summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/ponte/config.nix11
-rw-r--r--krebs/1systems/ponte/hw.nix14
-rw-r--r--krebs/2configs/container-networking.nix2
-rw-r--r--krebs/2configs/matterbridge.nix40
-rw-r--r--krebs/2configs/mud.nix2
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/2configs/security-workarounds.nix2
-rw-r--r--krebs/3modules/acl.nix19
-rw-r--r--krebs/3modules/external/default.nix46
-rw-r--r--krebs/3modules/external/gpg/kmein.gpg30
-rw-r--r--krebs/3modules/external/kmein.nix44
-rw-r--r--krebs/3modules/external/mic92.nix198
-rw-r--r--krebs/3modules/iptables.nix4
-rw-r--r--krebs/3modules/krebs/default.nix41
-rw-r--r--krebs/3modules/lass/default.nix3
-rw-r--r--krebs/3modules/lass/pgp/blue.pgp51
-rw-r--r--krebs/3modules/lass/pgp/green.pgp40
-rw-r--r--krebs/3modules/makefu/default.nix8
-rw-r--r--krebs/5pkgs/haskell/brockman/default.nix6
-rw-r--r--krebs/5pkgs/haskell/reaktor2/default.nix8
-rw-r--r--krebs/5pkgs/simple/generate-secrets/default.nix18
-rw-r--r--krebs/5pkgs/simple/htgen-cyberlocker/src/htgen-cyberlocker23
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix2
-rw-r--r--krebs/5pkgs/simple/untilport/default.nix2
-rw-r--r--krebs/5pkgs/simple/weechat-declarative/default.nix85
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
29 files changed, 523 insertions, 197 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
new file mode 100644
index 000000000..8250ebad9
--- /dev/null
+++ b/krebs/1systems/ponte/config.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ ./hw.nix
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ <stockholm/krebs/2configs/matterbridge.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.ponte;
+}
diff --git a/krebs/1systems/ponte/hw.nix b/krebs/1systems/ponte/hw.nix
new file mode 100644
index 000000000..78f7a603e
--- /dev/null
+++ b/krebs/1systems/ponte/hw.nix
@@ -0,0 +1,14 @@
+{ modulesPath, ... }:
+{
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+ boot.loader.efi.efiSysMountPoint = "/boot/EFI";
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ device = "nodev";
+ copyKernels = false;
+ };
+ boot.initrd.kernelModules = [ "nvme" ];
+ fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+ fileSystems."/boot/EFI" = { device = "/dev/disk/by-uuid/628A-7F3B"; fsType = "vfat"; };
+}
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
index fa4488800..bf3fe711e 100644
--- a/krebs/2configs/container-networking.nix
+++ b/krebs/2configs/container-networking.nix
@@ -1,7 +1,7 @@
{ lib, ... }:
{
networking.nat.enable = true;
- networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.internalInterfaces = ["ve-+" "ctr+" ];
networking.nat.externalInterface = lib.mkDefault "et0";
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
}
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
new file mode 100644
index 000000000..a68aa292c
--- /dev/null
+++ b/krebs/2configs/matterbridge.nix
@@ -0,0 +1,40 @@
+{ pkgs, lib, ... }: {
+ services.matterbridge = {
+ enable = true;
+ configPath = let
+ bridgeBotToken = lib.strings.fileContents <secrets/telegram.token>;
+ in
+ toString ((pkgs.formats.toml {}).generate "config.toml" {
+ general = {
+ RemoteNickFormat = "[{NICK}] ";
+ Charset = "utf-8";
+ };
+ telegram.krebs.Token = bridgeBotToken;
+ irc = let
+ Nick = "ponte";
+ in {
+ hackint = {
+ Server = "irc.hackint.org:6697";
+ UseTLS = true;
+ inherit Nick;
+ };
+ };
+ gateway = [
+ {
+ name = "krebs-bridge";
+ enable = true;
+ inout = [
+ {
+ account = "irc.hackint";
+ channel = "#krebs";
+ }
+ {
+ account = "telegram.krebs";
+ channel = "-330372458";
+ }
+ ];
+ }
+ ];
+ });
+ };
+}
diff --git a/krebs/2configs/mud.nix b/krebs/2configs/mud.nix
index 30f232b64..a53596cc6 100644
--- a/krebs/2configs/mud.nix
+++ b/krebs/2configs/mud.nix
@@ -5,7 +5,7 @@
MUD_SERVER=''${MUD_SERVER:-127.0.0.1}
MUD_PORT=''${MUD_PORT:-8080}
- if $(${pkgs.netcat-openbsd}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
+ if $(${pkgs.libressl.nc}/bin/nc -z "$MUD_SERVER" "$MUD_PORT"); then
${nvim}/bin/nvim \
+"let g:instant_username = \"$MUD_NICKNAME\"" \
+":InstantJoinSession $MUD_SERVER $MUD_PORT" \
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 1f966bf24..9e2cec10a 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -164,7 +164,7 @@
if [ ''${#youtube_url} -eq 24 ]; then
youtube_id=$youtube_url
else
- youtube_id=$(${pkgs.youtube-dl}/bin/youtube-dl --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
+ youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
fi
echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss"
'';
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 305d31405..205cc96f4 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -148,6 +148,7 @@ in {
services.nginx = {
virtualHosts."agenda.r" = {
+ serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
alias ${pkgs.writeText "agenda.html" ''
<!DOCTYPE html>
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index 0743f2b49..b1a492f51 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
- # https://github.com/Lassulus/CVE-2021-4034
- security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
}
diff --git a/krebs/3modules/acl.nix b/krebs/3modules/acl.nix
index 9cdbb6cff..d23706499 100644
--- a/krebs/3modules/acl.nix
+++ b/krebs/3modules/acl.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: let
parents = dir:
if dir == "/" then
- [ dir ]
+ []
else
[ dir ] ++ parents (builtins.dirOf dir)
;
@@ -40,13 +40,16 @@ in {
pkgs.coreutils
];
serviceConfig = {
- ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings (
- lib.mapAttrsToList (_: rule: ''
- setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
- ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
- ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
- '') rules
- ));
+ ExecStart = pkgs.writers.writeDash "acl" ''
+ mkdir -p "${path}"
+ ${lib.concatStrings (
+ lib.mapAttrsToList (_: rule: ''
+ setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
+ ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
+ ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents (builtins.dirOf path)))}
+ '') rules
+ )}
+ '';
RemainAfterExit = true;
Type = "simple";
};
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index cc67c1a0a..bf0b82de0 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -306,7 +306,7 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.42.63";
- ip6.addr = "42:4a6f::4263";
+ ip6.addr = "42:0:4a6f::4263";
aliases = [
"crustacea.r"
];
@@ -563,28 +563,28 @@ in {
};
};
};
- alsace = {
- owner = config.krebs.users.xkey;
- nets = {
- retiolum = {
- ip4.addr = "10.243.73.31";
- aliases = [ "alsace.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAn9mZHXfUcR1/oby6KB1Z8s1AAuie4l5G624r0UqbWu+4xowFIeZs
- kv2dqd+yiqammAA9P207ooLbGBp+P6i4f5VMCemkCnv0sC1TJ+DNwYqWYcFRZE7I
- j00fw/QI9d6L1c4CqZHJPQXEHG3v46qPuUow8FDJ6fjoBmy6biHjSd0XC7oHGqRh
- GE5RolnqUiQhW0b4TkHJV4yUfVki+olxQtYd4xIHs1hcSqoMK898jsPX5cLgoCzR
- NPZVyHf2BM0urPn4mu/th4ZDKpQtrqeI7h6yhnzJ0onhtValwHiA3/DcHcWmYvHC
- vw6umyiCqFDx2kmzOnpkBWv65ugKUwDSZR8ibp3q7W9iPBiCPv0FtKXsQW9EngSS
- asQWC8U6cB23nKuMYQrtD33fVwYn58FBIY6+avroc7XN5cPM/9VBHqyXSDZNAWtt
- TwC/sXFWqT6AbTwLV6zY1TW4jiwKOh3KAVnHqQhUhNlEMk6EFOjR1CABSwUVXleR
- 5whr1RbKAsrhqMprGKHndvxLXjbKSh6A0bVdOLOzSs7BME2Oi1OdHd6tqqYmcyuV
- XQnFcOYKxF0RM83/V8rEgvVisIxXTGVrGw8Kse7PGFA1dGldptTC6kofLUxzADNw
- bRnXtRk8VR0BBzTuPNDgUXL2XQLht6FwDKCA/En2vId98yc2uuDk468CAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "lPvwNm2mfF+rX3noqt+80c7nlDCpC+98JPLWx2jJRLN";
+ rojava = {
+ owner = config.krebs.users.xkey;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.23.42";
+ aliases = [ "rojava.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd
+ B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb
+ HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61
+ Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD
+ lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW
+ +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs
+ 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2
+ vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx
+ HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+
+ XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4
+ yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F";
