diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 30 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 26 | ||||
| -rw-r--r-- | krebs/3modules/tinc.nix (renamed from krebs/3modules/retiolum.nix) | 48 |
4 files changed, 80 insertions, 26 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index daa963bc..227eb209 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -34,10 +34,10 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix - ./retiolum.nix ./rtorrent.nix ./secret.nix ./setuid.nix + ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ec5811d8..b86e0531 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "144.76.172.188"; aliases = [ - "dishfire.internet" + "dishfire.i" ]; ssh.port = 45621; }; @@ -42,7 +42,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "104.233.79.118"; aliases = [ - "echelon.internet" + "echelon.i" ]; ssh.port = 45621; }; @@ -82,9 +82,8 @@ with import <stockholm/lib>; internet = { ip4.addr = "213.239.205.240"; aliases = [ - "prism.internet" + "prism.i" "paste.i" - "paste.internet" ]; ssh.port = 45621; }; @@ -132,7 +131,7 @@ with import <stockholm/lib>; internet = { ip4.addr = "104.167.113.104"; aliases = [ - "cloudkrebs.internet" + "cloudkrebs.i" ]; ssh.port = 45621; }; @@ -302,6 +301,27 @@ with import <stockholm/lib>; iso = { cores = 1; }; + sokrateslaptop = { + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 65034498..33202d0a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,6 +26,31 @@ with import <stockholm/lib>; }; }; }; + studio = rec { + cores = 4; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio"; + nets = { + retiolum = { + ip4.addr = "10.243.227.163"; + ip6.addr = "42:e23f:ae0e:ea25:72ff:4ab8:9bd9:38a6"; + aliases = [ + "studio.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwAdSac8Oy5tPu7ejwojY5YqaNOfd7i0NToE+oaRJ1yxzmUpj8Fti + cGpcgBYhFXMVYoYfzLdkAlSYjWKAoShCq/ZEfIM67okXegXvL68zGksfXrmpdUuk + GCCy2/Ul5urvYEis9UeUpbe6tUxU0zXUWCkhMQgHeO2xQEizfIfWsUn5sYtFFoKI + jYbAcLbRtw+Islfih8G7ydPBh78WPGz6Xx79A5nmfI1VZDAToEqpqUoaqfzsTGd1 + 78GZssE3o4veTmBFvLV3Fm/ltfXpzhAIcsi89V3RjrzFM7UMD8aV153OAzhddxIu + 8x6FibmMSzBXQDFuAac2+kp9mU0F0W4G1wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + fileleech = rec { cores = 4; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -449,6 +474,7 @@ with import <stockholm/lib>; nets = rec { internet = { ip4.addr = "188.68.40.19"; + ip6.addr = "2a03:4000:17:2df::1"; aliases = [ "gum.i" ]; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/tinc.nix index 0a3d7ed2..8af15c13 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/tinc.nix @@ -17,6 +17,27 @@ let in { enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + enableLegacy = mkEnableOption "/etc/tinc/${netname}"; + + confDir = mkOption { + type = types.package; + default = pkgs.linkFarm "${netname}-etc-tinc" + (mapAttrsToList (name: path: { inherit name path; }) { + "hosts" = tinc.config.hostsPackage; + "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' + Name = ${tinc.config.host.name} + Interface = ${netname} + ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + PrivateKeyFile = ${tinc.config.privkey.path} + Port = ${toString tinc.config.host.nets.${netname}.tinc.port} + ${tinc.config.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ${tinc.config.tincUp} + ''; + }); + }; host = mkOption { type = types.host; @@ -175,29 +196,16 @@ let } ) config.krebs.tinc; + environment.etc = mapAttrs' (netname: cfg: + nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy { + source = cfg.confDir; + }) + ) config.krebs.tinc; + systemd.services = mapAttrs (netname: cfg: let tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - - confDir = let - namePathPair = name: path: { inherit name path; }; - in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair { - "hosts" = cfg.hostsPackage; - "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' - Name = ${cfg.host.name} - Interface = ${netname} - ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} - PrivateKeyFile = ${cfg.privkey.path} - Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} - ${cfg.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${iproute}/sbin/ip link set ${netname} up - ${cfg.tincUp} - ''; - } - ); in { description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; @@ -206,7 +214,7 @@ let path = [ tinc iproute ]; serviceConfig = rec { Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; SyslogIdentifier = netname; }; } |