diff options
Diffstat (limited to 'krebs/3modules')
39 files changed, 604 insertions, 832 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 9303a81fb..567c077eb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -45,10 +45,10 @@ let ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix - ./retiolum-hosts.nix ./rtorrent.nix ./secret.nix ./setuid.nix + ./syncthing.nix ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix @@ -101,6 +101,7 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } + { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 089113ac6..c9715cb85 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -16,7 +16,33 @@ with import <stockholm/lib>; tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); in { + hosts = mapAttrs hostDefaults { + catullus = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.3"; + aliases = [ "catullus.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx + CUotXuqYucYmnUbrRSIlxASVqTmAf3nDOE5EDBBcTdSwnb02JcJW4Zh7+BGgMxjF + GxDPs6ETI28mHK+6rp8TOkMnyDb5mtSGVZPvKJU9fFOt6aAX1J1BzTfwtHtVQq7K + WBzdpeKXlw4dIQ6K6SGmPIPpEh9pE1Xb+GuVljCXKxGJFbW40dmh2ZdadO7umBDu + vRk08jT9/BUnUP6KrZlvyePnG38z6srMrVU+XAHu5D2qZ9y+QIp3kw7Y5JUrNXc7 + 9q9P9TYx15GiIz2mSJKcLVmkLRebsaqdV7dBibPbfdGE+NB+F1FYPGDdW4cnonon + DzzjGm/FDfOCXEnSkYGQDBWpfd/8AWum1xGJxJCPNBJElGE2o5jDWo4Y1b9gHP0M + vARm8AOK8R1pQ7BP+pNMO0gGw2NDrtWiWpTeZ7SqXmZAZ/Gmyen9X+/fowcbTyDH + b9joIuMQeOtxbUV2JprZIdit9NBFSZq/7Re/GBUwjGBm3LabIXFNGKZovx/f9lf8 + r5tVs4SPauiKzZS0K1Gz1NSq+3OXaY5EwVrBUXptYqRT7uyhVloOPRUsqRFeB0Fn + Y5xOpDJ0UiJxgFbdH5Vb81D/VjNO9Q4nZib8wSEuLrYLHGoceQPX4+Ov9IdhIL4B + BMTCaF+VCWC5PCLr0e61KqMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; dpdkm = { owner = config.krebs.users.Mic92; nets = rec { @@ -176,32 +202,6 @@ in { }; }; }; - kruck = { - owner = config.krebs.users.palo; - nets = { - retiolum = { - ip4.addr = "10.243.29.201"; - aliases = [ - "kruck.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh - QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA - EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U - uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ - /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR - 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s - qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH - gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj - jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs - fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 - TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; qubasa = { owner = config.krebs.users.qubasa; nets = { @@ -299,6 +299,33 @@ in { }; }; }; + toastbrot = { + owner = config.krebs.users.jan; + nets = { + retiolum = { + ip4.addr = "10.243.117.12"; + aliases = [ + "toastbrot.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP + 2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc + yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj + DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3 + r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT + PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY + Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO + IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g + fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH + Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3 + uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B + 4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop @@ -411,6 +438,9 @@ in { mail = "dickbutt@excogitation.de"; pubkey = ssh-for "exco"; }; + jan = { + mail = "jan.heidbrink@posteo.de"; + }; kmein = { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; @@ -419,8 +449,6 @@ in { mail = "joerg@thalheim.io"; pubkey = ssh-for "Mic92"; }; - palo = { - }; qubasa = { mail = "luis.nixos@gmail.com"; }; diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix new file mode 100644 index 000000000..cefac0959 --- /dev/null +++ b/krebs/3modules/external/palo.nix @@ -0,0 +1,84 @@ +with import <stockholm/lib>; +{ config, ... }: let + + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum.ip6.addr = + (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill.ip6.addr = + (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); + tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); + +in { + hosts = mapAttrs hostDefaults { + pepe = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.23.1"; + tinc.port = 720; + aliases = [ "pepe.r" ]; + tinc.pubkey = tinc-for "palo"; + }; + }; + }; + kruck = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.23.3"; + tinc.port = 720; + aliases = [ "kruck.r" ]; + tinc.pubkey = tinc-for "palo"; + }; + }; + }; + schasch = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.23.2"; + tinc.port = 720; + aliases = [ "schasch.r" ]; + tinc.pubkey = tinc-for "palo"; + }; + }; + }; + workhorse = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.23.5"; + tinc.port = 720; + aliases = [ "workhorse.r" ]; + tinc.pubkey = tinc-for "palo"; + }; + }; + }; + workout = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.23.4"; + tinc.port = 720; + aliases = [ "workout.r" ]; + tinc.pubkey = tinc-for "palo"; + }; + }; + }; + }; + users = { + palo = { + }; + palo-pepe = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCe3j1dk8o7e0cFn+RepOjdeYcS0YcG0d6NnsMoq8pjqzLRuvOVN4CmsuRo4UJtWOUVv8kIWLcegks2RXbKOSTFAnvEIpPlSmL3BgvFGmUiOmPw1w93yxdVnfd9kJ6SBNuS+kFspKPvOEV9yVpjTywKZ0qKWjRd89Vz2+8aFJ/R3hyE+YqpzlzYbrucEIXbEWESqnzrx61NrWwd1ueHj0RYMDBjIJjVfIIK3W32vQ//pYJio1di0PpOPK2Ya0yugSixymuQBvzCgaedVeLdJ0k1d7d5iVb4LjCR8zg0Jnf1RLfpqRrFYwMJpwuhtIEevfNrhzqZA58QgHO6iOg50FeaD5k1rlWfoOvX2rcV5iqCC9jClIfMKzePdm+MeVorBXp+bflOhyPJG+Qrz6NTE9Ohe5A71Z0bBa96MEoW1hyrLCn0+z+Cx5kt7n2QzAAa/VPNjRDZeHbsu26MrvViEoh+FcPqx4DUIUaDRs/TNIvMGAl14E6gur68AI01a0PZJ/gnqZeOJKuyz4pKT0nIcg0EvkjXM2uEJ9m8h4IBAqTUYMZYm7iJBfpbwT6ePxFfah4q960orBUwW87CyPu/wDGmDblQ7dpkuw+skpzNgOGzerDyGAGKOsjGfYZpqsv9303S2f7884NAIK1ohgpMELytEYpY4YNi2KQYfHhgoQRJ5w== palo@pepe"; + }; + }; +} + diff --git a/krebs/3modules/external/tinc/palo.pub b/krebs/3modules/external/tinc/palo.pub new file mode 100644 index 000000000..65284d51d --- /dev/null +++ b/krebs/3modules/external/tinc/palo.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE +8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4 +oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/ +ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD +ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ +ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu +MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL +rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo +sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1 +EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH +yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index 0985bb539..7fe01a769 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -1,6 +1,5 @@ with import <stockholm/lib>; { config, ... }: let - # TODO dedup functions with ./retiolum-hosts.nix check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); in { @@ -30,6 +29,66 @@ in { map (addr: { ${addr} = aliases; }) net.addrs) (attrValues host.nets)) (attrValues config.krebs.hosts))); + + nixpkgs.config.packageOverrides = super: let + # nameValuePair name value : { "name" : name, "value" : value } + + # addr : str + # aliase : str + # hostname : str + # netname : str + + # addrAliases : nameValuePair addr [alias] + + # hostNetAliases : host -> { ${netname} : [addrAliases] } + hostNetAliases = host: + mapAttrs (_: net: filter (x: x.name != null && x.value != []) [ + { name = net.ip4.addr or null; value = net.aliases; } + { name = net.ip6.addr or null; value = net.aliases; } + ]) host.nets; + + # netAliases : { ${netname} : [addrAliases] } + netAliases = + foldl' + (result: host: + foldl' + # λ netAliases -> [addrAliases] -> netAliases + (result: { name, value }: result // { + ${name} = result.${name} or [] ++ value; + }) + result + (mapAttrsToList nameValuePair (hostNetAliases host)) + ) + {} + (attrValues config.krebs.hosts); + + # writeHosts : str -> [addrAliases] -> package + writeHosts = name: addrAliases: super.writeText name '' + ${concatMapStringsSep + "\n" + ({ name, value }: "${name} ${toString value}") + addrAliases} + ''; + in + { + # hosts file for all krebs networks + krebs-hosts = + writeHosts "krebs-hosts" (concatLists [ + netAliases.internet + netAliases.retiolum + netAliases.wiregrill + ]); + + # combined hosts file for all networks (even custom ones) + krebs-hosts_combined = + writeHosts "krebs-hosts_combined" + (concatLists (attrValues netAliases)); + } + // + genAttrs' (attrNames netAliases) (netname: rec { + name = "krebs-hosts-${netname}"; + value = writeHosts name netAliases.