diff options
| -rw-r--r-- | flake.lock | 24 | ||||
| -rw-r--r-- | flake.nix | 2 | ||||
| -rw-r--r-- | kartei/feliks/default.nix | 24 | ||||
| -rw-r--r-- | kartei/kmein/default.nix | 7 | ||||
| -rw-r--r-- | kartei/krebs/default.nix | 31 | ||||
| -rw-r--r-- | kartei/lass/neoprism.nix | 1 | ||||
| -rw-r--r-- | kartei/lass/shodan.nix | 19 | ||||
| -rw-r--r-- | kartei/makefu/default.nix | 50 | ||||
| -rw-r--r-- | kartei/mic92/default.nix | 100 | ||||
| -rw-r--r-- | kartei/palo/default.nix | 24 | ||||
| -rw-r--r-- | krebs/1systems/filebitch/config.nix | 1 | ||||
| -rw-r--r-- | krebs/1systems/news/config.nix | 25 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 84 | ||||
| -rw-r--r-- | krebs/1systems/wolf/config.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/buildbot/worker.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/news-host.nix | 7 | ||||
| -rw-r--r-- | krebs/2configs/news.nix | 207 | ||||
| -rw-r--r-- | krebs/3modules/go.nix | 10 | ||||
| -rw-r--r-- | krebs/3modules/iptables.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/reaktor2.nix | 4 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/rss-bridge/default.nix | 33 |
21 files changed, 249 insertions, 413 deletions
diff --git a/flake.lock b/flake.lock index 85e508e47..39f3e4861 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1719326738, - "narHash": "sha256-9gEgR/teWxH1E3JUUunLrcgOpMel19nw//eK3XKU6RQ=", + "lastModified": 1727658705, + "narHash": "sha256-OEoMO7bvKyRFyoAR4DIGoWWEJ1OlWveUAICRHhWasTs=", "owner": "Mic92", "repo": "buildbot-nix", - "rev": "6e342155745f68b6d7ccc5557fa3d320b8aa3273", + "rev": "d2dd93e4d12be7a05ef7640c7375c58739263d8d", "type": "github" }, "original": { @@ -30,11 +30,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -61,11 +61,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1727802920, + "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", "type": "github" }, "original": { @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1718522839, - "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", + "lastModified": 1727431250, + "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", + "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", "type": "github" }, "original": { @@ -13,7 +13,7 @@ description = "stockholm"; - outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }@inputs: { + outputs = { self, nixpkgs, nix-writers, buildbot-nix, ... }: { nixosConfigurations = nixpkgs.lib.mapAttrs (machineName: _: nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs.stockholm = self; diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix index 9f9866c71..6ce95f587 100644 --- a/kartei/feliks/default.nix +++ b/kartei/feliks/default.nix @@ -18,6 +18,30 @@ in { mail = "feliks@flipdot.org"; }; hosts = mapAttrs hostDefaults { + ioka = { + nets = { + retiolum = { + ip4.addr = "10.243.10.242"; + aliases = [ "ioka.r" "ioka.feliks.