summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2019-04-02 19:38:35 +0200
committerjeschli <jeschli@gmail.com>2019-04-02 19:38:35 +0200
commitf8b88080d5bb27e4a6b35b26d6036de40517ba57 (patch)
treef8a077997ca889950daa0cb5ec11cc486f420bbe /krebs/3modules
parent17712c90772d68f174f579e570fa23a8fa674245 (diff)
parent6654f03b09b7b80e3ee6339c92e6172579349744 (diff)
:Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/default.nix3
-rw-r--r--krebs/3modules/external/default.nix84
-rw-r--r--krebs/3modules/external/palo.nix84
-rw-r--r--krebs/3modules/external/tinc/palo.pub13
-rw-r--r--krebs/3modules/hosts.nix61
-rw-r--r--krebs/3modules/lass/default.nix13
-rw-r--r--krebs/3modules/makefu/default.nix842
-rw-r--r--krebs/3modules/makefu/retiolum/cake.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/crapi.pub9
-rw-r--r--krebs/3modules/makefu/retiolum/filebitch.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/fileleech.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/filepimp.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/firecracker.pub14
-rw-r--r--krebs/3modules/makefu/retiolum/flap.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/gum.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/nukular.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/omo.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/sdev.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/senderechner.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/studio.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/tsp.pub13
-rw-r--r--krebs/3modules/makefu/retiolum/wbob.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/x.pub8
-rw-r--r--krebs/3modules/makefu/sshd/cake.pub1
-rw-r--r--krebs/3modules/makefu/sshd/crapi.pub1
-rw-r--r--krebs/3modules/makefu/sshd/fileleech.pub1
-rw-r--r--krebs/3modules/makefu/sshd/firecracker.pub1
-rw-r--r--krebs/3modules/makefu/sshd/gum.pub1
-rw-r--r--krebs/3modules/makefu/sshd/omo.pub1
-rw-r--r--krebs/3modules/makefu/sshd/sdev.pub1
-rw-r--r--krebs/3modules/makefu/sshd/studio.pub1
-rw-r--r--krebs/3modules/makefu/sshd/wbob.pub1
-rw-r--r--krebs/3modules/makefu/sshd/x.pub1
-rw-r--r--krebs/3modules/makefu/wiregrill/gum.pub1
-rw-r--r--krebs/3modules/makefu/wiregrill/x.pub1
-rw-r--r--krebs/3modules/power-action.nix3
-rw-r--r--krebs/3modules/reaktor2.nix4
-rw-r--r--krebs/3modules/retiolum-hosts.nix28
-rw-r--r--krebs/3modules/syncthing.nix149
39 files changed, 604 insertions, 832 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 9303a81fb..567c077eb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -45,10 +45,10 @@ let
./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
- ./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
+ ./syncthing.nix
./tinc.nix
./tinc_graphs.nix
./urlwatch.nix
@@ -101,6 +101,7 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
+ { krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
krebs.dns.providers = {
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 089113ac6..c9715cb85 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -16,7 +16,33 @@ with import <stockholm/lib>;
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
in {
+
hosts = mapAttrs hostDefaults {
+ catullus = {
+ owner = config.krebs.users.kmein;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.2.3";
+ aliases = [ "catullus.r" ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx
+ CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF
+ GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K
+ WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu
+ vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7
+ 9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon
+ DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M
+ vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH
+ b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8
+ r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn
+ Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B
+ BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
dpdkm = {
owner = config.krebs.users.Mic92;
nets = rec {
@@ -176,32 +202,6 @@ in {
};
};
};
- kruck = {
- owner = config.krebs.users.palo;
- nets = {
- retiolum = {
- ip4.addr = "10.243.29.201";
- aliases = [
- "kruck.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh
- QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA
- EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U
- uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/
- /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR
- 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s
- qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH
- gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj
- jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs
- fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5
- TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
qubasa = {
owner = config.krebs.users.qubasa;
nets = {
@@ -299,6 +299,33 @@ in {
};
};
};
+ toastbrot = {
+ owner = config.krebs.users.jan;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.117.12";
+ aliases = [
+ "toastbrot.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
+ 2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
+ yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
+ DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
+ r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
+ PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
+ Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
+ IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
+ fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
+ Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
+ uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
+ 4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ };
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
@@ -411,6 +438,9 @@ in {
mail = "dickbutt@excogitation.de";
pubkey = ssh-for "exco";
};
+ jan = {
+ mail = "jan.heidbrink@posteo.de";
+ };
kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
@@ -419,8 +449,6 @@ in {
mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
- palo = {
- };
qubasa = {
mail = "luis.nixos@gmail.com";
};
diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix
new file mode 100644
index 000000000..cefac0959
--- /dev/null
+++ b/krebs/3modules/external/palo.nix
@@ -0,0 +1,84 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = false;
+ external = true;
+ monitoring = false;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum.ip6.addr =
+ (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill.ip6.addr =
+ (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ });
+ ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
+ tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
+
+in {
+ hosts = mapAttrs hostDefaults {
+ pepe = {
+ owner = config.krebs.users.palo;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.1";
+ tinc.port = 720;
+ aliases = [ "pepe.r" ];
+ tinc.pubkey = tinc-for "palo";
+ };
+ };
+ };
+ kruck = {
+ owner = config.krebs.users.palo;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.3";
+ tinc.port = 720;
+ aliases = [ "kruck.r" ];
+ tinc.pubkey = tinc-for "palo";
+ };
+ };
+ };
+ schasch = {
+ owner = config.krebs.users.palo;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.2";
+ tinc.port = 720;
+ aliases = [ "schasch.r" ];
+ tinc.pubkey = tinc-for "palo";
+ };
+ };
+ };
+ workhorse = {
+ owner = config.krebs.users.palo;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.5";
+ tinc.port = 720;
+ aliases = [ "workhorse.r" ];
+ tinc.pubkey = tinc-for "palo";
+ };
+ };
+ };
+ workout = {
+ owner = config.krebs.users.palo;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.4";
+ tinc.port = 720;
+ aliases = [ "workout.r" ];
+ tinc.pubkey = tinc-for "palo";
+ };
+ };
+ };
+ };
+ users = {
+ palo = {
+ };
+ palo-pepe = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCe3j1dk8o7e0cFn+RepOjdeYcS0YcG0d6NnsMoq8pjqzLRuvOVN4CmsuRo4UJtWOUVv8kIWLcegks2RXbKOSTFAnvEIpPlSmL3BgvFGmUiOmPw1w93yxdVnfd9kJ6SBNuS+kFspKPvOEV9yVpjTywKZ0qKWjRd89Vz2+8aFJ/R3hyE+YqpzlzYbrucEIXbEWESqnzrx61NrWwd1ueHj0RYMDBjIJjVfIIK3W32vQ//pYJio1di0PpOPK2Ya0yugSixymuQBvzCgaedVeLdJ0k1d7d5iVb4LjCR8zg0Jnf1RLfpqRrFYwMJpwuhtIEevfNrhzqZA58QgHO6iOg50FeaD5k1rlWfoOvX2rcV5iqCC9jClIfMKzePdm+MeVorBXp+bflOhyPJG+Qrz6NTE9Ohe5A71Z0bBa96MEoW1hyrLCn0+z+Cx5kt7n2QzAAa/VPNjRDZeHbsu26MrvViEoh+FcPqx4DUIUaDRs/TNIvMGAl14E6gur68AI01a0PZJ/gnqZeOJKuyz4pKT0nIcg0EvkjXM2uEJ9m8h4IBAqTUYMZYm7iJBfpbwT6ePxFfah4q960orBUwW87CyPu/wDGmDblQ7dpkuw+skpzNgOGzerDyGAGKOsjGfYZpqsv9303S2f7884NAIK1ohgpMELytEYpY4YNi2KQYfHhgoQRJ5w== palo@pepe";
+ };
+ };
+}
+
diff --git a/krebs/3modules/external/tinc/palo.pub b/krebs/3modules/external/tinc/palo.pub
new file mode 100644
index 000000000..65284d51d
--- /dev/null
+++ b/krebs/3modules/external/tinc/palo.pub
@@ -0,0 +1,13 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
+8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
+oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
+ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
+ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
+ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
+MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
+rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
+sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
+EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
+yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
index 0985bb539..7fe01a769 100644
--- a/krebs/3modules/hosts.nix
+++ b/krebs/3modules/hosts.nix
@@ -1,6 +1,5 @@
with import <stockholm/lib>;
{ config, ... }: let
- # TODO dedup functions with ./retiolum-hosts.nix
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
in {
@@ -30,6 +29,66 @@ in {
map (addr: { ${addr} = aliases; }) net.addrs)
(attrValues host.nets))
(attrValues config.krebs.hosts)));
+
+ nixpkgs.config.packageOverrides = super: let
+ # nameValuePair name value : { "name" : name, "value" : value }
+
+ # addr : str
+ # aliase : str
+ # hostname : str
+ # netname : str
+
+ # addrAliases : nameValuePair addr [alias]
+
+ # hostNetAliases : host -> { ${netname} : [addrAliases] }
+ hostNetAliases = host:
+ mapAttrs (_: net: filter (x: x.name != null && x.value != []) [
+ { name = net.ip4.addr or null; value = net.aliases; }
+ { name = net.ip6.addr or null; value = net.aliases; }
+ ]) host.nets;
+
+ # netAliases : { ${netname} : [addrAliases] }
+ netAliases =
+ foldl'
+ (result: host:
+ foldl'
+ # λ netAliases -> [addrAliases] -> netAliases
+ (result: { name, value }: result // {
+ ${name} = result.${name} or [] ++ value;
+ })
+ result
+ (mapAttrsToList nameValuePair (hostNetAliases host))
+ )
+ {}
+ (attrValues config.krebs.hosts);
+
+ # writeHosts : str -> [addrAliases] -> package
+ writeHosts = name: addrAliases: super.writeText name ''
+ ${concatMapStringsSep
+ "\n"
+ ({ name, value }: "${name} ${toString value}")
+ addrAliases}
+ '';
+ in
+ {
+ # hosts file for all krebs networks
+ krebs-hosts =
+ writeHosts "krebs-hosts" (concatLists [
+ netAliases.internet
+ netAliases.retiolum
+ netAliases.wiregrill
+ ]);
+
+ # combined hosts file for all networks (even custom ones)
+ krebs-hosts_combined =
+ writeHosts "krebs-hosts_combined"
+ (concatLists (attrValues netAliases));
+ }
+ //
+ genAttrs' (attrNames netAliases) (netname: rec {
+ name = "krebs-hosts-${netname}";
+ value = writeHosts name netAliases.${netname};
+ });
};
}
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 630c14f18..7352d36e9 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -204,6 +204,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
+ syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
};
shodan = {
cores = 2;
@@ -270,6 +271,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
+ syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4";
};
daedalus = {
cores = 2;
@@ -328,6 +330,7 @@ in {
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
+ syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3";
};
littleT = {
cores = 2;
@@ -365,10 +368,18 @@ in {
-----END RSA PUBLIC KEY-----
'';
};
+ wiregrill = {
+ ip6.addr = w6 "771e";
+ aliases = [
+ "littleT.w"
+ ];
+ wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg=";
+ };
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
+ syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD";
};
red = {
monitoring = false;
@@ -474,6 +485,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
+ syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD";
};
phone = {
nets = {
@@ -487,6 +499,7 @@ in {
};
external = true;
ci = false;
+ syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7";
};
morpheus = {
cores = 1;
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e60bbee70..b38c9104f 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -5,442 +5,104 @@
with import <stockholm/lib>;
{ config, ... }: let
- hostDefaults = hostName: host: flip recursiveUpdate host ({
- owner = config.krebs.users.makefu;
- } // optionalAttrs (host.nets?retiolum) {
- nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
- });
+ hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+ {
+ owner = config.krebs.users.makefu;
+ }
+ # Retiolum defaults
+ (let
+ pubkey-path = ./retiolum + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.retiolum = {
+ tinc.pubkey = readFile pubkey-path;
+ aliases = [
+ "${hostName}.r"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
+ };
+ })
+ # Wiregrill defaults
+ (let
+ pubkey-path = ./wiregrill + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.wiregrill = {
+ aliases = [
+ "${hostName}.w"
+ ];
+ ip6.addr =
+ (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
+ wireguard.pubkey = readFile pubkey-path;
+ };
+ })
+ # SSHD defaults
+ (let
+ pubkey-path = ./sshd + "/${hostName}.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ ssh.pubkey = readFile pubkey-path;
+ # We assume that if the sshd pubkey exits then there must be a privkey in
+ # the screts store as well
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ })
+ host
+ ];
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
-
+ w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
in {
hosts = mapAttrs hostDefaults {
cake = rec {
cores = 4;
ci = false;
nets = {
- retiolum = {
- ip4.addr = "10.243.136.236";
- aliases = [
- "cake.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
- jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
- MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
- 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
- 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
- MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ retiolum.ip4.addr = "10.243.136.236";
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
};
crapi = rec { # raspi1
cores = 1;
ci = false;
nets = {
- retiolum = {
- ip4.addr = "10.243.136.237";
- aliases = [
- "crapi.r"
- ];
- tinc.pubkey = ''
- Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
- OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
- R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
- OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
- di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
- bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ retiolum.ip4.addr = "10.243.136.237";
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
};
- drop = rec {
- ci = false;
- cores = 1;
+ firecracker = {
+ cores = 4;
nets = {
- retiolum = {
- ip4.addr = "10.243.177.9";
- aliases = [
- "drop.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl
- 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI
- GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW
- 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C
- Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT
- F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ retiolum.ip4.addr = "10.243.12.12";
};
};
+
studio = rec {
ci = false;
cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
nets = {
- retiolum = {
- ip4.addr = "10.243.227.163";
- aliases = [
- "studio.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti
- cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk
- GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI
- jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1
- 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu
- 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
+ retiolum.ip4.addr = "10.243.227.163";
};
};
-
fileleech = rec {
ci = false;
cores = 4;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
- retiolum = {
- ip4.addr = "10.243.113.98";
- aliases = [
- "fileleech.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
- 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
- YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
- nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
- e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
- UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- latte = rec {
- ci = false;
- cores = 1;
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
- nets = {
- internet = {
- ip4.addr = "185.215.224.160";
- aliases = [
- "latte.i"
- ];
- };
- retiolum = {
- ip4.addr = "10.243.80.249";
- aliases = [
- "latte.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
- 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
- r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
- 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
- GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
- vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
-
- pnp = {
- ci = false;
- cores = 1;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.210";
- aliases = [
- "pnp.r"
- "cgit.pnp.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g
- Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V
- pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR
- SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T
- TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr
- Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- darth = {
- ci = false;
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.84";
- aliases = [
- "darth.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq
- qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX
- yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi
- 3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8
- q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE
- u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- siem = {
- ip4.addr = "10.8.10.2";
- ip4.prefix = "10.8.10.0/24";
- aliases = [
- "darth.siem"
- ];
- tinc.pubkey = ''
- Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK
- -----BEGIN RSA PUBLIC KEY-----
-