summaryrefslogtreecommitdiffstats
path: root/kartei/makefu
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-11-22 20:15:44 +0100
committertv <tv@krebsco.de>2022-11-22 23:34:57 +0100
commit606f88e4f0a8c257f9e6be94ca8469da04b381cc (patch)
tree34c2884c924ce968897485befe5bd59f32c52e72 /kartei/makefu
parenta781a0976f59700261eecf2cf24da53b7cd8e709 (diff)
kartei: init
Diffstat (limited to 'kartei/makefu')
-rw-r--r--kartei/makefu/default.nix393
-rw-r--r--kartei/makefu/pgp/brain.asc51
-rw-r--r--kartei/makefu/pgp/default.asc64
-rw-r--r--kartei/makefu/retiolum/cake.pub8
-rw-r--r--kartei/makefu/retiolum/cake_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/crapi.pub8
-rw-r--r--kartei/makefu/retiolum/crapi_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/fileleech.pub8
-rw-r--r--kartei/makefu/retiolum/fileleech_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/filepimp.pub8
-rw-r--r--kartei/makefu/retiolum/filepimp_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/firecracker.pub14
-rw-r--r--kartei/makefu/retiolum/firecracker_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/flap.pub8
-rw-r--r--kartei/makefu/retiolum/flap_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/gum.pub8
-rw-r--r--kartei/makefu/retiolum/gum_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/latte.pub8
-rw-r--r--kartei/makefu/retiolum/latte_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/nukular.pub8
-rw-r--r--kartei/makefu/retiolum/nukular_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/omo.pub8
-rw-r--r--kartei/makefu/retiolum/omo_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/sdev.pub8
-rw-r--r--kartei/makefu/retiolum/sdev_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/senderechner.pub8
-rw-r--r--kartei/makefu/retiolum/senderechner_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/studio.pub8
-rw-r--r--kartei/makefu/retiolum/studio_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/tsp.pub13
-rw-r--r--kartei/makefu/retiolum/tsp_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/vbob.pub8
-rw-r--r--kartei/makefu/retiolum/vbob_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/wbob.pub8
-rw-r--r--kartei/makefu/retiolum/wbob_ed25519.pub1
-rw-r--r--kartei/makefu/retiolum/x.pub8
-rw-r--r--kartei/makefu/retiolum/x_ed25519.pub1
-rw-r--r--kartei/makefu/ssh/makefu.android.pub1
-rw-r--r--kartei/makefu/ssh/makefu.bob.pub1
-rw-r--r--kartei/makefu/ssh/makefu.omo.pub1
-rw-r--r--kartei/makefu/ssh/makefu.remote-builder.pub1
-rw-r--r--kartei/makefu/ssh/makefu.tempx.pub1
-rw-r--r--kartei/makefu/ssh/makefu.tsp.pub1
-rw-r--r--kartei/makefu/ssh/makefu.vbob.pub1
-rw-r--r--kartei/makefu/ssh/makefu.x.pub1
-rw-r--r--kartei/makefu/sshd/cake.pub1
-rw-r--r--kartei/makefu/sshd/crapi.pub1
-rw-r--r--kartei/makefu/sshd/fileleech.pub1
-rw-r--r--kartei/makefu/sshd/firecracker.pub1
-rw-r--r--kartei/makefu/sshd/gum.pub1
-rw-r--r--kartei/makefu/sshd/omo.pub1
-rw-r--r--kartei/makefu/sshd/sdev.pub1
-rw-r--r--kartei/makefu/sshd/studio.pub1
-rw-r--r--kartei/makefu/sshd/wbob.pub1
-rw-r--r--kartei/makefu/sshd/x.pub1
-rw-r--r--kartei/makefu/wiregrill/gum.pub1
-rw-r--r--kartei/makefu/wiregrill/rockit.pub1
-rw-r--r--kartei/makefu/wiregrill/shackdev.pub1
-rw-r--r--kartei/makefu/wiregrill/x.pub1
59 files changed, 694 insertions, 0 deletions
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
new file mode 100644
index 000000000..f9997b2d2
--- /dev/null
+++ b/kartei/makefu/default.nix
@@ -0,0 +1,393 @@
+## generate keys with:
+# tinc generate-keys
+# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
+
+with import ../../lib;
+{ config, ... }: let
+
+ hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+ {
+ owner = config.krebs.users.makefu;
+ }
+ # Retiolum defaults
+ (let
+ pubkey-path = ./retiolum + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.retiolum = {
+ tinc.pubkey = readFile pubkey-path;
+ aliases = [
+ "${hostName}.r"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+ };
+ })
+ # Retiolum ed25519 keys
+ (let
+ pubkey-path = ./retiolum + "/${hostName}_ed25519.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.retiolum.tinc.pubkey_ed25519 = readFile pubkey-path;
+ })
+ # Wiregrill defaults
+ (let
+ pubkey-path = ./wiregrill + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.wiregrill = {
+ aliases = [
+ "${hostName}.w"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
+ wireguard.pubkey = readFile pubkey-path;
+ };
+ })
+ # SSHD defaults
+ (let
+ pubkey-path = ./sshd + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ ssh.pubkey = readFile pubkey-path;
+ # We assume that if the sshd pubkey exits then there must be a privkey in
+ # the screts store as well
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ })
+ host
+ ];
+
+ pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
+ w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
+in {
+ hosts = mapAttrs hostDefaults {
+ cake = rec {
+ cores = 4;
+ ci = false;
+ nets = {
+ retiolum.ip4.addr = "10.243.136.236";
+ };
+ };
+ crapi = rec { # raspi1
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum.ip4.addr = "10.243.136.237";
+ };
+ };
+ firecracker = {
+ cores = 4;
+ nets = {
+ retiolum.ip4.addr = "10.243.12.12";
+ };
+ };
+
+ studio = rec {
+ ci = false;
+ cores = 4;
+ nets = {
+ retiolum.ip4.addr = "10.243.227.163";
+ };
+ };
+ fileleech = rec {
+ ci = false;
+ cores = 4;
+ nets = {
+ retiolum.ip4.addr = "10.243.113.98";
+ };
+ };
+ tsp = {
+ ci = true;
+ cores = 1;
+ nets = {
+ retiolum.ip4.addr = "10.243.0.212";
+ };
+ };
+ x = {
+ ci = true;
+ cores = 4;
+ syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
+ nets = {
+ retiolum.ip4.addr = "10.243.0.91";
+ wiregrill = {
+ # defaults
+ };
+ };
+
+ };
+ filepimp = rec {
+ ci = false;
+ cores = 1;
+ nets = {
+ retiolum.ip4.addr = "10.243.153.102";
+ };
+ };
+
+ omo = rec {
+ ci = true;
+ cores = 2;
+ syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.89";
+ aliases = [
+ "omo.r"
+ "dcpp.omo.r"
+ "backup.makefu.r"
+ "torrent.omo.r"
+ "music.omo.r"
+ "music.makefu.r"
+ ];
+ };
+ };
+ };
+ wbob = rec {
+ ci = true;
+ cores = 4;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.214.15";
+ aliases = [
+ "wbob.r"
+ "hydra.wbob.r"
+ "log.wbob.r"
+ ];
+ };
+ };
+ };
+ latte = rec {
+ ci = true;
+ extraZones = {
+ "krebsco.de" = ''
+ latte.euer IN A ${nets.internet.ip4.addr}
+ '';
+ };
+ cores = 4;
+ nets = rec {
+ internet = {
+ ip4.addr = "178.254.30.202";
+ ip6.addr = "2a00:6800:3:18c::2";
+ aliases = [
+ "latte.i"
+ ];
+ };
+ #wiregrill = {
+ # via = internet;
+ # ip4.addr = "10.244.245.1";
+ # ip6.addr = w6 "1";
+ # wireguard.port = 51821;
+ # wireguard.subnets = [
+ # (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+ # "10.244.245.0/24" # required for routing directly to gum via rockit
+ # ];
+ #};
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.0.214";
+ # never connect via gum (he eats your packets!)
