diff options
author | tv <tv@krebsco.de> | 2021-12-22 23:33:05 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2021-12-22 23:33:05 +0100 |
commit | 448cd3b9af9e39980676f8ade7e5fb80dbb58b9f (patch) | |
tree | ad3b7ccfb7107b0053ad2a80cbc2dd97a018e7a6 /krebs/3modules | |
parent | 2656cbf2a91f1f350e29e2ee2faa0bbe90f9b717 (diff) | |
parent | 576c05cf3a0ceddefa29c2d0073108177c3cfa52 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/buildbot/master.nix | 382 | ||||
-rw-r--r-- | krebs/3modules/buildbot/slave.nix | 186 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 219 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 132 | ||||
-rw-r--r-- | krebs/3modules/external/ssh/xkey.pub | 1 | ||||
-rw-r--r-- | krebs/3modules/iptables.nix | 38 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/realwallpaper.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/ssl.nix | 64 | ||||
-rw-r--r-- | krebs/3modules/tinc.nix | 12 |
12 files changed, 246 insertions, 799 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix deleted file mode 100644 index c30f31e31..000000000 --- a/krebs/3modules/buildbot/master.nix +++ /dev/null @@ -1,382 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -let - buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' - # -*- python -*- - from buildbot.plugins import * - import re - import json - c = BuildmasterConfig = {} - - c['slaves'] = [] - slaves = json.loads('${builtins.toJSON cfg.slaves}') - slavenames = [ s for s in slaves ] - for k,v in slaves.items(): - c['slaves'].append(buildslave.BuildSlave(k, v)) - - # TODO: configure protocols? - c['protocols'] = {'pb': {'port': 9989}} - - ####### Build Inputs - c['change_source'] = cs = [] - - ${ concatStringsSep "\n" - (mapAttrsToList (n: v: '' - #### Change_Source: Begin of ${n} - ${v} - #### Change_Source: End of ${n} - '') cfg.change_source )} - - ####### Build Scheduler - c['schedulers'] = sched = [] - - ${ concatStringsSep "\n" - (mapAttrsToList (n: v: '' - #### Schedulers: Begin of ${n} - ${v} - #### Schedulers: End of ${n} - '') cfg.scheduler )} - - ###### Builder - c['builders'] = bu = [] - - # Builder Pre: Begin - ${cfg.builder_pre} - # Builder Pre: End - - ${ concatStringsSep "\n" - (mapAttrsToList (n: v: '' - #### Builder: Begin of ${n} - ${v} - #### Builder: End of ${n} - '') cfg.builder )} - - - ####### Status - c['status'] = st = [] - - # If you want to configure this url, override with extraConfig - c['buildbotURL'] = "http://${config.networking.hostName}:${toString cfg.web.port}/" - - ${optionalString (cfg.web.enable) '' - from buildbot.status import html - from buildbot.status.web import authz, auth - authz_cfg=authz.Authz( - auth=auth.BasicAuth([ ("${cfg.web.username}","${cfg.web.password}") ]), - # TODO: configure harder - gracefulShutdown = False, - forceBuild = 'auth', - forceAllBuilds = 'auth', - pingBuilder = False, - stopBuild = 'auth', - stopAllBuilds = 'auth', - cancelPendingBuild = 'auth' - ) - # TODO: configure krebs.nginx - st.append(html.WebStatus(http_port=${toString cfg.web.port}, authz=authz_cfg)) - ''} - - ${optionalString (cfg.irc.enable) '' - from buildbot.status import words - irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}", - channels=${builtins.toJSON cfg.irc.channels}, - notify_events={ - 'started': 1, - 'success': 1, - 'failure': 1, - 'exception': 1, - 'successToFailure': 1, - 'failureToSuccess': 1, - }${optionalString cfg.irc.allowForce ",allowForce=True"}) - c['status'].append(irc) - ''} - - ${ concatStringsSep "\n" - (mapAttrsToList (n: v: '' - #### Status: Begin of ${n} - ${v} - #### Status: End of ${n} - '') cfg.status )} - - ####### PROJECT IDENTITY - c['title'] = "${cfg.title}" - c['titleURL'] = "http://krebsco.de" - - - ####### DB URL - # TODO: configure - c['db'] = { - 'db_url' : "sqlite:///state.sqlite", - } - ${cfg.extraConfig} - ''; - - cfg = config.krebs.buildbot.master; - - api = { - enable = mkEnableOption "Buildbot Master"; - title = mkOption { - default = "Buildbot CI"; - type = types.str; - description = '' - Title of the Buildbot Installation - ''; - }; - workDir = mkOption { - default = "/var/lib/buildbot/master"; - type = types.str; - description = '' - Path to build bot master directory. - Will be created on startup. - ''; - }; - - secrets = mkOption { - default = []; - type = types.listOf types.str; - example = [ "cac.json" ]; - description = '' - List of all the secrets in ‹secrets› which should be copied into the - buildbot master directory. - ''; - }; - - slaves = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Attrset of slavenames with their passwords - slavename = slavepassword - ''; - }; - - change_source = mkOption { - default = {}; - type = types.attrsOf types.str; - example = { - stockholm = '' - cs.append(changes.GitPoller( - 'http://cgit.gum/stockholm', - workdir='stockholm-poller', branch='master', - project='stockholm', - pollinterval=120)) - ''; - }; - description = '' - Attrset of all the change_sources which should be configured. - It will be directly included into the master configuration. - - At the end an change object should be appended to <literal>cs</literal> - ''; - }; - - scheduler = mkOption { - default = {}; - type = types.attrsOf types.str; - example = { - force-scheduler = '' - sched.append(schedulers.ForceScheduler( - name="force", - builderNames=["full-tests"])) - ''; - }; - description = '' - Attrset of all the schedulers which should be configured. - It will be directly included into the master configuration. - - At the end an change object should be appended to <literal>sched</literal> - ''; - }; - - builder_pre = mkOption { - default = ""; - type = types.lines; - example = '' - grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') - ''; - description = '' - some code before the builders are being assembled. - can be used to define functions used by multiple builders - ''; - }; - - builder = mkOption { - default = {}; - type = types.attrsOf types.str; - example = { - fast-test = '' - ''; - }; - description = '' - Attrset of all the builder which should be configured. - It will be directly included into the master configuration. - - At the end an change object should be appended to <literal>bu</literal> - ''; - }; - - status = mkOption { - default = {}; - type = types.attrsOf types.str; - description = '' - Attrset of all the extra status which should be configured. - It will be directly included into the master configuration. - - At the end an change object should be appended to <literal>st</literal> - - Right now IRC and Web status can be configured by setting - <literal>buildbot.master.irc.enable</literal> and - <literal>buildbot.master.web.enable</literal> - ''; - }; - - # Configurable Stati - web = mkOption { - default = {}; - type = types.submodule ({ config2, ... }: { - options = { - enable = mkEnableOption "Buildbot Master Web Status"; - username = mkOption { - default = "krebs"; - type = types.str; - description = '' - username for web authentication - ''; - }; - hostname = mkOption { - default = config.networking.hostName; - type = types.str; - description = '' - web interface Hostname - ''; - }; - password = mkOption { - default = "bob"; - type = types.str; - description = '' - password for web authentication - ''; - }; - port = mkOption { - default = 8010; - type = types.int; - description = '' - port for buildbot web status - ''; - }; - }; - }); - }; - - irc = mkOption { - default = {}; - type = types.submodule ({ config, ... }: { - options = { - enable = mkEnableOption "Buildbot Master IRC Status"; - channels = mkOption { - default = [ "nix-buildbot-meetup" ]; - type = with types; listOf str; - description = '' - irc channels the bot should connect to - ''; - }; - allowForce = mkOption { - default = false; - type = types.bool; - description = '' - Determines if builds can be forced via IRC - ''; - }; - nick = mkOption { - default = "nix-buildbot"; - type = types.str; - description = '' - nickname for IRC - ''; - }; - server = mkOption { - default = "irc.freenode.net"; - type = types.str; - description = '' - Buildbot Status IRC Server to connect to - ''; - }; - }; - }); - }; - - extraConfig = mkOption { - default = ""; - type = types.lines; - description = '' - extra config appended to the generated master.cfg - ''; - }; - }; - - imp = { - - users.extraUsers.buildbotMaster = { - uid = genid "buildbotMaster"; - group = "buildbotMaster"; - description = "Buildbot Master"; - home = cfg.workDir; - createHome = false; - isSystemUser = true; - }; - - users.extraGroups.buildbotMaster = { - gid = 672626386; - }; - - systemd.services.buildbotMaster = { - description = "Buildbot Master"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - # TODO: add extra dependencies to master like svn and cvs - path = [ pkgs.git ]; - environment = { - SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - }; - serviceConfig = let - workdir = shell.escape cfg.workDir; - secretsdir = shell.escape (toString <secrets>); - in { - PermissionsStartOnly = true; - # TODO: maybe also prepare buildbot.tac? - ExecStartPre = pkgs.writeDash "buildbot-master-init" '' - set -efux - if [ ! -e ${workdir} ];then - mkdir -p ${workdir} - ${pkgs.buildbot-classic}/bin/buildbot create-master -r -l 10 -f ${workdir} - fi - # always override the master.cfg - cp ${buildbot-master-config} ${workdir}/master.cfg - - # copy secrets - ${ concatMapStringsSep "\n" - (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets } - # sanity - ${pkgs.buildbot-classic}/bin/buildbot checkconfig ${workdir} - - # TODO: maybe upgrade? not sure about this - # normally we should write buildbot.tac by our own - # ${pkgs.buildbot-classic}/bin/buildbot upgrade-master ${workdir} - - chmod 700 ${workdir} - chown buildbotMaster:buildbotMaster -R ${workdir} - ''; - ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}"; - PrivateTmp = "true"; - User = "buildbotMaster"; - Restart = "always"; - RestartSec = "10"; - }; - }; - }; -in -{ - options.krebs.buildbot.master = api; - config = lib.mkIf cfg.enable imp; -} diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix deleted file mode 100644 index f97b50def..000000000 --- a/krebs/3modules/buildbot/slave.nix +++ /dev/null @@ -1,186 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import <stockholm/lib>; -let - buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' - import os - - from buildslave.bot import BuildSlave - from twisted.application import service - - basedir = '${cfg.workDir}' - rotateLength = 10000000 - maxRotatedFiles = 10 - - application = service.Application('buildslave') - - from twisted.python.logfile import LogFile - from twisted.python.log import ILogObserver, FileLogObserver - logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, - maxRotatedFiles=maxRotatedFiles) - application.setComponent(ILogObserver, FileLogObserver(logfile).emit) - - buildmaster_host = '${cfg.masterhost}' - # TODO: masterport? - port = 9989 - slavename = '${cfg.username}' - passwd = '${cfg.password}' - keepalive = 600 - usepty = 0 - umask = None - maxdelay = 300 - allow_shutdown = None - - ${cfg.extraConfig} - - s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir, - keepalive, usepty, umask=umask, maxdelay=maxdelay, - allow_shutdown=allow_shutdown) - s.setServiceParent(application) - ''; - default-packages = [ pkgs.git pkgs.bash ]; - cfg = config.krebs.buildbot.slave; - - api = { - enable = mkEnableOption "Buildbot Slave"; - - workDir = mkOption { - default = "/var/lib/buildbot/slave"; - type = types.str; - description = '' - Path to build bot slave