tsp = {
-      ci = true;
-      cores = 1;
       nets = {
         retiolum.ip4.addr = "10.243.0.212";
       };
     };
+    savarcast = rec {
+      nets = {
+        retiolum.ip4 = {
+          addr = "10.243.136.238";
+        };
+        retiolum.aliases = [
+            "sava.r"
+          ];
+      };
+    };
     x = {
-      ci = true;
-      cores = 4;
       syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
       nets = {
         retiolum.ip4.addr = "10.243.0.91";
         wiregrill = {
-          # defaults
+          ip4.addr = "10.243.245.6";
+          aliases = [ "x.w" ];
         };
       };
 
     };
     filepimp = rec {
-      ci = false;
-      cores = 1;
       nets = {
         retiolum.ip4.addr = "10.243.153.102";
       };
     };
 
     omo = rec {
-      ci = true;
-      cores = 2;
       syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
       nets = {
+        wiregrill = {
+          aliases =  ["omo.w" "hass.omo.w" "jelly.omo.w" "jelly.makefu.w" ];
+          ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "omo"; }).address;
+          ip4.addr = "10.244.245.5";
+
+        };
         retiolum = {
           ip4.addr = "10.243.0.89";
           aliases = [
             "omo.r"
             "dcpp.omo.r"
+            "hass.omo.r"
             "backup.makefu.r"
             "torrent.omo.r"
             "music.omo.r"
@@ -138,8 +147,6 @@ in {
       };
     };
     wbob = rec {
-      ci = true;
-      cores = 4;
       nets = {
         retiolum = {
           ip4.addr = "10.243.214.15";
@@ -151,14 +158,19 @@ in {
         };
       };
     };
+    # pixel3a
+    telex.nets.wiregrill = {
+      aliases =  ["telex.w"];
+      ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
+      ip4.addr = "10.244.245.4";
+    };
+
     latte = rec {
-      ci = true;
       extraZones = {
         "krebsco.de" = ''
           latte.euer     IN A      ${nets.internet.ip4.addr}
         '';
       };
-      cores = 4;
       nets = rec {
         internet = {
           ip4.addr = "178.254.30.202";
@@ -191,7 +203,6 @@ in {
       };
     };
     gum = rec {
-      ci = true;
       extraZones = {
         "krebsco.de" = ''
           rss.euer          IN A      ${nets.internet.ip4.addr}
@@ -238,9 +249,10 @@ in {
           play.work.euer    IN A      ${nets.internet.ip4.addr}
           ul.work.euer      IN A      ${nets.internet.ip4.addr}
           music.euer        IN A      ${nets.internet.ip4.addr}
+          ntfy.euer         IN A      ${nets.internet.ip4.addr}
+          paper.euer        IN A      ${nets.internet.ip4.addr}
         '';
       };
-      cores = 8;
       nets = rec {
         internet = {
           ip4.addr = "142.132.189.140";
@@ -255,7 +267,7 @@ in {
           ip6.addr = w6 "1";
           wireguard.port = 51821;
           wireguard.subnets = [
-              (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+              (slib.krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
               "10.244.245.0/24" # required for routing directly to gum via rockit
           ];
         };
@@ -295,8 +307,6 @@ in {
     };
 
     sdev = rec {
-      ci = true;
-      cores = 1;
       nets = {
         retiolum.ip4.addr = "10.243.83.237";
       };
@@ -306,7 +316,6 @@ in {
 # non-stockholm
 
     flap = rec {
-      cores = 1;
       extraZones = {
         "krebsco.de" = ''
           flap              IN A      ${nets.internet.ip4.addr}
@@ -326,7 +335,6 @@ in {
     };
 
     nukular = rec {
-      cores = 1;
       nets = {
         retiolum = {
           ip4.addr = "10.243.231.219";
@@ -336,17 +344,14 @@ in {
 
 
     shackdev = rec { # router@shack
-      cores = 1;
       nets.wiregrill.ip4.addr = "10.244.245.2";
     };
 
     rockit = rec { # router@home
-      cores = 1;
       nets.wiregrill.ip4.addr = "10.244.245.3";
     };
 
