diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/bepasty-server.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 27 | ||||
-rw-r--r-- | krebs/3modules/external/palo.nix | 23 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 41 | ||||
-rw-r--r-- | krebs/3modules/lass/pgp/yubikey.pgp | 109 | ||||
-rw-r--r-- | krebs/3modules/lass/ssh/yubikey.rsa | 1 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/power-action.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/rtorrent.nix | 24 |
10 files changed, 154 insertions, 79 deletions
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 94a509520..4892a8723 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -164,7 +164,7 @@ let client_max_body_size 32M; ''; locations = { - "/".extraConfig = "proxy_set_header Host $http_host;"; + "/".extraConfig = "proxy_set_header Host $host;"; "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock"; "/static/".extraConfig = '' alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 244de1a0d..cbf24effe 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -27,7 +27,7 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' set -efu - ${pkgs.nix}/bin/nix-build --no-out-link --quiet -Q ./ci.nix >&2 + ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2 json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" echo "$json" | ${pkgs.jq}/bin/jq -r 'to_entries[] | [.key, .value] | @tsv' \ | while read -r host builder; do diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index f12dda097..1546cac62 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -426,20 +426,19 @@ in { ip4.addr = "10.243.29.175"; aliases = [ "qubasa.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ioASTOx6Vndp316u89Z - f+9WgfyVGw9deP2pQjoHnsPjBqRrsDCQGFO/U1ILQn0AWskQpHWHRir7Q6cI90jm - 8MqqGVymVFbeYbrOLHLjp+2fle9iU9DfST4O76TQwF/3elLf3tpGFS8EB+qF3Ig7 - aVOf5TuHPWWj6VtGTuWW9I8MsPnNykyRstlWXEztIs2zQrc0cO1IGd1QVarDGqTs - KR4Zm7PvF7U193NzPLaH6jcdjF37FETLrNxAu88M+YnvXBp4oRHeJmvBloazpH0v - aSb3+vNRlViMSlf9ImpAHlFRyvYYDAWlIY0nyeNUJna1ImGloSStLtBAhFAwc65j - kmrXeK3TVAoGZQOvSbjFmI/nBgfHEOnz/9aRVHGUNoQ/nAM6UhALFEZV6sdjX6W4 - 3p670DEO5fiI3fqqErkscbv8zSEjfmxV4YGMXVMw8Ub87fGwQEF17uDLeqD0k9AB - 7umwrWP53YffauAqinma0I6RcLRVRfJ2vhyBH1mKwAAW55WU6DpBTydy46kxy/Oz - k9Cnxw7oMydUAAdnf5Axgs+dcx43lnXvGsoHi4lZycYhqtPe2YI152HAbGfmrixV - Slzh8aiinBkLYW2VzJNTRmHvB3njjeua4/guXwe00G7MIs3UDMIieJNcVxb+E07v - vF2rqhqU9b+1MQRhIPsBf4cCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA65g1Xql+S+Dd90uDpSVxzGRTL8n4DHc1p9T8u9h7ioytC9B+e2dQ + RU/y3gdJ0gXxrbth36MhTANuUonnqpHvsWwUDCQRbxLEFh8avlzLsecWvwrIt3zL + 102EaVurRySUa83D6TK8ZsDa2+ADY7tEzfFMJhT53g7MpBNIeOquB0rR6hVYBbHc + 3B+QtwdM8dx1gO/5+FsPYhJbR7ARczYHsj7Eyb8NbdzthEO0ICDgwzmcXTJfVHGR + qfT7DUolXsu7uSPMLB+Pe/leI7XcQ2VFukpVGP0fZv0mSMxavFlcFVkLgdbAEd2H + DPEBEcJpLR4Hw3HlO1kPPufaUdoeNhUmTkIp76mkCbanS1P/aFNFFcVB+a/+tpdK + z5pG8K3qANg5txp6sAatPchvkeQelIg11lvT9luc+nFsTEW6Ky5nDLo60luZVFnn + i1bdVeOojXR0u7M2gMqQZcSuscvy8APe48S8vPsqoiob1l/r77B7iNrWDwH8IutW + u8fpC64CbhlR76Orp3xTZPmJQCRT8XYpKDDoq5Z7prdlAEz3U6wEfVckVv+f1dmU + odG0zDTsmyKhkWWmZbPgPrOEUvAVoSpSLSQQxPR+UHArlgYe+2dAf8IHYqrgmhuO + D4Lga4nNwTyVbCZ8vUu5b/lnGCLpNcVj22WVQTdAJzNsCVTdIM2V5hcCAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix index 05808714c..e81dd9b58 100644 --- a/krebs/3modules/external/palo.nix +++ b/krebs/3modules/external/palo.nix @@ -28,31 +28,30 @@ in { }; }; }; - kruck = { + schasch = { owner = config.krebs.users.palo; nets = { retiolum = { - ip4.addr = "10.243.23.3"; + ip4.addr = "10.243.23.2"; tinc.port = 720; - aliases = [ - "kruck.r" - "video.kruck.r" - ]; + aliases = [ "schasch.r" ]; tinc.pubkey = tinc-for "palo"; }; }; + syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; - schasch = { + sterni = { owner = config.krebs.users.palo; nets = { retiolum = { - ip4.addr = "10.243.23.2"; + ip4.addr = "10.243.23.3"; tinc.port = 720; - aliases = [ "schasch.r" ]; + aliases = [ + "sterni.r" + ]; tinc.pubkey = tinc-for "palo"; }; }; - syncthing.id = "FLY7DHI-TJLEQBJ-JZNC4YV-NBX53Z2-ZBRWADL-BKSFXYZ-L4FMDVH-MOSEVAQ"; }; workhorse = { owner = config.krebs.users.palo; @@ -79,9 +78,7 @@ in { }; users = { palo = { - }; - palo-pepe = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCe3j1dk8o7e0cFn+RepOjdeYcS0YcG0d6NnsMoq8pjqzLRuvOVN4CmsuRo4UJtWOUVv8kIWLcegks2RXbKOSTFAnvEIpPlSmL3BgvFGmUiOmPw1w93yxdVnfd9kJ6SBNuS+kFspKPvOEV9yVpjTywKZ0qKWjRd89Vz2+8aFJ/R3hyE+YqpzlzYbrucEIXbEWESqnzrx61NrWwd1ueHj0RYMDBjIJjVfIIK3W32vQ//pYJio1di0PpOPK2Ya0yugSixymuQBvzCgaedVeLdJ0k1d7d5iVb4LjCR8zg0Jnf1RLfpqRrFYwMJpwuhtIEevfNrhzqZA58QgHO6iOg50FeaD5k1rlWfoOvX2rcV5iqCC9jClIfMKzePdm+MeVorBXp+bflOhyPJG+Qrz6NTE9Ohe5A71Z0bBa96MEoW1hyrLCn0+z+Cx5kt7n2QzAAa/VPNjRDZeHbsu26MrvViEoh+FcPqx4DUIUaDRs/TNIvMGAl14E6gur68AI01a0PZJ/gnqZeOJKuyz4pKT0nIcg0EvkjXM2uEJ9m8h4IBAqTUYMZYm7iJBfpbwT6ePxFfah4q960orBUwW87CyPu/wDGmDblQ7dpkuw+skpzNgOGzerDyGAGKOsjGfYZpqsv9303S2f7884NAIK1ohgpMELytEYpY4YNi2KQYfHhgoQRJ5w== palo@pepe"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBYNJVuyyZmc2pCkLWjhl0/hMMb7elmI81/9LAGtk8Tz4TmVderTMohwQkaTYznwPOPuKfU1sSMLCB8rYXdAO5nqWC4bGjXJ/+D8/UKfGjSqRQ7UkfpOF3NAm+pqUSFjaVXi1BWd+jxmsD0uRks0PyNSywZfgjn5LYpD3SpxyFy/17P/PJ9vX6PELjeYvNGH3l5cXDwYky3ZZJol7quBJ5yrA6I536A4wNDzg2ow+MRVu51/nIJdnbbsC/dDHgmdRWnStOzvsA+xSEMeKvLW3CaSPINr/bMGxOPrefr79bg59gkw9Wxp51fkx0o18N1liTRfWXau+GFNGMxFluELhfGXYOH9HLedLt8H38zs5vgJ9IY+tlOzMKud5njiNkuG503AiqY2H7coN7VeVA5+6L7tmwFbCMhPal4MS0VKHNBmCTDY5QMURYUajKiUh8n5IcbuTsPM+lEszm16g5iB+XQ1vpjza5ds6DRL1H6pUF/UpUzYUlqh2RnE+CyLsFO2MB/o72NoSWRfmn7/nsg6eEg/9kSn+dwj2ythjuEkMG28Yhm/XjaGnuAE/ZpIeRDozIQNGcHpzPHMd95olfNJW7+fLi+CvSFZa9l+tdS8PoRnCdHOsO4zvESJZ2rDn0Zt0Az6XNRJfYTABDlYPGCnWN4vmlnEJqQARSSiKBDhSgPw== palo@workout"; }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 78f3542fa..dc5c9ca3c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -602,42 +602,6 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; - morpheus = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.0.19"; - ip6.addr = r6 "012f"; - aliases = [ - "morpheus.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY - T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN - /Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh - S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz - Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR - bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI - Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz - sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+ - VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j - 3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA - U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - wiregrill = { - ip6.addr = w6 "012f"; - aliases = [ - "morpheus.w" - ]; - wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; - }; hilum = { cores = 1; nets = { @@ -681,6 +645,11 @@ in { }; users = rec { lass = lass-blue; + lass-yubikey = { + mail = lass.mail; + pubkey = builtins.readFile ./ssh/yubikey.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; + }; lass-blue = { mail = "lass@blue.r"; pubkey = builtins.readFile ./ssh/blue.rsa; diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp new file mode 100644 index 000000000..0c7791ce8 --- /dev/null +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -0,0 +1,109 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2iTTQBEAChyVXMTAd7NWUHV1iepW+ZjvCedpr5AQR7kT6btSYPJCjiCNEy +aCesw0OFyodQDhEZhKldBdvCnvTxKF/GtBuSKrvFhm7uxJgtT7/VS82IB57Ezmog +3AaX95D7tRHKf0I0coWKk+5Yaq2SpNyjTYmG65y93/Hf1PMt4v+oySGfEz/f+R4P +rsyIJBfpXOyVKwd7zy4Hj0mqzbsNy9aP7Fk3zMUv+M3A0D33XCd+dm/ogzQpI4vw +xlzd5my5R+b7uGwrCHZg9Egp4gbeSChgQc/5ZIcYrUncVVP6OMAjlHfdJFQEOmru +eLtuoXwSSSlU8c85O2PV/1/ClkrGGn2zT+UmKnOz1RK405MCOB35wkyboZ4efk2m +28LVoYRaoN1yTW7c3CsHpOAIXLsP91LmcHmRI59UHAkNmtlZKS95titv6Dwe3yZj +iyOE7McfxpxR0K9P3vUSr42XRYHLJFQuZDCDeReMomGzy8X9EQhUi0cH1BcfZfSD +dvcXC9IWpdWickU2wFkDkTECSyJTbC4JPpTQQtj/LAP+zya3tdobnpPn9Msj99WX +yLFkKUGWy9yxmDRYst6ErAZMY84J+dqZkm+mLQw9x1jKWIVZDNlwP+Jrz7VMqc1g +S2gg1BVl6Nts8Z7foZV6w5IYLr7g3noUm7+NhD83jKTJw8AsHU5RIaJnwwARAQAB +tB1sYXNzdWx1cyA8bGFzc3VsdXNAbGFzc3VsLnVzPokCTAQTAQoANhYhBNvNdXhG +Bps5LqlAHWZXvoqNHugHBQJdok00AhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAK +CRBmV76KjR7oB3AdD/0TaW3wUWaUhNr5B3clDrTOHL94Ztzsg/Xjr1b/KT1sygad +WAanuwGvdmFr4x+eshrTijIXmh5giBwi+QnG7+VX2hlOKuJ+j+0zR2n7i4KVwAuQ +SRcQ8TGnBCrWLl80NjnGOky5Nmq4qCzpxhtuFcWixaqlBa3GnXDfecDfBDrcD1T9 +z63gPJ2Ghovoub1UGp01A+4ZBXD4yc1ZEGmhLFA8Aih4BPdsD6cfXWsAi5Nx8FmC +KvNEg4FeMGV13ZEAF8cxaIS/xq9R2xdgYt+lImaDson/ODIoeg+k5B9ntSGs2H9N +YoFDlSiB4/a6mBkZm6BA649aL2FjbfOaIB3V07ynzkrSDeUvES9ybnyqbkvd2Slf +4us4me9zroOo2UQn1fJVWfPFRFb7aAoBIAIHNVmf1vtMYe9tQQ5o1Mcxb0sixaqO +To4fBaaz1WOtrH6NdEWD3OHUkJrFJb/2dVfvR4bHxdWxtF+WdKkbRfdRmYPVAwVf +PhasEaaTOZ5r0QghOnjF0YL0YAqvJLx/roz54mNTgavH5BzXjYd9koW0csbWghXd +p7BfBwGjfaJfPq6MK+Ifk0WH2Dr5mbSFUw1QdEx9dYZJUDuwu7np5ctd62sjZkwY +ppZlgf+gp+OVjGz+yiTAlQ3PB3wCs23qKtdypxsA7G056TNNkwMcBLN16ngLD7kC +DQRdok2SARAA/FdD3ji4pAe3C8ziLQfxq2LJX2QPmySoqr0nZWZ2XmZu58w9fVZh +SSaKpdmqXfR1qSxIw8Pz+7i5Hh2dcG6dJleAMNYYTc7sm4EUDqLtUaQSNVtXrmCE +SwWcsOPybgHwQNIBd6CTgtQON+iNe6xA/b6nLw5/4ITalkTe43Kv3yVZbvo7X8x+ +c+eIyhYx1UZjbndagH26FXB+WJ22QsNgQrPAYdltn57eQ2m8u9LBCtQl00DLUbv4 ++1SDvVAlal3Es62m0u97tKx2FOoJBehMBc+Czle5/6hS6xKgKgArdKfUcfLch7Au +FtOd2n+HpCCUskApEgH9s7pcMFmioL9V366x1sgTZoRE+qhs81255hjnK8oWQ6+E +F+D3YHPKb8b9wDLMfvwXZLPQPyNpAuDczDBrbAZ7s2CvQ4icOYJLBGzQo0bHAHTs +N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs +8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4 +bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr +s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE +cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ +EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA +CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2 +ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP +ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h +UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L +4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5 +c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz +efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv +aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S +LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D +MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE +P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl +Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z +7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj +8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa +QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc +Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d +7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL +5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont +2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut +senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw +dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE +5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML +yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS +lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am +ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd +e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF +8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T +ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/ +qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk +5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A +ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo +VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW +kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb +zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke +D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj +nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs +dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk +Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E +i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f +06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P +60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc +0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV +u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/ +MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ +z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97 +rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV +qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk +L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a +6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l +PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize +buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh +pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV +X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh +81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN +6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO +Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN +dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP +/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF +rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3 +Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+ +VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk +EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty +keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw +uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB +vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw +JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4 +gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx +z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq +=U2Jf +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/yubikey.rsa b/krebs/3modules/lass/ssh/yubikey.rsa new file mode 100644 index 000000000..349bb4aab --- /dev/null +++ b/krebs/3modules/lass/ssh/yubikey.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ== lass@yubikey diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index ab24d9096..f9e8d485c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -184,7 +184,7 @@ in { nixos.unstable IN CNAME krebscode.github.io. o.euer IN A ${nets.internet.ip4.addr} photostore IN A ${nets.internet.ip4.addr} - pigstarter IN A ${nets.internet.ip4.addr} + pigstarter IN CNAME makefu.github.io. share.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index 78f2b8ebd..71e2b541a 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -16,7 +16,7 @@ let default = "BAT0"; }; user = mkOption { - type = types.string; + type = types.str; default = "power-action"; }; startAt = mkOption { diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index 09e552010..d59569317 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -333,18 +333,18 @@ let rutorrent-imp = { services.phpfpm = { # phpfpm does not have an enable option - poolConfigs = { - rutorrent = '' - user = ${nginx-user} - group = ${nginx-group} - listen = ${fpm-socket} - listen.owner = ${nginx-user} - listen.group = ${nginx-group} - pm = dynamic - pm.max_children = 5 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 + pools.rutorrent = { + user = nginx-user; + group = nginx-group; + listen = fpm-socket; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + }; + extraConfig = '' chdir = / php_admin_value[error_log] = 'stderr' php_admin_flag[log_errors] = on |