+ #tinc.weight = 9001;
+
+ aliases = [
+ "latte.r"
+ "torrent.latte.r"
+ ];
+ };
+ };
+ };
+ gum = rec {
+ ci = true;
+ extraZones = {
+ "krebsco.de" = ''
+ rss.euer IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ bw.euer IN A ${nets.internet.ip4.addr}
+ bookmark.euer IN A ${nets.internet.ip4.addr}
+ boot IN A ${nets.internet.ip4.addr}
+ boot.euer IN A ${nets.internet.ip4.addr}
+ cache.euer IN A ${nets.internet.ip4.addr}
+ cache.gum IN A ${nets.internet.ip4.addr}
+ cgit.euer IN A ${nets.internet.ip4.addr}
+ dl.euer IN A ${nets.internet.ip4.addr}
+ dns.euer IN A ${nets.internet.ip4.addr}
+ dockerhub IN A ${nets.internet.ip4.addr}
+ euer IN A ${nets.internet.ip4.addr}
+ euer IN MX 1 aspmx.l.google.com.
+ ghook IN A ${nets.internet.ip4.addr}
+ git.euer IN A ${nets.internet.ip4.addr}
+ gold IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
+ gum IN A ${nets.internet.ip4.addr}
+ io IN NS gum.krebsco.de.
+ iso.euer IN A ${nets.internet.ip4.addr}
+ feed.euer IN A ${nets.internet.ip4.addr}
+ board.euer IN A ${nets.internet.ip4.addr}
+ etherpad.euer IN A ${nets.internet.ip4.addr}
+ mediengewitter IN CNAME over.dose.io.
+ mon.euer IN A ${nets.internet.ip4.addr}
+ netdata.euer IN A ${nets.internet.ip4.addr}
+ nixos.unstable IN CNAME krebscode.github.io.
+ photostore IN A ${nets.internet.ip4.addr}
+ pigstarter IN CNAME makefu.github.io.
+ share.euer IN A ${nets.internet.ip4.addr}
+ wg.euer IN A ${nets.internet.ip4.addr}
+ wiki.euer IN A ${nets.internet.ip4.addr}
+ wikisearch IN A ${nets.internet.ip4.addr}
+
+ meet.euer IN A ${nets.internet.ip4.addr}
+ work.euer IN A ${nets.internet.ip4.addr}
+ admin.work.euer IN A ${nets.internet.ip4.addr}
+ push.work.euer IN A ${nets.internet.ip4.addr}
+ api.work.euer IN A ${nets.internet.ip4.addr}
+ maps.work.euer IN A ${nets.internet.ip4.addr}
+ play.work.euer IN A ${nets.internet.ip4.addr}
+ ul.work.euer IN A ${nets.internet.ip4.addr}
+ music.euer IN A ${nets.internet.ip4.addr}
+ '';
+ };
+ cores = 8;
+ nets = rec {
+ internet = {
+ ip4.addr = "142.132.189.140";
+ ip6.addr = "fe80::9400:1ff:fe24:33f4";
+ aliases = [
+ "gum.i"
+ ];
+ };
+ wiregrill = {
+ via = internet;
+ ip4.addr = "10.244.245.1";
+ ip6.addr = w6 "1";
+ wireguard.port = 51821;
+ wireguard.subnets = [
+ (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+ "10.244.245.0/24" # required for routing directly to gum via rockit
+ ];
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.0.213";
+ # never connect via gum (he eats your packets!)
+ #tinc.weight = 9001;
+
+ aliases = [
+ "gum.r"
+ "blog.gum.r"
+ "blog.makefu.r"
+ "cache.gum.r"
+ "cgit.gum.r"
+ "dcpp.gum.r"
+ "dcpp.nextgum.r"
+ "graph.makefu.r"
+ "logs.makefu.r"
+ "netdata.makefu.r"
+ "nextgum.r"
+ "o.gum.r"
+ "search.makefu.r"
+ "stats.makefu.r"
+ "torrent.gum.r"
+ "tracker.makefu.r"
+ "wiki.gum.r"
+ "wiki.makefu.r"
+ "warrior.gum.r"
+ "rss.makefu.r"
+ "sick.makefu.r"
+ "dl.gum.r"
+ "dl.makefu.r"
+ ];
+ };
+ };
+ };
+
+ sdev = rec {
+ ci = true;
+ cores = 1;
+ nets = {
+ retiolum.ip4.addr = "10.243.83.237";
+ };
+ };
+
+
+# non-stockholm
+
+ flap = rec {
+ cores = 1;
+ extraZones = {
+ "krebsco.de" = ''
+ flap IN A ${nets.internet.ip4.addr}
+ '';
+ };
+ nets = {
+ internet = {
+ ip4.addr = "162.248.11.162";
+ aliases = [
+ "flap.i"
+ ];
+ };
+ retiolum = {
+ ip4.addr = "10.243.211.172";
+ };
+ };
+ };
+
+ nukular = rec {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.231.219";
+ };
+ };
+ };
+
+
+ shackdev = rec { # router@shack
+ cores = 1;
+ nets.wiregrill.ip4.addr = "10.244.245.2";
+ };
+
+ rockit = rec { # router@home
+ cores = 1;
+ nets.wiregrill.ip4.addr = "10.244.245.3";
+ };
+
+ senderechner = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.163";
+ };
+ };
+ };
+ };
+ users = rec {
+ makefu = {
+ mail = "makefu@x.r";
+ pubkey = pub-for "makefu.x";
+ pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
+ pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
+ };
+ makefu-omo = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.omo";
+ };
+ makefu-tsp = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.tsp";
+ };
+ makefu-vbob = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.vbob";
+ };
+ makefu-tempx = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.tempx";
+ };
+ makefu-android = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.android";
+ };
+ makefu-remote-builder = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.remote-builder";
+ };
+ makefu-bob = {
+ inherit (makefu) mail pgp;
+ pubkey = pub-for "makefu.bob";
+ };
+ };
+}
diff --git a/kartei/makefu/pgp/brain.asc b/kartei/makefu/pgp/brain.asc