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwmwpsohYq/KJTXvUmacsFqolf3Me2dG5NypdosJT5jIVjQMa5M6U + HWpkfOFi3v0NTiUN8OP3714N1hF7x+Lq/EVYSSxT1bB4IWSIyaVLmSjs+sycHRKK + zvOL249iOqdyFjAeGVXmLw/zYOH6uzdJpRvlgMcGT5BPL+Jx+G5KUZgeqkDDDpcy + 1j+6nCyBRn9yK0yfZ5z6LJQqLCJzZ4KE5ym6t8RqgRXWchewQP/aYxtk1dn03GEn + NSiJmjb3QtKM1ZWAMNSCJ0xdPNQtMp7Xi4EdwDcyNAmu+Tk48MSV/G4TL5PXAV1p + WYWS6KxAc/huwKW/HCGFAj7d7cTMd4XzcN7fMg6gAs4GQTVn7AYelMb6teAGZj5Y + ifHmhl5Sy2umuDBhUWAfLDZu97gmF2ZlpO48VG/ZJjKejw9gP8u3Qek3+4iO22wM + xrj1ZZEuxhEyJu1OYNr/MES6h5l+FdiVpV6JMpzOCGhiVRN4z4FzUHcUixFIgJni + zlr0h6c0fJh4mEmOSu2WwNV7xMmqWe7SAcLOnvRaAqBfAprIvy/rpcB7Ji1gFcMq + 4k/GkbKD+8/NZxujAJhyUo08JNHb0TACZiVIhbaafsEEgRQZBs9wa0u7MMzqlwXP + 1ewjfwmfEQa7yEt0BQVjYm2C017IWngXv0dU49gVDGh9MMG9EBcS4scCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "jhPsb07ilQDliw8H9lQ1JQ5Potj+//HwNSD7+OHdFvD"; + }; + }; + }; papawhakaaro = { nets = { retiolum = { diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix index c840019b5..084d796a7 100644 --- a/kartei/kmein/default.nix +++ b/kartei/kmein/default.nix @@ -34,7 +34,12 @@ in hosts = mapAttrs hostDefaults { ful = { nets.retiolum = { - aliases = [ "ful.r" ]; + aliases = [ + "brockman.r" + "ful.r" + "news.r" + "rss.r" + ]; ip4.addr = "10.243.2.107"; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index 7e3f1b542..555dadcbe 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -102,37 +102,6 @@ in { }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; - news = { - ci = true; - nets = { - retiolum = { - ip4.addr = "10.243.0.5"; - aliases = [ - "news.r" - "brockman.r" - "go.r" - "rss.r" - ]; - tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc - cgPezX8yGmA0nuTyCUPtXbWyWee9HnzYqekzJYvBHwgBDvZ8UhLZTCXD15agDfaf - cbzd4uM5bCDgqI8sezzD95tqj7mzvIEurIShDXYSWC6YRat1h1Opp86JngBJRvHZ - Gb6NAyfnr4v2eyMrmH9/j+sECxjCAaC5QLpJWyoDPilFU8dXBarmiZNYYlXQt1pn - yxZSF5pElmrdiZ6vlKlnEHwFtExm1gv63ZjAlusrXM+bKMvdVKRnhahq76A5VXjc - kbOhQi+wYGaVK4jB2a1UilmKYh1wKLE7HULoHDRrqEe4jemNZg+JOBPTU+jM/JzM - XdPy0KAMxHOUZCe8IX0LgF1snVaMF05Qkoe3QKr0YJ3KTD7UdsJpa1Br216Z/w2f - koz+cRn/Z/8TO8SIRKvy5TfXeH+ra6rp/CvwryNlNL4FB+25LFDkJtLIZGqAsz3G - vRXUiGN4l1FR4TbX7XaK2rvIlA/+4isJ02bBdnZhe7kmuuBeECyPaR1+Ui6pElXe - ZamnxTAmj86Q8pDx6Wn2cg8YAJlVV3UCfhda34DZokJmmmKucGupg/6Xt0Bhm9d5 - exNrTIDG3lXTxmg2mfiZJeg/fsnalvtN0j/VB+NmmKzie+ZohMK4nUfslq8o5CO9 - j7ZLmZzm062GzX0RenxNkwUCAwEAAQ== - -----END PUBLIC KEY----- - ''; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo "; - }; onebutton = { nets = { retiolum = { diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix index 63d608e46..73eda0762 100644 --- a/kartei/lass/neoprism.nix +++ b/kartei/lass/neoprism.nix @@ -21,6 +21,7 @@ aliases = [ "neoprism.r" "cache.neoprism.r" + "go.