summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jeschli/1systems/bln/config.nix14
-rw-r--r--jeschli/1systems/brauerei/config.nix2
-rw-r--r--jeschli/1systems/enklave/config.nix45
-rw-r--r--jeschli/1systems/enklave/source.nix3
-rw-r--r--jeschli/1systems/reagenzglas/config.nix1
-rw-r--r--jeschli/2configs/default.nix2
-rw-r--r--jeschli/2configs/os-templates/CentOS-7-64bit.nix16
-rw-r--r--jeschli/2configs/retiolum.nix4
-rw-r--r--jeschli/2configs/urxvt.nix2
-rw-r--r--jeschli/source.nix2
-rw-r--r--krebs/1systems/hotdog/config.nix5
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/buildbot-all.nix4
-rw-r--r--krebs/2configs/ircd.nix4
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/jeschli/default.nix46
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/3modules/nin/default.nix8
-rw-r--r--krebs/3modules/tv/default.nix19
-rw-r--r--krebs/4lib/infest/prepare.sh87
-rw-r--r--krebs/5pkgs/simple/internetarchive/default.nix33
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix23
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/dishfire/config.nix1
-rw-r--r--lass/1systems/mors/config.nix4
-rw-r--r--lass/1systems/prism/config.nix16
-rw-r--r--lass/2configs/IM.nix15
-rw-r--r--lass/2configs/bepasty.nix5
-rw-r--r--lass/2configs/dns-stuff.nix22
-rw-r--r--lass/2configs/rebuild-on-boot.nix18
-rw-r--r--lass/2configs/security-workarounds.nix2
-rw-r--r--lass/source.nix2
-rw-r--r--makefu/1systems/filepimp/config.nix5
-rw-r--r--makefu/1systems/gum/config.nix29
-rw-r--r--makefu/1systems/omo/config.nix5
-rw-r--r--makefu/1systems/vbob/config.nix26
-rw-r--r--makefu/2configs/bepasty-dual.nix5
-rw-r--r--makefu/2configs/collectd/collectd-base.nix4
-rw-r--r--makefu/2configs/default.nix3
-rw-r--r--makefu/2configs/deployment/photostore.krebsco.de.nix40
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix2
-rw-r--r--makefu/2configs/tools/all.nix1
-rw-r--r--makefu/2configs/tools/consoles.nix9
-rw-r--r--makefu/2configs/tools/dev.nix3
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/5pkgs/bin2iso/default.nix28
-rw-r--r--makefu/5pkgs/cameraupload-server/default.nix23
-rw-r--r--makefu/5pkgs/cue2pops/default.nix24
-rw-r--r--makefu/5pkgs/gen-oath-safe/default.nix5
-rw-r--r--makefu/5pkgs/hdl-dump/default.nix33
-rw-r--r--makefu/5pkgs/opl-utils/default.nix27
-rw-r--r--makefu/source.nix3
-rw-r--r--mv/source.nix2
-rw-r--r--tv/1systems/wu/config.nix6
-rw-r--r--tv/2configs/default.nix2
-rw-r--r--tv/2configs/hw/w110er.nix17
-rw-r--r--tv/2configs/vim.nix2
-rw-r--r--tv/source.nix10
59 files changed, 577 insertions, 151 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 901970e81..9e5f8c52e 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -36,9 +36,9 @@
}
];
- networking.hostName = "BLN02NB0154"; # Define your hostname.
+ networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname.
networking.networkmanager.enable = true;
- #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
@@ -54,7 +54,11 @@
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
nixpkgs.config.allowUnfree = true;
- environment.shellAliases = { n = "nix-shell"; };
+ environment.shellAliases = {
+ n = "nix-shell";
+ gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
+ gh = "cd /home/markus/go/src/github.com";
+ };
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
# system helper
@@ -62,6 +66,7 @@
copyq
dmenu
git
+ tig
i3lock
keepass
networkmanagerapplet
@@ -72,6 +77,8 @@
rxvt_unicode
# editors
emacs
+ # databases
+ sqlite
# internet
thunderbird
hipchat
@@ -91,6 +98,7 @@
jetbrains.pycharm-professional
jetbrains.webstorm
jetbrains.goland
+ jetbrains.datagrip
texlive.combined.scheme-full
pandoc
redis
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 171a002da..2dec45795 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -96,7 +96,7 @@
# Enable the X11 windowing system.
services.xserver.enable = true;
- # services.xserver.layout = "us";
+ services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix
new file mode 100644
index 000000000..010089017
--- /dev/null
+++ b/jeschli/1systems/enklave/config.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/jeschli>
+ <stockholm/jeschli/2configs/retiolum.nix>
+ <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
+ {
+ networking.dhcpcd.allowInterfaces = [
+ "enp*"
+ "eth*"
+ "ens*"
+ ];
+ }
+ {
+ services.openssh.enable = true;
+ }
+ {
+ sound.enable = false;
+ }
+ {
+ users.extraUsers = {
+ root.initialPassword = "pfeife123";
+ root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+ jeschli = {
+ name = "jeschli";
+ uid = 1000;
+ home = "/home/jeschli";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ ];
+ openssh.authorizedKeys.keys = [
+"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+ };
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.enklave;
+}
diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix
new file mode 100644
index 000000000..4f9f37be7
--- /dev/null
+++ b/jeschli/1systems/enklave/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/jeschli/source.nix> {
+ name = "enklave";
+}
diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix
index d65e897ae..eb2ba179e 100644
--- a/jeschli/1systems/reagenzglas/config.nix
+++ b/jeschli/1systems/reagenzglas/config.nix
@@ -29,7 +29,6 @@
allowDiscards = true;
}
];
- networking.hostName = "reaganzglas"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
# Select internationalisation properties.
diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
index 7fb240951..6d788d283 100644
--- a/jeschli/2configs/default.nix
+++ b/jeschli/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [
./vim.nix
./retiolum.nix
+ <stockholm/lass/2configs/security-workarounds.nix>
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
@@ -63,4 +64,5 @@ with import <stockholm/lib>;
];
krebs.enable = true;
+ networking.hostName = config.krebs.build.host.name;
}
diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
new file mode 100644
index 000000000..fb34e94e2
--- /dev/null
+++ b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
@@ -0,0 +1,16 @@
+_:
+
+{
+ imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+
+ fileSystems."/" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+}
diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix
index 403300b30..b611cbe7d 100644
--- a/jeschli/2configs/retiolum.nix
+++ b/jeschli/2configs/retiolum.nix
@@ -9,6 +9,7 @@
"gum"
