diff options
87 files changed, 576 insertions, 514 deletions
diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..937db8871 --- /dev/null +++ b/flake.lock @@ -0,0 +1,44 @@ +{ + "nodes": { + "nix-writers": { + "flake": false, + "locked": { + "lastModified": 1677612737, + "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=", + "ref": "refs/heads/master", + "rev": "66a1f6833464bbb121b6d94247ad769f277351f8", + "revCount": 39, + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + }, + "original": { + "type": "git", + "url": "https://cgit.krebsco.de/nix-writers" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1686135559, + "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nix-writers": "nix-writers", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..8f3befbc4 --- /dev/null +++ b/flake.nix @@ -0,0 +1,30 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nix-writers = { + url = "git+https://cgit.krebsco.de/nix-writers"; + flake = false; + }; + # disko.url = "github:nix-community/disko"; + # disko.inputs.nixpkgs.follows = "nixpkgs"; + }; + + description = "stockholm"; + + outputs = { self, nixpkgs, nix-writers }: { + nixosConfigurations.hotdog = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs.stockholm = self; + specialArgs.nix-writers = nix-writers; + specialArgs.secrets = toString ./krebs/0tests/data/secrets; + modules = [ + ./krebs/1systems/hotdog/config.nix + ]; + }; + kartei = { + hosts = self.nixosConfigurations.hotdog.config.krebs.hosts; + users = self.nixosConfigurations.hotdog.config.krebs.users; + }; + lib = import (self.outPath + "/lib/lib.nix") { lib = nixpkgs.lib; }; + }; +} diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix index 8939f267d..c06bddff1 100644 --- a/kartei/0x4A6F/default.nix +++ b/kartei/0x4A6F/default.nix @@ -1,12 +1,12 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, stockholm, ... }: +with lib; let hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; external = true; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }); in { users = { diff --git a/kartei/dave/default.nix b/kartei/dave/default.nix index 053ec412b..c73582749 100644 --- a/kartei/dave/default.nix +++ b/kartei/dave/default.nix @@ -1,6 +1,5 @@ -{ config, ... }: let - lib = import ../../lib; -in { +{ config, lib, stockholm, ... }: +{ users.dave = { mail = "hsngrmpf@gmail.com"; }; @@ -8,7 +7,7 @@ in { owner = config.krebs.users.dave; nets.retiolum = { aliases = [ "dave.r" ]; - ip6.addr = (lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address; + ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address; ip4.addr = "10.243.0.6"; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/kartei/dbalan/default.nix b/kartei/dbalan/default.nix index fadf187db..ba63c5b6a 100644 --- a/kartei/dbalan/default.nix +++ b/kartei/dbalan/default.nix @@ -1,5 +1,5 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, stockholm, ... }: +with lib; let hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = false; @@ -8,11 +8,11 @@ let owner = config.krebs.users.dbalan; } // optionalAttrs (host.nets?retiolum) { nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + ip6.addr = (stockholm.lib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); in diff --git a/kartei/default.nix b/kartei/default.nix index 6024e2351..3686bbb54 100644 --- a/kartei/default.nix +++ b/kartei/default.nix @@ -1,7 +1,9 @@ -{ config, lib, ... }: let +{ config, lib, pkgs, ... }: let removeTemplate = # TODO don't remove during CI lib.flip builtins.removeAttrs ["template"]; + + stockholm.lib = import ../lib/lib.nix { inherit lib; }; in { config = lib.mkMerge @@ -9,7 +11,7 @@ in { (name: _type: let path = ./. + "/${name}"; in { - krebs = import path { inherit config; }; + krebs = import path { inherit config lib stockholm; }; }) (removeTemplate (lib.filterAttrs diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix index e98da7bc6..9f7f59164 100644 --- a/kartei/feliks/default.nix +++ b/kartei/feliks/default.nix @@ -1,5 +1,5 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, stockholm, ... }: +with lib; let hostDefaults = hostName: host: flip recursiveUpdate host ({ owner = config.krebs.users.feliks; ci = false; @@ -7,10 +7,10 @@ with import ../../lib; monitoring = false; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill.ip6.addr = - (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + (stockholm.lib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }); in { users.feliks = { diff --git a/kartei/jan/default.nix b/kartei/jan/default.nix index 72b5cb331..aa3676e7f 100644 --- a/kartei/jan/default.nix +++ b/kartei/jan/default.nix @@ -1,6 +1,5 @@ -{ config, ... }: let - lib = import ../../lib; -in { +{ config, lib, stockholm, ... }: +{ users.jan = { mail = "jan.heidbrink@posteo.de"; @@ -67,7 +66,7 @@ in { nets.retiolum = { aliases = [ "grill.r" ]; ip4.addr = "10.243.217.217"; - ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address; + ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII diff --git a/kartei/jeschli/default.nix b/kartei/jeschli/default.nix index fe12c16a4..618d7f6c1 100644 --- a/kartei/jeschli/default.nix +++ b/kartei/jeschli/default.nix @@ -1,12 +1,12 @@ -with import ../../lib; -{ config, ... }: let - +{ config, lib, stockholm, ... }: +with lib; +let hostDefaults = hostName: host: flip recursiveUpdate host ({ ci = true; owner = config.krebs.users.jeschli; } // optionalAttrs (host.nets?retiolum) { nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; + (stockholm.lib.krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address; }); in { diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix index 1a5a57d1a..d0b85ff71 100644 --- a/kartei/kmein/default.nix +++ b/kartei/kmein/default.nix @@ -1,5 +1,5 @@ -with import ../../lib; -{ config, ... }: +{ config, lib, stockholm, ... }: +with lib; let maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; hostDefaults = hostName: host: flip recursiveUpdate host ({ @@ -9,11 +9,11 @@ let owner = config.krebs.users.kmein; } // optionalAttrs (host.nets?retiolum) { nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + ip6.addr = (stockholm.lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; }; } // optionalAttrs (host.nets?wiregrill) { nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + ip6.addr = (stockholm.lib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; }; }); ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index 414b66e9f..d07057dd5 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -1,5 +1,5 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, stockholm, ... }: with stockholm.lib; +let hostDefaults = hostName: host: flip recursiveUpdate host ({ owner = config.krebs.users.krebs; @@ -66,7 +66,6 @@ in { tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL"; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64"; }; hotdog = { @@ -100,7 +99,6 @@ in { tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL"; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; news = { @@ -133,7 +131,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo "; }; onebutton = { @@ -161,7 +158,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; }; ponte = { @@ -208,7 +204,6 @@ in { }; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo "; }; puyak = { @@ -234,7 +229,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; @@ -259,7 +253,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc"; }; wolf = { @@ -296,7 +289,6 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; } // testHosts); diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index de776fca0..99e34083a 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -1,8 +1,7 @@ -with import ../../lib; -{ config, ... }: let +{ config, lib, stockholm, ... }: let - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; - w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; + r6 = ip: (stockholm.lib.krebs.genipv6 "retiolum" "lass" ip).address; + w6 = ip: (stockholm.lib.krebs.genipv6 "wiregrill" "lass" ip).address; hostFiles = builtins.map (lib.removeSuffix ".nix") ( builtins.filter @@ -14,14 +13,17 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs (_: recursiveUpdate { + hosts = lib.mapAttrs (_: lib.recursiveUpdate { owner = config.krebs.users.lass; consul = true; ci = true; monitoring = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; }) ( - lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; }) + lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { + inherit config lib r6 w6; |