summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/brockman.nix30
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/exim-retiolum.nix23
-rw-r--r--krebs/3modules/external/default.nix4
-rw-r--r--krebs/3modules/external/mic92.nix34
-rw-r--r--krebs/3modules/external/ssh/shannan.pub1
-rw-r--r--krebs/3modules/lass/default.nix39
-rw-r--r--krebs/3modules/tinc.nix6
8 files changed, 135 insertions, 3 deletions
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
new file mode 100644
index 000000000..21cc14202
--- /dev/null
+++ b/krebs/3modules/brockman.nix
@@ -0,0 +1,30 @@
+{ pkgs, lib, config, ... }:
+with lib;
+let
+ cfg = config.krebs.brockman;
+in {
+ options.krebs.brockman = {
+ enable = mkEnableOption "brockman";
+ config = mkOption { type = types.attrs; }; # TODO make real config here
+ };
+
+ config = mkIf cfg.enable {
+ users.extraUsers.brockman.isNormalUser = false;
+
+ systemd.services.brockman = {
+ description = "RSS to IRC broadcaster";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = ''
+ ${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)}
+ '';
+ User = config.users.extraUsers.brockman.name;
+ PrivateTmp = true;
+ RuntimeDirectory = "brockman";
+ WorkingDirectory = "%t/brockman";
+ };
+ };
+ };
+}
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index bd6bab376..2a74adac3 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -11,6 +11,7 @@ let
./apt-cacher-ng.nix
./backup.nix
./bepasty-server.nix
+ ./brockman.nix
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index 118a8b2d5..a16661c9f 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -10,6 +10,11 @@ with import <stockholm/lib>;
(s: substring 1 (stringLength s - 2) s)
(toJSON value);
+ to-lsearch = concatMapStrings ({ from, to, ... }: "${from}: ${to}\n");
+ lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({
+ inherit (cfg) system-aliases;
+ });
+
in {
options.krebs.exim-retiolum = {
enable = mkEnableOption "krebs.exim-retiolum";
@@ -59,6 +64,19 @@ in {
};
};
};
+ system-aliases = mkOption {
+ type = types.listOf (types.submodule ({
+ options = {
+ from = mkOption {
+ type = types.str; # TODO e-mail address
+ };
+ to = mkOption {
+ type = types.str; # TODO e-mail address / TODO listOf
+ };
+ };
+ }));
+ default = [];
+ };
};
imports = [
{
@@ -145,6 +163,11 @@ in {
begin routers
+ system_aliases:
+ debug_print = "R: system_aliases for $local_part@$domain"
+ driver = redirect
+ data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}}
+
local:
driver = accept
domains = +local_domains
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index d14526703..277169e11 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -608,6 +608,10 @@ in {
mail = "joerg@thalheim.io";
pubkey = ssh-for "mic92";
};
+ shannan = {
+ mail = "shannan@lekwati.com";
+ pubkey = ssh-for "shannan";
+ };
qubasa = {
mail = "luis.nixos@gmail.com";
pubkey = ssh-for "qubasa";
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 39d738337..29d0b27fa 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -347,7 +347,10 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.29.171";
- aliases = [ "rock.r" ];
+ aliases = [
+ "rock.r"
+ "loki.r"
+ ];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0uhNk3XXVxQcIVhD1Ime
@@ -465,6 +468,7 @@ in {
aliases = [
"eva.r"
"prometheus.r"
+ "alertmanager.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
@@ -508,5 +512,33 @@ in {
};
};
};
+ bernie = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.bernie.nets.retiolum.ip4.addr
+ config.krebs.hosts.bernie.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.169";
+ aliases = [ "bernie.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApH5nG/Lwe/LiBkdL38vk1QcjOG/kf8dUqifouB56OQqe+MXASTSM
+ vhipszZqXVGgWRVrSH3WSZt0YAXTQQGEjtnAr6fSSnUek21omRGFgr47LiGJp9R8
+ OuhGPQs1sykIyl3HNSvDxj2EfWrXO73bKQPYdGIlfJWmsL69akWGlyYdEK1kloLC
+ ld5+eYICjiTtqAQ8snZQNaPIucW4cGOa0sATUP4H1jbDWtFCKE2/mR/gGo/W/opC
+ oOcJM7d5mb63blWVp9Zji/Gb64QltR50N3qvwc6W5ANHXIV97jYcNhSGqTsV0CEd
+ n0cqUqymh2e8fJdmbB4DvwqhWITn6nwuFOWoVCSFMmbiidyTm3RAH9ztZARzsQRL
+ Nj8OmeAr+plrzNH7AJpSkz30zukawCnbt+qWjqXLULH4kxJfOwzVh+KDfLzy7iLe
+ OWWrblgJZA2GHKzCC5zntNujW6Nr2AliSY2Hch2XfkLTWeNtclKIEXMkRxif5oxm
+ XpEJJ3lqdXz9/e37R/mkWVrdhpVfll2/v5c/PlnKMzky2mgkGpzegO0IiQcdJjrl
+ fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7
+ SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
}
diff --git a/krebs/3modules/external/ssh/shannan.pub b/krebs/3modules/external/ssh/shannan.pub
new file mode 100644
index 000000000..ed89d702a
--- /dev/null
+++ b/krebs/3modules/external/ssh/shannan.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBXTForyB6oNMK5bbGpALKU4lPsKRGxNLhrE/PnHHq7 shannan@bernie
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index d2a945284..3466ef8eb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -645,6 +645,45 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w";
syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC";
};
+ styx = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.11.1";
+ ip6.addr = r6 "111";
+ aliases = [
+ "styx.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
+ ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU
+ aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE
+ 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi
+ 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq
+ m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn
+ Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt
+ EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/
+ 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao
+ Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2
+ 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF
+ wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ wiregrill = {
+ ip6.addr = w6 "111";
+ aliases = [
+ "styx.w"
+ ];
+ wireguard.pubkey = ''
+ 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
+ };
};
users = rec {
lass = lass-blue;
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 0f5e1aa83..4252c8d3b 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -112,13 +112,15 @@ let
hostsArchive = mkOption {
type = types.package;
- default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} ''
+ default = pkgs.runCommand "retiolum-hosts.tar.bz2" {
+ nativeBuildInputs = [ pkgs.gnutar pkgs.coreutils ];
+ } ''
cp \
--no-preserve=mode \
--recursive \
${tinc.config.hostsPackage} \
hosts
- ${pkgs.gnutar}/bin/tar -cjf $out hosts
+ tar -cjf $out hosts
'';
readOnly = true;
};