diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/airdcpp.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/brockman.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/buildbot/master.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/buildbot/slave.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 53 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 21 | ||||
-rw-r--r-- | krebs/3modules/github-hosts-sync.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/htgen.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 24 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 65 | ||||
-rw-r--r-- | krebs/3modules/lass/ssh/tablet.ed25519 | 1 | ||||
-rw-r--r-- | krebs/3modules/realwallpaper.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/tinc_graphs.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/urlwatch.nix | 2 |
14 files changed, 166 insertions, 17 deletions
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 4ac6e30ee..259f613cc 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -269,6 +269,7 @@ let home = cfg.stateDir; createHome = true; isSystemUser = true; + group = "airdcpp"; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 7a78880ea..8427ca50b 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -11,10 +11,12 @@ in { config = mkIf cfg.enable { users.extraUsers.brockman = { home = "/var/lib/brockman"; + group = "brockman"; createHome = true; isSystemUser = true; uid = genid_uint31 "brockman"; }; + users.groups.brockman = {}; systemd.services.brockman = { description = "RSS to IRC broadcaster"; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index e55bd95ea..c30f31e31 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -319,6 +319,7 @@ let users.extraUsers.buildbotMaster = { uid = genid "buildbotMaster"; + group = "buildbotMaster"; description = "Buildbot Master"; home = cfg.workDir; createHome = false; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index d877b9911..f97b50def 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -128,6 +128,7 @@ let users.extraUsers.buildbotSlave = { uid = genid "buildbotSlave"; + group = "buildbotSlave"; description = "Buildbot Slave"; home = cfg.workDir; createHome = false; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7c896e90a..d919c8129 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -207,18 +207,45 @@ in { aliases = [ "qubasa.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA65g1Xql+S+Dd90uDpSVxzGRTL8n4DHc1p9T8u9h7ioytC9B+e2dQ - RU/y3gdJ0gXxrbth36MhTANuUonnqpHvsWwUDCQRbxLEFh8avlzLsecWvwrIt3zL - 102EaVurRySUa83D6TK8ZsDa2+ADY7tEzfFMJhT53g7MpBNIeOquB0rR6hVYBbHc - 3B+QtwdM8dx1gO/5+FsPYhJbR7ARczYHsj7Eyb8NbdzthEO0ICDgwzmcXTJfVHGR - qfT7DUolXsu7uSPMLB+Pe/leI7XcQ2VFukpVGP0fZv0mSMxavFlcFVkLgdbAEd2H - DPEBEcJpLR4Hw3HlO1kPPufaUdoeNhUmTkIp76mkCbanS1P/aFNFFcVB+a/+tpdK - z5pG8K3qANg5txp6sAatPchvkeQelIg11lvT9luc+nFsTEW6Ky5nDLo60luZVFnn - i1bdVeOojXR0u7M2gMqQZcSuscvy8APe48S8vPsqoiob1l/r77B7iNrWDwH8IutW - u8fpC64CbhlR76Orp3xTZPmJQCRT8XYpKDDoq5Z7prdlAEz3U6wEfVckVv+f1dmU - odG0zDTsmyKhkWWmZbPgPrOEUvAVoSpSLSQQxPR+UHArlgYe+2dAf8IHYqrgmhuO - D4Lga4nNwTyVbCZ8vUu5b/lnGCLpNcVj22WVQTdAJzNsCVTdIM2V5hcCAwEAAQ== + MIICCgKCAgEAwEaIkC/JxEI6mAnA2lnoNYRSVAVOggtm7XBAX2tTq9OCnwgh6Nnr + Bv8S6j8HBybMqZHKBlfFUo+Trm7Ig/g8KI8xwm2ThO83GnXLyu5qoIFLgjAtvx9w + uh/ZGIn2MKHy0aZ6J/HqDEbsr6XC/YpLb3mA3C5Msaiand0zmAh1oYQVvNJMLgLA + HgBr7a14ngyndwGiBoFDoHu2gtPXTallruv/eopnOVaidkyNRDlMhbqr/Xkxlwov + E2pewl+IKvt5WnGzCHDFvHYCDpeKX9ZAiBBJQ5tgGhxScN5rJ4Omx7iVbnjjPMzs + 1VSRgOqR1xPk5aMa0ByV2P978mNJL6MwIEhnGjg6Dyr1hvmjFxKjj+Pd8IWAeli9 + G3Xq4xJ8+vRbFBoqzBuxcUOTN/V1i1XECGMxEg5cE+9tp+2mvOSpiChkpxeGA42Y + KbcVR7df2bjIQ+8IQzgPkpGnpG/XwC8JKsy+2jiiXOWrwUDfEFrkFaqGNareTeST + ynkbl+y8PgtoHloubckKoXqyY/zHTG3gDDW7SLfr/OpHqyq8MtITyojwMB/Ijyzo + 6mAPiTLI7oFYpWIP0UiM7u4o6iDW9S8G9l+vLZJyEmhEUZJUkWoXRy2Ibd6ix0L3 + eA6izpRuehl1OLePY4HNkuqOgXiEf1mgNcoGnyx3kzKYa1cUlMP0ve8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = dqJq+qESCNakC3p9duc5LrG26D1scj58Hy1S5kPGtME + ''; + }; + }; + }; + + keller = { + owner = config.krebs.users.qubasa; + nets = { + retiolum = { + ip4.addr = "10.243.30.2"; + aliases = [ "kelle.