summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/buildbot/master.nix10
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/lass/default.nix9
-rw-r--r--krebs/3modules/miefda/default.nix39
-rw-r--r--krebs/3modules/mv/default.nix39
-rw-r--r--krebs/3modules/repo-sync.nix135
-rw-r--r--krebs/3modules/tv/default.nix212
-rw-r--r--krebs/3modules/tv/pgp/CBF89B0B.asc51
-rw-r--r--krebs/4lib/default.nix4
-rw-r--r--krebs/4lib/types.nix23
-rw-r--r--krebs/5pkgs/Reaktor/default.nix3
-rw-r--r--krebs/5pkgs/builders.nix77
-rw-r--r--krebs/5pkgs/default.nix8
-rw-r--r--krebs/5pkgs/get/default.nix6
-rw-r--r--krebs/5pkgs/git-hooks/default.nix9
-rw-r--r--krebs/5pkgs/go/default.nix2
17 files changed, 353 insertions, 278 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index c365798f3..bd17c3765 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -2,7 +2,15 @@
with config.krebs.lib;
let
- buildbot = pkgs.buildbot;
+
+ # https://github.com/NixOS/nixpkgs/issues/14026
+ nixpkgs-fix = import (pkgs.fetchgit {
+ url = https://github.com/nixos/nixpkgs;
+ rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
+ sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632";
+ }) {};
+
+ buildbot = nixpkgs-fix.buildbot;
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c114b74df..a38d2b227 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -91,8 +91,6 @@ let
imp = lib.mkMerge [
{ krebs = import ./lass { inherit config lib; }; }
{ krebs = import ./makefu { inherit config lib; }; }
- { krebs = import ./miefda { inherit config lib; }; }
- { krebs = import ./mv { inherit config lib; }; }
{ krebs = import ./shared { inherit config lib; }; }
{ krebs = import ./tv { inherit config lib; }; }
{
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index dccc11b3f..b610ff3d1 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,4 +1,4 @@
-arg@{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
inherit (pkgs) writeText;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 760c2d69d..08e8995fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cgit.prism.r"
"cache.prism.r"
];
tinc.pubkey = ''
@@ -296,5 +297,13 @@ with config.krebs.lib;
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
+ prism-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
+ mail = "lass@prism.r";
+ };
+ mors-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
+ mail = "lass@mors.r";
+ };
};
}
diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix
deleted file mode 100644
index a03f7ff4d..000000000
--- a/krebs/3modules/miefda/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, ... }:
-
-with config.krebs.lib;
-
-{
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.miefda) {
- bobby = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.111.112";
- ip6.addr = "42:0:0:0:0:0:111:112";
- aliases = [
- "bobby.retiolum"
- "cgit.bobby.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s
- uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y
- Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny
- 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+
- jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu
- cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- #ssh.privkey.path = <secrets/ssh.ed25519>;
- #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- miefda = {
- mail = "miefda@miefda.de";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos";
- };
- };
-}
diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix
deleted file mode 100644
index 20118c61f..000000000
--- a/krebs/3modules/mv/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, ... }:
-
-with config.krebs.lib;
-
-{
- hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) {
- stro = {
- cores = 4;
- nets = {
- retiolum = {
- ip4.addr = "10.243.111.111";
- ip6.addr = "42:0:0:0:0:0:111:111";
- aliases = [
- "stro.retiolum"
- "cgit.stro.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b
- vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb
- FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg
- ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG
- oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq
- XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro";
- };
- };
- users = {
- mv-stro = {
- mail = "mv@stro.retiolum";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro";
- };
- };
-}
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index c5c806cdf..0317d1eca 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -11,38 +11,39 @@ let
api = {
enable = mkEnableOption "repo-sync";
- config = mkOption {
- type = with types;attrsOf (attrsOf (attrsOf str));
+ repos = mkOption {
+ type = with types;attrsOf (attrsOf (attrsOf (attrsOf str)));
example = literalExample ''
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
# attrset will be converted to json and be used as config
- {
+ { repo = {
makefu = {
- origin = {
- url = http://github.com/makefu/repo ;
- ref = "heads/dev" ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- ref = "heads/github-mirror-dev" ;
- };
+ origin = {
+ url = http://github.com/makefu/repo ;
+ ref = "heads/dev" ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ ref = "heads/github-mirror-dev" ;
+ };
};
lass = {
- origin = {
- url = http://github.com/lass/repo ;
- };
- mirror = {
- url = "git@internal:mirror" ;
- };
+ origin = {
+ url = http://github.com/lass/repo ;
+ };
+ mirror = {
+ url = "git@internal:mirror" ;
+ };
};
"@latest" = {
- mirror = {
- url = "git@internal:mirror";
- ref = "heads/master";
- };
+ mirror = {
+ url = "git@internal:mirror";
+ ref = "heads/master";
+ };
};
+ };
};
'';
};
@@ -56,53 +57,75 @@ let
type = types.str;
default = "/var/lib/repo-sync";
};
+
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "repo-sync";
+ home = cfg.stateDir;
+ };
+ };
+
privateKeyFile = mkOption {
- type = types.str;
- description = ''