directory. - Will be created on startup. - ''; - }; - - masterhost = mkOption { - default = "localhost"; - type = types.str; - description = '' - Hostname/IP of the buildbot master - ''; - }; - - username = mkOption { - type = types.str; - description = '' - slavename used to authenticate with master - ''; - }; - - password = mkOption { - type = types.str; - description = '' - slave password used to authenticate with master - ''; - }; - - contact = mkOption { - default = "nix slave <buildslave@${config.networking.hostName}>"; - type = types.str; - description = '' - contact to be announced by buildslave - ''; - }; - - description = mkOption { - default = "Nix Generated BuildSlave"; - type = types.str; - description = '' - description for hostto be announced by buildslave - ''; - }; - - packages = mkOption { - default = [ pkgs.git ]; - type = with types; listOf package; - description = '' - packages which should be in path for buildslave - ''; - }; - - extraEnviron = mkOption { - default = {}; - example = { - NIX_PATH = "nixpkgs=/path/to/my/nixpkgs"; - }; - type = types.attrsOf types.str; - description = '' - extra environment variables to be provided to the buildslave service - if you need nixpkgs, e.g. for running nix-shell you can set NIX_PATH here. - ''; - }; - - extraConfig = mkOption { - default = ""; - type = types.lines; - example = '' - port = 443 - keepalive = 600 - ''; - description = '' - extra config evaluated before calling BuildSlave init in .tac file - ''; - }; - }; - - imp = { - - users.extraUsers.buildbotSlave = { - uid = genid "buildbotSlave"; - group = "buildbotSlave"; - description = "Buildbot Slave"; - home = cfg.workDir; - createHome = false; - isSystemUser = true; - }; - - users.extraGroups.buildbotSlave = { - gid = 1408105834; - }; - - systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = { - description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = default-packages ++ cfg.packages; - - environment = { - SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - NIX_REMOTE="daemon"; - } // cfg.extraEnviron; - - serviceConfig = let - workdir = shell.escape cfg.workDir; - contact = shell.escape cfg.contact; - description = shell.escape cfg.description; - # TODO:make this - in { - PermissionsStartOnly = true; - Type = "forking"; - PIDFile = "${workdir}/twistd.pid"; - # TODO: maybe also prepare buildbot.tac? - ExecStartPre = pkgs.writeDash "buildbot-master-init" '' - set -efux - mkdir -p ${workdir}/info - cp ${buildbot-slave-init} ${workdir}/buildbot.tac - echo ${contact} > ${workdir}/info/admin - echo ${description} > ${workdir}/info/host - - chown buildbotSlave:buildbotSlave -R ${workdir} - chmod 700 ${workdir} - ''; - ExecStart = "${pkgs.buildbot-classic-slave}/bin/buildslave start ${workdir}"; - ExecStop = "${pkgs.buildbot-classic-slave}/bin/buildslave stop ${workdir}"; - PrivateTmp = "true"; - User = "buildbotSlave"; - Restart = "always"; - RestartSec = "10"; - }; - }; - }; -in -{ - options.krebs.buildbot.slave = api; - config = lib.mkIf cfg.enable imp; -} diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 50db0b971..822dbab61 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -39,148 +39,144 @@ let profileRoot = "/nix/var/nix/profiles/ci"; - imp = { - krebs.buildbot.master = { - slaves = { - testslave = "lasspass"; - }; + bcfg = config.services.buildbot-master; - change_source = mapAttrs' (name: repo: - nameValuePair name (concatMapStrings (url: '' - cs.append( - changes.GitPoller( - "${url}", - workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, - project='${name}', - pollinterval=100 - ) + imp = { + services.buildbot-master = { + workers = [ "worker.Worker('testworker', 'pass')" ]; + + changeSource = mapAttrsToList (name: repo: + concatMapStringsSep "," (url: '' + changes.GitPoller( + "${url}", + workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, + project='${name}', + pollinterval=100 ) - '') repo.urls) + '') repo.urls ) cfg.repos; - scheduler = mapAttrs' (name: repo: - nameValuePair name '' - sched.append( - schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter( - branch_re=".