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/kartei/lass/shodan.nix b/kartei/lass/shodan.nix index 50ab86e6e..ef7cb5035 100644 --- a/kartei/lass/shodan.nix +++ b/kartei/lass/shodan.nix @@ -10,15 +10,20 @@ tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT - YYZgM2lBkYcDN3/LdGaFFKrQQSGiF90oXA2wFqPuIfycx+1+TENGCzF8pExwbTd7 - ROSVnISbghXYDgr3TqkjpPmnM+piFKymMDBGhxWuy1bw1AUfvRzhQwPAvtjB4VvF - 7AVN/Z9dAZ/LLmYfYq7fL8V7PzQNvR+f5DP6+Eubx0xCuyuo63bWuGgp3pqKupx4 - xsixtMQPuqMBvOUo0SBCCPa9a+6I8dSwqAmKWM5BhmNlNCRDi37mH/m96av7SIiZ - V29hwypVnmLoJEFiDzPMCdiH9wJNpHuHuQIDAQAB + MIICCgKCAgEAx362jbzjyKsPG4zAeZW1mgDWzaBoTz6JpJlN6ycsTLkrAAQrHiCs + Dz6sbE0zkQUcdFFuagqwROrQU81kx663azBAlHHsMs/vkVmbQk/ilXHHOYYbkRUS + zCfBe1JwXNPUyZ+v46IgOuvLLBfO00prcDj69sIqWdRMGAvKqYssSHuelBO3UdMl + 7r5nQ+Kc5hOqfHjf1xW7eSL3BsAA1GP/nuHkhUJN4TOKXqlywTxpcJQKI35k1gR/ + zCH53qZQ6/GHe6lHEWIjrKdzg51h7cu6UbyfpVN0zoFSY3gcFemRNKk/LI8DxVZs + DjBQCpNVzRkrbmRIS0jTpzwSIvA7O204Z4Z7Q7ocrlFP5gKKT7M+Hk18CU0DIHwp + e5shYBGLPAswmWJQJUyXRyMjS580+ymxw5DRIym2Ogu8w3ztSOxbcWunvLAn9I84 + U6/njQxdKHeuCYBqlO1YHOJ+qKvU4HsV3EYjwGvVzxL4XVg24KvQJ4M6QZvjLYfS + oysx64tLBW4hYv4dTA0vLSa9/0zreNKucJRAaHYGw9rC6FZDK3b8AZiNOCSz2tWC + I/C/sw/UgZMev66MHVuO/K6xR5hpi1tW6ONZ3ecFp4N+MS8lUOQrCQ/L6UU58Qgr + AmAP6hM3FM1TCHEOC2jpLcUIHAdLf+xdzdp2ExPZJiMAUeV310i/dlECAwEAAQ== -----END RSA PUBLIC KEY----- ''; - pubkey_ed25519 = "Ptc5VuYkRd5+zHibZwNe3DEgGHHvAk0Ul00dW1YXsrC"; + pubkey_ed25519 = "iuu6UcJpUu+72IywGkeGh/PpJJZ9UidbsdTR00JbFQL"; }; }; wiregrill = { diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 6dd59be55..2baf6ef5a 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -205,53 +205,56 @@ in { gum = rec { extraZones = { "krebsco.de" = '' - rss.euer IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} - bw.euer IN A ${nets.internet.ip4.addr} + admin.work.euer IN A ${nets.internet.ip4.addr} + api.work.euer IN A ${nets.internet.ip4.addr} + atuin.euer IN A ${nets.internet.ip4.addr} + board.euer IN A ${nets.internet.ip4.addr} bookmark.euer IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} - build.euer IN A ${nets.internet.ip4.addr} + build.euer IN A ${nets.internet.ip4.addr} + bw.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} dns.euer IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} + etherpad.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} - euer IN MX 1 aspmx.l.google.com. + feed.euer IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} - io IN NS gum.krebsco.de. iso.euer IN A ${nets.internet.ip4.addr} - feed.euer IN A ${nets.internet.ip4.addr} - board.euer IN A ${nets.internet.ip4.addr} - etherpad.euer IN A ${nets.internet.ip4.addr} - mediengewitter IN CNAME over.dose.io. + maps.work.euer IN A ${nets.internet.ip4.addr} + meet.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} + music.euer IN A ${nets.internet.ip4.addr} netdata.euer IN A ${nets.internet.ip4.addr} - nixos.unstable IN CNAME krebscode.github.io. + ntfy.euer IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + paper.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} - pigstarter IN CNAME makefu.github.io. + play.work.euer IN A ${nets.internet.ip4.addr} + push.work.euer IN A ${nets.internet.ip4.addr} + rss.euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} + ul.work.