"ni"
"dishfire"
+ "enklave"
];
};
@@ -16,6 +17,9 @@
tinc = pkgs.tinc_pre;
};
+ networking.firewall.allowedTCPPorts = [ 655 ];
+ networking.firewall.allowedUDPPorts = [ 655 ];
+
environment.systemPackages = [
pkgs.tinc
];
diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix
index a2e02de35..69811eb0a 100644
--- a/jeschli/2configs/urxvt.nix
+++ b/jeschli/2configs/urxvt.nix
@@ -28,7 +28,7 @@ with import <stockholm/lib>;
URxvt*scrollBar: false
URxvt*urgentOnBell: true
- URxvt*font: xft:DejaVu Sans Mono:pixelsize=20
+ URxvt*font: xft:DejaVu Sans Mono:pixelsize=12
URXvt*faceSize: 12
'';
}
diff --git a/jeschli/source.nix b/jeschli/source.nix
index d1b64b0ed..382dd61bc 100644
--- a/jeschli/source.nix
+++ b/jeschli/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "f9390d6";
+ ref = "0653b73";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 73b5377bd..98fb88702 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -20,10 +20,5 @@
boot.isContainer = true;
networking.useDHCP = false;
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
}
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 0b21c0b6c..9d6955e7e 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -10,7 +10,6 @@ in
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/krebs/2configs/collectd-base.nix>
<stockholm/krebs/2configs/stats/wolf-client.nix>
- <stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index ca994e996..5ea78f227 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,10 +1,6 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
- imports = [
- <stockholm/krebs/2configs/repo-sync.nix>
- ];
-
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index b534f9ad4..962dbf49c 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -12,10 +12,10 @@
'';
config = ''
serverinfo {
- name = "${config.krebs.build.host.name}.irc.retiolum";
+ name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
description = "miep!";
- network_name = "irc.retiolum";
+ network_name = "irc.r";
hub = yes;
vhost = "0.0.0.0";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 0af553c5d..fba585448 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -161,7 +161,7 @@ let
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
#remove garbage from old versions
- rm -r ${workdir}
+ rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index 0d161e1c8..c7e882742 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -118,6 +118,52 @@ with import <stockholm/lib>;
};
};
};
+ enklave = {
+ nets = rec {
+ internet = {
+ ip4.addr = "88.198.164.182";
+ aliases = [
+ "enklave.i"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.27.30";
+ ip6.addr = "42::30";
+ aliases = [
+ "enklave.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIID8gKCA+kAt8zRg/g0jRmqXn6rVul/tdjWtLPcu0aTjNJ5OYZh50i7WqWllGVz
+ +FfJicuq/Xd1l5qrgUN7MD+Wrfeov+G9lzSgacfPhXMujutXxX3JwW/9f7UN+yoN
+ Sw29Zj+NWb45HyI5WVwMQ332KbKjNcWdTRe+O39oE6bZWg54oEeZOad2UJ7/83sB
+ yNEV/B7bJ0+X9HR8XCKrHI/RkjixNauMDlquGzoVyqLKIWwUnBl9CwtNBCYHbvYD
+ G1rWeCewd9Z6KsqcKSePfa4mn5eOluWcXmbrD/sx8oII40oNUs3kI7a2HExB2Yle
+ P9Q5MQrXRZfI3bdrh1aHieBodZLtosHPNuJIpo8ZaCX88WLhGR3nhJa1vvM1vNwd
+ TSSAdobdZUcuIQJKnVxwP4rXQAKPkN2+ddy+tXCGvfFAsdGKDbgPy4FgT+Ed28vg
+ 3W0fef/3sDNGPY1VAa58/pLz9Un3kNJKUjt00tWamo8daU/3mxZs83nIqDHLq86l
+ 1+wCl37l+KHe7pUVZ3smoezPRCMoUThmc7VzupbQG+piiSSyiYQi0CuBusa44t76
+ 1lMr3pOdRBBAoetZ745ZZVx8s+eYk+C1BmQbLJAfzQ9sbH3LAwXpuAH70mtrFqWl
+ C3LF89/5mZRbFxALZv9cVx3LqIZDjwpKlwPWorZwo14L+eAagdPCcnVNo6ZcVow2
+ mAdNnf7C33fvRsU+rUEIZVPsBHZfAv+f0jqQ65TMvl32VZ0FlxxahSZSj64n8iwr
+ Z+DOxKA9OcAaTrHQReYLpWUfNceVDLfOmQLeih8hNgClgqPgYJP/OtN+ox3NP6ZX
