diff options
author | makefu <github@syntax-fehler.de> | 2023-09-28 23:22:59 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-09-28 23:22:59 +0200 |
commit | 2db6777b7caa37477c5ffddd99d69b2f2c6d9d7f (patch) | |
tree | a72905fad73089b7ab295a948eda837bad013362 /kartei | |
parent | 29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (diff) | |
parent | 0215fbddccf206801d94f52518cbfec91ccc3cc5 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'kartei')
-rw-r--r-- | kartei/Ra33it0/default.nix | 30 | ||||
-rw-r--r-- | kartei/berber/default.nix | 30 | ||||
-rw-r--r-- | kartei/krebs/default.nix | 1 | ||||
-rw-r--r-- | kartei/lass/echelon.nix | 42 | ||||
-rw-r--r-- | kartei/lass/prism.nix | 3 | ||||
-rw-r--r-- | kartei/lass/yellow.nix | 1 | ||||
-rw-r--r-- | kartei/makefu/default.nix | 2 | ||||
-rw-r--r-- | kartei/tv/default.nix | 2 | ||||
-rw-r--r-- | kartei/tv/hosts/alnus.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/au.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/bu.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/mu.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/nomic.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/querel.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/ru.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/xu.nix | 1 | ||||
-rw-r--r-- | kartei/tv/hosts/zu.nix | 1 | ||||
-rw-r--r-- | kartei/xkey/default.nix | 59 |
18 files changed, 89 insertions, 90 deletions
diff --git a/kartei/Ra33it0/default.nix b/kartei/Ra33it0/default.nix new file mode 100644 index 000000000..64e40182a --- /dev/null +++ b/kartei/Ra33it0/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; +in { + users.Ra33it0 = { + mail = "Ra33it0@posteo.net"; + }; + hosts.DUMMYHOST = { + owner = config.krebs.users.Ra33it0; + nets.retiolum = { + aliases = [ "Ra33it0.Ra33it0.r" ]; + ip6.addr = (slib.krebs.genipv6 "retiolum" "Ra33it0" { hostName = "unispore"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA6Cb+b+snYpsQv1J0yMPSL4P0iKs2EkDtqtt6kBOvqFTr2lRB2thp +mu9fRbz/CFmcvFXoEMWQEEkKcyhgJEola2+7Ra49iMNX55o/I0iZ499ZI5rIK/JG ++A60ijPCh5TSGYIMiD7VWRsxoAtzB1DZ6n4z94KN0wQB5dXKuLPjk/TDfJPuzMrS +J5k9uSyBKcRdW2iop78wNOnYO8NVd9wr6odUBc/L5J0krDU2gLGRGJGDfoW4zfly +5DwtY58DBCZS7uFAymKBdvEBUzj7/wD0B2Jfq/EUOdEKeFbP2G4fdOTQBuXGDqMi +dqufCy2cK3AOi5l3VaC2LfkCMztRBPzryY8+EcfjgqENBPCx55GBZDrtn/W+29S7 +ynMfI+1e8TntpFGLhuJXyl9//rG68tvYUED5MQ98OXViiffW7lBo7i5TCck3f9Cv +CWYM/HzSffzztK8bF0DwhdWzjtNcwZ05XfA2krGZyMj9UxpwN84o1syCnnYC1Xzg +4r48fUhubXXE4SbdnN68pCNCct9DT8exPeYeJL2FHi6s+EsfBY+NGEAaQGJTeQEW +zUSnX/txoZV6xGUKZ4iOgfQ4MBCVVdtPAaurNP/esVwOr0WF0DTuBDPGBaOqo+Us +Ef5cREwrCE8nEY8tu3xl4M9iuCTwBuT79YFhfNI3jr1lcg6f8wGaTYsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "cFCAfLbDYv/Ty3m34aHgHr1dXGp2DSwfP0K7GG1TA7D"; + }; + }; +} diff --git a/kartei/berber/default.nix b/kartei/berber/default.nix new file mode 100644 index 000000000..e4084054a --- /dev/null +++ b/kartei/berber/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: let + slib = import ../../lib/pure.nix { inherit lib; }; +in { + users.berber = { + mail = "berber@zmberber.com"; + }; + hosts.schlepptop = { + owner = config.krebs.users.berber; + nets.retiolum = { + aliases = [ "schlepptop.berber.r" ]; + ip6.addr = (slib.krebs.genipv6 "retiolum" "berber" { hostName = "schlepptop"; }).address; + tinc.pubkey = '' +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAsotvQWb0zgZzHQheM2LBMCyxYZ4JqWcpLkfz8nvLJl6wktEWz8IH +7hkc9qjrvR0jLecO79PzFaF9n6h47OBMhJC2BzJJJys0iiOUcjWpMtLGUZTy2M83 +Wtfz8YuY0zMJmnt63cVFpEsorj2v99YmYxQww8IU1iSpxotNx1hED/3dEN44qqlL +/aYRrnuFb/UOMxTcanpezJRqgqQpXBmlXYM0uE/uqUOWxHpWtQB5DsMf3s3YET/j +N7yp8DStlAqRruWS52GtWqnqXTgRBjqcIdGvmSRP0ZsHEEXk7du7icAlo1ZdGDQ1 +BXo1LTeiKr7Ujb7f5Kz/aq0+xZsODXVjYwiS5ZuZvHO+YD0/eDD4YwQyCovJDNRS +1GEkOBcE3acVn55ygg27PiRdm4FLbPoEL8t6CpgUCFVt1LTuuu/h++8WrbR4ggVp +A8/5xmcUPd0DtWk9Uj++3ZW1PmPLnMtTFuUSkzLv1rdfCHgtQbTcTSEXByaizKlp +CZdCSZjQnycBhPRW56ySWX3du38MNeAAlwGfXUjt4lOQsFiPs55MAedN9/JoTQCp +2uJ+oy2I2zPWxt03e/3WW8eD0csTiSA4c/KRCtHKr9DCaT83Lmal52ztwmxzXhzU +Aa8Zk+rzxj+e48Lab8COzOuqUyWYruxsFoM4BumEfmNOBrkXKCPjVokCAwEAAQ== +-----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "soXXSBhFM1/V7otecSzUIwTT4Zpn4DLyJ5B5p7Euz/B"; + }; + }; +} diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index bbf6a74f8..6c5c86ead 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -77,6 +77,7 @@ in { aliases = [ "hotdog.r" "agenda.r" + "bedge.r" "kri.r" "build.r" "build.hotdog.r" diff --git a/kartei/lass/echelon.nix b/kartei/lass/echelon.nix deleted file mode 100644 index d66033ba4..000000000 --- a/kartei/lass/echelon.