summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/lass/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/lass/default.nix')
-rw-r--r--krebs/3modules/lass/default.nix223
1 files changed, 141 insertions, 82 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index a8314e11..2123ec96 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -30,6 +30,7 @@ in {
60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ IN MX 5 lassul.us.
60 IN TXT v=spf1 mx a:lassul.us -all
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
@@ -43,6 +44,8 @@ in {
matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ jitsi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -94,6 +97,7 @@ in {
};
wiregrill = {
via = internet;
+ ip4.addr = "10.244.1.103";
ip6.addr = w6 "1";
aliases = [
"prism.w"
@@ -103,6 +107,7 @@ in {
subnets = [
(krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
(krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
+ "10.244.1.0/24"
];
};
};
@@ -111,44 +116,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
- archprism = {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "46.4.114.247";
- aliases = [
- "archprism.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.123";
- aliases = [
- "archprism.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG
- wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n
- f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U
- 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H
- BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte
- s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l
- x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP
- gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5
- GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI
- l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV
- L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc
- 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
- };
-
uriel = {
monitoring = false;
cores = 1;
@@ -158,7 +125,6 @@ in {
ip6.addr = r6 "1e1";
aliases = [
"uriel.r"
- "cgit.uriel.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -184,7 +150,6 @@ in {
ip6.addr = r6 "dea7";
aliases = [
"mors.r"
- "cgit.mors.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -218,7 +183,6 @@ in {
ip6.addr = r6 "50da";
aliases = [
"shodan.r"
- "cgit.shodan.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -233,6 +197,7 @@ in {
};
wiregrill = {
ip6.addr = w6 "50da";
+ ip4.addr = "10.244.1.4";
aliases = [
"shodan.w"
];
@@ -252,7 +217,6 @@ in {
ip6.addr = r6 "1205";
aliases = [
"icarus.r"
- "cgit.icarus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -286,7 +250,6 @@ in {
ip6.addr = r6 "daed";
aliases = [
"daedalus.r"
- "cgit.daedalus.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -318,7 +281,6 @@ in {
ip6.addr = r6 "5ce7";
aliases = [
"skynet.r"
- "cgit.skynet.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -591,6 +553,7 @@ in {
phone = {
nets = {
wiregrill = {
+ ip4.addr = "10.244.1.13";
ip6.addr = w6 "a";
aliases = [
"phone.w"
@@ -637,15 +600,148 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
+ syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ";
+ };
+ hilum = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.20.123";
+ ip6.addr = r6 "005b";
+ aliases = [
+ "hilum.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
+ pLx6gu6VycxaDcWAoTWSjPsOT2IJf3NYC6i8D6WASnRqR6djp06OG7Onu0r5hZhi
+ V5nelDUvR75qVAx9ZeuQDSdNpWuVMds/C3cQM6QQHD1kFwnr2n6VH/qy0W9duW8c
+ SGX3C80nRpmY0cCEEnxFdFdLSd0c15M+lFVAaqh2225ujXyyvkwH874yvpWLPSdh
+ 4xjZdrOFarl5yb9q83HcZsdunn+469BeKCWB8bs+nRsp9Wwj1en1yAZTB3WazYNE
+ saFQ0xGa7VGfHN0PjqgZEF2I2IiQJ+H3N5XRQ7dcJzsDRB8lMrCx2ynJkJRSjLXz
+ vgZjW+Rf47V9CLRjJGCp1xh6GbXqjsIYh5yqZkgH4Sm1VpMBYdr/kLjiygwzV8jY
+ 8uoBUgEHLc5B73/D3GlMe3bOJmxxMfyPITVTFHgznycalBNBSsgKpIwWae6LbYhZ
+ wrpi66IQOyC6YYThqn8pz3KUz17HxyacA/mS6/jcRP+IiHb9CYcS4BsjTpH3NnM3
+ RkSWE3FGE+ULH1W/VeA8pZRKAR1rypvMRdewbFTQpe/dNgif5O5Fe/7l/6KDzzCh
+ Zqqr6sEFhutPUd6PcaVtQlfzYkJ9MGYWYr4S17D7Q9V0H37a0AcRaYH59FCmlFjl
+ 87b8jfJNXlKFW+EBxBxN2uECAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "005b";
+ aliases = [
+ "hilum.w"
+ ];
+ wireguard.pubkey = ''
+ 0DRcCDR0O+UqV07DsGfS4On+6YaZ3LPfvni9u1NZNhw=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
+ syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
+ };
+ styx = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.11.1";
+ ip6.addr = r6 "111";
+ aliases = [
+ "styx.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
+ ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU
+ aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE
+ 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi
+ 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq
+ m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn
+ Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt
+ EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/
+ 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao
+ Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2
+ 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF
+ wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "111";
+ aliases = [
+ "styx.w"
+ ];
+ wireguard.pubkey = ''
+ 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
+ syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
+ };
+
+ coaxmetal = {
+ cores = 16;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.17";
+ ip6.addr = r6 "17";
+ aliases = [
+ "coaxmetal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
+ xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
+ gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
+ WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
+ ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
+ G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
+ G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
+ IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
+ K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
+ 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
+ bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
+ l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "17";
+ aliases = [
+ "coaxmetal.w"
+ ];
+ wireguard.pubkey = ''
+ lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
+ syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
};
+
};
users = rec {
- lass = lass-blue;
+ lass = lass-yubikey;
+ lass-yubikey = {
+ mail = lass.mail;
+ pubkey = builtins.readFile ./ssh/yubikey.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
+ };
lass-blue = {
mail = "lass@blue.r";
pubkey = builtins.readFile ./ssh/blue.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp;
};
+ lass-green = {
+ mail = "lass@green.r";
+ pubkey = builtins.readFile ./ssh/green.ed25519;
+ pgp.pubkeys.default = builtins.readFile ./pgp/green.pgp;
+ };
lass-mors = {
mail = "lass@mors.r";
pubkey = builtins.readFile ./ssh/mors.rsa;
@@ -655,42 +751,5 @@ in {
mail = "lassulus@gmail.com";
pubkey = builtins.readFile ./ssh/android.rsa;
};
- lass-helios = {
- mail = "lass@helios.r";
- pubkey = builtins.readFile ./ssh/helios.rsa;
- };
- lass-uriel = {
- mail = "lass@uriel.r";
- pubkey = builtins.readFile ./ssh/uriel.rsa;
- };
- lass-shodan = {
- mail = "lass@shodan.r";
- pubkey = builtins.readFile ./ssh/shodan.rsa;
- pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
- };
- lass-icarus = {
- mail = "lass@icarus.r";
- pubkey = builtins.readFile ./ssh/icarus.rsa;
- pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
- };
- lass-xerxes = {
- mail = "lass@xerxes.r";
- pubkey = builtins.readFile ./ssh/xerxes.ed25519;
- };
- lass-daedalus = {
- mail = "lass@daedalus.r";
- pubkey = builtins.readFile ./ssh/daedalus.rsa;
- };
- prism-repo-sync = {
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
- mail = "lass@prism.r";
- };
- mors-repo-sync = {
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
- mail = "lass@mors.r";
- };
- wine-mors = {
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842";
- };
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 13:35:44 +0000