summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-06-25 19:21:20 +0200
committertv <tv@krebsco.de>2019-06-25 20:16:12 +0200
commit8c667f09c0e6e412283c8d7982a7112123ba5c0c (patch)
tree983c08ee1f2e73fe6b3680a9fbf71866bb4ac173 /krebs/3modules
parentd343910e98736a94431fcac3da21274d2ecec449 (diff)
parent153505206cba1896685bf1fd7252cffeae19e290 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/external/default.nix37
-rw-r--r--krebs/3modules/external/palo.nix6
-rw-r--r--krebs/3modules/external/ssh/0x4a6f.pub1
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--krebs/3modules/makefu/default.nix24
-rw-r--r--krebs/3modules/makefu/wiregrill/gum.pub2
-rw-r--r--krebs/3modules/makefu/wiregrill/rockit.pub1
-rw-r--r--krebs/3modules/mb/default.nix54
-rw-r--r--krebs/3modules/syncthing.nix45
9 files changed, 146 insertions, 25 deletions
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 080c259aa..ac656f463 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -43,6 +43,31 @@ in {
};
};
};
+ wilde = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.4";
+ aliases = [ "wilde.r" ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk
+ g/V58MATljj+2bmOuOuPui/AUYHEZX759lHW4MgLjYdNbZEoVq8UgkxNk0KPGlSg
+ 2lsJ7FneCU7jBSE2iLT1aHuNFFa56KzSThFUl6Nj6Vyg5ghSmDF2tikurtG2q+Ay
+ uxf5/yEhFUPc1ZxmvJDqVHMeW5RZkuKXH00C7yN+gdcPuuFEFq+OtHNkBVmaxu7L
+ a8Q6b/QbrwQJAR9FAcm5WSQIj2brv50qnD8pZrU4loVu8dseQIicWkRowC0bzjAo
+ IHZTbF/S+CK0u0/q395sWRQJISkD+WAZKz5qOGHc4djJHBR3PWgHWBnRdkYqlQYM
+ C9zA/n4I+Y2BEfTWtgkD2g0dDssNGP5dlgFScGmRclR9pJ/7dsIbIeo9C72c6q3q
+ sg0EIWggQ8xyWrUTXIMoDXt37htlTSnTgjGsuwRzjotAEMJmgynWRf3br3yYChrq
+ 10Exq8Lej+iOuKbdAXlwjKEk0qwN7JWft3OzVc2DMtKf7rcZQkBoLfWKzaCTQ4xo
+ 1Y7d4OlcjbgrkLwHltTaShyosm8kbttdeinyBG1xqQcK11pMO43GFj8om+uKrz57
+ lQUVipu6H3WIVGnvLmr0e9MQfThpC1em/7Aq2exn1JNUHhCdEho/mK2x/doiiI+0
+ QAD64zPmuo9wsHnSMR2oKs0CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
@@ -241,6 +266,13 @@ in {
};
};
};
+ rilke = {
+ owner = config.krebs.users.kmein;
+ nets.wiregrill = {
+ aliases = [ "rilke.w" ];
+ wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
+ };
+ };
rock = {
owner = config.krebs.users.Mic92;
nets = {
@@ -487,10 +519,13 @@ in {
mail = "shackspace.de@myvdr.de";
pubkey = ssh-for "ulrich";
};
+ "0x4a6f" = {
+ mail = "0x4a6f@shackspace.de";
+ pubkey = ssh-for "0x4a6f";
+ };
miaoski = {
};
filly = {
};
};
}
-
diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix
index cefac0959..05808714c 100644
--- a/krebs/3modules/external/palo.nix
+++ b/krebs/3modules/external/palo.nix
@@ -34,7 +34,10 @@ in {
retiolum = {
ip4.addr = "10.243.23.3";
tinc.port = 720;
- aliases = [ "kruck.r" ];
+ aliases = [
+ "kruck.r"
+ "video.kruck.r"
+ ];
tinc.pubkey = tinc-for "palo";
};
};
@@ -49,6 +52,7 @@ in {
tinc.pubkey = tinc-for "palo";
};
};
+ syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ";
};
workhorse = {
owner = config.krebs.users.palo;
diff --git a/krebs/3modules/external/ssh/0x4a6f.pub b/krebs/3modules/external/ssh/0x4a6f.pub
new file mode 100644
index 000000000..1ea084bad
--- /dev/null
+++ b/krebs/3modules/external/ssh/0x4a6f.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMoQSUz0wcV8tnTKsYO3sO6XG6EHap8R63ihfMHkxPS
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 41f3852b9..f4c8f5c6a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -35,6 +35,7 @@ in {
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index b38c9104f..601762b93 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -143,11 +143,19 @@ in {
ci = true;
cores = 4;
nets = {
+ lan = {
+ ip4.addr = "192.168.8.11";
+ aliases = [
+ "wbob.lan"
+ "log.wbob.lan"
+ ];
+ };
retiolum = {
ip4.addr = "10.243.214.15";
aliases = [
"wbob.r"
"hydra.wbob.r"
+ "log.wbob.r"
];
};
};
@@ -182,6 +190,7 @@ in {
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
+ mediengewitter IN CNAME over.dose.io.