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ r6, w6, ... }: -{ - nets = { - retiolum = { - ip4.addr = "10.243.0.3"; - ip6.addr = r6 "4"; - aliases = [ - "echelon.r" - ]; - tinc = { - pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp - 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A - MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe - UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V - rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez - gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO - c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna - dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze - ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D - KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq - GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr - 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ== - -----END PUBLIC KEY----- - ''; - pubkey_ed25519 = "LgJ7+/sq7t+Ym/DjJrWesIpUw1Lw7bxPi0XFHtsVWLB"; - }; - }; - wiregrill = { - ip6.addr = w6 "3"; - aliases = [ - "echelon.w" - ]; - wireguard.pubkey = '' - SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc= - ''; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; - syncthing.id = "TT4MBZS-YNDZUYO-Y6L4GOK-5IYUCXY-2RKFOSK-5SMZYSR-5QMOXSS-6DNJIAZ"; -} diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index ecb56264f..a44e120b2 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -37,6 +37,8 @@ rec { mail 60 IN A ${nets.internet.ip4.addr} mail 60 IN AAAA ${nets.internet.ip6.addr} flix 60 IN A ${nets.internet.ip4.addr} + flex 60 IN A ${nets.internet.ip4.addr} + flux 60 IN A ${nets.internet.ip4.addr} testing 60 IN A ${nets.internet.ip4.addr} schrott 60 IN A ${nets.internet.ip4.addr} ''; @@ -66,7 +68,6 @@ rec { "cache.prism.r" "cgit.prism.r" "bota.r" - "flix.r" "paste.r" "c.r" "p.r" diff --git a/kartei/lass/yellow.nix b/kartei/lass/yellow.nix index b9dcb008c..1873e02dc 100644 --- a/kartei/lass/yellow.nix +++ b/kartei/lass/yellow.nix @@ -7,6 +7,7 @@ aliases = [ "yellow.r" "jelly.r" + "flix.r" "radar.r" "sonar.r" "transmission.r" diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 646e6a834..785ec14eb 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -51,7 +51,7 @@ ssh.pubkey = readFile pubkey-path; # We assume that if the sshd pubkey exits then there must be a privkey in # the screts store as well - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.privkey.path = "${config.krebs.secret.directory}/ssh_host_ed25519_key"; }) host ]; diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix index 2f23324cc..e81bdd32b 100644 --- a/kartei/tv/default.nix +++ b/kartei/tv/default.nix @@ -43,7 +43,7 @@ in { }) (host: mkIf (host.config.ssh.pubkey != null) { ssh.privkey = mapAttrs (const mkDefault) { - path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}"; + path = "${config.krebs.secret.directory}/ssh.id_${host.config.ssh.privkey.type}"; type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey)); }; }) diff --git a/kartei/tv/hosts/alnus.nix b/kartei/tv/hosts/alnus.nix index e66236f1f..099f3c741 100644 --- a/kartei/tv/hosts/alnus.nix +++ b/kartei/tv/hosts/alnus.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.21.1"; diff --git a/kartei/tv/hosts/au.nix b/kartei/tv/hosts/au.nix index 44279b687..c897f9cb1 100644 --- a/kartei/tv/hosts/au.nix +++ b/kartei/tv/hosts/au.