4 files changed, 120 insertions, 8 deletions

diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 32aa3489b..9b2ed4a71 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -29,6 +29,7 @@ in {
         PrivateTmp = true;
         RuntimeDirectory = "brockman";
         WorkingDirectory = "%t/brockman";
+        RestartSec = 5;
       };
     };
   };
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 29d0b27fa..306ab34eb 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -97,6 +97,27 @@ in {
         };
       };
     };
+    dimitriosxps = {
+      owner = config.krebs.users.mic92;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.189";
+          aliases = [
+            "dimitriosxps.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAz9aKIhzk8+ZNBQmU054yc1yTdMyaw1aqWXYyQZoCmFaBIlMvF8I0
+            dd+56cGjK8O7KkEhheDL/ijj9cCcxbqHSTktXz47ScyTaN63h13+MBUIUzDwSO4E
+            9fRUUn3lbZenhGoON7hlaHb/qAR0yLxip0Tw77bcq4hvKleD74NnAJILPoP1KRDY
+            O5vs8C8wpdJUtnlsfkAa058wDI+7GNPb0cs0/pBQVR2GUGb1xqVJ5obO/lFKOJ/e
+            DKemnlg736cEaIF6v9M+w4VmL8mNudDy6RxA6/xIErP5Ru2aK5lH5UBHVCwdLLCy
+            8y3It9Tgji3G9nOFbhaeKDjeIAJ8sG+WjQIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
     donna = {
       owner = config.krebs.users.mic92;
       nets = rec {
@@ -453,6 +474,51 @@ in {
         };
       };
     };
+
+    redha = {
+      owner = config.krebs.users.mic92;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.188";
+          aliases = [
+            "redha.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O
+            s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE
+            a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH
+            RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e
+            FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
+            mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+
+    grandalf = {
+      owner = config.krebs.users.mic92;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.29.187";
+          aliases = [
+            "grandalf.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7
+            XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC
+            qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL
+            2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI
+            jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
+            /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
+            -----END RSA PUBLIC KEY-----
+          '';
+        };
+      };
+    };
+
     eva = {
       owner = config.krebs.users.mic92;
       nets = rec {
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c5cf5cb15..6978c0b4e 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -125,7 +125,6 @@ in {
           ip6.addr = r6 "1e1";
           aliases = [
             "uriel.r"
-            "cgit.uriel.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -151,7 +150,6 @@ in {
           ip6.addr = r6 "dea7";
           aliases = [
             "mors.r"
-            "cgit.mors.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -185,7 +183,6 @@ in {
           ip6.addr = r6 "50da";
           aliases = [
             "shodan.r"
-            "cgit.shodan.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -220,7 +217,6 @@ in {
           ip6.addr = r6 "1205";
           aliases = [
             "icarus.r"
-            "cgit.icarus.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -254,7 +250,6 @@ in {
           ip6.addr = r6 "daed";
           aliases = [
             "daedalus.r"
-            "cgit.daedalus.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -286,7 +281,6 @@ in {
           ip6.addr = r6 "5ce7";
           aliases = [
             "skynet.r"
-            "cgit.skynet.r"
           ];
           tinc.pubkey = ''
             -----BEGIN RSA PUBLIC KEY-----
@@ -688,11 +682,53 @@ in {
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
       syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
     };
+
+    coaxmetal = {
+      cores = 16;
+      nets = {
+        retiolum = {
+          ip4.addr = "10.243.0.17";
+          ip6.addr = r6 "17";
+          aliases = [
+            "coaxmetal.r"
+          ];
+          tinc.pubkey = ''
+            -----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
+            xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
+            gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
+            WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
+            ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
+            G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
+            G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
+            IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
+            K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
+            7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
+            bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
+            l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
+            -----END PUBLIC KEY-----
+          '';
+        };
+        wiregrill = {
+          ip6.addr = w6 "17";
+          aliases = [
+            "coaxmetal.w"
+          ];
+          wireguard.pubkey = ''
+            lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
+      syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
+    };
+
   };
   users = rec {
-    lass = lass-blue;
+    lass = lass-yubikey;
     lass-yubikey = {
-      mail = lass.mail;
+      mail = "lass@lassul.us";
       pubkey = builtins.readFile ./ssh/yubikey.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
     };
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2cb70eec4..c8e1e0386 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -197,6 +197,15 @@ in {
           wg.euer           IN A      ${nets.internet.ip4.addr}
           wiki.euer         IN A      ${nets.internet.ip4.addr}
           wikisearch        IN A      ${nets.internet.ip4.addr}
+
+          meet.euer         IN A      ${nets.internet.ip4.addr}
+          work.euer         IN A      ${nets.internet.ip4.addr}
+          admin.work.euer   IN A      ${nets.internet.ip4.addr}
+          push.work.euer    IN A      ${nets.internet.ip4.addr}
+          api.work.euer     IN A      ${nets.internet.ip4.addr}
+          maps.work.euer    IN A      ${nets.internet.ip4.addr}
+          play.work.euer    IN A      ${nets.internet.ip4.addr}
+          ul.work.euer      IN A      ${nets.internet.ip4.addr}
         '';
       };
       cores = 8;