};
};
};
diff --git a/krebs/3modules/external/gpg/kmein.gpg b/krebs/3modules/external/gpg/kmein.gpg
new file mode 100644
index 000000000..1fa694326
--- /dev/null
+++ b/krebs/3modules/external/gpg/kmein.gpg
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF0GDc0BCACZi+PQgX6Lefq/36X68W+XEyA2fWbMPJE1vAHETlzcMluOIL++
+6KRYqGr0ieFcaXNn4joNDN7cFMN0YHF2Rr7k6SWjOtcHS1RnZ8g/N+uxEvTBug60
+tRbhcO80rnHHb25jloV//wAAWD2ukTtwXWAMVBXwEXMc1JBOlFXcIDlNPdBMJG7A
+/5+AKMXg8HYUSbsad1SyagZbo9KuC/s4BVReBr4vK/zTo1gIwy95dQrBnC31O7Wa
+/s9CpNG//QJAbAxMN15P7Yo9xxG/AALjPSnKamp3yJsSiSyxhXImXEZtxU7ahq3t
+/DzuI2BbIv3Nj/39IZLgETrplzKUnWV18TzdABEBAAG0HUtpZXLDoW4gTWVpbmhh
+cmR0IDxrZm1Ad2lsZGU+iQFOBBMBCAA4FiEEnt6CzHKjQ6lSZtD0RIVwdKOsyLcF
+Al0GDc0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQRIVwdKOsyLfHDQf/
+YLaprugBmzaCvAGADzdgSrQJyFY2BnncVH1b/0HQ1p1smrcvKqbCXxlUmrWM896B
+7xHpcDPz/mMfNPTvSrcUHgqVkiiSsSzno1RCmeHKMiUaR/M6Ik59aa/EzxJf/QDT
+3QYy3mFIj44M0ZWjRZJ/3RhVT6QxaUh7fRNzduVE0LH6suybPcTcnIUGSURKwG9F
+cTXtMJA3+7UGj/emHk8yaFOWMJDY6h7rnXxiD5xcxapjrygFFNfAuaA2NcY3HEeG
+yOVYGwPQhwFWjbUhC1RIYu2fz7fkD11zQ22gt0aEn5fqiIVssBEvHJqNp577QxO4
+6q4ag1Js/gbus6PfQzlvqrkBDQRdBg3NAQgA1ewP1suBTB5UxyqEl7fpisD6hZ62
+9TDQUSn2yfxa8W1wtTH5i1Mw0p5e/+vPFqfu2TMSPoqASq9sDjeWSsiCdtaHbLu0
+y1W5hhQwGcxqauFJBSj/VpDnKd38inOvbW5PwDqZBqnbRZOpsdvsQ2dlaS0/5AJa
+RqJXNRc7Owg3ssqeBuhvZKeiPNADn3k9ZbAYNfDkYPJDbHTNPd8eu44vlBlMC7kX
+IkucV8zV31x9lCZx0cjI+OQbd/4GOSxBKqjBX5SBUQAlzHUT2CLoeKkivxbnHH40
+gV1PP/3QVVMJjkAot0v/n95KRj78iYOU2PrP5DiPogtLO4v14/lE3eaENwARAQAB
+iQE2BBgBCAAgFiEEnt6CzHKjQ6lSZtD0RIVwdKOsyLcFAl0GDc0CGwwACgkQRIVw
+dKOsyLfjegf/bX4MkzqsIOOAcmVla7M29Uk0HX5j4dK5t4Z7kx8OnhbYUMr8vr1w
++2D5HiaV2kib5yhI17z9lL6vKyIWwTdf93zS+ivV+IUpxbx/KAdr83dd7B3RCdU7
+GFMzj7f3ieGQYOXw7pROZQR1zF90H6AtW/8qvOs73hSdcnQOtnmntvY/S5ifnzxi
+jpsOgjM7VD+BWsmhmYw7E4FiZOaLfoRsylyj5I+Sim2j9Xnu6lYvcgBXvwIqfunO
+O/gY21iomMwQm4mlXsFVRfSzRE4zlNASql1zcS1mbO6yeKJDKJgzqvWkcjd3OOuF
+e67yzkzlwiVDJIjhV6B0tRCDIqiOaiS3vw==
+=pwUK
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix
index 6e4457eae..09a95f02e 100644
--- a/krebs/3modules/external/kmein.nix
+++ b/krebs/3modules/external/kmein.nix
@@ -31,6 +31,28 @@ in
};
};
hosts = mapAttrs hostDefaults {
+ ful = {
+ nets.retiolum = {
+ aliases = [ "ful.r" ];
+ ip4.addr = "10.243.2.107";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAwoaPWvnl+g9KYh8coXj/RAaxGHEtbuTG2NpWxbeJG0CemxBoYz2c
+ EE/2JbGRrSaNj3nrFWBTqmTuEB7nHyurFe06G0t+Or5eCBPg2zS5LiQE/LTZV08t
+ 5jUm0jfOQHWbtCMrFGisH9R9Z3XId5cJGN1KsYg4R9RkKIKVVhKJ7maBWbsc+V5G
+ LxKEdDL7T4AfesQzzlAYUQ/s+zHlwJ2fyl3NrBg6Nc27C2A2g9pefhJbn0h8lWdn
+ I627DIrjDMvoSTiF1MKD/N4bXbF665gflUxbI5DTTHCtWf+0lP9i8mXP0kXQU4By
+ 2QLdcpQzlHgnprI+qio1ioKuojcPcryYaOnpQWFHL6AqHzkRJRpMLPBhgQPbpz1v
+ BaShxGBasSHO+Htw5PbwrNwWvU8eH5joRQu3PBgzATS9M91RN58i03u2oQMt3Qif
+ e5USnfk3iYir/qkJWJk8m2kveZy0giI8AaRISu0jXNsB8euQXP2dxTKIF3BPEi5m
+ MZKTGTS4Tz3alpHWaeJtfJT0ihq4HME91rTKgP+CIHWYR4hmTPyYgrX0mm2MN+wi
+ G4vJXtcmBaCdcQZ1buCBVWJCUJ0bWZ3Fs4Ohjw6bP3iyb+Q5UOcXNyOi5NpaUbAi
+ 47F5O6hvEWPxHRhvPD/9NASjRSxaUDbBVj5lieUXCHnhMSAHo1H3kHMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "id5vF2fBwUCMrT5HLvIpeXmvQMQoksUBYXOdc9RyOUF";
+ };
+ };
kabsa = {
nets.retiolum = {
aliases = [ "kabsa.r" "kabsa.kmein.r" ];
@@ -116,6 +138,28 @@ in
wireguard.pubkey = "09yVPHL/ucvqc6V5n7vFQ2Oi1LBMdwQZDL+7jBwy+iQ=";
};
};
+ tahina = {
+ nets.retiolum = {
+ ip4.addr = "10.243.2.74";
+ aliases = [ "tahina.r" "tahina.kmein.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAtX6RpdFl9AqCF6Jy9ZhGY1bOUnEw5x3wm8gBK/aFb5592G3sGbWV
+ 5Vv1msdLcoYQ5X4sgp3wizE5tbW7SiRVBwVB4mfYxe5KSiFJvTmXdp/VtKXs/hD8
+ VXNBjCdPeFOZ4Auh4AT+eibA/lW5veOnBkrsD/GkEcAkKb2MMEoxv4VqLDKuNzPv
+ EfE+mIb/J3vJmfpLG/+VGLrCuyShjPR2z0o5KMg8fI4ukcg6vwWwGE3Qd8JkSYMz
+ iy9oIGo/AJNyOUG0vQXL1JU/LFBXKty515UmXR2hO/Xi1w92DT8lxfLYRgoseT2u
+ i4aHmfl49LGkpQVIFejj6R0FrZBd5R2ElmQbmxSKS1PO9VheOOm02fgVXRpeoh6R
+ FdDkFWWmELW921UtEB2jSIMkf5xW8XmlJlGveaDnkld07aQlshnnOUfIs3r7H+T9
+ 9g1QxiE7EFeoLrfIkgT81F+iL6RazSbf9DcTxvrKv+cZBrZKdcurcTtX0wFFD4wZ
+ 0tzYPTcAnv/ytacf2/jv/Vm3xNFyjrBLM6ZtJtZ6NAJvD+OW4G/o2941KCu1Mqz/
+ VFAJW3djrqfASNCU1GqtHV0wdJMN8EszDNYdJ7pyw6+rG2PeYCVfE7wNe3b6zYqY
+ tUYhU1xkQQD4xgOMX3AdSI/JGjxMBBKlJXafwdDW8LMBWBPt+9Xq2vMCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "m8fnOzCx2KVsQx/616+AzVW5OTgAjBGDoT/PpKuyx+I";
+ };
+ };
zaatar = {
nets.retiolum = {
ip4.addr = "10.243.2.34";
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index b62ece0c7..d63a6b306 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -160,6 +160,26 @@ in {
};
};
};
+ rauter = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet.addrs = [ "rauter.thalheim.io" ];
+ retiolum = {
+ aliases = [ "rauter.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEArpSEoqFUdjaLiR3MpBlEoR0AOyaHPY9IPG4C5KsrfjeMDdfpOEGu
+ G0VHksBbkDV/MIgUVlK1B7LxZ73WUwKKB1YWGtY+QVX1tzoUqYwjMhp/xFVybyBw
+ M7nmTnM6Uq9Xd+S5mNMmOdvgNXfiP+zy4+iHJpn8YN/RnuyETqXhvVW9UasqVlmz
+ cY0dl+wsYFsJDnGc2ebpx5dzfpPgZKIFc0GlqDX0AqdQ2t2O9x4G5sFyUH0qPnDQ
+ 776it6NXhwSKfl1h9xjQp8+qowIUlUqKgiVXfAzXHSxWmVQyxilCAkEk4vSs1HOj
+ ZNiK3LJKWEsy61hMt6K6AqpvSGlOdGa8WQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "bL0slCR9oHx7FBeVb4ubo/bX8QJJBgchVKVSlWh3y1D";
+ };
+ };
+ };
eve = {
owner = config.krebs.users.mic92;
extraZones."krebsco.de" = ''
@@ -453,6 +473,7 @@ in {
rock = {
owner = config.krebs.users.mic92;
nets = {
+ internet.addrs = [ "rock.thalheim.io" ];
retiolum = {
aliases = [
"rock.r"
@@ -783,6 +804,26 @@ in {
};
};
+ mauricehome = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ retiolum = {
+ aliases = [ "mauricehome.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAwFmnVmH2n3sa/iJE1u7kSWHMW2nx66wnq7ZA2XF5Wt1hiky4BKBj
+ jxIIdXHlSmARhDSCMgBKl9Z6/8PsmCK3xEO8q60oTsT8PQIhN3eSF8n92iK3dyKx
+ PyUsUUHjkqkNtmo/M70T4gAEuB1b/QRkATco/pTv+lMVkYdIydtdALjSxU0YrTiz
+ J5Ntsngi9+yUJ5g3r/lCuWobKxd5Dlsx3nXg81jTsp9hlXW2HC0XTbOSyH2NC36C
+ 97Kgx2T25cG/FPhtQztQOems+FhbyJTFyZTGa8v/5rXeJlwcVFRh8sZ7E5yPzbJV
+ ZlBaorcpRtx8NY4jd8FnZftHF0BeAQJoYwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "ohFUBMdmgS/DMe24sZ1+jNWzx65jCxto9pVjPnYIqzL";
+ };
+ };
+ };
+
mickey = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -871,6 +912,163 @@ in {
};
};
};
+
+ jackson = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # jackson.dse.in.tum.de
+ ip4.addr = "131.159.102.3";
+ ip6.addr = "2a09:80c0:102::3";
+ aliases = [ "jackson.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "jackson.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA11g2uc9+tw1Bmvs4U6gsyimZ1hR1rnWTJw8CDRw6t7gx0HhRnRgB
+ 0Fv11KjFGbImrcZ1wxCOJA+RQise18YnlpWIwYf/nDPGR21a1wcg3ZxVRa3/UQzb
+ pvbTFqK9NpPt7ENWs25ZLnatTFfc+D3kfoUSrwIVGKAaM87GlMkTH3FsARo4xj6H
+ NJeQ2snOIbLQ3xXQm3oZ5YN4CN30mtrcae+jIMlKnagBuDjP9UZ73GLHu1gJAPb6
+ iXdBK6/UTGY9uYKNHXnpf11I4rPSPK1r/6KxS1sX65hh4BT5Fs5goRhVqIeeICVJ
+ Ufnwj7se3Ao24nLXyTRmVXaTEVN/AqPyyQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "cjYmx4Bb0JjogXNov+wSiPPIHM06n1jQnPJbP/E1yRN";
+ };
+ };
+ };
+ adelaide = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # adelaide.dse.in.tum.de
+ ip4.addr = "131.159.102.13";
+ ip6.addr = "2a09:80c0:102::13";
+ aliases = [ "adelaide.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "adelaide.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzxKKd1dV+XDUV8pHqkAtbLcwEZVsf0kK+y5X/zbZcXEZhQQv6/dY
+ YJRoNG3lo8+7FMwYO2b2uyIkO1PopsORMAA2vIFaKJ2Qnt7byuIQ6n9CafIADx1M
+ dVf+cwUhY8IVIX2ndz9pIAY8NhmzEcjG5vGKxRqev1zNwa1LtsLDLObhkKYznM6y
+ HV5F92GONMeNOovHCxIYsSJ8jLn8BB60toADzocgzKvCiEw4IwKnzL/au9RGY4Xi
+ 25YXBzF5ai84e+HyaGGGD/qa4SqL9/jCkDB7QAwRqb01wGhtTLty+ubjzh1HF3am
+ zpizPVNwBTqHW1S3W1i/yi5a5w4D/zdrRQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "YzB5BqgIQ4f209B2KhpdHu6gRYj5IS64zy1wneq/yiG";
+ };
+ };
+ };
+ christina = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # christina.dse.in.tum.de
+ ip4.addr = "131.159.102.14";
+ ip6.addr = "2a09:80c0:102::14";
+ aliases = [ "christina.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "christina.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA2pP2uCuvFWKfUwYIOcmPkqG8q/rNNyfw9C39tIC0VsDD6WJ0I7xZ
+ S57AiG4j6OZwbv7/89qAR94SM4Q9LgmVHhUHf06gPhO0MTVNt0N1PrOnfxeCOlgK
+ aH6DWZVhiwwiYwAJ55CVNFSkuL7/FtJAkAXmP0Y+xmn0mi1GpMa6RfSazqNPkXik
+ HdB7u96D7Ul75yPdTDi0dvMvCxQGo4PQBctheNPY61s7P1/7tRhBT+22iJn3v2Bc
+ Q9qLa6WuGIuFYCxT7GDGrKVu+V9VhFJe42p8yyIscqFagc61C/whN6v7eOh22gSR
+ 8EbaexJIQ5xl8ZIJto+fr8MvYAQR4FpopwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "/W10YGvcWZnVxCB6pxsC2D5A7QMk1Aw81YWi1p0Ex9O";
+ };
+ };
+ };
+ wilfred = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # wilfred.dse.in.tum.de
+ ip4.addr = "131.159.102.15";
+ ip6.addr = "2a09:80c0:102::15";
+ aliases = [ "wilfred.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "wilfred.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAtQMC/LTfesg49VU06TFt3ikA9cdXuWzvg1FkCo6yXBlQt8fLFYg1
+ YBthh7W6CZYJwf6lGXUBtCiOnxidoQ89Fq61AQGGYzW8G/vqHwFaPGHQ42Eru+XG
+ RDi7ZjqOibdTemahX7gcDk6irB9WbkuXIS15n5FdQHhmjiun3zaEMoWpyiSM1HFQ
+ UfJLI8pRtB65RTdT3yp8XMASldTAlSlFj2AYlDZkgcRYLZuVWb/Wz7EewG4SiB9T
+ wZ1pUIhdnGNdb37S/VIjMPavaV4HK7u7awqwaaIRUYwWloCo8LGRDCXa3iEMql7J
+ tI4iMEsmjHi8P5mQp4ZwwNLWucdM9+Wt6QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "5dMnJmUDmCnN/3dc7fTPlXweMmbs6W+VgSgZi+p+u2B";
+ };
+ };
+ };
+ river = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # river.dse.in.tum.de
+ ip4.addr = "131.159.102.16";
+ ip6.addr = "2a09:80c0:102::16";
+ aliases = [ "river.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "river.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAumAOQf8/nv2Ml082e7fgoicoQ7stspsx8v1bkoubW9yq/LbdcTki
+ cP6uZkLBXgd9cPq4vhSso/kaGn6UzPWeUCLv17gPn6jFlB1AYN6mJNLOxJyotajc
+ 78SyqzDyZ4iA0W44w98ic5yWQ/uaF3q3npFlHtAN4fD0aw50uR+2TgH5zCB8iNul
+ CNIRWU9sp1t6VFYSN49tcqZ4j6jb6q/MyH5o5WLPasnq0SzQd09rnhUax7QLbIBP
+ iNBYLOFYMYmoN1WlPwZf1Dt6NeFGyNn5aWE3xtOG6FYwzzCEXYOxxdXzuL5Mmiv9
+ 6d71+XWEAzNT9OQB3oGCLAamT+9le7SqnwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "gcgEqGyhO4S7Q44vID/cpbbVaLSNYov97oGwa3pSI4N";
+ };
+ };
+ };
+ jack = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ # river.dse.in.tum.de
+ ip4.addr = "131.159.102.17";
+ ip6.addr = "2a09:80c0:102::17";
+ aliases = [ "jack.i" ];
+ };
+ retiolum = {
+ via = internet;
+ aliases = [ "jack.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAx5ROeRs0CxD2IPfkrFB4O03/Kf8Ajjmd/J1gpCvHROKL+gDvaCO1
+ 68RbTdC1f5K6Dwc51oX87XisrD435aNCqnlE8fw1X8ZYLKRlZmLDBJGSupm35jj3
+ w80L9OTK07I3cK6AqCfRWyI9Ja6J9PGOT95h8OtiAPlYssEkSqGJrtwe61V5rq1A
+ st7khZO0b+xYsr+ZgOVuZMDAco9DwG7NFfpWkzAgTF6q0a+kdjFrFb6SaeJJf12t
+ WUGWEkaTP5iLQ/h3M+a7MH0Col+aPNEWE4ycqZR9U3E4pMqoD7tjkYdYtv9kR/j+
+ ZtN2Vlw+hKC47DA3zRNRcg7DC+FFDNFaYwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "vmtUoblzicabsNFu7u889cF9pgBKoJpHHIhY8Y/eQgC";
+ };
+ };
+ };
hal9000 = {
owner = config.krebs.users.mic92;
nets = rec {
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 3bab13b0e..7007090c0 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -125,8 +125,8 @@ let
(interface: interfaceConfig: [
(map (port: { predicate = "-i ${interface} -p tcp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPorts)
(map (port: { predicate = "-i ${interface} -p udp --dport ${toString port}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPorts)
- (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges)
- (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges)
+ (map (portRange: { predicate = "-i ${interface} -p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedTCPPortRanges)
+ (map (portRange: { predicate = "-i ${interface} -p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) interfaceConfig.allowedUDPPortRanges)
])
config.networking.firewall.interfaces
);
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 5e0e69924..854176f0b 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -74,6 +74,7 @@ in {
aliases = [
"hotdog.r"
"agenda.r"
+ "kri.r"
"build.r"
"build.hotdog.r"
"ca.r"
@@ -160,6 +161,46 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
};
+ ponte = {
+ cores = 1;
+ owner = config.krebs.users.krebs;
+ nets = rec {
+ internet = {
+ ip4 = {
+ addr = "141.147.36.79";
+ prefix = "0.0.0.0/0";
+ };
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.4.43";
+ ip6.addr = "42::443";
+ aliases = [
+ "ponte.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA52Glj/C85oMy3cnaRAtg2qkleaJFWiqwaQNUsk4JgX1PwZJ8aInD
+ YAMXj0H0wz7h3mh5QVRDq4i11LXOIy1P6J6QAvb3lssYnFfJkR9j/dArCIFsEhHf
+ V41E4KMcHV9t17xO6wQitXqzvcmxodxly8qAx1k7ddlGdQPTWXVvQTRgWBwm9oQ9
+ w0d5p2fej/E5iOmbLyVjiJ72rFJIQdfPo782W78ZQftMSXsnyrr5OJu1b4qsga1Q
+ fYiAKjNE29OPiw5hLy9W/jLJMm0eR94LpUy0MZ5hYkYmvII1TqIqxVgj48gYfJ5v
+ QCjU9R2H5pUNfDiYutCqscRn5YDe44dcYBeG8Rkf0i4BTdqiE7h1AIciccXsJddt
+ HFxbWqi3HDoWlo7cFK9vYVUi4jgQP5cUVP85I43aDu3S3M3mszk1nyP+gDobE5Z9
+ jPGckgn7wTYXlDioIlExJJ6FCaSWSxvh0Zh0HDrTD+WKP6qJ2aYnAz2xptiQGNCu
+ rYEvFoWd5T7VMzI02Z2hCiE2fFWlH63Am1tKspFKl+lHjwMrwcwFA5WoNHCeXx2X
+ S1T3I7P4SkRZervYJ55wQxCBKLgvZP2I1J1JzMkyuTszg9tex14MdVdZZrKXVrnr
+ exCMJruliLbZmtrbHHTXoCngppylnJOxKXpfpogLTZzLGncO6Ry5G18CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "0l+q3Bg5gYcw8VDjSYV7+wVSO3t4Es5jizAYJ9UR8cA";
+ };
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo ";
+ };
puyak = {
ci = true;
cores = 4;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 25125157d..b05e774b4 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -129,6 +129,7 @@ in {
"c.r"
"p.r"
"search.r"
+ "radio-news.r"
];
tinc.port = 655;
tinc = {
@@ -875,12 +876,10 @@ in {
lass-blue = {
mail = "lass@blue.r";
pubkey = builtins.readFile ./ssh/blue.rsa;
- pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp;
};
lass-green = {
mail = "lass@green.r";
pubkey = builtins.readFile ./ssh/green.ed25519;
- pgp.pubkeys.default = builtins.readFile .