+ +Gkx9HO7a+agtyJxjh3NYbT/NkRW8HcjW8KgRN7jlE9sQi5/FoxKQOUdHmLTvjdk
+ YJXqdPWMYHj2xt4A8x2nzl/si6lwDsod+zdY5RGSdYhoybEOs4wZZIuArmm8GP+C
+ IbtgutknAuqvm2FOxyWCbLFTimgqC5BgrNUsXFJJLsHQ3bWFJtVpJlSa5Y0iypCP
+ Yr/cefbDrGfs3eCy7FlYDIkCcH06FPm1LTs6USisrtKFObRQN+zPSPln9FysNmpH
+ h0YUhrWdTO+wN78K5gc4ALPNUlyqmH61h8jS2qSdrRZLcZWIi4K4banG6EJcWRvV
+ kaVxghY1i/Z9x43bZRpBPvpM462IDx08vYX9AcFmF7JfjAXPwJO/EqZVsY1YPDzO
+ vdXWrtTORO8R8Pjq3X952yNqgHBcJQh7Q9TBcj+XBtkidOSnTt3Sp/RumsucUW19
+ 0wMempDPiCOAadLmR4cW5XL1ednXurkd+5gHCmB1Sl7FueP5dgLB/mhXjmITE3zH
+ aQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
+
};
users = {
jeschli = {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9f1842b88..56e5c6b82 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -541,6 +541,7 @@ with import <stockholm/lib>;
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
+ photostore IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index 1a0999b8d..1531a2c89 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -14,7 +14,6 @@ with import <stockholm/lib>;
ip4.addr = "10.243.132.96";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
aliases = [
- "hiawatha.retiolum"
"hiawatha.r"
];
tinc.pubkey = ''
@@ -39,7 +38,6 @@ with import <stockholm/lib>;
ip4.addr = "10.243.134.66";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
aliases = [
- "axon.retiolum"
"axon.r"
];
tinc.pubkey = ''
@@ -80,10 +78,8 @@ with import <stockholm/lib>;
ip4.addr = "10.243.132.55";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
aliases = [
- "onondaga.retiolum"
"onondaga.r"
"cgit.onondaga.r"
- "cgit.onondaga.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -104,11 +100,11 @@ with import <stockholm/lib>;
};
users = {
nin = {
- mail = "nin@axon.retiolum";
+ mail = "nin@axon.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
};
nin_h = {
- mail = "nin@hiawatha.retiolum";
+ mail = "nin@hiawatha.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 98145274c..cc09313f7 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -122,6 +122,7 @@ with import <stockholm/lib>;
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
krebsco.de. 60 IN MX 5 ni
+ krebsco.de. 60 IN TXT v=spf1 mx -all
'';
};
nets = {
@@ -201,24 +202,6 @@ with import <stockholm/lib>;
};
};
};
- schnabeldrucker = {
- external = true;
- nets = {
- gg23 = {
- ip4.addr = "10.23.1.21";
- aliases = ["schnabeldrucker.gg23"];
- };
- };
- };
- schnabelscanner = {
- external = true;
- nets = {
- gg23 = {
- ip4.addr = "10.23.1.22";
- aliases = ["schnabelscanner.gg23"];
- };
- };
- };
wu = {
ci = true;
cores = 4;
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index ccfc4f49b..78c1c6ec1 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -21,6 +21,10 @@ prepare() {(
esac
;;
debian)
+ if grep -Fq Hetzner /etc/motd; then
+ prepare_hetzner_rescue "$@"
+ exit
+ fi
case $VERSION_ID in
7)
prepare_debian "$@"
@@ -72,7 +76,7 @@ prepare_debian() {
type bzip2 2>/dev/null || apt-get install bzip2
type git 2>/dev/null || apt-get install git
type rsync 2>/dev/null || apt-get install rsync
- type curl 2>/dev/null || apt-get install curl
+ type curl 2>/dev/null || apt-get install curl
prepare_common
}
@@ -90,10 +94,33 @@ prepare_nixos_iso() {
mkdir -p bin
rm -f bin/nixos-install
- cp "$(type -p nixos-install)" bin/nixos-install
+ cp "$(_which nixos-install)" bin/nixos-install
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
}
+prepare_hetzner_rescue() {
+ _which() (
+ which "$1"
+ )
+ mountpoint /mnt
+
+ type bzip2 2>/dev/null || apt-get install bzip2
+ type git 2>/dev/null || apt-get install git
+ type rsync 2>/dev/null || apt-get install rsync