${netname}; + }); }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 630c14f18..7352d36e9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -204,6 +204,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; + syncthing.id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH"; }; shodan = { cores = 2; @@ -270,6 +271,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj"; + syncthing.id = "7V75LMM-MIFCAIZ-TAWR3AI-OXONVZR-TEW4GBK-URKPPN4-PQFG653-LGHPDQ4"; }; daedalus = { cores = 2; @@ -328,6 +330,7 @@ in { secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; + syncthing.id = "KWGPAHH-H53Y2WL-SDAUVQE-7PMYRVP-6Q2INYB-FL535EO-HIE7425-ZCNP7A3"; }; littleT = { cores = 2; @@ -365,10 +368,18 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wiregrill = { + ip6.addr = w6 "771e"; + aliases = [ + "littleT.w" + ]; + wireguard.pubkey = "VfSTPO1XGqLqujAGCov1yA0WxyRXJndZCW5XYkScNXg="; + }; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; + syncthing.id = "PCDXICO-GMGWKSB-V6CYF3I-LQMZSGV-B7YBJXA-DVO7KXN-TFCSQXW-XY6WNQD"; }; red = { monitoring = false; @@ -474,6 +485,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; }; phone = { nets = { @@ -487,6 +499,7 @@ in { }; external = true; ci = false; + syncthing.id = "V6D4CKT-7POOIKX-KB6UM7R-3R774RB-DSZ26FE-MSW3VTO-6AIJCIA-ZHJXKA7"; }; morpheus = { cores = 1; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e60bbee70..b38c9104f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -5,442 +5,104 @@ with import <stockholm/lib>; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ - owner = config.krebs.users.makefu; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; - }); + hostDefaults = hostName: host: foldl' recursiveUpdate {} [ + { + owner = config.krebs.users.makefu; + } + # Retiolum defaults + (let + pubkey-path = ./retiolum + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.retiolum = { + tinc.pubkey = readFile pubkey-path; + aliases = [ + "${hostName}.r" + ]; + ip6.addr = + (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; + }; + }) + # Wiregrill defaults + (let + pubkey-path = ./wiregrill + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.wiregrill = { + aliases = [ + "${hostName}.w" + ]; + ip6.addr = + (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address; + wireguard.pubkey = readFile pubkey-path; + }; + }) + # SSHD defaults + (let + pubkey-path = ./sshd + "/${hostName}.pub"; + in optionalAttrs (pathExists pubkey-path) { + ssh.pubkey = readFile pubkey-path; + # We assume that if the sshd pubkey exits then there must be a privkey in + # the screts store as well + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + }) + host + ]; pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); - + w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address; in { hosts = mapAttrs hostDefaults { cake = rec { cores = 4; ci = false; nets = { - retiolum = { - ip4.addr = "10.243.136.236"; - aliases = [ - "cake.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu - jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ - MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq - 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 - 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP - MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.136.236"; }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; }; crapi = rec { # raspi1 cores = 1; ci = false; nets = { - retiolum = { - ip4.addr = "10.243.136.237"; - aliases = [ - "crapi.r" - ]; - tinc.pubkey = '' - Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 - OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L - R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk - OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME - di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl - bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.136.237"; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi"; }; - drop = rec { - ci = false; - cores = 1; + firecracker = { + cores = 4; nets = { - retiolum = { - ip4.addr = "10.243.177.9"; - aliases = [ - "drop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1QxukdeDqI47nm7/gd5Y9dZZbJULA02ak0A2cB4lmysJjgMFAfbl - 6qpH7HCZk6s+4eI7H+UHUF177W7Z1qq3bqGLmlgdMMAzuDNz9UvNLhrthZMp3tCI - GIFD28O1bKgDAYgsF/X21CRqEvgk3vRDp9yqIVIzQDmerOrZUx62Rx9Fssl/7ooW - 0319fxcTw6GZEp7RXNzgIobnWPydakh+/I0inP0rC6It/vM5Hi2bV71QPZUyJ78C - Szh4S8TznW7yMzTQaOENeaUKfqEyN+CW2OomVdWIBOvTJVpvfAut/kg1dyUGgHlT - F8OlAoNAyxCSxqbM0fY0wtqKD7FaYY9cbQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.12.12"; }; }; + studio = rec { ci = false; cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; nets = { - retiolum = { - ip4.addr = "10.243.227.163"; - aliases = [ - "studio.