*", - project='${name}', - ), - treeStableTimer=60, - name="${name}-all-branches", - builderNames=[ - "${name}", - ] - ) - ) - sched.append( - schedulers.ForceScheduler( - name="${name}", - builderNames=[ - "${name}", - ] - ) - ) - '' - ) cfg.repos; - builder_pre = '' - from buildbot import interfaces - from buildbot.steps.shell import ShellCommand + schedulers = mapAttrsToList (name: repo: '' + schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter( + branch_re=".*", + project='${name}', + ), + treeStableTimer=60, + name="${name}-all-branches", + builderNames=[ + "${name}", + ] + ), + schedulers.ForceScheduler( + name="${name}", + builderNames=[ + "${name}", + ] + ) + '') cfg.repos; + + builders = []; - class StepToStartMoreSteps(ShellCommand): + extraConfig = '' + # https://docs.buildbot.net/latest/manual/configuration/buildfactories.html + from buildbot.plugins import util, steps + from buildbot.process import buildstep, logobserver + from twisted.internet import defer + import json + + class GenerateStagesCommand(buildstep.ShellMixin, steps.BuildStep): def __init__(self, **kwargs): - ShellCommand.__init__(self, **kwargs) - - def addBuildSteps(self, steps_factories): - for sf in steps_factories: - step = interfaces.IBuildStepFactory(sf).buildStep() - step.setBuild(self.build) - step.setBuildSlave(self.build.slavebuilder.slave) - step_status = self.build.build_status.addStepWithName(step.name) - step.setStepStatus(step_status) - self.build.steps.append(step) - - def start(self): - props = self.build.getProperties() - new_steps = json.loads(props.getProperty('steps_json')) - for new_step in new_steps: - self.addBuildSteps([steps.ShellCommand( - name=str(new_step), - command=[ - "${pkgs.writeDash "build-stepper.sh" '' + kwargs = self.setupShellMixin(kwargs) + super().__init__(**kwargs) + self.observer = logobserver.BufferLogObserver() + self.addLogObserver('stdio', self.observer) + + def extract_stages(self, stdout): + stages = json.loads(stdout) + return stages + + @defer.inlineCallbacks + def run(self): + # run nix-instanstiate to generate the dict of stages + cmd = yield self.makeRemoteShellCommand() + yield self.runCommand(cmd) + + # if the command passes extract the list of stages + result = cmd.results() + if result == util.SUCCESS: + # create a ShellCommand for each stage and add them to the build + stages = self.extract_stages(self.observer.getStdout()) + self.build.addStepsAfterCurrentStep([ + steps.ShellCommand( + name=stage, + env=dict( + build_name = stage, + build_script = stages[stage], + ), + command="${pkgs.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") if [ -n "$result" ]; then ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" fi - ''}" - ], - env={ - "build_name": new_step, - "build_script": new_steps[new_step], - "NIX_REMOTE": "daemon", - "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", - }, - timeout=90001, - workdir='build', # TODO figure out why we need this? - )]) - - ShellCommand.start(self) + ''}", + ) for stage in stages + ]) - ''; + return result - builder = mapAttrs' (name: repo: - nameValuePair name '' - f_${name} = util.BuildFactory() - f_${name}.addStep(steps.Git( + + ${concatStringsSep "\n" (mapAttrsToList (name: repo: '' + factory_${name} = util.BuildFactory() + factory_${name}.addStep(steps.Git( repourl=util.Property('repository', '${head repo.urls}'), method='clobber', mode='full', submodules=True, )) - f_${name}.addStep(steps.SetPropertyFromCommand( + factory_${name}.addStep(GenerateStagesCommand( env={ - "NIX_REMOTE": "daemon", - "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", + "NIX_REMOTE": "daemon", + "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", }, - name="get_steps", - command=["${getJobs}"], - extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout }, + name="Generate build stages", + command=[ + "${getJobs}" + ], + haltOnFailure=True, )) - f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here - bu.append( + c['builders'].append( util.BuilderConfig( name="${name}", - slavenames=slavenames, - factory=f_${name} + workernames=['testworker'], + factory=factory_${name} ) ) - '' - ) cfg.repos; + '') cfg.repos)} + ''; enable = true; - web.enable = true; - irc = { - enable = true; - nick = "build|${hostname}"; - server = "irc.r"; - channels = [ "xxx" "noise" ]; - allowForce = true; - }; - extraConfig = '' - c['buildbotURL'] = "http://build.${hostname}.r/" - ''; + reporters = ['' + reporters.IRC( + host = "irc.r", + nick = "buildbot|${hostname}", + notify_events = [ 'started', 'finished', 'failure', 'success', 'exception', 'problem' ], + channels = [{"channel": "#xxx"}], + ) + '']; + + buildbotUrl = "http://build.${hostname}.r/"; }; - krebs.buildbot.slave = { + services.buildbot-worker = { enable = true; - masterhost = "localhost"; - username = "testslave"; - password = "lasspass"; - packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; + workerUser = "testworker"; + workerPass = "pass"; + packages = with pkgs; [ git gnutar gzip jq nix populate ]; }; system.activationScripts.buildbots-nix-profile = '' @@ -192,11 +188,10 @@ let users = { groups.buildbots.gid = genid "buildbots"; users = { - buildbotMaster.extraGroups = [ "buildbots" ]; - buildbotSlave.extraGroups = [ "buildbots" ]; + buildbot.extraGroups = [ "buildbots" ]; + bbworker.extraGroups = [ "buildbots" ]; }; }; }; in out - diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7b6639212..2772d8d37 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -13,8 +13,6 @@ let ./bepasty-server.nix ./bindfs.nix ./brockman.nix - ./buildbot/master.nix - ./buildbot/slave.nix ./build.nix ./cachecache.nix ./ci.nix @@ -50,6 +48,7 @@ let ./secret.nix ./setuid.nix ./shadow.nix + ./ssl.nix ./sync-containers.nix ./tinc.nix ./tinc_graphs.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index fe572f2ae..91ce66742 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -754,7 +754,9 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; - xkey = {}; + xkey = { + pubkey = ssh-for "xkey"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 0e6812a35..3c76a372c 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -19,10 +19,6 @@ in { aliases = [ "amy.i" ]; }; retiolum = { - addrs = [ - config.krebs.hosts.amy.nets.retiolum.ip4.addr - config.krebs.hosts.amy.nets.retiolum.ip6.addr - ]; ip4.addr = "10.243.29.181"; aliases = [ "amy.r" ]; tinc.pubkey = '' @@ -53,10 +49,6 @@ in { aliases = [ "clara.i" ]; }; retiolum = { - addrs = [ - config.krebs.hosts.clara.nets.retiolum.ip4.addr - config.krebs.hosts.clara.nets.retiolum.ip6.addr - ]; ip4.addr = "10.243.29.182"; aliases = [ "clara.r" ]; tinc.pubkey = '' @@ -130,10 +122,6 @@ in { }; retiolum = { via = internet; - addrs = [ - config.krebs.hosts.donna.nets.retiolum.ip4.addr - config.krebs.hosts.donna.nets.retiolum.ip6.addr - ]; ip4.addr = "10.243.29.180"; aliases = [ "donna.r" ]; tinc.pubkey = '' @@ -159,10 +147,6 @@ in { owner = config.krebs.users.mic92; nets = rec { retiolum = { - addrs = [ - config.krebs.hosts.herbert.nets.retiolum.ip4.addr - config.krebs.hosts.herbert.nets.retiolum.ip6.addr - ]; ip4.addr = "10.243.29.177"; aliases = [ "herbert.r" ]; tinc.pubkey = '' @@ -178,40 +162,6 @@ in { }; }; }; - eddie = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eddie.nets.retiolum.ip4.addr - config.krebs.hosts.eddie.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.170"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPs |