summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--kartei/feliks/default.nix24
-rw-r--r--kartei/makefu/default.nix50
-rw-r--r--krebs/1systems/filebitch/config.nix1
-rw-r--r--krebs/1systems/puyak/config.nix86
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/buildbot/worker.nix4
-rw-r--r--krebs/3modules/git.nix12
7 files changed, 105 insertions, 73 deletions
diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix
index 9f9866c71..6ce95f587 100644
--- a/kartei/feliks/default.nix
+++ b/kartei/feliks/default.nix
@@ -18,6 +18,30 @@ in {
mail = "feliks@flipdot.org";
};
hosts = mapAttrs hostDefaults {
+ ioka = {
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.10.242";
+ aliases = [ "ioka.r" "ioka.feliks.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwmwpsohYq/KJTXvUmacsFqolf3Me2dG5NypdosJT5jIVjQMa5M6U
+ HWpkfOFi3v0NTiUN8OP3714N1hF7x+Lq/EVYSSxT1bB4IWSIyaVLmSjs+sycHRKK
+ zvOL249iOqdyFjAeGVXmLw/zYOH6uzdJpRvlgMcGT5BPL+Jx+G5KUZgeqkDDDpcy
+ 1j+6nCyBRn9yK0yfZ5z6LJQqLCJzZ4KE5ym6t8RqgRXWchewQP/aYxtk1dn03GEn
+ NSiJmjb3QtKM1ZWAMNSCJ0xdPNQtMp7Xi4EdwDcyNAmu+Tk48MSV/G4TL5PXAV1p
+ WYWS6KxAc/huwKW/HCGFAj7d7cTMd4XzcN7fMg6gAs4GQTVn7AYelMb6teAGZj5Y
+ ifHmhl5Sy2umuDBhUWAfLDZu97gmF2ZlpO48VG/ZJjKejw9gP8u3Qek3+4iO22wM
+ xrj1ZZEuxhEyJu1OYNr/MES6h5l+FdiVpV6JMpzOCGhiVRN4z4FzUHcUixFIgJni
+ zlr0h6c0fJh4mEmOSu2WwNV7xMmqWe7SAcLOnvRaAqBfAprIvy/rpcB7Ji1gFcMq
+ 4k/GkbKD+8/NZxujAJhyUo08JNHb0TACZiVIhbaafsEEgRQZBs9wa0u7MMzqlwXP
+ 1ewjfwmfEQa7yEt0BQVjYm2C017IWngXv0dU49gVDGh9MMG9EBcS4scCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "jhPsb07ilQDliw8H9lQ1JQ5Potj+//HwNSD7+OHdFvD";
+ };
+ };
+ };
papawhakaaro = {
nets = {
retiolum = {
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index 6dd59be55..2baf6ef5a 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -205,53 +205,56 @@ in {
gum = rec {
extraZones = {
"krebsco.de" = ''
- rss.euer IN A ${nets.internet.ip4.addr}
- o.euer IN A ${nets.internet.ip4.addr}
- bw.euer IN A ${nets.internet.ip4.addr}
+ admin.work.euer IN A ${nets.internet.ip4.addr}
+ api.work.euer IN A ${nets.internet.ip4.addr}
+ atuin.euer IN A ${nets.internet.ip4.addr}
+ board.euer IN A ${nets.internet.ip4.addr}
bookmark.euer IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
- build.euer IN A ${nets.internet.ip4.addr}
+ build.euer IN A ${nets.internet.ip4.addr}
+ bw.euer IN A ${nets.internet.ip4.addr}
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
cgit.euer IN A ${nets.internet.ip4.addr}
dl.euer IN A ${nets.internet.ip4.addr}
dns.euer IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
+ etherpad.euer IN A ${nets.internet.ip4.addr}
euer IN A ${nets.internet.ip4.addr}
- euer IN MX 1 aspmx.l.google.com.
+ feed.euer IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
git.euer IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
gum IN A ${nets.internet.ip4.addr}
- io IN NS gum.krebsco.de.
iso.euer IN A ${nets.internet.ip4.addr}
- feed.euer IN A ${nets.internet.ip4.addr}
- board.euer IN A ${nets.internet.ip4.addr}
- etherpad.euer IN A ${nets.internet.ip4.addr}
- mediengewitter IN CNAME over.dose.io.
+ maps.work.euer IN A ${nets.internet.ip4.addr}
+ meet.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
+ music.euer IN A ${nets.internet.ip4.addr}
netdata.euer IN A ${nets.internet.ip4.addr}
- nixos.unstable IN CNAME krebscode.github.io.
+ ntfy.euer IN A ${nets.internet.ip4.addr}
+ o.euer IN A ${nets.internet.ip4.addr}
+ paper.euer IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
- pigstarter IN CNAME makefu.github.io.
