summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/default.nix3
-rw-r--r--krebs/3modules/git.nix8
-rw-r--r--krebs/3modules/nin/default.nix40
-rw-r--r--krebs/3modules/tv/default.nix2
4 files changed, 48 insertions, 5 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index bf09b7424..4b17c4abd 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -93,6 +93,7 @@ let
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
{ krebs = import ./mv { inherit config; }; }
+ { krebs = import ./nin { inherit config; }; }
{ krebs = import ./shared { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
{
@@ -200,7 +201,7 @@ let
})
//
# GitHub's IPv4 address range is 192.30.252.0/22
- # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
+ # Refs https://help.github.com/articles/github-s-ip-addresses/
# 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses)
# Because line length is limited by OPENSSH_LINE_MAX (= 8192),
# we split each /24 into its own entry.
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 164831846..a08dbb32c 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -339,9 +339,11 @@ let
description = "Git repository hosting user";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
- mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
- (filterAttrs (_: user: isString user.pubkey)
- config.krebs.users);
+ unique
+ (sort lessThan
+ (map (makeAuthorizedKey git-ssh-command)
+ (filter (user: isString user.pubkey)
+ (concatMap (getAttr "user") cfg.rules))));
};
};
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
new file mode 100644
index 000000000..375faf808
--- /dev/null
+++ b/krebs/3modules/nin/default.nix
@@ -0,0 +1,40 @@
+{ config, ... }:
+
+with import <stockholm/lib>;
+
+{
+ hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) {
+ hiawatha = {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.132.96";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
+ aliases = [
+ "hiawatha.retiolum"
+ "hiawatha.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o
+ Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB
+ iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E
+ UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr
+ lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ
+ yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
+ };
+
+ };
+ users = {
+ nin = {
+ mail = "nin@hiawatha.retiolum";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
+ };
+ };
+}
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index d44c322aa..1220143a7 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
- ip4.addr = "45.62.237.203";
+ ip4.addr = "64.137.177.226";
aliases = [
"cd.i"
"cd.krebsco.de"