new file mode 100644
index 000000000..739385a38
--- /dev/null
+++ b/kartei/makefu/pgp/brain.asc
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFXn/k4BEACmXMbhoAKsMC/gFqBrQq2mgvo8+FnUe4F6JznVh7NiPH0PUdDw
+jRnK2EEpD+NoDt3A0jtq6C+wnr1V+p/jYAPxRcvv8a7ym+xuA4sBIPrlW1fQIuWF
+EjYnUVnN16Qa1xJiQQyEDeleAxgg0luOdqBZ0myT84a9O0deN8JM+zwqT/+sLY9c
+2fVGNv496/mt7Ct294QbS6cfdR26r8PZ1Wfo8cr8UhFfFft0TE267HJdoJ8NBvH/
+BSEcoaS3kaxk2YyOdAJ1RgEoQY2w1/jeZv5IUyO7azAQUhbqBK7nVbgUd2l3nf4v
+qmgNvvtcAlccY6L2M8BR6TI4Yw2hfbLOHPVTNjFlMXXX/MDYFFF9+GqmYOjyy5dy
+8m4qA4ZEoHG9XT+xsZAsHJRFPBacSp2ydoVdlkJsEQnabb78NXLusgBBxhOmvVHe
+5SeIvsrpn83/aIeHpLUQbzUdK3osERZUBTp9Pr0+dB+UkqThjE3MPntKcawm4cGN
+dXY6iNXH4gGPOjb5ed0OzDiRS2bVyb0/F2wYXvIPE2e0CwJ0io2rRT410HfpFkWD
+OPENdlNYb6FCXc4fpGxdtFL0hE6RZqBvwQAN9iDkEj+DxEwUc+yyroFRI25y+T1z
+68T0xqVfKXUqcOmsACKtjlQ5QcikCj8kC9bNDln7v1Q9argSEJXJDdf3cwARAQAB
+tBhwdyB1c2VyIDxyb290QGxvY2FsaG9zdD6JAjgEEwECACIFAlXn/k4CGwMGCwkI
+BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDtOh4EJ4fmcIecP/1+HMD22wilyb3hQ
+QLKz+Wx37ZM6w0p9o0lMEeeUpcYPtWeVBqID6vxmqFwIOU5LtkHiE0yO8AcW7TYx
+14Ql3mPWd594fKXr04mN9RM9wTr09S0P4nqKuq0cR3x5s4C30DoKoUqt3ZKSZRW/
+4suhvebfYiTjlE5joH4lZy7bMaH2HpvLacZXGcyH7cmYfLuZekf1kNXRDh40IgrH
+uzsXFoflhLEZouKWiV3mWFo1iIckvTDrFNHuJj5oHP2D3J1RYdbPNP+5yOu/34mt
+wPK/R6MxXY+zKWZWU59Ll5nx+2wUkIP/MaE9Ubx1W0UdeB4In/Y/HhV2fwd9DFsq
+cbKofeDRblEdaaTjiqc1MjSxyhPplApgG4389gXX4vszAuyxBq6AecJobYkzmVek
+EOJVVqDFoT+a70p5hWMP5nQV7dE3jyy1esm6cjF9iv0cRf/GqZAIiNdeo9av56OO
+H5uwamTwcRrDsy4xWzowUfJDB+nJzlXw08aQRTfczCZ3n5hXvqqxuoweH08hfm/S
+oa0gU95mCkHYbscaxjXnkEgbuvCiVRhDqd8rZpi5WxNV63zHIaoeXIPVJH0zswIJ
+MT2LofWB8W8in48rmRvUdzZlm/++c/9+evNyNyAyOmdRk6fP0nHdRmuINyeKc67P
+0BrVstk/cywbNbpNBt+2uUJCemBBuQINBFXn/k4BEADQYsT81uL8XE9homHLRai0
+3Xo/gVe5lwXWouzzVImEQIICvmBCjdzA1nPfKvdBcFsBfOro6aefETq/cZeL16It
+zJKhh2HDJ/7oCuJM0OufkwoSBwJ4f0I+0zXsPZV0+P1ijPaKunYW+YpoFm3z8rLc
+iX/kxYRgo13jCNphL/TKOoq3ZTREzDcBk9QR8yLTV5i0j1qrlIsAx7iTv1jrC1L6
+fBZm40+wn0ahz9IgBWWv588i+1f7ekKQBYXi9n2+hSfMQ0ebhW14xG72eXDzV14Q
+Yra+FNMOCeKhmHH9PnVw0NkwRPbtL92ZySeFMHxhYnBPckqBUuEO12TXUMWA9fzj