- used by repo-sync to identify with ssh service
+ type = types.secret-file;
+ default = {
+ path = "${cfg.stateDir}/ssh.priv";
+ owner = cfg.user;
+ source-path = toString <secrets> + "/repo-sync.ssh.key";
+ };
+ };
+
+ unitConfig = mkOption {
+ type = types.attrsOf types.str;
+ description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit";
+ example = literalExample ''
+ # do not start when running on umts
+ { ConditionPathExists = "!/var/run/ppp0.pid"; }
'';
- default = toString <secrets/wolf-repo-sync.rsa_key.priv>;
+ default = {};
};
+
};
- repo-sync-config = pkgs.writeText "repo-sync-config.json"
- (builtins.toJSON cfg.config);
imp = {
- users.users.repo-sync = {
- name = "repo-sync";
- uid = genid "repo-sync";
- description = "repo-sync user";
- home = cfg.stateDir;
+ krebs.secret.files.repo-sync-key = cfg.privateKeyFile;
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
createHome = true;
+ description = "repo-sync user";
};
- systemd.timers.repo-sync = {
- description = "repo-sync timer";
- wantedBy = [ "timers.target" ];
+ systemd.timers = mapAttrs' (name: repo:
+ nameValuePair "repo-sync-${name}" {
+ description = "repo-sync timer";
+ wantedBy = [ "timers.target" ];
- timerConfig = cfg.timerConfig;
- };
- systemd.services.repo-sync = {
- description = "repo-sync";
- after = [ "network.target" ];
+ timerConfig = cfg.timerConfig;
+ }
+ ) cfg.repos;
- path = with pkgs; [ ];
+ systemd.services = mapAttrs' (name: repo:
+ let
+ repo-sync-config = pkgs.writeText "repo-sync-config-${name}.json"
+ (builtins.toJSON repo);
+ in nameValuePair "repo-sync-${name}" {
+ description = "repo-sync";
+ after = [ "network.target" "secret.service" ];
- environment = {
- GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
- };
+ environment = {
+ GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
+ REPONAME = "${name}.git";
+ };
- serviceConfig = {
- Type = "simple";
- PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
- cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
- chown repo-sync ${cfg.stateDir}/ssh.priv
- '';
- ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
- WorkingDirectory = cfg.stateDir;
- User = "repo-sync";
- };
- };
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
+ WorkingDirectory = cfg.stateDir;
+ User = "repo-sync";
+ };
+ unitConfig = cfg.unitConfig;
+ }
+ ) cfg.repos;
};
in out
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 12aa91ba8..075066961 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -7,19 +7,61 @@ with config.krebs.lib;
"viljetic.de" = "regfish";
};
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
- cd = rec {
+ caxi = {
+ cores = 2;
+ extraZones = {
+ "krebsco.de" = ''
+ caxi 60 IN A ${config.krebs.hosts.caxi.nets.internet.ip4.addr}
+ '';
+ };
+ nets = {
+ internet = {
+ ip4 = {
+ addr = "104.233.124.70";
+ prefix = "104.233.124.0/24";
+ };
+ aliases = [
+ "caxi.i"
+ "caxi.krebsco.de"
+ ];
