diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/brockman.nix | 30 | ||||
-rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/exim-retiolum.nix | 23 | ||||
-rw-r--r-- | krebs/3modules/external/default.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/external/mic92.nix | 34 | ||||
-rw-r--r-- | krebs/3modules/external/ssh/shannan.pub | 1 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 39 | ||||
-rw-r--r-- | krebs/3modules/tinc.nix | 6 |
8 files changed, 135 insertions, 3 deletions
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix new file mode 100644 index 000000000..21cc14202 --- /dev/null +++ b/krebs/3modules/brockman.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.krebs.brockman; +in { + options.krebs.brockman = { + enable = mkEnableOption "brockman"; + config = mkOption { type = types.attrs; }; # TODO make real config here + }; + + config = mkIf cfg.enable { + users.extraUsers.brockman.isNormalUser = false; + + systemd.services.brockman = { + description = "RSS to IRC broadcaster"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + Restart = "always"; + ExecStart = '' + ${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)} + ''; + User = config.users.extraUsers.brockman.name; + PrivateTmp = true; + RuntimeDirectory = "brockman"; + WorkingDirectory = "%t/brockman"; + }; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bd6bab376..2a74adac3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -11,6 +11,7 @@ let ./apt-cacher-ng.nix ./backup.nix ./bepasty-server.nix + ./brockman.nix ./buildbot/master.nix ./buildbot/slave.nix ./build.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 118a8b2d5..a16661c9f 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -10,6 +10,11 @@ with import <stockholm/lib>; (s: substring 1 (stringLength s - 2) s) (toJSON value); + to-lsearch = concatMapStrings ({ from, to, ... }: "${from}: ${to}\n"); + lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({ + inherit (cfg) system-aliases; + }); + in { options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; @@ -59,6 +64,19 @@ in { }; }; }; + system-aliases = mkOption { + type = types.listOf (types.submodule ({ + options = { + from = mkOption { + type = types.str; # TODO e-mail address + }; + to = mkOption { + type = types.str; # TODO e-mail address / TODO listOf + }; + }; + })); + default = []; + }; }; imports = [ { @@ -145,6 +163,11 @@ in { begin routers + system_aliases: + debug_print = "R: system_aliases for $local_part@$domain" + driver = redirect + data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}} + local: driver = accept domains = +local_domains diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index d14526703..277169e11 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -608,6 +608,10 @@ in { mail = "joerg@thalheim.io"; pubkey = ssh-for "mic92"; }; + shannan = { + mail = "shannan@lekwati.com"; + pubkey = ssh-for "shannan"; + }; qubasa = { mail = "luis.nixos@gmail.com"; pubkey = ssh-for "qubasa"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 39d738337..29d0b27fa 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -347,7 +347,10 @@ in { nets = { retiolum = { ip4.addr = "10.243.29.171"; - aliases = [ "rock.r" ]; + aliases = [ + "rock.r" + "loki.r" + ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0uhNk3XXVxQcIVhD1Ime @@ -465,6 +468,7 @@ in { aliases = [ "eva.r" "prometheus.r" + "alertmanager.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -508,5 +512,33 @@ in { }; }; }; + bernie = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.bernie.nets.retiolum.ip4.addr + config.krebs.hosts.bernie.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.169"; + aliases = [ "bernie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApH5nG/Lwe/LiBkdL38vk1QcjOG/kf8dUqifouB56OQqe+MXASTSM + vhipszZqXVGgWRVrSH3WSZt0YAXTQQGEjtnAr6fSSnUek21omRGFgr47LiGJp9R8 + OuhGPQs1sykIyl3HNSvDxj2EfWrXO73bKQPYdGIlfJWmsL69akWGlyYdEK1kloLC + ld5+eYICjiTtqAQ8snZQNaPIucW4cGOa0sATUP4H1jbDWtFCKE2/mR/gGo/W/opC + oOcJM7d5mb63blWVp9Zji/Gb64QltR50N3qvwc6W5ANHXIV97jYcNhSGqTsV0CEd + n0cqUqymh2e8fJdmbB4DvwqhWITn6nwuFOWoVCSFMmbiidyTm3RAH9ztZARzsQRL + Nj8OmeAr+plrzNH7AJpSkz30zukawCnbt+qWjqXLULH4kxJfOwzVh+KDfLzy7iLe + OWWrblgJZA2GHKzCC5zntNujW6Nr2AliSY2Hch2XfkLTWeNtclKIEXMkRxif5oxm + XpEJJ3lqdXz9/e37R/mkWVrdhpVfll2/v5c/PlnKMzky2mgkGpzegO0IiQcdJjrl + fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7 + SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; } diff --git a/krebs/3modules/external/ssh/shannan.pub b/krebs/3modules/external/ssh/shannan.pub new file mode 100644 index 000000000..ed89d702a --- /dev/null +++ b/krebs/3modules/external/ssh/shannan.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBXTForyB6oNMK5bbGpALKU4lPsKRGxNLhrE/PnHHq7 shannan@bernie diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d2a945284..3466ef8eb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -645,6 +645,45 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; }; + styx = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.11.1"; + ip6.addr = r6 "111"; + aliases = [ + "styx.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn + ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU + aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE + 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi + 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq + m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn + Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt + EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/ + 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao + Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2 + 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF + wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "111"; + aliases = [ + "styx.w" + ]; + wireguard.pubkey = '' + 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; + }; }; users = rec { lass = lass-blue; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 0f5e1aa83..4252c8d3b 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -112,13 +112,15 @@ let hostsArchive = mkOption { type = types.package; - default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' + default = pkgs.runCommand "retiolum-hosts.tar.bz2" { + nativeBuildInputs = [ pkgs.gnutar pkgs.coreutils ]; + } '' cp \ --no-preserve=mode \ --recursive \ ${tinc.config.hostsPackage} \ hosts - ${pkgs.gnutar}/bin/tar -cjf $out hosts + tar -cjf $out hosts ''; readOnly = true; }; |