From 9e6dbd6df4532031c2dd23d1da7d88c12f1b2fbb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 21:10:05 +0100 Subject: l: set short ipv6 addresses for all hosts --- krebs/3modules/lass/default.nix | 50 ++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 13 deletions(-) (limited to 'krebs/3modules/lass/default.nix') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0d8513a6..148cc3ed 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,16 +1,14 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ + hostDefaults = hostName: host: flip recursiveUpdate host { ci = true; monitoring = true; owner = config.krebs.users.lass; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address; - }); + }; - wip6 = krebs.genipv6 "wirelum" "lass"; + r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; in { dns.providers = { @@ -56,6 +54,7 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.103"; + ip6.addr = r6 "1"; aliases = [ "prism.r" "cache.prism.r" @@ -93,13 +92,13 @@ in { wirelum = { via = internet; ip4.addr = "10.244.1.1"; - ip6.addr = (wip6 "1").address; + ip6.addr = w6 "1"; aliases = [ "prism.w" ]; wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; - subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ]; + subnets = [ "10.244.1.0/24" "42:1::/32" ]; }; }; }; @@ -150,6 +149,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.81.176"; + ip6.addr = r6 "1e1"; aliases = [ "uriel.r" "cgit.uriel.r" @@ -175,6 +175,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.2"; + ip6.addr = r6 "dea7"; aliases = [ "mors.r" "cgit.mors.r" @@ -191,7 +192,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "dea7").address; + ip6.addr = w6 "dea7"; aliases = [ "mors.w" ]; @@ -207,6 +208,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.4"; + ip6.addr = r6 "50da"; aliases = [ "shodan.r" "cgit.shodan.r" @@ -223,7 +225,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "50da").address; + ip6.addr = w6 "50da"; aliases = [ "shodan.w" ]; @@ -239,6 +241,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.114"; + ip6.addr = r6 "1205"; aliases = [ "icarus.r" "cgit.icarus.r" @@ -255,7 +258,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "1205").address; + ip6.addr = w6 "1205"; aliases = [ "icarus.w" ]; @@ -271,6 +274,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.115"; + ip6.addr = r6 "dead"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -296,6 +300,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.116"; + ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" "cgit.skynet.r" @@ -321,6 +326,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.133.77"; + ip6.addr = r6 "771e"; aliases = [ "littleT.r" ]; @@ -402,6 +408,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.13"; + ip6.addr = r6 "12ed"; aliases = [ "red.r" ]; @@ -431,6 +438,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.14"; + ip6.addr = r6 "3110"; aliases = [ "yellow.r" ]; @@ -452,7 +460,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "e110").address; + ip6.addr = w6 "3110"; aliases = [ "yellow.w" ]; @@ -467,6 +475,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.77"; + ip6.addr = r6 "b1ce"; aliases = [ "blue.r" ]; @@ -487,6 +496,13 @@ in { -----END PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = w6 "b1ce"; + aliases = [ + "blue.w" + ]; + wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; @@ -494,8 +510,8 @@ in { phone = { nets = { wirelum = { - ip6.addr = (wip6 "a").address; ip4.addr = "10.244.1.2"; + ip6.addr = w6 "a"; aliases = [ "phone.w" ]; @@ -510,6 +526,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.19"; + ip6.addr = r6 "012f"; aliases = [ "morpheus.r" ]; @@ -529,6 +546,13 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = w6 "012f"; + aliases = [ + "morpheus.w" + ]; + wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; -- cgit v1.2.3 From f0fc2013d75e249e03123f611eacf523077ad07e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 23:01:55 +0100 Subject: l: update shodan wirelum key --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules/lass/default.nix') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 148cc3ed..6f3b19a9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -229,7 +229,7 @@ in { aliases = [ "shodan.w" ]; - wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ="; + wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; }; }; secure = true; -- cgit v1.2.3 From 4e04b2ac99885f2d953487b506d37c5519794754 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 23:02:22 +0100 Subject: l: rip xerxes --- krebs/3modules/lass/default.nix | 40 ---------------------------------------- 1 file changed, 40 deletions(-) (limited to 'krebs/3modules/lass/default.nix') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6f3b19a9..1eac198f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -362,46 +362,6 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - xerxes = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.3"; - aliases = [ - "xerxes.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U - MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk - gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W - /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb - mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO - X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj - +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim - hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 - 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 - H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 - JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 - hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe - SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo - 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe - vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 - Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO - scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv - jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ - Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u - /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 - bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ - sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; - }; red = { monitoring = false; cores = 1; -- cgit v1.2.3 From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:11:02 +0100 Subject: wirelum -> wiregrill --- krebs/3modules/lass/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'krebs/3modules/lass/default.nix') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1eac198f..1117dc61 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -8,7 +8,7 @@ with import ; }; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; - w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; in { dns.providers = { @@ -89,7 +89,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { via = internet; ip4.addr = "10.244.1.1"; ip6.addr = w6 "1"; @@ -191,7 +191,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "dea7"; aliases = [ "mors.w" @@ -224,7 +224,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "50da"; aliases = [ "shodan.w" @@ -257,7 +257,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "1205"; aliases = [ "icarus.w" @@ -419,7 +419,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "3110"; aliases = [ "yellow.w" @@ -456,7 +456,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "b1ce"; aliases = [ "blue.w" @@ -469,7 +469,7 @@ in { }; phone = { nets = { - wirelum = { + wiregrill = { ip4.addr = "10.244.1.2"; ip6.addr = w6 "a"; aliases = [ @@ -506,7 +506,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "012f"; aliases = [ "morpheus.w" -- cgit v1.2.3