+ ssh.port = 11423;
+ };
+ retiolum = {
+ via = config.krebs.hosts.caxi.nets.internet;
+ ip4.addr = "10.243.113.226";
+ ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af6";
+ aliases = [
+ "caxi.r"
+ "caxi.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxNh1xhvCFzjUOmBq+F6NjUdntKh/7qo7LrsXjPVn92r1hGTVHJO1
+ E+XP5dabZ/mFWySY8GvG7XlZ27wsjkvHEyb16IhOqYrnaONf9LifAWQ3qBlHtp1T
+ eZeP6wcXLhR/pOPy0pT6EABmDHbOzErjYv4pdrXHuxlM10Ljtpp3mClNeXY9eby+
+ HekEE8LY8/zWqJ90lMaxPhLh1VqEvTVTnem5e1F8HDzNvRWa0kWUYG33zPQMyKgR
+ BCvp1DR7Y2LwDmGKnhzBm4JTcP+fcs+z/eGie/CEIgFM0BFJaTBAYZOtUlhBSe0y
+ UYE2W9CJkPN2Uepf53nPnshjKC64fgTr7wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdJ4xGi+qn4IfMZJ3Kv7AGZGbhlR+GrkD87z2tcyRZy";
+ };
+ cd = {
cores = 2;
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23
- mx23 60 IN A ${nets.internet.ip4.addr}
- cd 60 IN A ${nets.internet.ip4.addr}
- cgit 60 IN A ${nets.internet.ip4.addr}
- cgit.cd 60 IN A ${nets.internet.ip4.addr}
+ mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cgit 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cgit.cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
- nets = rec {
+ nets = {
internet = {
ip4.addr = "45.62.237.203";
aliases = [
@@ -33,7 +75,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
- via = internet;
+ via = config.krebs.hosts.cd.nets.internet;
ip4.addr = "10.243.113.222";
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
aliases = [
@@ -62,49 +104,48 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
};
- mkdir = rec {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "104.167.114.142";
+ ju = {
+ nets = {
+ gg23 = {
+ ip4.addr = "10.23.1.144";
aliases = [
- "mkdir.i"
- "mkdir.internet"
+ "ju.gg23"
];
};
retiolum = {
- via = internet;
- ip4.addr = "10.243.113.223";
- ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4";
+ ip4.addr = "10.243.13.39";
+ ip6.addr = "42:0:0:0:0:0:0:1339";
aliases = [
- "mkdir.r"
- "mkdir.retiolum"
- "cgit.mkdir.r"
- "cgit.mkdir.retiolum"
+ "ju.r"
+ "ju.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
+ MIICCgKCAgEAy2xyuOJ/G7uuXz8SfL8mkeX/YwAqnty98/h4BGHwd4ENLt2cUtim
+ BUjVFIWdIMRds+4H8UtveGSeuYgRs3CpQeNuAeq20YlwoxeZgsc8mA+FP/zeN10n
+ OAaP/+BTLKAHQ3Ixq41vLrFXU4Ah53YhOw1LqxQG80Tcr4J8Yehx+mrdGhcDnp2p
+ 4QpMLtMoAn0dQ3K5muZUQzGMHamLIril8hDKkJPqBVN0DRQ2lAVcK70AcqyuFIUM
+ rWkG8gI7AT1bhZ3viIMX9wjpuA3BaitqIEyUCjWv2ZLy2HmTDGGfhEqNYdx/pXKt
+ HToZk1XPnNfopFFtOHiSh1P06VqPex6MIHpbgEf7cVlxxNUOH2qssPGbo6ulzGyo
+ YLeJZNP+1GxPLtyBBSiFApGdJBH8aMlQlz0vjFIdmJbIbUhSSi1TOtbQuB1SCvYO
+ rp9Hm9Ah0508kxLfGlmKdQ3zO3wKbmPqCjwqSGsgtHn3KZzhgr+pTwgHIKdur1VU
+ yW0vvj2ofyajgAb53cM77ScIHwbimkZ0/CbAVeM1z7OXOQ5ruXW/FVCZPe+clY2F
+ ah6UOM5FdI+AYWOhkbP1EP0DGugHs5YUgTxOMMwot1TkxD/y4CZ/ctukoWZrIHHR
+ vKpLhs9nWcnVXRP/trLtVl2okhs1vTYqgArgH6C0jbSXoNQbnZ+a860CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu";
};
- ire = rec {
+ ire = {
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