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.39"; diff --git a/kartei/tv/hosts/bu.nix b/kartei/tv/hosts/bu.nix index cbdf5af22..ca544c912 100644 --- a/kartei/tv/hosts/bu.nix +++ b/kartei/tv/hosts/bu.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.36"; diff --git a/kartei/tv/hosts/mu.nix b/kartei/tv/hosts/mu.nix index e10694ec1..4fb7165f6 100644 --- a/kartei/tv/hosts/mu.nix +++ b/kartei/tv/hosts/mu.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.20.1"; diff --git a/kartei/tv/hosts/nomic.nix b/kartei/tv/hosts/nomic.nix index 7c46dc40a..ebb0edcf5 100644 --- a/kartei/tv/hosts/nomic.nix +++ b/kartei/tv/hosts/nomic.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.0.110"; diff --git a/kartei/tv/hosts/querel.nix b/kartei/tv/hosts/querel.nix index 6b9b9881b..805eeab94 100644 --- a/kartei/tv/hosts/querel.nix +++ b/kartei/tv/hosts/querel.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.22.22"; diff --git a/kartei/tv/hosts/ru.nix b/kartei/tv/hosts/ru.nix index 334df5d07..d1a2be276 100644 --- a/kartei/tv/hosts/ru.nix +++ b/kartei/tv/hosts/ru.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.42"; diff --git a/kartei/tv/hosts/xu.nix b/kartei/tv/hosts/xu.nix index e943915e4..7361092b7 100644 --- a/kartei/tv/hosts/xu.nix +++ b/kartei/tv/hosts/xu.nix @@ -2,7 +2,6 @@ binary-cache = { pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s="; }; - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.38"; diff --git a/kartei/tv/hosts/zu.nix b/kartei/tv/hosts/zu.nix index 91270d57e..c40de32a1 100644 --- a/kartei/tv/hosts/zu.nix +++ b/kartei/tv/hosts/zu.nix @@ -1,5 +1,4 @@ { - ci = true; nets = { retiolum = { ip4.addr = "10.243.13.40"; diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix index 153f75aa8..370d583e2 100644 --- a/kartei/xkey/default.nix +++ b/kartei/xkey/default.nix @@ -28,17 +28,34 @@ in }; hosts = mapAttrs hostDefaults { aland = { - nets.wiregrill = { - ip4.addr = "10.244.12.34"; - aliases = [ "aland.xkey.w" ]; - wireguard.pubkey = "m2IymGYQiRma2cyZbwRsOw1rCpB5ZdFkfYII1hnHzGE="; + nets = { + retiolum = { + ip4.addr = "10.243.23.42"; + aliases = [ "aland.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd + B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb + HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 + Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD + lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW + +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs + 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 + vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx + HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ + XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 + yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; + }; }; }; catalonia = { nets = { retiolum = { ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.xkey.r" ]; + aliases = [ "catalonia.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y @@ -58,41 +75,11 @@ in }; }; }; - cybercube = { - nets.wiregrill = { - aliases = [ "cybercube.xkey.w" ]; - wireguard.pubkey = "ZPOCyThKQUlR/gPFWoJ4XICHYFMNtI70XH+y5v2f6VQ="; - }; - }; - rojava = { - nets = { - retiolum = { - ip4.addr = "10.243.23.42"; - aliases = [ "rojava.xkey.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd - B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb - HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 - Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD - lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW - +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs - 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 - vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx - HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ - XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 - yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; - }; - }; - }; sicily = { nets = { retiolum = { ip4.addr = "10.243.161.1"; - aliases = [ "sicily.xkey.r" "mukke.r" "bie.r" ]; + aliases = [ "sicily.r" "mukke.r" "bie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg |