diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/external/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/external/mic92.nix | 215 | ||||
| -rw-r--r-- | krebs/3modules/external/ssh/rtjure.pub | 1 | ||||
| -rw-r--r-- | krebs/3modules/go.nix | 48 | ||||
| -rw-r--r-- | krebs/3modules/krebs/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 58 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/realwallpaper.nix | 9 | ||||
| -rw-r--r-- | krebs/3modules/sync-containers.nix | 2 |
9 files changed, 234 insertions, 103 deletions
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index c8e360a1e..809d5a7db 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -671,6 +671,7 @@ in { pubkey = ssh-for "raute"; }; rtjure = { + pubkey = ssh-for "rtjure"; }; sokratess = { }; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 306ab34eb..15136cbce 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -152,30 +152,6 @@ in { }; }; }; - dpdkm = { - owner = config.krebs.users.mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; herbert = { owner = config.krebs.users.mic92; nets = rec { @@ -199,35 +175,6 @@ in { }; }; }; - inspector = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; eddie = { owner = config.krebs.users.mic92; nets = rec { @@ -303,6 +250,82 @@ in { }; }; }; + okelmann = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.190"; + aliases = [ + "okelmann.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxquUuiW9a304H9Ls81+2BMm4bviDUU2Zogu0F1mPp6X8TpdjYpDs + +tlakSTEPHo+aIdcV9rHpjOC3tirNbYU56D8DdoSo1Ra6XNFbxWrw7usSR9gz7L+ + kYp1Uij4gKTfg6YQkU0lkufk13if6zvb/GjoBUTS/Tx+8sZm2/JKEK8JLQaCkmMu + LAUTsHj35Q8S99TzCLAoQLo136AtvPqcwwHVwkdX+S4WqtlODxfJ7T+9KFxGg54B + 1M6btg8iL5sdTFrLIBi7oK6GuLK9izvZ4O9O9H2bStW6LodqPtw2v5WA8li+YJx7 + LBgLO4aAAA6bF9WFcYyKBh6iCX0WxB7LowIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + anindya = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.191"; + aliases = [ + "anindya.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu + +J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP + aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz + 4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK + ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1 + Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + dimitra = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.192"; + aliases = [ + "dimitra.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAtgvjWP2KIawJDk32P8Uiwz95REACx43CXUIgcBx5qg9ZQrHnJZxH + RkXLnWUmjpnEmPUfvg/b8YCyoHgzD6GQEXcWaiMXBQ/nsrSEN4mpY7tzInerzGsv + /M66WzPUWSUC9kbncLXt+2A64B23h1ki+MyMyKGIpHq21+F1b6ZHW2rkMnk3BKa4 + aJKNfadjP4V1lnPd40VBpcA3dlQfGF057GJz+2fzlfh1Bp41r/uP2NHieSAlyBws + IaVZPWbfxFyYU8JbrlYUAlLjdXFG1meo5On0K0N8tTBKfnD1nwSqTPAfM7WqOm4A + ImYB8LzjmIdXM+QUqbVFTgiY4jBDg61krwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + philipsaendig = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.193"; + aliases = [ + "philipsaendig.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAyWdCrXD0M9CIt0ZgVB6W5ozOvLDoxPmGzLBJUnAZV8f9oqfaIEIX + 5TIaxozN3QMEgS0ChaOHTNFiQZjiiwJL/wPx1eFvKfDkkn7ayrRS/pP+bKhcDpKl + 4tPejipee9T2ZhYg9tbk291CDBe1fHR5S2F8kPm8OuqwE2Fv9N8wldcsDLxHcTZl + +wp4Oe/Wn5WLvZb3SUao17vKnNBLfMMCGC01yRfhZub41NkGYVWBjErsIVxQ+/rF + Y7DdCekus+BQCKz+beEmtzG7d0Xwqwkif51HQ05CvwFNEtdUGodd8OrIO+gpIV6S + oN+Q5zxsenLo6QRfsLD+nn7A7qbzd57kUwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; martha = { owner = config.krebs.users.mic92; nets = rec { @@ -363,6 +386,80 @@ in { }; }; }; + sauron = { + owner = config.krebs.users.mic92; + nets = rec { + internet = { + ip4.addr = "129.215.165.75"; + aliases = [ "sauron.i" ]; + }; + retiolum = { + via = internet; + addrs = [ + config.krebs.hosts.sauron.nets.retiolum.ip4.addr + config.krebs.hosts.sauron.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.194"; + aliases = [ "sauron.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ + GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1 + XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E + W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf + 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG + 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + bill = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.bill.nets.retiolum.ip4.addr + config.krebs.hosts.bill.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.195"; + aliases = [ "bill.