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti - cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk - GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI - jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 - 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu - 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; + retiolum.ip4.addr = "10.243.227.163"; }; }; - fileleech = rec { ci = false; cores = 4; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; nets = { - retiolum = { - ip4.addr = "10.243.113.98"; - aliases = [ - "fileleech.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF - 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K - YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait - nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z - e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V - UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - latte = rec { - ci = false; - cores = 1; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; - # ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; - nets = { - internet = { - ip4.addr = "185.215.224.160"; - aliases = [ - "latte.i" - ]; - }; - retiolum = { - ip4.addr = "10.243.80.249"; - aliases = [ - "latte.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU - 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo - r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf - 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 - GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 - vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - pnp = { - ci = false; - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.210"; - aliases = [ - "pnp.r" - "cgit.pnp.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAugkgEK4iy2C5+VZHwhjj/q3IOhhazE3TYHuipz37KxHWX8ZbjH+g - Ewtm79dVysujAOX8ZqV8nD8JgDAvkIZDp8FCIK0/rgckhpTsy1HVlHxa7ECrOS8V - pGz4xOxgcPFRbv5H2coHtbnfQc4GdA5fcNedQ3BP3T2Tn7n/dbbVs30bOP5V0EMR - SqZwNmtqaDQxOvjpPg9EoHvAYTevrpbbIst9UzCyvmNli9R+SsiDrzEPgB7zOc4T - TG12MT+XQr6JUu4jPpzdhb6H/36V6ADCIkBjzWh0iSfWGiFDQFinD+YSWbA1NOTr - Qtd1I3Ov+He7uc2Z719mb0Og2kCGnCnPIwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - darth = { - ci = false; - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.0.84"; - aliases = [ - "darth.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA1pWNU+FY9XpQxw6srUb5mvGFgqSyJQAelFoufZng6EFeTnAzQOdq - qT7IWN+o3kSbQQsC2tQUnRYFoPagsgFP610D+LGwmeJlNgAf23gBI9ar1agUAvYX - yzYBj7R9OgGXHm6ECKwsxUJoGxM4L0l6mk/rTMVFnzgYPbpVJk1o6NPmiZhW8xIi - 3BfxJUSt8rEQ1OudCirvdSr9uYv/WMR5B538wg4JeQK715yKEYbYi8bqOPnTvGD8 - q5HRwXszWzCYYnqrdlmXzoCA1fT4vQdtov+63CvHT2RV7o42ruGZbHy7JIX9X3IE - u0nA8nZhZ5byhWGCpDyr6bTkvwJpltJypQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - siem = { - ip4.addr = "10.8.10.2"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "darth.siem" - ]; - tinc.pubkey = '' - Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK - -----BEGIN RSA PUBLIC KEY----- - MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW - TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb - fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS - Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21 - kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh - rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE= - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - ossim = { # vm on darth - nets = { - siem = { - ip4.addr = "10.8.10.6"; - ip4.prefix = "10.8.10.0/24"; - aliases = [ - "ossim.siem" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl - RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL - cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand - mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd - dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL - WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB - -----END RSA PUBL |