- ire 60 IN A ${nets.internet.ip4.addr}
+ ire 60 IN A ${config.krebs.hosts.ire.nets.internet.ip4.addr}
'';
};
- nets = rec {
+ nets = {
internet = {
ip4.addr = "198.147.22.115";
aliases = [
@@ -115,7 +156,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
- via = internet;
+ via = config.krebs.hosts.ire.nets.internet;
ip4.addr = "10.243.231.66";
ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c";
aliases = [
@@ -195,7 +236,7 @@ with config.krebs.lib;
};
nomic = {
cores = 2;
- nets = rec {
+ nets = {
gg23 = {
ip4.addr = "10.23.1.110";
aliases = ["nomic.gg23"];
@@ -234,41 +275,6 @@ with config.krebs.lib;
};
};
};
- rmdir = rec {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "167.88.34.182";
- aliases = [
- "rmdir.i"
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.113.224";
- ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
- aliases = [
- "rmdir.r"
- "rmdir.retiolum"
- "cgit.rmdir.r"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLuhLRmt8M5s2Edwwl9XY0KAAivzmPCEweesH5/KhR4";
- };
schnabeldrucker = {
nets = {
gg23 = {
@@ -352,53 +358,55 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
+ zu = {
+ cores = 4;
+ nets = {
+ #gg23 = {
+ # ip4.addr = "";
+ # aliases = ["zu.gg23"];
+ # ssh.port = 11423;
+ #};
+ retiolum = {
+ ip4.addr = "10.243.13.40";
+ ip6.addr = "42:0:0:0:0:0:0:1340";
+ aliases = [
+ "zu.r"
+ "zu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAti6y+Qkz80oay6H2+ANROWdH4aJS54ST8VhFxRB3WdnlDFG/9t6d
+ idU87uxW5Xmfm6nvpO0OPhG4E3+UI7KtWP71nnducpLV6gfob4f2xNGVG435CJ6u
+ BgorbneUbJEfr4Bb0xd46X2BtLqi5/vUY3M5KMGE2sMdyL2/7oujEI8zQJCse95a
+ OhDZdF2bCDEixCHahNprkQrD8t1lNYoLR2qtDZ5psIh5vgdp0WOOMGvUkCDkNjWj
+ /NKaRXPhUVRDLRFEzMZhtFtSHzaofzrhGFoU1rGZwc/XopqpiFi0D7L++TiNqKAk
+ b9cXwDAI50f8dJagPYtIupjN5bmo+QhXcQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_rsa>;
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
+ };
};
- users = rec {
+ users = {
mv = {
mail = "mv@cd.r";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
};
tv = {
mail = "tv@nomic.r";
- pgp.pubkeys.default = ''
- -----BEGIN PGP PUBLIC KEY BLOCK-----
-
- mQINBFbJ/B0BEADZx8l5gRurzhEHcc3PbBepdZqDJQZ2cGHixi8VEk9iN25qJO5y
- HB0q5sQRsh7oNCbzKp6qRhaG9kXmEda+Uu+qbHWxE32QcT76+W8npH73qthaFwC/
- 5RA8KcSE8/XFxVBnVb14PNVHyAVxPHawawbhsOeaiZcHrq5IF6sVzcsc2KN87sIE
- SthR4E01LBK4AFeFuKxga9OKFQV5WJNrihu+6H4wZwUfMpbE552N1rggxT4CouqZ
- RocSg+el/aPRj3Jk9jDe/JFv4HU7KfioOD+NO8xLAkyw3aLsu/bv9nfUvcvTGeRp
- z31UOjpNYpT3PS0+lNCUKQKUadAmhwU95V/0GdhadgxCFcS65qNO7ZZYDJqMIT2y
- YH1d9MaVPDQD9W2v0ITCJcrks9p47o+C8zzDlcVr2VEGrTSngRDkWVNYjKwd3L8w
- HuaTarqOprLzeZ6yblcLVOrW8tGTmxum0jB4Fn3enpTyJNzCfp6c0CoYp/ZziQ82
- 2jgLWuqKv3EKhX9aCUUgbeDFhnsM3GzdT5qYupX7UyWTLfiUlAEUQUgtyM7yBUNN
- PsD5OeYeRQ/xFzUO30kglbjXOOUQpm7kyX38OJA01JdOOhXNI7BTvkFZsJzBLoVM
- AdK3LvF4Rjau3HzYqL1Cr0ai1Y9jZVXP3vimcvUcI9bTRg9pMfD8LekiQQARAQAB
- tAl0diA8dHZAcj6JAj0EEwEIACcFAlbJ/B0CGwMFCQHhM4AFCwkIBwIGFQgJCgsC