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj + CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9 + GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8 + KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t + zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE + bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + nardole = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.nardole.nets.retiolum.ip4.addr + config.krebs.hosts.nardole.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.173"; + aliases = [ "nardole.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf + qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj + 80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka + AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK + FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj + fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rock = { owner = config.krebs.users.mic92; nets = { @@ -463,12 +560,12 @@ in { ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv - 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC - pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r - NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44 - 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd - WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB + MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39 + P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o + MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg + dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h + TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K + zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB -----END RSA PUBLIC KEY----- ''; }; diff --git a/krebs/3modules/external/ssh/rtjure.pub b/krebs/3modules/external/ssh/rtjure.pub new file mode 100644 index 000000000..4c69e1836 --- /dev/null +++ b/krebs/3modules/external/ssh/rtjure.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVFTzk646b/XXTFyWoKLw92jLmqC3EwAURtSZkWPxcZv+OPd76cgLl2bKgEHZ1/n4784zqNM85q+pk1NJfaTNB2SMksM5p8yFdCKcrMci0mdIcjp53z0SxUU4EozUnuntfFPnvjMAG5i1ppungkala9svc6x4vHuinHSvGXDJW7YsF5vSbDppGvgji9HKN8iagPhT1gnOf4o5ZqgD9cwS/3cXZx+gcSNnEolhr1WKcglDGeMJKQoNLkfojgLw4ZE4DpNYN5CJ64adZOXun9DrhV2iYgkKurJ9CxJXSP9ULQKKMayDCJBE5XTWxgH6oyOAjurYQoYozI4/yKZXRgrIz97gHgXqh45/q64gNe9XbLXzhz4neOE77L1WYEE+sUYqXIlKwtFQHqYLuU09ZCkiKft9N0A2Lpcm0m7ebpSBd6PH8sF9hrAjtNACReTYritXF7b+LT5Zkxu98BgK36rcOnMkPpMm+svh+MiCCE4jm6HT+O2yikYSnc2q7W6ljjxs= rtjure@nxdc diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 4df73509c..fea25e036 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -20,61 +20,41 @@ let }; imp = { + services.redis = { + enable = true; + }; + krebs.htgen.go = { port = cfg.port; script = ''. ${pkgs.writeDash "go" '' - find_item() { - if test ''${#1} -ge 7; then - set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ - -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" - if test -n "$1" && test $(echo "$1" | wc -l) = 1; then - echo "$1" - return 0 - fi - fi - return 1 - } - - STATEDIR=$HOME - mkdir -p "$STATEDIR/items" + set -x case "$Method $Request_URI" in "GET /"*) - if item=$(find_item "''${Request_URI#/}"); then - uri=$(cat "$item") + if item=$(${pkgs.redis}/bin/redis-cli --raw get "''${Request_URI#/}"); then printf 'HTTP/1.1 302 Found\r\n' printf 'Content-Type: text/plain\r\n' printf 'Connection: closed\r\n' - printf 'Location: %s\r\n' "$uri" + printf 'Location: %s\r\n' "$item" printf '\r\n' exit fi ;; "POST /") - uri=$(mktemp -t htgen.$$.content.XXXXXXXX) - trap 'rm $uri >&2' EXIT - - head -c "$req_content_length" \ + uri=$(head -c "$req_content_length" \ | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ | xargs -0 echo -e \ | tee /tmp/tee.log \ | ${pkgs.urix}/bin/urix \ | head -1 \ - > "$uri" - sha256=$(sha256sum -b "$uri" | cut -d\ -f1) - base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") - item="$STATEDIR/items/$base32" - ref="http://$req_host/$base32" + ) - if ! test -e "$item"; then - mkdir -v -p "$STATEDIR/items" >&2 - cp -v "$uri" "$item" >&2 - fi + sha256=$(echo "$uri" | sha256sum -b | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") + base32short=$(echo "$base32" | cut -c48-52) + ${pkgs.redis}/bin/redis-cli set "$base32short" "$uri" >/dev/null - base32short=$(echo "$base32" | cut -b-7) - if item=$(find_item "$base32short"); then - ref="http://$req_host/$base32short" - fi + ref="http://$req_host/$base32short" printf 'HTTP/1.1 200 OK\r\n' printf 'Content-Type: text/plain; charset=UTF-8\r\n' diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 8c164cfe3..37b939358 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -77,6 +77,7 @@ in { "wiki.r" "wiki.hotdog.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc @@ -177,6 +178,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; + syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; wolf = { ci = true; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6978c0b4e..d29988be2 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -67,7 +67,9 @@ in { "cgit.prism.r" "paste.r" "p.r" + "search.r" ]; + tinc.port = 655; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje @@ -126,6 +128,7 @@ in { aliases = [ "uriel.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR @@ -151,6 +154,7 @@ in { aliases = [ "mors.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE @@ -184,6 +188,7 @@ in { aliases = [ "shodan.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT @@ -218,6 +223,7 @@ in { aliases = [ "icarus.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr @@ -251,6 +257,7 @@ in { aliases = [ "daedalus.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8 @@ -282,6 +289,7 @@ in { aliases = [ "skynet.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX @@ -315,6 +323,7 @@ in { aliases = [ "littleT.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF @@ -364,6 +373,7 @@ in { aliases = [ "xerxes.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U @@ -414,6 +424,7 @@ in { aliases = [ "red.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG @@ -444,6 +455,7 @@ in { aliases = [ "yellow.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP @@ -481,6 +493,7 @@ in { aliases = [ "blue.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd @@ -520,6 +533,7 @@ in { aliases = [ "green.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk @@ -574,6 +588,7 @@ in { aliases = [ "morpheus.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY @@ -611,6 +626,7 @@ in { aliases = [ "hilum.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb @@ -651,6 +667,7 @@ in { aliases = [ "styx.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn @@ -692,6 +709,7 @@ in { aliases = [ "coaxmetal.r" ]; + tinc.port = 0; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA @@ -724,6 +742,46 @@ in { syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; }; + echelon = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.3"; + ip6.addr = r6 "4"; + aliases = [ + "echelon.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxTpl0YvJWiF9cAYeAdp + 1gG18vrSeYDpmVCsZmxi2qyeWNM4JGSVPYoagyKHSDGH60xvktRh/1Zat+1hHR0A + MAjDIENn9hAICQ8lafnm2v3+xzLNoTMJTYG3eba2MlJpAH0rYP0E5xBhQj9DCSAe + UpEZWAwCKDCOmg/9h0gvs3kh0HopwjOE1IEzApgg05Yuhna96IATVdBAC7uF768V + rJZNkQRvhetGxB459C58uMdcRK3degU6HMpZIXjJk6bqkzKBMm7C3lsAfaWulfez + gavFSHC15NbHkz+fcVZNZReJhfTHP7k05xo5vYpDhszdUSjc3MtWBmk5v9zdS1pO + c+20a1eurr1EPoYBqjQL0tLBwuQc2tN5XqJKVY5LGAnojAI6ktPKPLR6qZHC4Kna + dgJ/S1BzHVxniYh3/rEzhXioneZ6oZgO+65WtsS42WAvh/53U/Q3chgI074Jssze + ev09+zU8Xj0vX/7KpRKy5Vln6RGkQbKAIt7TZL5cJALswQDzcCO4WTv1X5KoG3+D + KfTMfl9HzFsv59uHKlUqUguN5e8CLdmjgU1v2WvHBCw1PArIE8ZC0Tu2bMi5i9Vq + GHxVn9O4Et5yPocyQtE4zOfGfqwR/yNa//Zs1b6DxQ73tq7rbBQaAzq7lxW6Ndbr + 43jjLL40ONdFxX7qW/DhT9MCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "3"; + aliases = [ + "echelon.w" + ]; + wireguard.pubkey = '' + SLdk0lph2rSFU+3dyrWDU1CT/oU+HPcOVYeGVIgDpEc= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIn+o0uCBSot254kZKlNepVKFcwDPdr8s6+lQmYGM3Hd "; + }; + }; users = rec { lass = lass-yubikey; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f9fa037d3..30d90bf2b 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -187,6 +187,7 @@ in { maps.work.euer IN A ${nets.internet.ip4.addr} play.work.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} + bw.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index cfa8a65ba..86b74a8ca 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -42,15 +42,6 @@ let description = "real wallpaper generator"; after = [ "network.target" ]; - path = with pkgs; [ - xplanet - imagemagick - inkscape - curl - file - jq - ]; - environment = { working_dir = cfg.workingDir; marker_url = cfg.marker; diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index d31022d3a..fcfaf1dd0 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -93,7 +93,7 @@ in { config = mkIf (cfg.containers != {}) { programs.fuse.userAllowOther = true; # allow syncthing to enter /var/lib/containers - system.activationScripts.syncthing-home = '' + system.activationScripts.containers-enter = mkDefault '' ${pkgs.coreutils}/bin/chmod a+x /var/lib/containers ''; |