+rpBjJWEtCRCeaSLAe5Nzleb09NKO3z4ghwedef/Cz8XZ+XDIpE/1yTQy0lSuLosw
+ScmwG9UPYxpWWqJmC+H6GQ0qQmCgmPYG8b20JvnqROmsLooC/xmf4seT8J+fYpKt
+fkQiuOd8RecW+1jyfr7qy2S3roNgNl7hyzlIHmtGnn3rYC4uCe4VjosvcPmnXP6N
+Jcck3dQnFxmE+/JS1zdH47nDGJsn5fFrArdfU9DLGjU/L7BJt99vIvif89B2FF/n
+0cR7bLeY72P1oJw+tgrsjo9uaS9u9vk/J8+Rhf3TIqbHfFh7/42sdkgk3Mqha+Bn
+wAOpUP3tjdDTwow9/2iYjQARAQABiQIfBBgBAgAJBQJV5/5OAhsMAAoJEDtOh4EJ
+4fmcTy8P/03eVL9GoarIjwRxYY8U23fU4xNIypkNrjspjJHVRcKJFCyA2/R9toKf
+0XGJIM2fwBo6beH0rinq8Xm8hrT/gFIWupuDLSTR/km0UD6CtfFOIt+5jw3c5mMR
+u9DbSWAiRYGzQKYYZUy5mdMG/kokDRSm5D0lO+YnLZtpECZn/Zi5rPKzbGyMus+a
+fm8a/eNko+Eg6j8FSYBm+d8SKYdoLJN3R7hYji7JuERMs+UZMsuriSAn2Af2Jn1I
+hc7fiwotrMdNifyWCtYqiFvcrsm8K8EC2J0KsieydBHwCuamlqTrjqVejbITD8Jl
+ghTGNHe/crP7/XKTjKva+1+VJAHDLylZgcArQSKa+SsWB/GoKB0x9UEWThJ1DLi4
+j2GhNlCIYZtPBQMu3+2btDj0A3IUQp4aW0nd5+0zz0H7JVrl+pI37uUxTiXCZG9X
+fjXrcP3niJhraHTG8mWD1v8+cG3NXpv/IZN82Z+sQlpabwjpybag2CeTfhEoFtEl
+V6ez9wpgBKeDsLDLOB8VRgpsikw9f6H8GAUZe2PjKUwiDtptqa37nU+3A6wPiO2s
+AWT/7D6vhMpDncp7E9DcsmsU9LNt7D+ISqi4uLKYJcfmqbJOui2YFo3zsYP8TqQD
+JTZ1lSpFpipJpi6mAzQUS4P3H+aUjeW/LWiSS/YNmGIOAUeB6Y3c
+=rEQB
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/kartei/makefu/pgp/default.asc b/kartei/makefu/pgp/default.asc
new file mode 100644
index 000000000..bc5c50b76
--- /dev/null
+++ b/kartei/makefu/pgp/default.asc
@@ -0,0 +1,64 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBE6quoQBEACemTuY0Ujeygxdyds3ugPbKuIsJMCQSdXAKsCkH4vV5qam8rQP
+AabpYyQfew9nCUCJa4NkKFrLnGz4d7rl1u5ihVqMctYeJqZdtX88DqqNKQXoqKQv
+crF5hcZmUtbGe5eyoMV55hiODPVPTVra6pbxWwhqa0pYeXEyDy1BPoqgcP0DUFho
+yBeoyw71ujgdJZvl5rq6ZVjTGuToNKHn5UBDMu6n0rl9Ha7ukL4Gx8hOhmK8yv87
+zuUzBRQkTgoC48JA3Bt0kb15ghbOV7D411ZhmhEqWwE/OBk3//6MOGu24Mm0OG8J
++tbEMysck0LYe5q5U/2cmGsqlwV6FXLmnPOj6H4XtdTBDVXo/Hp6A8mVR1sSDopc
+/2TnTwv0cdGOIS1CgxUc/qS6a8h+2UGaLSPnuPBWom163YbO/vgj8Th5q3N2DiRO
+EP+mGCKn1/cghU7WjMny8z59A7SeZ0rRN8KaMlFEZMlgtQf7/6EjL5Ulo5H0vb2m
+G5lAfW5xz55Y6M06sEl2wJ4pkgt+jeWRItKQvyqcdFEfiJfuP0+ESmQIMvz2ZnDC
+ZJzpmjP5uDwqu5THcTHvJ/ptSHRtXEiqqwrpQ0dqtwxLMJtIdgOohVoPAUNTTXcy
+XmL0qZsLFI2We2v0jgYMcYw1gswsksMLLmnVWlAsBqCALRyu4Ptxrkg9NwARAQAB
