summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-04-17 19:21:16 +0200
committertv <tv@krebsco.de>2020-04-17 19:21:16 +0200
commite1bfdd8d839929538d36e421908a96407b3aa0ab (patch)
tree557bf9a711f06997e846a5ef14a4105248f1da8c /krebs/3modules
parent6ace0f7b6941c1c9476d84944cdba8bedf98d95d (diff)
parent07f18d851a974ee594c92e3332f167ef3b1d259f (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/ci.nix2
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/external/default.nix25
-rw-r--r--krebs/3modules/external/mic92.nix20
-rw-r--r--krebs/3modules/hidden-ssh.nix6
-rw-r--r--krebs/3modules/makefu/default.nix11
-rw-r--r--krebs/3modules/makefu/sshd/omo.pub2
-rw-r--r--krebs/3modules/realwallpaper.nix19
-rw-r--r--krebs/3modules/syncthing.nix206
9 files changed, 50 insertions, 242 deletions
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 7695667fd..50db0b971 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -52,7 +52,7 @@ let
"${url}",
workdir='${name}-${elemAt(splitString "." url) 1}', branches=True,
project='${name}',
- pollinterval=10
+ pollinterval=100
)
)
'') repo.urls)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6f06f4510..aa06a883d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -50,7 +50,6 @@ let
./secret.nix
./setuid.nix
./shadow.nix
- ./syncthing.nix
./tinc.nix
./tinc_graphs.nix
./urlwatch.nix
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 1d73fade2..b437456ec 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -373,6 +373,30 @@ in {
syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC";
nets = {};
};
+ catalonia = {
+ owner = config.krebs.users.xkey;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.13.12";
+ aliases = [ "catalonia.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y
+ gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA
+ VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE
+ Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e
+ FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ
+ HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3
+ mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3
+ zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6
+ sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3
+ ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf
+ vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = {
ciko = {
@@ -421,6 +445,7 @@ in {
mail = "xq@shackspace.de";
pubkey = ssh-for "xq";
};
+ xkey = {};
miaoski = {
};
filly = {
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index a748b1454..23ab4f684 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -144,24 +144,24 @@ in {
};
};
};
- idontcare = {
+ herbert = {
owner = config.krebs.users.Mic92;
nets = rec {
retiolum = {
addrs = [
- config.krebs.hosts.idontcare.nets.retiolum.ip4.addr
- config.krebs.hosts.idontcare.nets.retiolum.ip6.addr
+ config.krebs.hosts.herbert.nets.retiolum.ip4.addr
+ config.krebs.hosts.herbert.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.177";
- aliases = [ "idontcare.r" ];
+ aliases = [ "herbert.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O
- qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A
- OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An
- lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb
- O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw
- jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB
+ MIIBCgKCAQEA7ZINr8YxVwHtcOR+ySpc9UjnJWsFXlOyu3CnrJ8IrY+mPA25UmNZ
+ stXd8QbJuxpad9HyPs294uW8UmXttEZzIwAlikVHasM5IQHVltudTTFvv7s3YFWd
+ /lgpHbo8zOA2mafx+Sr02Fy/lHjk6BTf8IOzdJIpUHZL/P+FUl9baBwGLmtbEvPh
+ fbvtf5QryBjJ9nRnb+wsPVpeFE/LncIMK/bYQsyE01T5QDu/muAaeYPbgm6FqaQH
+ OJ4oEHsarWBvU1qzgz/IRz0BHHeTrbbP3AG/glTwL02Z1mtTXSjME7cfk7ZRM5Cj
+ jXAqnqu2m1B08Kii+zYp4BPZDmPLT5gq+QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix
index 2d697e497..f497de451 100644
--- a/krebs/3modules/hidden-ssh.nix
+++ b/krebs/3modules/hidden-ssh.nix
@@ -19,6 +19,10 @@ let
type = types.str;
default = "irc.freenode.org";
};
+ message = mkOption {
+ type = types.str;
+ default = "SSH Hidden Service at ";
+ };
};
imp = let
@@ -50,7 +54,7 @@ let
${pkgs.irc-announce}/bin/irc-announce \
${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \
\${cfg.channel} \
- "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)"
+ "${cfg.message}$(cat ${hiddenServiceDir}/hostname)"
'';
PrivateTmp = "true";
User = "tor";
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index dcfee59b3..c76ed0ad1 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,12 +164,14 @@ in {
ci = true;
extraZones = {
"krebsco.de" = ''
+ bookmark.euer IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
+ dns.euer IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
euer IN MX 1 aspmx.l.google.com.
