summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/makefu/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/makefu/default.nix')
-rw-r--r--krebs/3modules/makefu/default.nix390
1 files changed, 0 insertions, 390 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
deleted file mode 100644
index b0bd8324..00000000
--- a/krebs/3modules/makefu/default.nix
+++ /dev/null
@@ -1,390 +0,0 @@
-## generate keys with:
-# tinc generate-keys
-# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
-
-with import <stockholm/lib>;
-{ config, ... }: let
-
- hostDefaults = hostName: host: foldl' recursiveUpdate {} [
- {
- owner = config.krebs.users.makefu;
- }
- # Retiolum defaults
- (let
- pubkey-path = ./retiolum + "/${hostName}.pub";
- in optionalAttrs (pathExists pubkey-path) {
- nets.retiolum = {
- tinc.pubkey = readFile pubkey-path;
- aliases = [
- "${hostName}.r"
- ];
- ip6.addr =
- (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
- };
- })
- # Retiolum ed25519 keys
- (let
- pubkey-path = ./retiolum + "/${hostName}_ed25519.pub";
- in optionalAttrs (pathExists pubkey-path) {
- nets.retiolum.tinc.pubkey_ed25519 = readFile pubkey-path;
- })
- # Wiregrill defaults
- (let
- pubkey-path = ./wiregrill + "/${hostName}.pub";
- in optionalAttrs (pathExists pubkey-path) {
- nets.wiregrill = {
- aliases = [
- "${hostName}.w"
- ];
- ip6.addr =
- (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
- wireguard.pubkey = readFile pubkey-path;
- };
- })
- # SSHD defaults
- (let
- pubkey-path = ./sshd + "/${hostName}.pub";
- in optionalAttrs (pathExists pubkey-path) {
- ssh.pubkey = readFile pubkey-path;
- # We assume that if the sshd pubkey exits then there must be a privkey in
- # the screts store as well
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- })
- host
- ];
-
- pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
- w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
-in {
- hosts = mapAttrs hostDefaults {
- cake = rec {
- cores = 4;
- ci = false;
- nets = {
- retiolum.ip4.addr = "10.243.136.236";
- };
- };
- crapi = rec { # raspi1
- cores = 1;
- ci = false;
- nets = {
- retiolum.ip4.addr = "10.243.136.237";
- };
- };
- firecracker = {
- cores = 4;
- nets = {
- retiolum.ip4.addr = "10.243.12.12";
- };
- };
-
- studio = rec {
- ci = false;
- cores = 4;
- nets = {
- retiolum.ip4.addr = "10.243.227.163";
- };
- };
- fileleech = rec {
- ci = false;
- cores = 4;
- nets = {
- retiolum.ip4.addr = "10.243.113.98";
- };
- };
- tsp = {
- ci = true;
- cores = 1;
- nets = {
- retiolum.ip4.addr = "10.243.0.212";
- };
- };
- x = {
- ci = true;
- cores = 4;
- syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
- nets = {
- retiolum.ip4.addr = "10.243.0.91";
- wiregrill = {
- # defaults
- };
- };
-
- };
- filepimp = rec {
- ci = false;
- cores = 1;
- nets = {
- retiolum.ip4.addr = "10.243.153.102";
- };
- };
-
- omo = rec {
- ci = true;
- cores = 2;
- syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.89";
- aliases = [
- "omo.r"
- "dcpp.omo.r"
- "backup.makefu.r"
- "torrent.omo.r"
- ];
- };
- };
- };
- wbob = rec {
- ci = true;
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.214.15";
- aliases = [
- "wbob.r"
- "hydra.wbob.r"
- "log.wbob.r"
- ];
- };
- };
- };
- latte = rec {
- ci = true;
- extraZones = {
- "krebsco.de" = ''
- latte.euer IN A ${nets.internet.ip4.addr}
- '';
- };
- cores = 4;
- nets = rec {
- internet = {
- ip4.addr = "178.254.30.202";
- ip6.addr = "2a00:6800:3:18c::2";
- aliases = [
- "latte.i"
- ];
- };
- #wiregrill = {
- # via = internet;
- # ip4.addr = "10.244.245.1";
- # ip6.addr = w6 "1";
- # wireguard.port = 51821;
- # wireguard.subnets = [
- # (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
- # "10.244.245.0/24" # required for routing directly to gum via rockit
- # ];
- #};
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.214";
- # never connect via gum (he eats your packets!)
- #tinc.weight = 9001;
-
- aliases = [
- "latte.r"
- "torrent.latte.r"
- ];
- };
- };
- };
- gum = rec {
- ci = true;
- extraZones = {
- "krebsco.de" = ''
- rss.euer IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- bw.euer IN A ${nets.internet.ip4.addr}
- bookmark.euer IN A ${nets.internet.ip4.addr}
- boot IN A ${nets.internet.ip4.addr}
- boot.euer IN A ${nets.internet.ip4.addr}
- cache.euer IN A ${nets.internet.ip4.addr}
- cache.gum IN A ${nets.internet.ip4.addr}
- cgit.euer IN A ${nets.internet.ip4.addr}
- dl.euer IN A ${nets.internet.ip4.addr}
- dns.euer IN A ${nets.internet.ip4.addr}
- dockerhub IN A ${nets.internet.ip4.addr}
- euer IN A ${nets.internet.ip4.addr}
- euer IN MX 1 aspmx.l.google.com.