+tB5tYWtlZnUgPHJvb3RAc3ludGF4LWZlaGxlci5kZT6JAjgEEwECACIFAk6quoQC
+GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMk6uSvVJeKfr5UP/3vvBlZQ
+9DjLRBx9YUjbq34LDl/wdDX7Fwsdb+TccUiOgKW2RAXbdnff2r5VRn4VSDUYoFfN
+qtDrxKl04IWeVwiaTjCJdXp6veSpov5GcmARgPUow8v9Eu2gZw0o1LvW7NFP5e3u
+YxmSTrlVGZMTCkwIkYoaETseCE0qsahWD0zCM19rAEuTkwKOQo58mXFUzNq829Ex
+OAv4zIQE6V7SKKOZzXhvBu3s1ql1SDfmciaszMlwwPtwgFBkg1HrFvuimU7zqGkf
+wQpWt91j8kJZdAC8iUf/7UNh/VZu+n9jtmynunRrY2PgPh6LgeDmiaTbVfHX51/3
+R01dzzTk0dnqwosNoc1u8Xsb/rTs9LDsncteUGKgiEh+LRjouGGh/C1g58dkF0wP
+S00dgnEhI9d8ui/yTPa47l3zDSa/m6Nq6oEGVbZDivNDuTV1jfhrs0v3kx50aK0O
+y+exKMmgxoxeCMZs53iHXiXAcsHSj+Gue6W2jDvRjaPqfxnM3GNd7y9ix8IF43R6
+n1oAZo7zWA4a5iq8yvBTjKqyDJAKu8C4kYM/9FMJlDgUjWYvNI4BiG1iw0iGVAjt
+JHz/QEM/7Mg7fw1rtJB/A9ezLJGyiDcc5GwrLIVl6U8stNWF0ZqgtwWKF1lm0Faj
+mPRDdOVZNTPw61YNqHJGdHVBD0usx3Xg/4V6tC5GZWxpeCBSaWNodGVyIDxGZWxp
+eC5SaWNodGVyQHN5bnRheC1mZWhsZXIuZGU+iQI4BBMBAgAiBQJSpxSDAhsDBgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDJOrkr1SXin4w8D/9QY5oTvCmFERHR
+uUgGyU1hPomIE6RrSxoeqHsMUhUuqNeWYk0T/Oju/sZLlWUuBZHLTXeGPyFEe0/n
+6ys4cqTSwCKUdB0kQO3GAzPKGmC6C5trQaMpY+A6yVi3He6rN37+XjfjrY+o7Rbl
+s8K6S3jR/f/MSODjRnGNPTLsuDYKo+d4RwlWv2G+RFHueh4/aef0s3lzoDbmdJiW
+zXaTqiCKgG34GzQO4hs6MsyG9mJo05qXvMAGgCyRDJkbcmwjgQonlEi6TIJyQ3J2
+CNLrl2UW5eUFKnZbWGZYL7Ojsq0UnRna6z1L4sxk1kCLxn1Gz8RiisJ1bUOM85vZ
+dTyFTb9+iC43c2IbLpF139ic+hb6dYJC392cOwrT2UgfUuzqocY2V/HXjVsqsNtL
+t4tnoZkZhjFMaUe5FQbUYwtA2IqqrqD7iC7ULtclYa2tvW2HIAs4VjocWxfbgY4b
+He99Ma5xSNL171a34n2ZayjsI8cbYtHvVPTZ8Zs6xqsz8D+o+m0bBxGobOAkb6yN
+UUdZjo5Jdcr2AxAITEgzgzcWR0sCbn+6Jj7XJuz2SYEtOhZBrY7tONoOkrysCtJD
+fKOp2RCq60ZHMqoBTyyxtQ6LG/I0bZs7a2/6Wc3O3VhSIGgjSOan7N4G13CJqfFA
+FfMATGPnK+nYxmVAQ2VR0GxscvjdBLkCDQROqrqEARAAzYUNba4eFVDLlF2SzSra
+VMyV9eNBdi64tNQVTFDH+bj2KgcPKZXBUXDz+hizOb3jegaBojlbf6LYUgzQMQ96
+uHcE/mlBhtU1nUYKEH82kblA6UVOrtSyK/2MIX/aoK7C+pKFSIEkl2/V4NtPQ6Ay
+H+UQ8c6uOP6Z0raaawjZ/rzvxIlVPD0Ou0PtJf6l0UtMQRWpYcwNl3O6JgMFhqP4
+LipP40aYEuxr9RUynWBb8HzXj1R5imPgF+F47L8EPKDgIqEr6OLWigQ6pBpKM8xP
+lMQByGvv5Xi35rqMwn2porHwYE5BIUIQcSSSdhSxgwB0G/hlpucX7wtUMheAUFTj