+ play.work.euer IN A ${nets.internet.ip4.addr}
+ push.work.euer IN A ${nets.internet.ip4.addr}
+ rss.euer IN A ${nets.internet.ip4.addr}
share.euer IN A ${nets.internet.ip4.addr}
+ ul.work.euer IN A ${nets.internet.ip4.addr}
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
-
- meet.euer IN A ${nets.internet.ip4.addr}
work.euer IN A ${nets.internet.ip4.addr}
- admin.work.euer IN A ${nets.internet.ip4.addr}
- push.work.euer IN A ${nets.internet.ip4.addr}
- api.work.euer IN A ${nets.internet.ip4.addr}
- maps.work.euer IN A ${nets.internet.ip4.addr}
- play.work.euer IN A ${nets.internet.ip4.addr}
- ul.work.euer IN A ${nets.internet.ip4.addr}
- music.euer IN A ${nets.internet.ip4.addr}
- ntfy.euer IN A ${nets.internet.ip4.addr}
- paper.euer IN A ${nets.internet.ip4.addr}
+
+ mediengewitter IN CNAME over.dose.io.
+ nixos.unstable IN CNAME krebscode.github.io.
+ pigstarter IN CNAME makefu.github.io.
+
+ euer IN MX 1 aspmx.l.google.com.
+
+ io IN NS gum.krebsco.de.
'';
};
nets = rec {
@@ -284,6 +287,7 @@ in {
"blog.makefu.r"
"cache.gum.r"
"cgit.gum.r"
+ "git.gum.r"
"dcpp.gum.r"
"dcpp.nextgum.r"
"graph.makefu.r"
diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix
index 254306ecb..44c14674e 100644
--- a/krebs/1systems/filebitch/config.nix
+++ b/krebs/1systems/filebitch/config.nix
@@ -28,7 +28,6 @@ in
];
krebs.build.host = config.krebs.hosts.filebitch;
- sound.enable = false;
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0"
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 3c994ae7a..542106d5f 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -2,49 +2,52 @@
{
imports = [
./net.nix
- <stockholm/krebs>
- <stockholm/krebs/2configs>
- <stockholm/krebs/2configs/secret-passwords.nix>
- <stockholm/krebs/2configs/hw/x220.nix>
+ ../../../krebs
+ ../../../krebs/2configs
+ ../../2configs/secret-passwords.nix
+ ../../2configs/hw/x220.nix
# see documentation in included getty-for-esp.nix:
# brain hosts/puyak/root
- <stockholm/krebs/2configs/hw/getty-for-esp.nix>
+ ../../2configs/hw/getty-for-esp.nix
+ ../../2configs/buildbot/worker.nix
## initrd unlocking
- # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
- <stockholm/krebs/2configs/tor/initrd.nix>
+ # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat /crypt-ramfs/passphrase'
+ ../../2configs/tor/initrd.nix
- <stockholm/krebs/2configs/binary-cache/nixos.nix>
- <stockholm/krebs/2configs/binary-cache/prism.nix>
+ ../../2configs/binary-cache/nixos.nix
+ ../../2configs/binary-cache/prism.nix
- <stockholm/krebs/2configs/container-networking.nix>
- <stockholm/krebs/2configs/syncthing.nix>
+ ## news host
+
+ ../../2configs/container-networking.nix
+ ../../2configs/syncthing.nix
### shackspace ###
# handle the worlddomination map via coap
- <stockholm/krebs/2configs/shack/worlddomination.nix>
- <stockholm/krebs/2configs/shack/ssh-keys.nix>
+ ../../2configs/shack/worlddomination.nix
+ ../../2configs/shack/ssh-keys.nix
# drivedroid.shack for shackphone
- <stockholm/krebs/2configs/shack/drivedroid.nix>
- # <stockholm/krebs/2configs/shack/nix-cacher.nix>
+ ../../2configs/shack/drivedroid.nix
+ # ../../2configs/shack/nix-cacher.nix
# Say if muell will be collected
- <stockholm/krebs/2configs/shack/muell_caller.nix>
+ ../../2configs/shack/muell_caller.nix
# provide muellshack api: muell.shack
- <stockholm/krebs/2configs/shack/muellshack.nix>
+ ../../2configs/shack/muellshack.nix
# send mail if muell was not handled
- <stockholm/krebs/2configs/shack/muell_mail.nix>
+ ../../2configs/shack/muell_mail.nix
# provide light control api
- <stockholm/krebs/2configs/shack/node-light.nix> # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack
+ ../../2configs/shack/node-light.nix # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack
# light.shack web-ui
- <stockholm/krebs/2configs/shack/light.shack.nix> #light.shack
+ ../../2configs/shack/light.shack.nix #light.shack
# fetch the u300 power stats
- <stockholm/krebs/2configs/shack/power/u300-power.nix>
+ ../../2configs/shack/power/u300-power.nix
{ # do not log to /var/spool/log
@@ -64,56 +67,55 @@
}
# create samba share for anonymous usage with the laser and 3d printer pc
- <stockholm/krebs/2configs/shack/share.nix>