- ghook IN A ${nets.internet.ip4.addr}
- git.euer IN A ${nets.internet.ip4.addr}
- gold IN A ${nets.internet.ip4.addr}
- graph IN A ${nets.internet.ip4.addr}
- gum IN A ${nets.internet.ip4.addr}
- io IN NS gum.krebsco.de.
- iso.euer IN A ${nets.internet.ip4.addr}
- feed.euer IN A ${nets.internet.ip4.addr}
- board.euer IN A ${nets.internet.ip4.addr}
- etherpad.euer IN A ${nets.internet.ip4.addr}
- mediengewitter IN CNAME over.dose.io.
- mon.euer IN A ${nets.internet.ip4.addr}
- netdata.euer IN A ${nets.internet.ip4.addr}
- nixos.unstable IN CNAME krebscode.github.io.
- photostore IN A ${nets.internet.ip4.addr}
- pigstarter IN CNAME makefu.github.io.
- share.euer IN A ${nets.internet.ip4.addr}
- wg.euer IN A ${nets.internet.ip4.addr}
- wiki.euer IN A ${nets.internet.ip4.addr}
- wikisearch IN A ${nets.internet.ip4.addr}
-
- meet.euer IN A ${nets.internet.ip4.addr}
- work.euer IN A ${nets.internet.ip4.addr}
- admin.work.euer IN A ${nets.internet.ip4.addr}
- push.work.euer IN A ${nets.internet.ip4.addr}
- api.work.euer IN A ${nets.internet.ip4.addr}
- maps.work.euer IN A ${nets.internet.ip4.addr}
- play.work.euer IN A ${nets.internet.ip4.addr}
- ul.work.euer IN A ${nets.internet.ip4.addr}
- '';
- };
- cores = 8;
- nets = rec {
- internet = {
- ip4.addr = "142.132.189.140";
- ip6.addr = "fe80::9400:1ff:fe24:33f4";
- aliases = [
- "gum.i"
- ];
- };
- wiregrill = {
- via = internet;
- ip4.addr = "10.244.245.1";
- ip6.addr = w6 "1";
- wireguard.port = 51821;
- wireguard.subnets = [
- (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
- "10.244.245.0/24" # required for routing directly to gum via rockit
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.213";
- # never connect via gum (he eats your packets!)
- #tinc.weight = 9001;
-
- aliases = [
- "gum.r"
- "blog.gum.r"
- "blog.makefu.r"
- "cache.gum.r"
- "cgit.gum.r"
- "dcpp.gum.r"
- "dcpp.nextgum.r"
- "graph.makefu.r"
- "logs.makefu.r"
- "netdata.makefu.r"
- "nextgum.r"
- "o.gum.r"
- "search.makefu.r"
- "stats.makefu.r"
- "torrent.gum.r"
- "tracker.makefu.r"
- "wiki.gum.r"
- "wiki.makefu.r"
- "warrior.gum.r"
- "rss.makefu.r"
- "sick.makefu.r"
- "dl.gum.r"
- "dl.makefu.r"
- ];
- };
- };
- };
-
- sdev = rec {
- ci = true;
- cores = 1;
- nets = {
- retiolum.ip4.addr = "10.243.83.237";
- };
- };
-
-
-# non-stockholm
-
- flap = rec {
- cores = 1;
- extraZones = {
- "krebsco.de" = ''
- flap IN A ${nets.internet.ip4.addr}
- '';
- };
- nets = {
- internet = {
- ip4.addr = "162.248.11.162";
- aliases = [
- "flap.i"
- ];
- };
- retiolum = {
- ip4.addr = "10.243.211.172";
- };
- };
- };
-
- nukular = rec {
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.231.219";
- };
- };
- };
-
-
- shackdev = rec { # router@shack
- cores = 1;
- nets.wiregrill.ip4.addr = "10.244.245.2";
- };
-
- rockit = rec { # router@home
- cores = 1;
- nets.wiregrill.ip4.addr = "10.244.245.3";
- };
-
- senderechner = rec {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.163";
- };
- };
- };
- };
- users = rec {
- makefu = {
- mail = "makefu@x.r";
- pubkey = pub-for "makefu.x";
- pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
- pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
- };
- makefu-omo = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.omo";
- };
- makefu-tsp = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.tsp";
- };
- makefu-vbob = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.vbob";
- };
- makefu-tempx = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.tempx";
- };
- makefu-android = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.android";
- };
- makefu-remote-builder = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.remote-builder";
- };
- makefu-bob = {
- inherit (makefu) mail pgp;
- pubkey = pub-for "makefu.bob";
- };
- };
-}