+sVVK5jirMf30h4NUlpyO1hNblIM+oex96yir8PRZwQFkZ8CFeMDXjsNYUhcqyAJC
+Lr64XiaX7VdIshcIF07tC/Rjd7qKOs21phzIJ7FkYYFkhh607q6rzH7pBsnckJnX
+ydFIo412ig4dac2f2FSgZXPYyZ9T6y9raL3Aq1WigOncG+ajpN60/r1pXXggoIgr
+ZuSMXpklr3z7DZ+M5Vk7EjpTZqfUkcBuS9ObsfX/oIpVaY5MCZobjw4iBEee/t+f
+4YigdPTWWxoHA259S2dH3MdWzIH515VWjUD4E7Jf9iEoYygT98u3fV/1GHjBsQTg
+2CTXRCG3xpHnPliLvwkt6z8AEQEAAYkCHwQYAQIACQUCTqq6hAIbDAAKCRDJOrkr
+1SXin9vjD/46juH2MLa/iyXzbz4QxEHt5/USZ+RFh8Bt5iBEGVvKY97QlOJ6Eq8Z
+9BMA1z+QpdkU2Rx7H2l9ohA5Kznlz80KUGzkkEwCZTqycLLX2/oq825dqF0H6hJu
+9R95ltC8xIYvW0KPunnyU4HO+RyVM544vR1KKBTXV/+ojHD2BviDQ41bFNfYjo+N
+uInrJWCgsxAC1fhnxLjQH74BkBSMF0S85y68EnHbJ/4IAud24shb6blsF1Sjf1CK
+UX0ZWwbBWj7cMg0pfkczdl7Y7pHJqOr/UrC40jHVO4CX0JrxhOT7u4cvhv0E4Y3O
+y9+Js7+fM6Ua+YF6TuArOorOCH8vzx6xvM1AW2U5jS3iMglIi6fXEYRuQB9ygPTc
+wJ/ByBApEKC7O0kA0PhwEF4FTgZntThlaJ+2rsUseONAXqZTJaX+CXtQdw6IVa8n
+SmXN01YsZzW1qFhbBSYHowqbOxbW9WH0ObtL+bxfJbG8HrVoXZJ5pcytzIDsGbtE
+1M2AQPZ4CaaWDGEvnM3REo1OOAf3f4Vf9C59suPoKVWqalBb94AhQqka8nZ81jL9
+tXDt0Yuaj2xroCNstmRFOgXJBWWx59kVdU9yoC2K0AWNrMdHAuyevgscAHsKkXq5
+4C1xL0RuUlNZ1qcX7Ev7kcLJ1RxRyXZQCbpIUi+UAWuNgEwMEHo1eQ==
+=rHPd
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/kartei/makefu/retiolum/cake.pub b/kartei/makefu/retiolum/cake.pub
new file mode 100644
index 000000000..8a1e4b933
--- /dev/null
+++ b/kartei/makefu/retiolum/cake.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
+jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
+MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
+6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
+36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
+MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/kartei/makefu/retiolum/cake_ed25519.pub b/kartei/makefu/retiolum/cake_ed25519.pub
new file mode 100644
index 000000000..6c6bf2b33
--- /dev/null
+++ b/kartei/makefu/retiolum/cake_ed25519.pub
@@ -0,0 +1 @@
+zlfSyJdG7vJmvkk1Ul3ZXUix2YduFYUMhM89nRdy8aE
diff --git a/kartei/makefu/retiolum/crapi.pub b/kartei/makefu/retiolum/crapi.pub
new file mode 100644
index 000000000..c66f24882
--- /dev/null
+++ b/kartei/makefu/retiolum/crapi.pub
<