diff options
Diffstat (limited to 'krebs/3modules/lass/default.nix')
| -rw-r--r-- | krebs/3modules/lass/default.nix | 79 |
1 files changed, 57 insertions, 22 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b05e774b4..ca0c757a3 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,12 +1,6 @@ with import <stockholm/lib>; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - monitoring = true; - owner = config.krebs.users.lass; - }; - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; @@ -16,6 +10,7 @@ in { }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; + consul = true; ci = true; monitoring = true; }) { @@ -55,7 +50,6 @@ in { ''; pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO"; }; - tinc.port = 655; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -78,7 +72,7 @@ in { 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} - IN MX 5 lassul.us. + IN MX 5 mail.lassul.us. 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" @@ -97,6 +91,9 @@ in { streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + confusion 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { @@ -123,6 +120,7 @@ in { "prism.r" "cache.prism.r" "cgit.prism.r" + "bota.r" "flix.r" "jelly.r" "paste.r" @@ -131,7 +129,6 @@ in { "search.r" "radio-news.r" ]; - tinc.port = 655; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -192,7 +189,6 @@ in { aliases = [ "mors.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -229,7 +225,6 @@ in { aliases = [ "shodan.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -267,7 +262,6 @@ in { aliases = [ "icarus.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -304,7 +298,6 @@ in { aliases = [ "daedalus.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -339,7 +332,6 @@ in { aliases = [ "skynet.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -376,7 +368,6 @@ in { aliases = [ "littleT.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -422,6 +413,7 @@ in { }; xerxes = { cores = 2; + consul = false; nets = rec { retiolum = { ip4.addr = "10.243.1.3"; @@ -429,7 +421,6 @@ in { aliases = [ "xerxes.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -482,7 +473,6 @@ in { aliases = [ "yellow.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- @@ -523,7 +513,6 @@ in { aliases = [ "blue.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- @@ -566,7 +555,6 @@ in { aliases = [ "green.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- @@ -600,7 +588,53 @@ in { syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; }; + massulus = { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.0.113"; + ip6.addr = r6 "113"; + aliases = [ + "massulus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt + ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN + ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K + zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 + F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e + v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd + kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF + LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW + EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb + KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl + oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 + yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; + port = 1655; + }; + }; + wiregrill = { + ip6.addr = w6 "113"; + aliases = [ + "massulus.w" + ]; + wireguard.pubkey = '' + 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; + }; + phone = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.13"; @@ -616,6 +650,7 @@ in { syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; tablet = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.14"; @@ -630,6 +665,7 @@ in { ci = false; }; hilum = { + consul = false; cores = 1; nets = { retiolum = { @@ -638,7 +674,6 @@ in { aliases = [ "hilum.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- @@ -682,7 +717,6 @@ in { aliases = [ "styx.r" ]; - tinc.port = 654; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- @@ -727,7 +761,6 @@ in { aliases = [ "coaxmetal.r" ]; - tinc.port = 0; tinc = { pubkey = '' -----BEGIN PUBLIC KEY----- @@ -808,6 +841,7 @@ in { }; lasspi = { + consul = false; cores = 1; nets = { retiolum = { @@ -851,6 +885,7 @@ in { }; domsen-pixel = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.17"; |