diff options
Diffstat (limited to 'krebs/3modules')
20 files changed, 41 insertions, 12 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7780863a3..51c38b899 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -22,6 +22,12 @@ with import <stockholm/lib>; (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; }; }) + # Retiolum ed25519 keys + (let + pubkey-path = ./retiolum + "/${hostName}_ed25519.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.retiolum.tinc.pubkey_ed25519 = builtins.trace "using ed25519 key for host ${hostName}" (readFile pubkey-path); + }) # Wiregrill defaults (let pubkey-path = ./wiregrill + "/${hostName}.pub"; diff --git a/krebs/3modules/makefu/retiolum/cake_ed25519.pub b/krebs/3modules/makefu/retiolum/cake_ed25519.pub new file mode 100644 index 000000000..6c6bf2b33 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/cake_ed25519.pub @@ -0,0 +1 @@ +zlfSyJdG7vJmvkk1Ul3ZXUix2YduFYUMhM89nRdy8aE diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub index 2b6104468..c66f24882 100644 --- a/krebs/3modules/makefu/retiolum/crapi.pub +++ b/krebs/3modules/makefu/retiolum/crapi.pub @@ -1,4 +1,3 @@ -Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L diff --git a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub b/krebs/3modules/makefu/retiolum/crapi_ed25519.pub new file mode 100644 index 000000000..ce5a6f05a --- /dev/null +++ b/krebs/3modules/makefu/retiolum/crapi_ed25519.pub @@ -0,0 +1 @@ +Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F diff --git a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub b/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub new file mode 100644 index 000000000..ea93cfddb --- /dev/null +++ b/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub @@ -0,0 +1 @@ +2YSzoLSQN3k4HC8uozPb/nMmbrTa9eKOD2Ka9Iq8iXM diff --git a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub b/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub new file mode 100644 index 000000000..7a62ff46f --- /dev/null +++ b/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub @@ -0,0 +1 @@ +aQDHnUzOhf8zhMOB/ufTaP4rQLrizfN135PVgfTLkaC diff --git a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub b/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub new file mode 100644 index 000000000..76e6def7c --- /dev/null +++ b/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub @@ -0,0 +1 @@ +3QIlv3vsykhMlsrsHUbU/vneVbYiE6G1U7HPzK2AbRI diff --git a/krebs/3modules/makefu/retiolum/flap_ed25519.pub b/krebs/3modules/makefu/retiolum/flap_ed25519.pub new file mode 100644 index 000000000..47da38477 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/flap_ed25519.pub @@ -0,0 +1 @@ +1o7+d8jjitc1vJB1sYFY8qvbcePssD6c+sgfxqq+BXD diff --git a/krebs/3modules/makefu/retiolum/gum_ed25519.pub b/krebs/3modules/makefu/retiolum/gum_ed25519.pub new file mode 100644 index 000000000..5b6f2426e --- /dev/null +++ b/krebs/3modules/makefu/retiolum/gum_ed25519.pub @@ -0,0 +1 @@ +6M/fxVpfUCpbWvOXR9eHjt3o7sgjAEoIT/hXcDN970E diff --git a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub b/krebs/3modules/makefu/retiolum/nukular_ed25519.pub new file mode 100644 index 000000000..0cae03b83 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/nukular_ed25519.pub @@ -0,0 +1 @@ +nL4hL0aJvufqdSvTafAnc/g0wjznIwuHlEq/h/OxEsF diff --git a/krebs/3modules/makefu/retiolum/omo_ed25519.pub b/krebs/3modules/makefu/retiolum/omo_ed25519.pub new file mode 100644 index 000000000..dd11ab7dd --- /dev/null +++ b/krebs/3modules/makefu/retiolum/omo_ed25519.pub @@ -0,0 +1 @@ +SVuxrF4CQGRl3evQurw0wh44g72/0qwRACF+/n2i2rE diff --git a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub b/krebs/3modules/makefu/retiolum/sdev_ed25519.pub new file mode 100644 index 000000000..fef79aa68 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/sdev_ed25519.pub @@ -0,0 +1 @@ +OxXCkjs3OzIsMXcSVcr7dJD55iRFRjUc0eERPdU1OjO diff --git a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub b/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub new file mode 100644 index 000000000..f0968aa12 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub @@ -0,0 +1 @@ +LegGLszL9hZXoanCQnv0VxuoLviT2K/yvQGYuCsloUH diff --git a/krebs/3modules/makefu/retiolum/studio_ed25519.pub b/krebs/3modules/makefu/retiolum/studio_ed25519.pub new file mode 100644 index 000000000..13a09ad1b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/studio_ed25519.pub @@ -0,0 +1 @@ +WLUvBME38jEpXIEFniyVIjyvMw7JTNJBQb/NIXcxmzL diff --git a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub b/krebs/3modules/makefu/retiolum/tsp_ed25519.pub new file mode 100644 index 000000000..c7baf9067 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/tsp_ed25519.pub @@ -0,0 +1 @@ +gzMYJY6/6sgG4ZgYWzeDs6svTvsDIeJEAGxPbrJUFVN diff --git a/krebs/3modules/makefu/retiolum/vbob.pub b/krebs/3modules/makefu/retiolum/vbob.pub new file mode 100644 index 000000000..168437e78 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/vbob.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr +4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI +AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP +hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o +Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s +AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub b/krebs/3modules/makefu/retiolum/vbob_ed25519.pub new file mode 100644 index 000000000..5e287f36b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/vbob_ed25519.pub @@ -0,0 +1 @@ +fRPhdsYqwPuYgL2p/CmAUCVykU9GbiRfHQ8SULPQNGE diff --git a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub b/krebs/3modules/makefu/retiolum/wbob_ed25519.pub new file mode 100644 index 000000000..eeef652e2 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/wbob_ed25519.pub @@ -0,0 +1 @@ +b3uia4Sns0ljQrccLE0QxzeAB4APTiJEB98neQQosdF diff --git a/krebs/3modules/makefu/retiolum/x_ed25519.pub b/krebs/3modules/makefu/retiolum/x_ed25519.pub new file mode 100644 index 000000000..fbf63d08e --- /dev/null +++ b/krebs/3modules/makefu/retiolum/x_ed25519.pub @@ -0,0 +1 @@ +81FOjlXXS22WWZzLnL4sDCuXmvMoYkbhy0wlBlr60zM diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 294f80a3c..194e8b24a 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -5,18 +5,18 @@ default = {}; type = lib.types.attrsOf (lib.types.submodule { options = { - ifCredentialsChange = lib.mkOption { - default = "restart"; + restartIfCredentialsChange = lib.mkOption { + # Enabling this by default only makes sense here as the user already + # bothered to write down krebs.systemd.services.* = {}. If this + # functionality gets upstreamed to systemd.services, restarting + # should be disabled by default. + default = true; description = '' - Whether to reload or restart the service whenever any its - credentials change. Only credentials with an absolute path in - LoadCredential= are supported. + Whether to restart the service whenever any of its credentials + change. Only credentials with an absolute path in LoadCredential= + are supported. ''; - type = lib.types.enum [ - "reload" - "restart" - null - ]; + type = lib.types.bool; }; }; }); @@ -40,7 +40,7 @@ lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" { serviceConfig = { Type = "oneshot"; - ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart ${lib.shell.escape serviceName}"; }; } ) config.krebs.systemd.services; |