+ ../../2configs/shack/share.nix
# mobile.lounge.mpd.shack
- <stockholm/krebs/2configs/shack/mobile.mpd.nix>
+ ../../2configs/shack/mobile.mpd.nix
# hass.shack
- <stockholm/krebs/2configs/shack/glados>
- <stockholm/krebs/2configs/shack/esphome.nix>
+ ../../2configs/shack/glados
+ ../../2configs/shack/esphome.nix
# connect to git.shackspace.de as group runner for rz
- <stockholm/krebs/2configs/shack/gitlab-runner.nix>
+ ../../2configs/shack/gitlab-runner.nix
# Statistics collection and visualization
- # <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully)
+ # ../../2configs/shack/graphite.nix # graphiteApi is broken and unused(hopefully)
## Collect data from mqtt.shack and store in graphite database
- <stockholm/krebs/2configs/shack/mqtt_sub.nix>
+ ../../2configs/shack/mqtt_sub.nix
## Collect radioactive data and put into graphite
- <stockholm/krebs/2configs/shack/radioactive.nix>
+ ../../2configs/shack/radioactive.nix
## mqtt.shack
- <stockholm/krebs/2configs/shack/mqtt.nix>
+ ../../2configs/shack/mqtt.nix
## influx.shack
- <stockholm/krebs/2configs/shack/influx.nix>
+ ../../2configs/shack/influx.nix
## Collect local statistics via collectd and send to collectd
- # <stockholm/krebs/2configs/stats/shack-client.nix>
- # <stockholm/krebs/2configs/stats/shack-debugging.nix>
+ # ../../2configs/stats/shack-client.nix
+ # ../../2configs/stats/shack-debugging.nix
## netbox.shack: Netbox is disabled as nobody seems to be using it anyway
- # <stockholm/krebs/2configs/shack/netbox.nix>
+ # ../../2configs/shack/netbox.nix
# grafana.shack
- <stockholm/krebs/2configs/shack/grafana.nix>
+ ../../2configs/shack/grafana.nix
# shackdns.shack
# replacement for leases.shack and shackles.shack
- <stockholm/krebs/2configs/shack/shackDNS.nix>
+ ../../2configs/shack/shackDNS.nix
# monitoring: prometheus.shack
- <stockholm/krebs/2configs/shack/prometheus/node.nix>
- <stockholm/krebs/2configs/shack/prometheus/server.nix>
- <stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
- #<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
+ ../../2configs/shack/prometheus/node.nix
+ ../../2configs/shack/prometheus/server.nix
+ ../../2configs/shack/prometheus/blackbox.nix
+ #../../2configs/shack/prometheus/unifi.nix
# TODO: alertmanager 0.24+ supports telegram
- # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
+ # ../../2configs/shack/prometheus/alertmanager-telegram.nix
];
krebs.build.host = config.krebs.hosts.puyak;
krebs.hosts.puyak.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519";
- sound.enable = false;
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 6ff280f79..9f966ee01 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -73,7 +73,6 @@ in
'';
time.timeZone = "Europe/Berlin";
- sound.enable = false;
# avahi
services.avahi = {
diff --git a/krebs/2configs/buildbot/worker.nix b/krebs/2configs/buildbot/worker.nix
index e96c6df14..5526a83d3 100644
--- a/krebs/2configs/buildbot/worker.nix
+++ b/krebs/2configs/buildbot/worker.nix
@@ -1,4 +1,4 @@
-{ buildbot-nix, ... }:
+{ config, buildbot-nix, ... }:
{
imports = [
buildbot-nix.nixosModules.buildbot-worker
@@ -6,6 +6,8 @@
services.buildbot-nix.worker = {
enable = true;
+ name = config.krebs.build.host.name;
workerPasswordFile = "/var/src/secrets/nix-worker-file";
+ masterUrl = "tcp:host=gum:port=9989";
};
}
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 961b217e1..9f289fba7 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -391,12 +391,14 @@ let
};
};
- services.fcgiwrap = {
+ services.fcgiwrap.instances.cgit = {
enable = true;
- user = cfg.cgit.fcgiwrap.user.name;
- group = cfg.cgit.fcgiwrap.group.name;
- # socketAddress = "/run/fcgiwrap.sock" (default)
- # socketType = "unix" (default)
+ process.user = cfg.cgit.fcgiwrap.user.name;
+ socket.user = cfg.cgit.fcgiwrap.user.name;
+ process.group = cfg.cgit.fcgiwrap.group.name;
+ socket.group = cfg.cgit.fcgiwrap.group.name;
+ socket.address = "/run/fcgiwrap.sock";
+ # socket.type = "unix" (default)
};
environment.etc."cgitrc".text = let
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-18 03:39:44 +0000