summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix60
-rw-r--r--krebs/3modules/makefu/default.nix4
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix58
-rw-r--r--krebs/4lib/infest/finalize.sh2
-rw-r--r--krebs/4lib/infest/prepare.sh7
-rw-r--r--krebs/5pkgs/retiolum-bootstrap/default.nix29
7 files changed, 154 insertions, 7 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e2aea7057..c695589ca 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -14,6 +14,7 @@ let
./iptables.nix
./nginx.nix
./Reaktor.nix
+ ./retiolum-bootstrap.nix
./realwallpaper.nix
./retiolum.nix
./urlwatch.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 59052021b..498282b03 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -2,7 +2,35 @@
with lib;
-{
+let
+ testHosts = lib.genAttrs [
+ "test-arch"
+ "test-centos6"
+ "test-centos7"
+ ] (name: {
+ inherit name;
+ cores = 1;
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.111"];
+ addrs6 = ["42:0:0:0:0:0:0:7357"];
+ aliases = [
+ "test.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
+ mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
+ TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
+ K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
+ QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
+ VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ });
+in {
hosts = addNames {
echelon = {
cores = 4;
@@ -104,7 +132,11 @@ with lib;
uriel = {
cores = 1;
dc = "lass";
- nets = rec {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.12"];
+ aliases = ["uriel.gg23"];
+ };
retiolum = {
addrs4 = ["10.243.81.176"];
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
@@ -131,7 +163,11 @@ with lib;
mors = {
cores = 2;
dc = "lass";
- nets = rec {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.11"];
+ aliases = ["mors.gg23"];
+ };
retiolum = {
addrs4 = ["10.243.0.2"];
addrs6 = ["42:0:0:0:0:0:0:dea7"];
@@ -155,8 +191,24 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
+ schnabel-ap = {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.20"];
+ aliases = ["schnabel-ap.gg23"];
+ };
+ };
+ };
+ Reichsfunk-ap = {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.10"];
+ aliases = ["Reichsfunk-ap.gg23"];
+ };
+ };
+ };
- };
+ } // testHosts;
users = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9cf5c9aea..42764e48c 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -127,10 +127,8 @@ with lib;
"krebsco.de" = ''
IN MX 10 mx42
euer IN MX 1 aspmx.l.google.com.
- io IN NS pigstarter.krebsco.de.
pigstarter IN A ${head nets.internet.addrs4}
gold IN A ${head nets.internet.addrs4}
- tinc IN A ${head nets.internet.addrs4}
boot IN A ${head nets.internet.addrs4}'';
};
nets = {
@@ -166,7 +164,9 @@ with lib;
extraZones = {
"krebsco.de" = ''
wry IN A ${head nets.internet.addrs4}
+ io IN NS wry.krebsco.de.
graphs IN A ${head nets.internet.addrs4}
+ tinc IN A ${head nets.internet.addrs4}
'';
};
nets = rec {
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
new file mode 100644
index 000000000..eed11642f
--- /dev/null
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.krebs.retiolum-bootstrap;
+
+ out = {
+ options.krebs.retiolum-bootstrap = api;
+ config = mkIf cfg.enable imp ;
+ };
+
+ api = {
+ enable = mkEnableOption "retiolum boot strap for tinc.krebsco.de";
+ hostname = mkOption {
+ type = types.str;
+ description = "hostname which serves tinc boot";
+ default = "tinc.krebsco.de" ;
+ };
+ ssl_certificate_key = mkOption {
+ type = types.str;
+ description = "Certificate key to use for ssl";
+ default = "/root/secrets/tinc.krebsco.de.key";
+ };
+ ssl_certificate = mkOption {
+ type = types.str;
+ description = "Certificate file to use for ssl";
+ default = "/root/secrets/tinc.krebsco.de.crt" ;
+ };
+ # in use:
+ # <secrets/tinc.krebsco.de.crt>
+ # <secrets/tinc.krebsco.de.key>
+ };
+
+ imp = {
+ krebs.nginx.servers = assert config.krebs.nginx.enable; {
+ retiolum-boot-redir = {
+ server-names = singleton cfg.hostname;
+ extraConfig = ''
+ return 301 https://$server_name$request_uri;
+ '';
+ locations = [];
+ };
+ retiolum-boot-ssl = {
+ server-names = singleton cfg.hostname;
+ listen = "443 ssl";
+ extraConfig = ''
+ ssl_certificate ${cfg.ssl_certificate};
+ ssl_certificate_key ${cfg.ssl_certificate_key};
+ root ${pkgs.retiolum-bootstrap};
+ try_files $uri $uri/retiolum.sh;
+ '';
+ locations = [];
+ };
+ };
+ };
+
+in
+out
diff --git a/krebs/4lib/infest/finalize.sh b/krebs/4lib/infest/finalize.sh
index 0039960c5..94b13e0be 100644
--- a/krebs/4lib/infest/finalize.sh
+++ b/krebs/4lib/infest/finalize.sh
@@ -3,8 +3,8 @@ set -eux
{
umount /mnt/nix
umount /mnt/root
- umount /boot || :
umount /mnt/boot
+ umount /boot || :
umount /mnt
coreutils_path=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 9fbd5be86..94c9b0fb5 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -18,6 +18,13 @@ prepare() {(
esac
;;
esac
+ elif test -e /etc/centos-release; then
+ case $(cat /etc/centos-release) in
+ 'CentOS release 6.5 (Final)')
+ prepare_centos "$@"
+ exit
+ ;;
+ esac
fi
echo "$0 prepare: unknown OS" >&2
exit -1
diff --git a/krebs/5pkgs/retiolum-bootstrap/default.nix b/krebs/5pkgs/retiolum-bootstrap/default.nix
new file mode 100644
index 000000000..331b1cb7f
--- /dev/null
+++ b/krebs/5pkgs/retiolum-bootstrap/default.nix
@@ -0,0 +1,29 @@
+{ stdenv,lib,fetchurl, ... }:
+with lib;
+stdenv.mkDerivation rec {
+ name = "retiolum-bootstrap";
+ version = "4.2.3";
+
+
+ src = fetchurl {
+ url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh;
+ sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s";
+ };
+
+ phases = [
+ "installPhase"
+ ];
+
+ installPhase = ''
+ mkdir -p "$out"
+ cp -a ${src} $out/retiolum.sh
+ '';
+
+ meta = {
+ description = "Retiolum boostrap scripts";
+ url = https://github.com/krebscode/painload;
+ license = licenses.wtfpl;
+ platforms = platforms.unix;
+ maintainers = with maintainers; [ makefu ];
+ };
+}