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} - - meet.euer IN A ${nets.internet.ip4.addr} work.euer IN A ${nets.internet.ip4.addr} - admin.work.euer IN A ${nets.internet.ip4.addr} - push.work.euer IN A ${nets.internet.ip4.addr} - api.work.euer IN A ${nets.internet.ip4.addr} - maps.work.euer IN A ${nets.internet.ip4.addr} - play.work.euer IN A ${nets.internet.ip4.addr} - ul.work.euer IN A ${nets.internet.ip4.addr} - music.euer IN A ${nets.internet.ip4.addr} - ntfy.euer IN A ${nets.internet.ip4.addr} - paper.euer IN A ${nets.internet.ip4.addr} + + mediengewitter IN CNAME over.dose.io. + nixos.unstable IN CNAME krebscode.github.io. + pigstarter IN CNAME makefu.github.io. + + euer IN MX 1 aspmx.l.google.com. + + io IN NS gum.krebsco.de. ''; }; nets = rec { @@ -284,6 +287,7 @@ in { "blog.makefu.r" "cache.gum.r" "cgit.gum.r" + "git.gum.r" "dcpp.gum.r" "dcpp.nextgum.r" "graph.makefu.r" diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index ef37cc760..2f010bb08 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -991,6 +991,106 @@ in { }; }; }; + + tegan = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # tegan.dos.cit.tum.de + ip4.addr = "131.159.38.2"; + ip6.addr = "2a09:80c0:38::2"; + aliases = [ "tegan.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "tegan.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0Rg6R8RZkQ8lYMegQDOy8OB6y31jfcVufBHx/QWFzzX/aaoyJDNo + QPVwn7qWnArqXvvwMYT6boPLJPmEFfxt9mwHX3lTEQKj82FT86hjG5axujIx1EAa + 5v1A5UbZiBwntQPhHP+ULaQLPhwRfU+NftCpf3NC1frP0xd4U0fzdmO86jVp9Mwr + T07IvJzaSg1tIodT8F4CYktRCC9u8uQmtOrU/8FoPcWHMFxYMLR+qB3KQ3WF4EPU + qw3vtADATjDpagFr5+E12dc//04iTJc9sQ254WcLH9kfb+i+AFJ9G8H24iM9Iyal + YuEAYPV1XOQ8SZ9PNrKcSJxvMebzOkhvmQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "7AlLnzY96NqA9I0og/RaY+HekMSUGlxoDFNy5VRzE+L"; + }; + }; + }; + + xavier = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # xavier.dos.cit.tum.de + ip4.addr = "131.159.102.27"; + ip6.addr = "2a09:80c0:102::27"; + aliases = [ "xavier.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "xavier.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA4mAnaYD/tImIFmpDVK819M8XqY5j6i85E1FuBfqkx4FFRY4qHlpT + 1ykybkPPI64y0B2Nr698vg52LQB9jclbo8sm5q8X/kkgwOM7jS9uwO2k8XnUqi3l + bV22v5xTXjqPklP71Bc5dlvjVUfX5KwkEpzrSQ+NqIPrlzs9/nIeQONVdhrEsRBk + kMaSGHzRcBBP+rbsi+GqIN4VKUKlUmP3XiDGj9yGUnTSDbMf0CoOksmle9i6s2rV + J5Kp78LhIZ5el7Gd+wMtwWQYKcHbZJwpFt4ODlefKknLeDV0uJgJpUmF0r32Hlj0 + OAkmtpaRdweKj/Va31jNvhgJidDe/qgrFwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "CkupwxlJG2SH5FkqxathLC4PSZCsrDMpOTOtvCqid3A"; + }; + }; + }; + + #vicky = { + # owner = config.krebs.users.mic92; + # nets = rec { + # internet = { + # ip4.addr = ""; + # ip6.addr = ""; + # aliases = [ "vicky.i" ]; + # }; + # retiolum = { + # via = internet; + # aliases = [ "vicky.r" ]; + # tinc.pubkey = '' + # ''; + # tinc.pubkey_ed25519 = ""; + # }; + # }; + #}; + + irene = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + # irene.dos.cit.tum.de + ip4.addr = "131.159.102.28"; + ip6.addr = "2a09:80c0:102::28"; + aliases = [ "irene.i" ]; + }; + retiolum = { + via = internet; + aliases = [ "irene.