     senderechner = rec {
-      cores = 2;
       nets = {
         retiolum = {
           ip4.addr = "10.243.0.163";
diff --git a/kartei/makefu/retiolum/savarcast.pub b/kartei/makefu/retiolum/savarcast.pub
new file mode 100644
index 00000000..65da0d5f
--- /dev/null
+++ b/kartei/makefu/retiolum/savarcast.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvxhCwL7g+p3rp2aelJHKHowLLcDZVqZnsuViW5jzQ5kQuDB6Rc7f
+IiUXXzg6/BL2o7jUW1gRrHbiVy7360HxsTwQvV8j0/s+UsCQCybWclGE2NlsjCUM
+xi/zTn/R523o43J4t6L7ohDlJVBCPMVJu5ZWVIlMAWSHI45WFu9JAyKOZJnPEYQb
+eyw8P93ztZyijoRTV1SEYK9FiSsfmNgGIqPlE6QPE1S+oR6j+718WSrmQjcBO8uO
+cbj4ZPEgokYRF+WH4m9fPfkTWH6qQ1idqiWZfeUR2TfLLDQ+zDpJpoXlXk/JOqMu
+7kdx3dfuiulI93pUDVeGXh0YCyTmVvavdQIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/kartei/makefu/retiolum/savarcast_ed25519.pub b/kartei/makefu/retiolum/savarcast_ed25519.pub
new file mode 100644
index 00000000..e08b7f1b
--- /dev/null
+++ b/kartei/makefu/retiolum/savarcast_ed25519.pub
@@ -0,0 +1 @@
+Ed25519PublicKey = s/m2cdP6VguKTzTFLdoHMG7t4+94NNT/+ZHYcmSxSVP
diff --git a/kartei/makefu/retiolum/snake.pub b/kartei/makefu/retiolum/snake.pub
new file mode 100644
index 00000000..ae69a162
--- /dev/null
+++ b/kartei/makefu/retiolum/snake.pub
@@ -0,0 +1,13 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEApRUsm8oiTCx5kqFqCUaDyI3iesCajS76lzCGa1HdeBVLvejyit4s
+Vx848/Gr2Axbtqx8Fm3RUj29CEUTCUKQdEEOVE58bQ+euSRL/V7g+v+1NSGYSEwp
+Xvojczppjm0e56kI0yngZh++6AM4/6eMWEQl3u45ZRFXH11ZfoZb+Z3jRAUk1FXt
+rWyrNQ5kGOwNaTk0+mXB8irtYrjyehfZuzyE2z1GelKrSMM03jCFFzVqPu5irYIm
+TghRhFMXIG9bm+gM+bj/GNHs2RHL633PUqI/I5Hj6trNBfqbcu7gpB9F6Edtqgtb
+lQm0Qei/l4AQIxfA3LqNuTHaXp4LBG9IH2qvXSxsqWlgDnjg3CEJ8ZwpOzT7xFG2
+0NSRcAl+4i55j24ZxwWgS9H0Al3LMLzwVsToUfH9fGm1vtJ8ku8sx0AALVzVyabR
+M5ywyi5oRhan/JZywFsACLDUFMiFqI/MIj6ao0pSZYaUXfKMtMCgJJ03NqWak8lc
+yInBgIlEQgxljKW0LHeHoToBzuXhy70gtNswS61iKpuMDxbBYtyK1HuN8PS+vzS8
+svtbV3lvqJA2KcVlqwwgDwvzPX+T0kbI4UL3EjFIU2nepGNaRA1AWmTMrpdEPNdx
+4RPg5EZDVp+Jeihjxpa8aOb3yjkE5i6K00TyjsSIJqWy296PfJC4VBsCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/kartei/makefu/retiolum/snake_ed25519.pub b/kartei/makefu/retiolum/snake_ed25519.pub
new file mode 100644
index 00000000..43e9d2c4
--- /dev/null
+++ b/kartei/makefu/retiolum/snake_ed25519.pub
@@ -0,0 +1 @@
+lKMWnuEVjcSoSEUWrj+51pwDQrQj2TqloL3aBKVWBbO
diff --git a/kartei/makefu/sshd/snake.pub b/kartei/makefu/sshd/snake.pub
new file mode 100644
index 00000000..eceeae89
--- /dev/null
+++ b/kartei/makefu/sshd/snake.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBfIivSIxnkH212vtHiWPiUJcjSRrv3d4eVfkIahJA7S makefu@x
diff --git a/kartei/makefu/wiregrill/omo.pub b/kartei/makefu/wiregrill/omo.pub
new file mode 100644
index 00000000..bb6b8811
--- /dev/null
+++ b/kartei/makefu/wiregrill/omo.pub
@@ -0,0 +1 @@
+JmcpzkwgKymVecZqaV0ODQactoVwGGlEHcfYIOCkx3A=
diff --git a/kartei/makefu/wiregrill/savarcast.pub b/kartei/makefu/wiregrill/savarcast.pub
new file mode 100644
index 00000000..f6153f5f
--- /dev/null
+++ b/kartei/makefu/wiregrill/savarcast.pub
@@ -0,0 +1 @@
+mM/QKHTnLlC5qyClRY9WZKg3TK4F+WpLIKRtjCmCCHM=
diff --git a/kartei/makefu/wiregrill/telex.pub b/kartei/makefu/wiregrill/telex.pub
new file mode 100644
index 00000000..4a5f666c
--- /dev/null
+++ b/kartei/makefu/wiregrill/telex.pub
@@ -0,0 +1 @@
+yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=