'';
};
cores = 8;
@@ -196,13 +205,13 @@ in {
};
wiregrill = {
via = internet;
+ ip4.addr = "10.244.245.1";
ip6.addr = w6 "1";
- wireguard = {
- subnets = [
- (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+ wireguard.port = 51821;
+ wireguard.subnets = [
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
- ];
- };
+ "10.244.245.0/24" # required for routing directly to gum via rockit
+ ];
};
retiolum = {
via = internet;
@@ -247,7 +256,6 @@ in {
cores = 1;
extraZones = {
"krebsco.de" = ''
- mediengewitter IN A ${nets.internet.ip4.addr}
flap IN A ${nets.internet.ip4.addr}
'';
};
@@ -281,6 +289,10 @@ in {
};
};
};
+ rockit = rec { # router@home
+ cores = 1;
+ nets.wiregrill.ip4.addr = "10.244.245.2";
+ };
senderechner = rec {
cores = 2;
diff --git a/krebs/3modules/makefu/wiregrill/gum.pub b/krebs/3modules/makefu/wiregrill/gum.pub
index 4a5f666cc..67d6c7216 100644
--- a/krebs/3modules/makefu/wiregrill/gum.pub
+++ b/krebs/3modules/makefu/wiregrill/gum.pub
@@ -1 +1 @@
-yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=
+A7UPKSUaCZaJ9hXv6X4jvcZ+5X+PlS1EmCwxlLBAKH0=
diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub
new file mode 100644
index 000000000..6cb0d960d
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/rockit.pub
@@ -0,0 +1 @@
+YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix
index c98db4b27..e77811f08 100644
--- a/krebs/3modules/mb/default.nix
+++ b/krebs/3modules/mb/default.nix
@@ -3,7 +3,6 @@ with import <stockholm/lib>;
hostDefaults = hostName: host: flip recursiveUpdate host {
ci = true;
- monitoring = true;
owner = config.krebs.users.mb;
};
@@ -63,6 +62,59 @@ in {
};
};
};
+ gr33n = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.42.123";
+ aliases = [
+ "gr33n.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8
+ kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M
+ JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P
+ OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO
+ ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt
+ JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd
+ I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ
+ 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X
+ s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH
+ oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6
+ Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV
+ jtTSbSJHU5esECtAuXy1XH8CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ sunsh1n3 = {
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.42.142";
+ aliases = [
+ "sunsh1n3.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf
+ QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU
+ pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz
+ idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf
+ 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5
+ yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD
+ /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY
+ Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy
+ LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj
+ 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H
+ C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU
+ 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = {
mb = {
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index f653f7fa5..939c8fddf 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -24,7 +24,7 @@ let
getApiKey = pkgs.writeDash "getAPIKey" ''
${pkgs.libxml2}/bin/xmllint \
--xpath 'string(configuration/gui/apikey)'\
- ${scfg.dataDir}/config.xml
+ ${scfg.configDir}/config.xml
'';
updateConfig = pkgs.writeDash "merge-syncthing-config" ''
@@ -47,14 +47,20 @@ let
}
old_config=$(_curl /system/config)
- patch=${shell.escape (toJSON {
+ new_config=${shell.escape (toJSON {
inherit devices folders;
})}
new_config=$(${pkgs.jq}/bin/jq -en \
--argjson old_config "$old_config" \
- --argjson patch "$patch" \
+ --argjson new_config "$new_config" \
'
- $old_config * $patch
+ $old_config * $new_config
+ ${optionalString (!kcfg.overridePeers) ''
+ * { devices: $old_config.devices }
+ ''}
+ ${optionalString (!kcfg.overrideFolders) ''
+ * { folders: $old_config.folders }
+ ''}
'
)
echo $new_config | _curl /system/config -d @-
@@ -68,11 +74,6 @@ in
enable = mkEnableOption "syncthing-init";
- id = mkOption {
- type = types.str;
- default = config.krebs.build.host.name;
- };
-
cert = mkOption {
type = types.nullOr types.absolute-pathname;
default = null;
@@ -83,6 +84,13 @@ in
default = null;
};
+ overridePeers = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to delete the peers which are not configured via the peers option
+ '';
+ };
peers = mkOption {
default = {};
type = types.attrsOf (types.submodule ({
@@ -103,6 +111,13 @@ in
}));
};
+ overrideFolders = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Whether to delete the folders which are not configured via the peers option
+ '';
+ };
folders = mkOption {
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
@@ -163,14 +178,14 @@ in
systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
preStart = ''
${optionalString (kcfg.cert != null) ''
- cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem
- chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem
- chmod 400 ${scfg.dataDir}/cert.pem
+ cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem
+ chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem
+ chmod 400 ${scfg.configDir}/cert.pem
''}
${optionalString (kcfg.key != null) ''
- cp ${toString kcfg.key} ${scfg.dataDir}/key.pem
- chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem
- chmod 400 ${scfg.dataDir}/key.pem
+ cp ${toString kcfg.key} ${scfg.configDir}/key.pem
+ chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem
+ chmod 400 ${scfg.configDir}/key.pem
''}
'';
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 09:37:35 +0000