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA2P7QtdfRmrI1gDBKQJv+kAJBeNz5/bDuJfCcLJ6fkOt3MduZvLDt + qCj2LBhdXBAEcIKzrvzgR9r9mfEU38hr6JgO01xBvyEHg9YSJJ/5iGu17ZdyeS96 + 3RRpUs2WtepA3vrhSH7xgncXXC3xoercdUGs2GK3qlx9VAcAR0hy5teQmkBGJecm + C2wXwwEajOL4HAAvv7gyEp6S5ow1DHSJXxe32FQb18YnR2WHXh40RfWJnvs+zeaV + QYN4v6XNJKGC3hux1QyGQbfABUeEnNzl9bDmVICpcNPAy09VWX10UCymmWX6612L + EYXB0lt3PhcsvRcXNlV8ZZrukY8EU+UY1wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "CAyCg6zgO14v5oI4sV9dpwmjS7jy9Ttb4SiuKI5OQyN"; + }; + }; + }; + }; users = { mic92 = { diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index bdb61ec5d..6c8fb72ee 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -51,20 +51,20 @@ in aliases = [ "cream.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxqrCGJriL5L1ehBf7CrdpL6Ao/ssyj5ZoPdlTP47WtBRahQcp8e0 - xWkAACyiSW2rdvK9hBE4Z7cXHenm8obABl69Q6rLdkxIOM7GBK08cX7ZZrRAdyA1 - Bp9FQWoeHZFq4zBayp889HjPgauglguVlPiXaxh5NhqQkKX4Bkcp4f+OtBMvV0Uf - kf80J5pknliV/I85VDt0Ofyuuvot9p4GAegeaGaTgIpMrbGvqdpnB+ZiI9lFylCf - tubRvrX1TsaqrWzFu8B2XL6ZXGCY0IrJXs7P0RsG9OysCK7N9WPVrpX+zGFSCCk+ - 3UuKan9AFVOWA72Jj+glIU2i2d3D+Re8kvNmLCQ9GCM2c8Gy+r38UPN1/WTEe7az - 94ivkczOgg4tIzMCN2JuAYLtoy3JK46Bbexk3i9KgtX5acNrKilQBDKHktqr0oJ8 - Bz53kFP/X7oY+0RIPePL9OPQu8LRyFXeWeuQQUBgqDmttoWBtHEO6vicKFgwN0bl - 5J6urUJQYC7aabfYO4aDfgVSRr7cELZkbIsx6Lkj5bOrraaJ2pS5H3QGSBUFifAq - mUdKKkBsYltKe8BsqKvQEysT3cGaGlkeP5OaKHN4qG7hGvLk71YjrYlWlIswdMAp - D2UgJ5/fcDswSAnFBlLYIqQwC7vMLoqTZPkQ0AN/DxHJCuXfRoU2vhkCAwEAAQ== + MIICCgKCAgEAnzhalF1rqLdSsT6HAGuQ6x1kC9Ty3FjoKR2Y5RCO9YIyEgRE8qfR + jkne+wIIleODUDMZYuvUe9X5hm8w6wDzxlwCPitwhDlOxoSBnXfbL6YL9rZBn3lC + JFkpEPtAJYnfM64R4/UjSndHlCVuH7tltD/1tmfG6IbSsIeDVz+pWZdEmBJfCiDl + aqP2gb1oIwe9TgJX2EC2ugW+6Jh9oPNIOP2Q5eLvty5WPhUSGQDWVMr5u0Rgc1oU + hhAvrfue7MFqUwX+o0Zq93eVAu/51dhTtqwwVgZVlHK7Wkak4yTRGPAP9v9vbKeK + 7GpQuvbiI5OphhSFPjyCN1XMqVgFxqsnLsflIPbQdxCkBgFxhmNf31BDlXWHWD5e + 7BfFYc1tZFcEWKhguoCSesJvh1BVsiZzfya96lGd/+ttcKBUKX4tdznEQsV/MVhC + cVnQD6k8PN4BIWVJtcq5oM9h6Yt6avtv8TeuaLp/Janco4JmYYFIfRETnz6ye/fG + OiKJnGQ1yohSE6n8ZUK1QYdYezZfI8QhF7GHK7he9x13L9xmXoybV+REXlRvh4S2 + bi9lWTKhQVIHb/qLIdQuaAnK1xg4tdNzL43KEpPstGlAnG8uUNL8hCJL3m220RPK + lEbtLhayRzQ9zgj/hBQZa/hMGGyiqV1hiTbEEWAusJdGTUPYhjAelOkCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - tinc.pubkey_ed25519 = "lkvs1E4lCXt+Q7lvg/vU2JQyDfqseYo68Ecbb/Hg8YA"; + tinc.pubkey_ed25519 = "B3EKYRxqFjIGR2VYajjDqX0gltPJNwcno5PUhafKWKB"; }; }; }; diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix index 254306ecb..44c14674e 100644 --- a/krebs/1systems/filebitch/config.nix +++ b/krebs/1systems/filebitch/config.nix @@ -28,7 +28,6 @@ in ]; krebs.build.host = config.krebs.hosts.filebitch; - sound.enable = false; services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0" diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix deleted file mode 100644 index 290870fce..000000000 --- a/krebs/1systems/news/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ../../../krebs - ../../../krebs/2configs - - ../../../krebs/2configs/ircd.nix - ../../../krebs/2configs/go.nix - - #### NEWS #### - ../../../krebs/2configs/ircd.nix - ../../../krebs/2configs/news.nix - ]; - - krebs.build.host = config.krebs.hosts.news; - krebs.hosts.news.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; - - boot.isContainer = true; - networking.useDHCP = lib.mkForce true; - krebs.sync-containers3.inContainer = { - enable = true; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv"; - }; -} diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index d3891af82..542106d5f 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -2,51 +2,52 @@ { imports = [ ./net.nix - <stockholm/krebs> - <stockholm/krebs/2configs> - <stockholm/krebs/2configs/secret-passwords.nix> - <stockholm/krebs/2configs/hw/x220.nix> + ../../../krebs + ../../../krebs/2configs + ../../2configs/secret-passwords.nix + ../../2configs/hw/x220.nix # see documentation in included getty-for-esp.nix: # brain hosts/puyak/root - <stockholm/krebs/2configs/hw/getty-for-esp.nix> + ../../2configs/hw/getty-for-esp.nix + ../../2configs/buildbot/worker.nix ## initrd unlocking - # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' - <stockholm/krebs/2configs/tor/initrd.nix> + # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat /crypt-ramfs/passphrase' + ../../2configs/tor/initrd.nix - <stockholm/krebs/2configs/binary-cache/nixos.nix> - <stockholm/krebs/2configs/binary-cache/prism.nix> + ../../2configs/binary-cache/nixos.nix + ../../2configs/binary-cache/prism.nix ## news host - <stockholm/krebs/2configs/container-networking.nix> - <stockholm/krebs/2configs/syncthing.nix> + ../../2configs/container-networking.nix + ../../2configs/syncthing.nix ### shackspace ### # handle the worlddomination map via coap - <stockholm/krebs/2configs/shack/worlddomination.nix> - <stockholm/krebs/2configs/shack/ssh-keys.nix> + ../../2configs/shack/worlddomination.nix + ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone - <stockholm/krebs/2configs/shack/drivedroid.nix> - # <stockholm/krebs/2configs/shack/nix-cacher.nix> + ../../2configs/shack/drivedroid.nix + # ../../2configs/shack/nix-cacher.nix # Say if muell will be collected - <stockholm/krebs/2configs/shack/muell_caller.nix> + ../../2configs/shack/muell_caller.nix # provide muellshack api: muell.shack - <stockholm/krebs/2configs/shack/muellshack.nix> + ../../2configs/shack/muellshack.nix # send mail if muell was not handled - <stockholm/krebs/2configs/shack/muell_mail.nix> + ../../2configs/shack/muell_mail.nix # provide light control api - <stockholm/krebs/2configs/shack/node-light.nix> # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack + ../../2configs/shack/node-light.nix # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack # light.shack web-ui - <stockholm/krebs/2configs/shack/light.shack.nix> #light.shack + ../../2configs/shack/light.shack.nix #light.shack # fetch the u300 power stats - <stockholm/krebs/2configs/shack/power/u300-power.nix> + ../../2configs/shack/power/u300-power.nix { # do not log to /var/spool/log @@ -66,56 +67,55 @@ } # create samba share for anonymous usage with the laser and 3d printer pc - <stockholm/krebs/2configs/shack/share.nix> + ../../2configs/shack/share.nix # mobile.lounge.mpd.shack - <stockholm/krebs/2configs/shack/mobile.mpd.nix> + ../../2configs/shack/mobile.mpd.nix # hass.shack - <stockholm/krebs/2configs/shack/glados> - <stockholm/krebs/2configs/shack/esphome.nix> + ../../2configs/shack/glados + ../../2configs/shack/esphome.nix # connect to git.shackspace.de as group runner for rz - <stockholm/krebs/2configs/shack/gitlab-runner.nix> + ../../2configs/shack/gitlab-runner.nix # Statistics collection and visualization - # <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully) + # ../../2configs/shack/graphite.nix # graphiteApi is broken and unused(hopefully) ## Collect data from mqtt.shack and store in graphite database - <stockholm/krebs/2configs/shack/mqtt_sub.nix> + ../../2configs/shack/mqtt_sub.nix ## Collect radioactive data and put into graphite - <stockholm/krebs/2configs/shack/radioactive.nix> + ../../2configs/shack/radioactive.nix ## mqtt.shack - <stockholm/krebs/2configs/shack/mqtt.nix> + ../../2configs/shack/mqtt.nix ## influx.shack - <stockholm/krebs/2configs/shack/influx.nix> + ../../2configs/shack/influx.nix ## Collect local statistics via collectd and send to collectd - # <stockholm/krebs/2configs/stats/shack-client.nix> - # <stockholm/krebs/2configs/stats/shack-debugging.nix> + # ../../2configs/stats/shack-client.nix + # ../../2configs/stats/shack-debugging.nix ## netbox.shack: Netbox is disabled as nobody seems to be using it anyway - # <stockholm/krebs/2configs/shack/netbox.nix> + # ../../2configs/shack/netbox.nix # grafana.shack - <stockholm/krebs/2configs/shack/grafana.nix> + ../../2configs/shack/grafana.nix # shackdns.shack # replacement for leases.shack and shackles.shack - <stockholm/krebs/2configs/shack/shackDNS.nix> + ../../2configs/shack/shackDNS.nix # monitoring: prometheus.shack - <stockholm/krebs/2configs/shack/prometheus/node.nix> - <stockholm/krebs/2configs/shack/prometheus/server.nix> - <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> - #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> + ../../2configs/shack/prometheus/node.nix + ../../2configs/shack/prometheus/server.nix + ../../2configs/shack/prometheus/blackbox.nix + #../../2configs/shack/prometheus/unifi.nix # TODO: alertmanager 0.24+ supports telegram - # <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> + # ../../2configs/shack/prometheus/alertmanager-telegram.nix ]; krebs.build.host = config.krebs.hosts.puyak; krebs.hosts.puyak.