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3jJgnaEJnKiBILtdtIROVfJJ1IgQSdfAw83aNE8xinkIFkP8lSFS + Nd1C9pRI2r8Tjut/MB0b7MRlwOS2FWP1COcKzZGR4gKSiwK9oWGy6Vf5Qvrsd5M+ + 0roUsf6Km/muJgqhWYY4OOaDK3LSp4mAo8H9+pibH9GuMuhu/Ebe0gtwnoOuuQs5 + GeHtaBrtpiGX2WvIU2S1TwDw0cmheEbqyaQ9COSqdOW1ldbfAbh7Zv38iUzMNXJ2 + yAWUfT5eYsIWlQc55JzEABuxIZEFj7BiR2vQYjVa+sIjsb+vI/6SFK4uiuqPP0dW + xFAQyRuQbW0gyooMLXnZ6ByD/t4mFpk7Eo1Sxiv8CdgDI/lELZ1h7jTYKrcuPHYc + P9m2Ut9FxuFMl+s2etkVUVGba2Kz9b9iwvvAZUtU85UrsQCkrghIT0Hm0SIdYQHO + +WyCw46okk5xLicXEd+RgwlWWq+AJeo0LKof3uoRnjQq1kkU5E0nGX/YqRa3YIxV + qmShTnQSTGUe6qVz1uAoh+ljTEUWWgW5UKuHPn1gdqFcIJ+4DSkJgiQ/cbSXtyp0 + 35bQuqjpFe/bwW1PuK6YspMRK2hQrYkypQNrvjcz0RJJc/1ULILTl0NaZEMtCcj2 + t7KpA6wY6WIz5+uTVBnc3vQrcBebfSWzl0IWxjaSufp8ojq5B7mz8s0CAwEAAQ== + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = HeSMxgGaB9alyS0n766TJ3qA2fAwvJmMyLPFbYhfZdJ ''; }; }; @@ -633,8 +660,10 @@ in { }; hydrogen = { owner = config.krebs.users.sandro; - nets = { + nets = rec { + internet.addrs = [ "hydrogen.supersandro.de" ]; retiolum = { + via = internet; ip4.addr = "10.243.54.54"; aliases = [ "hydrogen.r" ]; tinc.pubkey = '' diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b4e046303..0e6812a35 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -224,10 +224,8 @@ in { retiolum = { via = internet; addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr config.krebs.hosts.eve.nets.retiolum.ip6.addr ]; - ip4.addr = "10.243.29.174"; aliases = [ "eve.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -451,6 +449,7 @@ in { nets = rec { internet = { ip4.addr = "129.215.165.75"; + ip6.addr = "2001:630:3c1:164:d65d:64ff:feb0:e8a8"; aliases = [ "sauron.i" ]; }; retiolum = { @@ -707,8 +706,8 @@ in { nets = rec { internet = { # eva.thalheim.io - ip4.addr = "157.90.232.92"; - ip6.addr = "2a01:4f8:1c1c:9a9::1"; + ip4.addr = "131.159.102.4"; + ip6.addr = "2a09:80c0:102::4"; aliases = [ "eva.i" ]; }; retiolum = { @@ -798,7 +797,14 @@ in { ryan = { owner = config.krebs.users.mic92; nets = rec { + internet = { + # ryan.dse.in.tum.de + ip4.addr = "131.159.102.8"; + ip6.addr = "2a09:80c0:102::8"; + aliases = [ "ryan.i" ]; + }; retiolum = { + via = internet; addrs = [ config.krebs.hosts.ryan.nets.retiolum.ip4.addr config.krebs.hosts.ryan.nets.retiolum.ip6.addr @@ -823,7 +829,14 @@ in { graham = { owner = config.krebs.users.mic92; nets = rec { + internet = { + # graham.dse.in.tum.de + ip4.addr = "131.159.102.9"; + ip6.addr = "2a09:80c0:102::9"; + aliases = [ "graham.i" ]; + }; retiolum = { + via = internet; addrs = [ config.krebs.hosts.graham.nets.retiolum.ip4.addr config.krebs.hosts.graham.nets.retiolum.ip6.addr diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 9421576df..71eed6c69 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -66,11 +66,14 @@ let users.users.${user.name} = { inherit (user) uid; + group = user.name; home = cfg.dataDir; isSystemUser = true; }; }; + users.groups.${user.name} = {}; + user = rec { mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 517dad76f..4221703ec 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -69,10 +69,13 @@ let users.users = mapAttrs' (name: htgen: nameValuePair htgen.user.name { inherit (htgen.user) home name uid; + group = htgen.user.name; createHome = true; isSystemUser = true; } ) cfg; + users.groups = mapAttrs (_: _: {}) cfg; + }; in out diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 776b893f5..f796f0323 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -187,6 +187,30 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; + arcadeomat = { + ci = true; + nets = { + retiolum = { + ip4.addr = "10.243.77.67"; + aliases = [ + "arcadeomat.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb + HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7 + apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg + 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk + 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH + 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc"; + }; wolf = { ci = true; nets = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2475a0d5a..280021347 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -14,7 +14,47 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs hostDefaults { + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.lass; + ci = true; + monitoring = true; + }) { + dishfire = { + cores = 4; + nets = rec { + internet = { + ip4 = rec { + addr = "157.90.232.92"; + prefix = "${addr}/32"; + }; + aliases = [ + "dishfire.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.133.99"; + ip6.addr = r6 "d15f:1233"; + aliases = [ + "dishfire.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.port = 655; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; + }; prism = rec { cores = 4; extraZones = { @@ -31,6 +71,7 @@ in { 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} IN MX 5 lassul.us. 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) @@ -58,6 +99,10 @@ in { addr = "95.216.1.150"; prefix = "0.0.0.0/0"; }; + ip6 = { + addr = "2a01:4f9:2a:1e9::1"; + prefix = "2a01:4f9:2a:1e9::/64"; + }; aliases = [ "prism.i" "paste.i" @@ -73,6 +118,7 @@ in { "cache.prism.r" "cgit.prism.r" "flix.r" + "jelly.r" "paste.r" "c.r" "p.r" @@ -529,6 +575,20 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; + tablet = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.14"; + ip6.addr = w6 "b"; + aliases = [ + "tablet.w" + ]; + wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI="; + }; + }; + external = true; + ci = false; + }; hilum = { cores = 1; nets = { @@ -777,5 +837,8 @@ in { mail = "lassulus@gmail.com"; pubkey = builtins.readFile ./ssh/android.ed25519; }; + lass-tablet = { + pubkey = builtins.readFile ./ssh/tablet.ed25519; + }; }; } diff --git a/krebs/3modules/lass/ssh/tablet.ed25519 b/krebs/3modules/lass/ssh/tablet.ed25519 new file mode 100644 index 000000000..250be53f7 --- /dev/null +++ b/krebs/3modules/lass/ssh/tablet.ed25519 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMaulRARjJt6gQ4q5DCj3ySAf4juHvVaIcXDRhWZ5mM u0_a234@localhost
\ No newline at end of file diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 1fa6012cf..167afed2c 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -59,10 +59,13 @@ let users.extraUsers.realwallpaper = { uid = genid "realwallpaper"; + group = "realwallpaper"; home = cfg.workingDir; createHome = true; isSystemUser = true; }; + + users.groups.realwallpaper = {}; }; in diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 7a414e6e3..733db69ca 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -128,9 +128,12 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; + group = "tinc_graphs"; home = "/var/spool/tinc_graphs"; isSystemUser = true; }; + users.groups.tinc_graphs = {}; + services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; virtualHosts = { diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 6a159a5b2..2e336de21 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -194,7 +194,9 @@ let home = cfg.dataDir; createHome = true; isSystemUser = true; + group = user.name; }; + users.groups.${user.name} = {}; }; user = rec { |