From 606f88e4f0a8c257f9e6be94ca8469da04b381cc Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 22 Nov 2022 20:15:44 +0100 Subject: kartei: init --- krebs/3modules/makefu/default.nix | 393 -------------------------------------- 1 file changed, 393 deletions(-) delete mode 100644 krebs/3modules/makefu/default.nix (limited to 'krebs/3modules/makefu/default.nix') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix deleted file mode 100644 index 0d535998..00000000 --- a/krebs/3modules/makefu/default.nix +++ /dev/null @@ -1,393 +0,0 @@ -## generate keys with: -# tinc generate-keys -# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host - -with import ; -{ config, ... }: let - - hostDefaults = hostName: host: foldl' recursiveUpdate {} [ - { - owner = config.krebs.users.makefu; - } - # Retiolum defaults - (let - pubkey-path = ./retiolum + "/${hostName}.pub"; - in optionalAttrs (pathExists pubkey-path) { - nets.retiolum = { - tinc.pubkey = readFile pubkey-path; - aliases = [ - "${hostName}.r" - ]; - ip6.addr = - (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; - }; - }) - # Retiolum ed25519 keys - (let - pubkey-path = ./retiolum + "/${hostName}_ed25519.pub"; - in optionalAttrs (pathExists pubkey-path) { - nets.retiolum.tinc.pubkey_ed25519 = readFile pubkey-path; - }) - # Wiregrill defaults - (let - pubkey-path = ./wiregrill + "/${hostName}.pub"; - in optionalAttrs (pathExists pubkey-path) { - nets.wiregrill = { - aliases = [ - "${hostName}.w" - ]; - ip6.addr = - (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; - wireguard.pubkey = readFile pubkey-path; - }; - }) - # SSHD defaults - (let - pubkey-path = ./sshd + "/${hostName}.pub"; - in optionalAttrs (pathExists pubkey-path) { - ssh.pubkey = readFile pubkey-path; - # We assume that if the sshd pubkey exits then there must be a privkey in - # the screts store as well - ssh.privkey.path = ; - }) - host - ]; - - pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); - w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address; -in { - hosts = mapAttrs hostDefaults { - cake = rec { - cores = 4; - ci = false; - nets = { - retiolum.ip4.addr = "10.243.136.236"; - }; - }; - crapi = rec { # raspi1 - cores = 1; - ci = false; - nets = { - retiolum.ip4.addr = "10.243.136.237"; - }; - }; - firecracker = { - cores = 4; - nets = { - retiolum.ip4.addr = "10.243.12.12"; - }; - }; - - studio = rec { - ci = false; - cores = 4; - nets = { - retiolum.ip4.addr = "10.243.227.163"; - }; - }; - fileleech = rec { - ci = false; - cores = 4; - nets = { - retiolum.ip4.addr = "10.243.113.98"; - }; - }; - tsp = { - ci = true; - cores = 1; - nets = { - retiolum.ip4.addr = "10.243.0.212"; - }; - }; - x = { - ci = true; - cores = 4; - syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5"; - nets = { - retiolum.ip4.addr = "10.243.0.91"; - wiregrill = { - # defaults - }; - }; - - }; - filepimp = rec { - ci = false; - cores = 1; - nets = { - retiolum.ip4.addr = "10.243.153.102"; - }; - }; - - omo = rec { - ci = true; - cores = 2; - syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK"; - nets = { - retiolum = { - ip4.addr = "10.243.0.89"; - aliases = [ - "omo.r" - "dcpp.omo.r" - "backup.makefu.r" - "torrent.omo.r" - "music.omo.r" - "music.makefu.r" - ]; - }; - }; - }; - wbob = rec { - ci = true; - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.214.15"; - aliases = [ - "wbob.r" - "hydra.wbob.r" - "log.wbob.r" - ]; - }; - }; - }; - latte = rec { - ci = true; - extraZones = { - "krebsco.de" = '' - latte.euer IN A ${nets.internet.ip4.addr} - ''; - }; - cores = 4; - nets = rec { - internet = { - ip4.addr = "178.254.30.202"; - ip6.addr = "2a00:6800:3:18c::2"; - aliases = [ - "latte.i" - ]; - }; - #wiregrill = { - # via = internet; - # ip4.addr = "10.244.245.1"; - # ip6.addr = w6 "1"; - # wireguard.port = 51821; - # wireguard.subnets = [ - # (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR - # "10.244.245.0/24" # required for routing directly to gum via rockit - # ]; - #}; - retiolum = { - via = internet; - ip4.addr = "10.243.0.214"; - # never connect via gum (he eats your packets!) - #tinc.weight = 9001; - - aliases = [ - "latte.r" - "torrent.latte.r" - ]; - }; - }; - }; - gum = rec { - ci = true; - extraZones = { - "krebsco.de" = '' - rss.euer IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} - bw.euer IN A ${nets.internet.ip4.addr} - bookmark.euer IN A ${nets.internet.ip4.addr} - boot IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - cache.euer IN A ${nets.internet.ip4.addr} - cache.gum IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - dns.euer IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} - euer IN MX 1 aspmx.l.google.com. - ghook IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - gold IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} - io IN NS gum.krebsco.de. - iso.euer IN A ${nets.internet.ip4.addr} - feed.euer IN A ${nets.internet.ip4.addr} - board.euer IN A ${nets.internet.ip4.addr} - etherpad.euer IN A ${nets.internet.ip4.addr} - mediengewitter IN CNAME over.dose.io. - mon.euer IN A ${nets.internet.ip4.addr} - netdata.euer IN A ${nets.internet.ip4.addr} - nixos.unstable IN CNAME krebscode.github.io. - photostore IN A ${nets.internet.ip4.addr} - pigstarter IN CNAME makefu.github.io. - share.euer IN A ${nets.internet.ip4.addr} - wg.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} - wikisearch IN A ${nets.internet.ip4.addr} - - meet.euer IN A ${nets.internet.ip4.addr} - work.euer IN A ${nets.internet.ip4.addr} - admin.work.euer IN A ${nets.internet.ip4.addr} - push.work.euer IN A ${nets.internet.ip4.addr} - api.work.euer IN A ${nets.internet.ip4.addr} - maps.work.euer IN A ${nets.internet.ip4.addr} - play.work.euer IN A ${nets.internet.ip4.addr} - ul.work.euer IN A ${nets.internet.ip4.addr} - music.euer IN A ${nets.internet.ip4.addr} - ''; - }; - cores = 8; - nets = rec { - internet = { - ip4.addr = "142.132.189.140"; - ip6.addr = "fe80::9400:1ff:fe24:33f4"; - aliases = [ - "gum.i" - ]; - }; - wiregrill = { - via = internet; - ip4.addr = "10.244.245.1"; - ip6.addr = w6 "1"; - wireguard.port = 51821; - wireguard.subnets = [ - (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR - "10.244.245.0/24" # required for routing directly to gum via rockit - ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.0.213"; - # never connect via gum (he eats your packets!) - #tinc.weight = 9001; - - aliases = [ - "gum.r" - "blog.gum.r" - "blog.makefu.r" - "cache.gum.r" - "cgit.gum.r" - "dcpp.gum.r" - "dcpp.nextgum.r" - "graph.makefu.r" - "logs.makefu.r" - "netdata.makefu.r" - "nextgum.r" - "o.gum.r" - "search.makefu.r" - "stats.makefu.r" - "torrent.gum.r" - "tracker.makefu.r" - "wiki.gum.r" - "wiki.makefu.r" - "warrior.gum.r" - "rss.makefu.r" - "sick.makefu.r" - "dl.gum.r" - "dl.makefu.r" - ]; - }; - }; - }; - - sdev = rec { - ci = true; - cores = 1; - nets = { - retiolum.ip4.addr = "10.243.83.237"; - }; - }; - - -# non-stockholm - - flap = rec { - cores = 1; - extraZones = { - "krebsco.de" = '' - flap IN A ${nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "162.248.11.162"; - aliases = [ - "flap.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.211.172"; - }; - }; - }; - - nukular = rec { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.231.219"; - }; - }; - }; - - - shackdev = rec { # router@shack - cores = 1; - nets.wiregrill.ip4.addr = "10.244.245.2"; - }; - - rockit = rec { # router@home - cores = 1; - nets.wiregrill.ip4.addr = "10.244.245.3"; - }; - - senderechner = rec { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.0.163"; - }; - }; - }; - }; - users = rec { - makefu = { - mail = "makefu@x.r"; - pubkey = pub-for "makefu.x"; - pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; - pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; - }; - makefu-omo = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.omo"; - }; - makefu-tsp = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.tsp"; - }; - makefu-vbob = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.vbob"; - }; - makefu-tempx = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.tempx"; - }; - makefu-android = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.android"; - }; - makefu-remote-builder = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.remote-builder"; - }; - makefu-bob = { - inherit (makefu) mail pgp; - pubkey = pub-for "makefu.bob"; - }; - }; -} -- cgit v1.2.3