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519"; - sound.enable = false; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6ff280f79..9f966ee01 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -73,7 +73,6 @@ in ''; time.timeZone = "Europe/Berlin"; - sound.enable = false; # avahi services.avahi = { diff --git a/krebs/2configs/buildbot/worker.nix b/krebs/2configs/buildbot/worker.nix index e96c6df14..5526a83d3 100644 --- a/krebs/2configs/buildbot/worker.nix +++ b/krebs/2configs/buildbot/worker.nix @@ -1,4 +1,4 @@ -{ buildbot-nix, ... }: +{ config, buildbot-nix, ... }: { imports = [ buildbot-nix.nixosModules.buildbot-worker @@ -6,6 +6,8 @@ services.buildbot-nix.worker = { enable = true; + name = config.krebs.build.host.name; workerPasswordFile = "/var/src/secrets/nix-worker-file"; + masterUrl = "tcp:host=gum:port=9989"; }; } diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix deleted file mode 100644 index 9b8627d61..000000000 --- a/krebs/2configs/news-host.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config,lib, ... }: -{ - nixpkgs.config.allowUnfree = true; # "consul-1.18.0" - krebs.sync-containers3.containers.news = { - sshKey = "${config.krebs.secret.directory}/news.sync.key"; - }; -} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix deleted file mode 100644 index 9d9470727..000000000 --- a/krebs/2configs/news.nix +++ /dev/null @@ -1,207 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.rss-bridge = { - enable = true; - whitelist = [ "*" ]; - }; - services.nginx.virtualHosts = { - rss-bridge = { - serverAliases = [ - "rss.r" - ]; - }; - "brockman.r" = { - serverAliases = [ - "news.r" - ]; - locations."/api".extraConfig = '' - proxy_pass http://127.0.0.1:7777/; - proxy_pass_header Server; - ''; - locations."= /graph.html".extraConfig = '' - alias ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html"; - sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w"; - }}; - ''; - locations."/".extraConfig = '' - root /var/lib/brockman; - index brockman.json; - ''; - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - ''; - }; - }; - systemd.tmpfiles.rules = [ - "d /var/lib/brockman 1750 brockman nginx -" - "d /run/irc-api 1750 brockman nginx -" - ]; - - systemd.services.brockman-graph = { - path = [ - pkgs.graphviz - pkgs.jq - pkgs.inotify-tools - ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "brockman-graph" '' - - while :; do - graphviz="$(cat /var/lib/brockman/brockman.json \ - | jq -r ' - .bots | - to_entries | - map(select(.value.extraChannels|length > 1 )) | - .[] | - "\"\(.key)\" -> {\(.value.extraChannels|map("\""+.+"\"")|join(" "))}" - ')" - echo "digraph news { $graphviz }" | circo -Tsvg > /var/lib/brockman/graph.svg - - inotifywait -q -e MODIFY /var/lib/brockman/brockman.json - done - ''; - User = "brockman"; - }; - wantedBy = [ "multi-user.target" ]; - }; - - services.ergochat.openFilesLimit = 16384; - services.ergochat.settings = { - limits.nicklen = 100; - limits.identlen = 100; - history.enabled = false; - }; - systemd.services.brockman.bindsTo = [ "ergochat.service" ]; - systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; - systemd.services.brockman.e |