diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/default.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/git.nix | 8 | ||||
-rw-r--r-- | krebs/3modules/nin/default.nix | 40 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 2 |
4 files changed, 48 insertions, 5 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bf09b7424..4b17c4abd 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -93,6 +93,7 @@ let { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } { krebs = import ./mv { inherit config; }; } + { krebs = import ./nin { inherit config; }; } { krebs = import ./shared { inherit config; }; } { krebs = import ./tv { inherit config; }; } { @@ -200,7 +201,7 @@ let }) // # GitHub's IPv4 address range is 192.30.252.0/22 - # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ + # Refs https://help.github.com/articles/github-s-ip-addresses/ # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) # Because line length is limited by OPENSSH_LINE_MAX (= 8192), # we split each /24 into its own entry. diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 164831846..a08dbb32c 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -339,9 +339,11 @@ let description = "Git repository hosting user"; shell = "/bin/sh"; openssh.authorizedKeys.keys = - mapAttrsToList (_: makeAuthorizedKey git-ssh-command) - (filterAttrs (_: user: isString user.pubkey) - config.krebs.users); + unique + (sort lessThan + (map (makeAuthorizedKey git-ssh-command) + (filter (user: isString user.pubkey) + (concatMap (getAttr "user") cfg.rules)))); }; }; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix new file mode 100644 index 000000000..375faf808 --- /dev/null +++ b/krebs/3modules/nin/default.nix @@ -0,0 +1,40 @@ +{ config, ... }: + +with import <stockholm/lib>; + +{ + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.nin) { + hiawatha = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.132.96"; + ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; + aliases = [ + "hiawatha.retiolum" + "hiawatha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o + Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB + iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E + UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr + lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ + yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; + }; + + }; + users = { + nin = { + mail = "nin@hiawatha.retiolum"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; + }; + }; +} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d44c322aa..1220143a7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -85,7 +85,7 @@ with import <stockholm/lib>; }; nets = { internet = { - ip4.addr = "45.62.237.203"; + ip4.addr = "64.137.177.226"; aliases = [ "cd.i" "cd.krebsco.de" |