@@ -178,7 +180,11 @@ in {
gold IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
+ io IN NS gum.krebsco.de.
iso.euer IN A ${nets.internet.ip4.addr}
+ board.euer IN A ${nets.internet.ip4.addr}
+ rss.euer IN A ${nets.internet.ip4.addr}
+ mediengewitter IN CNAME over.dose.io.
mon.euer IN A ${nets.internet.ip4.addr}
netdata.euer IN A ${nets.internet.ip4.addr}
nixos.unstable IN CNAME krebscode.github.io.
@@ -189,9 +195,6 @@ in {
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
- bookmark.euer IN A ${nets.internet.ip4.addr}
- io IN NS gum.krebsco.de.
- mediengewitter IN CNAME over.dose.io.
'';
};
cores = 8;
@@ -201,7 +204,6 @@ in {
ip6.addr = "2a01:4f8:191:12f6::2";
aliases = [
"gum.i"
- "nextgum.i"
];
};
wiregrill = {
@@ -237,6 +239,7 @@ in {
"tracker.makefu.r"
"wiki.gum.r"
"wiki.makefu.r"
+ "warrior.gum.r"
"sick.makefu.r"
];
};
diff --git a/krebs/3modules/makefu/sshd/omo.pub b/krebs/3modules/makefu/sshd/omo.pub
index 63bbbc709..5b9435414 100644
--- a/krebs/3modules/makefu/sshd/omo.pub
+++ b/krebs/3modules/makefu/sshd/omo.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index a83758ccd..cfa8a65ba 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -17,21 +17,6 @@ let
default = "/var/realwallpaper/";
};
- nightmap = mkOption {
- type = types.str;
- default = "http://eoimages.gsfc.nasa.gov/images/imagerecords/55000/55167/earth_lights_lrg.jpg";
- };
-
- daymap = mkOption {
- type = types.str;
- default = "https://www.nnvl.noaa.gov/images/globaldata/SnowIceCover_Daily.png";
- };
-
- cloudmap = mkOption {
- type = types.str;
- default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg";
- };
-
marker = mkOption {
type = types.str;
default = "http://graph.r/marker.json";
@@ -60,6 +45,7 @@ let
path = with pkgs; [
xplanet
imagemagick
+ inkscape
curl
file
jq
@@ -67,9 +53,6 @@ let
environment = {
working_dir = cfg.workingDir;
- nightmap_url = cfg.nightmap;
- daymap_url = cfg.daymap;
- cloudmap_url = cfg.cloudmap;
marker_url = cfg.marker;
};
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
deleted file mode 100644
index 799ed7eda..000000000
--- a/krebs/3modules/syncthing.nix
+++ /dev/null
@@ -1,206 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
-
-let
-
- kcfg = config.krebs.syncthing;
- scfg = config.services.syncthing;
-
- devices = mapAttrsToList (name: peer: {
- name = name;
- deviceID = peer.id;
- addresses = peer.addresses;
- }) kcfg.peers;
-
- folders = mapAttrsToList ( _: folder: {
- inherit (folder) path id type;
- devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers;
- rescanIntervalS = folder.rescanInterval;
- fsWatcherEnabled = folder.watch;
- fsWatcherDelayS = folder.watchDelay;
- ignoreDelete = folder.ignoreDelete;
- ignorePerms = folder.ignorePerms;
- }) kcfg.folders;
-
- getApiKey = pkgs.writeDash "getAPIKey" ''
- ${pkgs.libxml2}/bin/xmllint \
- --xpath 'string(configuration/gui/apikey)'\
- ${scfg.configDir}/config.xml
- '';
-
- updateConfig = pkgs.writeDash "merge-syncthing-config" ''
- set -efu
-
- # XXX this assumes the GUI address to be "IPv4 address and port"
- host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)}
- port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)}
-
- # wait for service to restart
- ${pkgs.untilport}/bin/untilport "$host" "$port"
-