- BBYCAwECHgECF4AACgkQJdgKWiyu47Xwow//ZS6Y1UcTDxHa066AQxL5UWL86Jj4
- pIw3k630384VrUlStP+OcwOSwa4igvyIUPrOhVLynkijNsutg6KAVi8BrtSZ8ZcP
- 58gnyCPCQG4Ir0cSanp/GxMxfHKdEMyfMOopTLusLBa55VPr7sYrNi7WY20aojjJ
- 05bviSrFv0+u9dEJGmCChLDv+IhHJDe4zXHbmwspGDMwlhy/E/clSZG7a1yoJjLf
- DpqRVn8KmICqMX0lvBP6fsS51pSD0n82kCpedLZmnwYEHCp+Bkx/Cla7aS33N1+n
- 5CUAR6HQvPT91LsLK/h/BKZ+SHAg4j7hANSfMFO+/0A5pby3JBo6Fck0LvrEMyog
- 6oGedzszZztO1eSJ5h0UQlowD4g0Y7wlWrR8znvdO1gBxQpGIjZXKqGRcuIPNZpu
- lgqIXw/pX6b0CWh2GsbHGE0FfIkBkgW2A2akA8cGEiKqOdp/kP4o7VGCLI5iZXZA
- ZY405gOo3ePTTRJ3zxF7YFRzjMhTlc6KtLiA9/Wps67lrOU0w/O8Dd+zYxmZoani
- lnXaqOj32/UCW76fZ+ovUzKP2lav5wf3tpJeekjV5Zs5dNpAYmrK6EuW7LvUg5lm
- 7i5yz8yuD/xU6R3o1FycogDU6H0JtdFDYTJI9gd5EzNe3UNUEzBJF1yqQFwiW6xY
- 3yFvks3C6e58YNE=
- =Sqyp
- -----END PGP PUBLIC KEY BLOCK-----
- '';
+ pgp.pubkeys.default = readFile ./pgp/CBF89B0B.asc;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
uid = 1337; # TODO use default and document what has to be done (for vv)
};
tv-nomic = {
- inherit (tv) mail;
+ inherit (config.krebs.users.tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
};
tv-xu = {
- inherit (tv) mail;
+ inherit (config.krebs.users.tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
vv = {
diff --git a/krebs/3modules/tv/pgp/CBF89B0B.asc b/krebs/3modules/tv/pgp/CBF89B0B.asc
new file mode 100644
index 000000000..e059116ae
--- /dev/null
+++ b/krebs/3modules/tv/pgp/CBF89B0B.asc
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBExit7IBEADGZ3O0lTSYchBVzY+zEgnpeFwGNvSII3yGmB23iNbJdC150gFl
+qYyrFLmuaR7gKBI96h9LH0zIT0bkeonymfJ08TgtCbjB5GAeyJJWWICLltyqYagi
+Fm0Fj/9WaxLEPP4DibFKMY0i7iAkoG9K7CKvNQuz10IP2xU1nIWx42xd+/ALEPxM
+EcB5BwFa+d2gSU5epu5J+lQ1qy1x28yoHsX30xGXgkLdLWYNtFdKqtpX7CJnCvDu
+JcKK17qHZkBBxnuhFG9DoJXR1+adsFPqkmqSTEh4P2HjkIqEPYK/i2nHtkj5oPCt
+I5kPFuvAd+mXum/25QAa2kla8pGkicTgG1JAtCe6uwcbg77b+d1YzV5WvMIEUDIU
+brSzKZCGNe5hqs4kE+yxetkWUR0jbxnfJ19AICfvQMLrz8CfiIC8ifw9QkQuvCI0
+1fs+lp0zsdOTOkuOpVOsxYRaBWoOlHGfSbwG2BRBlmOlejq3Y7QsNhdbXn8KNQaC
+dW0wz/FjXQGxWmsW+s1PlLB48Tl/sUlLkVPAwt1r+l6O5a5cWjWD9IEijtRfz1RF
+X2cI9udwMFDNZNE0yWUeZ0azZCinPnB/myTZM4o3QVinSKP+PQmBBkJLlZIRvS0N
+UME8FqtEsGWGAj9KsnujlGRnqZ5px5EA6BfIwe045XFYxvzpukb3Cg40KwARAQAB
+tClUb21pc2xhdiBWaWxqZXRpxIcgPHRvbWlzbGF2QHZpbGpldGljLmRlPokCNwQT
+AQgAIQUCTGK3sgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCV4pbny/ib
+C2v8EAC3dw38733IyqZQR11/vzR1OuTCKIQDSxHr5JxrRAHOyMPGKgEbr9Ls4BsP
+mcTM0+bXC/3bI7WNIEvOc3naMiqhX2ZfHH7dAYDAdq4mc9H9kdYINin1nqh9LyGg
+8mlrorEIFQHVzAW0/D7xLxc4oKM35h7WZWzXXvENFtEIiE0/UwIRnY0hU2ARO7Yk
+oK3V6eW0cyFxzSFDuv3bcv4eEUhgl5D7ag7VuMWtiMMnlr0owJqFNCAHjplTuoLK
+o5hHKpLSOMDTSCe17vP7kzW8BkxifA9fnoARrAdXxoCeL1/IwIn7xS+pS3t7ISb5
+9XrIRdECdnPfY4NqoYzkeX0UfVxmq5UvX065gx2Ky6kNEa34kV/EWoyARwx3cApz
+Z9SBwa8ehetIUN4jnnzCx1Jb71gaODljr5Jv7TPPKBy65XMc6j0dAmWerFJgVlI7
+bSngdM7UmICcPNoXBDURpJC3CgJxLzSv0pPD1bHV6wtEepTGEFp1gNfvxhAVSFz0
+yRy99TRgqcjLNIEnT49G8Z1K3xN03UAUDAbw9fEzqxaeE9zaAe9ru8aFZXu1gG07
+oDwrQyDT4ZnsKhzOXTNWGkoTAyqwWZzeEGZzdQJohugHKTRPYs0XXZd+9zELjn8A
+i5TX6QpPBYrFB4kwZ7zPWaI0PlQGxUFtq5yH50PiO/ICUCjQ07kCDQRMYreyARAA
+sWfy98raOfpV7pheRVKkS1YbU0u2Ha+lciflhr+o0HXoWiPwl54hiferwQ5/OQTB
+M7kxqxboadGNu4qU+NIYsQoapmsF/olVxVdm/GL7Ykfwa/gpQEIKgZrRXKgIpUNH
+mWs+NnApEDt0lx31x4Ur+wynPFhlhha7Ag/7g2pigGGuxKcC41rTUT6wHXXvuTiI
+5uL9b2yjq+3STRI2ncgYHn9q2MTegGBS14uxvbpMVp4/xnnJAJ0lhexIFe3t/tnx
+qdq3o5fHkGU3ATvug8Tyg1hOoF2c4WeaC+8Oc8n/W03oxP1LrbuDdLgE4bYcPRRd
+NmsZCrc37zc6QiBll4CqjeKo/2qzAV1JU0KBZGMTTlbB2YZ41luzhCtWn0CR0JJQ
+8Aap724Xo8LOsbERGRpBwtWsKEUa2YqAa3UlOQaiuBFGF+N2Pl/gh4F8RW4Qz1Qd
+vnGiczi69d2Nmh6GUTINIrrENbYCpU/rtBT//2WZqniH3Wj/CcugKDgZussLlzYB
+IEvGujQZtdjOjSQHXl4WeuHF2apYehVQyhPVgRcsdd2qlopr2ZsqjWCSSPuqD8kn
+HFYZ9IBgC6YwEpD+P+/P4OZ5fqS1/4AfR4XiXkPoMn/qXha8yvxhPQUATcJsUlYh
+uY6ZRHeckp6BhyfhicauOCu8d8AAtTuWzs9IB1yX1AEAEQEAAYkCHwQYAQgACQUC
+TGK3sgIbDAAKCRCV4pbny/ibC67SD/9lkPTGeG1EX4s8gOtNUbhY4RvkXN0mC7mE
+1BVG7KgqvDGMsuFvLcgRGzDlNuWC3XV74SU0P7rueCCijVv8f1PqD7LnfBaCob7C
+svR9RTrqRsyhC8Cj0G35mZ2DGpZ7xtcwX8Sd9AELyovPK1RzZcA771IINory8ZsM
+tPW2uRpOcDECl4wAuEXPjpBoFNFWifi8wnUPLvUnm0GBOhHaqXogUOiyUVJaaoJ8
+dAlSxX0/uYaLlHR5B499nEuqcY4Aa6tDQ0/Kx+qgwN7r+PqaJsnklQRUIkRwqXgx
+qvRe73w5ESD9BKyK//X5ZO0H1mbUBqGkVN9EdlcKrfCNeu6ZNkjWaGoblF0+DvfP
++xBjlwZkfh2ZVWoOhFkCADAcFkvu47Amo39rmL92K1H35YqWzflZfV8Z/DA/YhIm
+HE58C6uNFsY45pfE3zbv0IS4LXF7F4pKjH2bdqoe03hcdtHkGCCyyOaeYmvMV5e2
+UMBPBHdRl97g3fHwUmDlajcLb1+UZzbaD2xr+mVipRThD5aiq87s9ZTppMwyianY
+fWcjvTDBaA64fbrSA5rFb96kBwDVy0vlFxhi9dMDvnNe3UaVjriRsG/LUhAKLsIt
+gZMAaH20vsK+2hP6gVlYGU/wDxHYMUWNY8vEPWtay+zlWKC0I/p25du33YCKfO1G
+fkFTVQAlNA==
+=bamb
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index afff17296..296748333 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -58,6 +58,10 @@ let out = rec {
genAttrs' = names: f: listToAttrs (map f names);
+ getAttrs = names: set:
+ listToAttrs (map (name: nameValuePair name set.${name})
+ (filter (flip hasAttr set) names));
+
setAttr = name: value: set: set // { ${name} = value; };
optionalTrace = c: msg: x: if c then trace msg x else x;
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 0d5b51f76..aa7b7a9f5 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -76,7 +76,6 @@ types // rec {
default =
optional (config.ip4 != null) config.ip4.addr ++
optional (config.ip6 != null) config.ip6.addr;
- readOnly = true;
};
aliases = mkOption {
# TODO nonEmptyListOf hostname
@@ -162,11 +161,21 @@ types // rec {
secret-file = submodule ({ config, ... }: {
options = {
- path = mkOption { type = str; };
- mode = mkOption { type = file-mode; default = "0400"; };
+ name = mkOption {
+ type = filename;
+ default = config._module.args.name;
+ };
+ path = mkOption {
+ type = absolute-pathname;
+ default = "/run/keys/${config.name}";
+ };
+ mode = mkOption {
+ type = file-mode;
+ default = "0400";
+ };
owner = mkOption {
type = user;
- default = config.krebs.users.root;
+ default = users.root;
};