- API_KEY=$(${getApiKey})
-
- _curl() {
- ${pkgs.curl}/bin/curl \
- -Ss \
- -H "X-API-Key: $API_KEY" \
- "http://$host:$port/rest""$@"
- }
-
- old_config=$(_curl /system/config)
- new_config=${shell.escape (toJSON {
- inherit devices folders;
- })}
- new_config=$(${pkgs.jq}/bin/jq -en \
- --argjson old_config "$old_config" \
- --argjson new_config "$new_config" \
- '
- $old_config * $new_config
- ${optionalString (!kcfg.overridePeers) ''
- * { devices: $old_config.devices }
- ''}
- ${optionalString (!kcfg.overrideFolders) ''
- * { folders: $old_config.folders }
- ''}
- '
- )
- echo $new_config | _curl /system/config -d @-
- _curl /system/restart -X POST
- '';
-
-in
-
-{
- options.krebs.syncthing = {
-
- enable = mkEnableOption "syncthing-init";
-
- cert = mkOption {
- type = types.nullOr types.absolute-pathname;
- default = null;
- };
-
- key = mkOption {
- type = types.nullOr types.absolute-pathname;
- default = null;
- };
-
- overridePeers = mkOption {
- type = types.bool;
- default = true;
- description = ''
- Whether to delete the peers which are not configured via the peers option
- '';
- };
- peers = mkOption {
- default = {};
- type = types.attrsOf (types.submodule ({
- options = {
-
- # TODO make into addr + port submodule
- addresses = mkOption {
- type = types.listOf types.str;
- default = [];
- };
-
- #TODO check
- id = mkOption {
- type = types.str;
- };
-
- };
- }));
- };
-
- overrideFolders = mkOption {
- type = types.bool;
- default = true;
- description = ''
- Whether to delete the folders which are not configured via the peers option
- '';
- };
- folders = mkOption {
- default = {};
- type = types.attrsOf (types.submodule ({ config, ... }: {
- options = {
-
- path = mkOption {
- type = types.absolute-pathname;
- default = config._module.args.name;
- };
-
- id = mkOption {
- type = types.str;
- default = config._module.args.name;
- };
-
- peers = mkOption {
- type = types.listOf types.str;
- default = [];
- };
-
- rescanInterval = mkOption {
- type = types.int;
- default = 3600;
- };
-
- type = mkOption {
- type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
- default = "sendreceive";
- };
-
- watch = mkOption {
- type = types.bool;
- default = true;
- };
-
- watchDelay = mkOption {
- type = types.int;
- default = 10;
- };
-
- ignoreDelete = mkOption {
- type = types.bool;
- default = false;
- };
-
- ignorePerms = mkOption {
- type = types.bool;
- default = true;
- };
-
- };
- }));
- };
- };
-
- config = mkIf kcfg.enable {
-
- systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
- serviceConfig.PermissionsStartOnly = mkDefault true;
- preStart = ''
- ${optionalString (kcfg.cert != null) ''
- cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem
- chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem
- chmod 400 ${scfg.configDir}/cert.pem
- ''}
- ${optionalString (kcfg.key != null) ''
- cp ${toString kcfg.key} ${scfg.configDir}/key.pem
- chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem
- chmod 400 ${scfg.configDir}/key.pem
- ''}
- '';
- };
-
- systemd.services.syncthing-init = {
- after = [ "syncthing.service" ];
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig = {
- User = scfg.user;
- RemainAfterExit = true;
- Type = "oneshot";
- ExecStart = updateConfig;
- };
- };
- };
-}