summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/news/config.nix2
-rw-r--r--krebs/2configs/reaktor2.nix57
-rw-r--r--krebs/2configs/security-workarounds.nix25
-rwxr-xr-xkrebs/2configs/shack/doorstatus.sh2
-rw-r--r--krebs/2configs/shack/reaktor.nix15
-rw-r--r--krebs/3modules/ci/default.nix (renamed from krebs/3modules/ci.nix)33
-rw-r--r--krebs/3modules/ci/modules/irc_notify.py145
-rw-r--r--krebs/3modules/default.nix3
-rw-r--r--krebs/3modules/ergo.nix2
-rw-r--r--krebs/3modules/external/default.nix28
-rw-r--r--krebs/3modules/external/mic92.nix33
-rw-r--r--krebs/3modules/external/rtunreal.nix51
-rw-r--r--krebs/3modules/git.nix2
-rw-r--r--krebs/3modules/lass/default.nix79
-rw-r--r--krebs/3modules/makefu/default.nix2
-rw-r--r--krebs/3modules/setuid.nix2
-rw-r--r--krebs/5pkgs/simple/ergo/default.nix23
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix14
-rw-r--r--krebs/5pkgs/simple/stable-generate/default.nix25
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
21 files changed, 437 insertions, 122 deletions
diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
index 79946dad7..620e6249e 100644
--- a/krebs/1systems/news/config.nix
+++ b/krebs/1systems/news/config.nix
@@ -16,7 +16,7 @@
krebs.build.host = config.krebs.hosts.news;
boot.isContainer = true;
- networking.useDHCP = false;
+ networking.useDHCP = lib.mkForce true;
krebs.bindfs = {
"/var/lib/brockman" = {
source = "/var/state/brockman";
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 0ea1ab2fa..3e88c0899 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -51,6 +51,29 @@ let
};
};
+ confuse = {
+ pattern = "^!confuse (.*)$";
+ activate = "match";
+ arguments = [1];
+ command = {
+ filename = pkgs.writeDash "confuse" ''
+ set -efu
+ export PATH=${makeBinPath [
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.gnused
+ pkgs.stable-generate
+ ]}
+ stable_url=$(stable-generate "$@")
+ paste_url=$(curl -Ss "$stable_url" |
+ curl -Ss https://p.krebsco.de --data-binary @- |
+ tail -1
+ )
+ echo "$_from: $paste_url"
+ '';
+ };
+ };
+
taskRcFile = builtins.toFile "taskrc" ''
confirmation=no
'';
@@ -203,6 +226,12 @@ let
osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {};
in pkgs.writeDash "krebsfood" ''
set -efu
+ export PATH=${makeBinPath [
+ osm-restaurants
+ pkgs.coreutils
+ pkgs.curl
+ pkgs.jq
+ ]}
poi=$(curl -fsS http://c.r/poi.json | jq --arg name "$1" '.[$name]')
if [ "$poi" = null ]; then
latitude=52.51252
@@ -212,34 +241,12 @@ let
longitude=$(echo "$poi" | jq -r .longitude)
fi
- ${osm-restaurants}/bin/osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude" \
- | ${pkgs.jq}/bin/jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
- '
- '';
- };
- }
- {
- pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
- activate = "match";
- arguments = [1 2 3];
- command = {
- env = {
- # TODO; get state as argument
- state_file = "${stateDir}/ledger";
- };
- filename = pkgs.writeDash "ledger-add" ''
- set -x
- tonick=$1
- amt=$2
- unit=$3
- printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
- ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
- | ${pkgs.coreutils}/bin/tail +2 \
- | ${pkgs.miller}/bin/mlr --icsv --opprint cat \
- | ${pkgs.gnugrep}/bin/grep "$_from"
+ osm-restaurants --radius "$2" --latitude "$latitude" --longitude "$longitude" \
+ | jq -r '"How about \(.tags.name) (https://www.openstreetmap.org/\(.type)/\(.id)), open \(.tags.opening_hours)?"'
'';
};
}
+ confuse
bedger-add
bedger-balance
hooks.sed
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
index b1a492f51..cb5d236ac 100644
--- a/krebs/2configs/security-workarounds.nix
+++ b/krebs/2configs/security-workarounds.nix
@@ -1,4 +1,27 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
{
+ # OpenSSL pre-3.0.7 vulnerabilities
+ nixpkgs.overlays = [
+ (self: super: {
+ exim =
+ super.exim.overrideAttrs (old: let
+ key = if builtins.hasAttr "preBuild" old then
+ "preBuild"
+ else
+ "configurePhase";
+ in {
+ buildInputs = old.buildInputs ++ [ self.gnutls ];
+ ${key} = /* sh */ ''
+ ${old.${key}}
+ sed -Ei '
+ s:^USE_OPENSSL=.*:# &:
+ s:^# (USE_GNUTLS)=.*:\1=yes:
+ s:^# (USE_GNUTLS_PC=.*):\1:
+ ' Local/Makefile
+ '';
+ });
+ })
+ ];
+ # OpenSSL pre-3.0.7 vulnerabilities
+ services.nginx.package = lib.mkDefault (pkgs.nginxStable.override { openssl = pkgs.libressl; });
}
diff --git a/krebs/2configs/shack/doorstatus.sh b/krebs/2configs/shack/doorstatus.sh
index 11e710cfd..46314cb9c 100755
--- a/krebs/2configs/shack/doorstatus.sh
+++ b/krebs/2configs/shack/doorstatus.sh
@@ -54,7 +54,7 @@ Herr makefu an Kasse 3 bitte, Kasse 3 bitte Herr makefu. Der API Computer ist ma
EOF
)
-state=$(curl https://api.shackspace.de/v1/space | jq .doorState.open)
+state=$(curl -fSsk https://api.shackspace.de/v1/space | jq .doorState.open)
prevstate=$(cat state ||:)
if test "$state" == "$(cat state)";then
diff --git a/krebs/2configs/shack/reaktor.nix b/krebs/2configs/shack/reaktor.nix
index a31c7a687..1f723c8e6 100644
--- a/krebs/2configs/shack/reaktor.nix
+++ b/krebs/2configs/shack/reaktor.nix
@@ -14,6 +14,21 @@
];
};
}
+ {
+ plugin = "system";
+ config = {
+ hooks.PRIVMSG = [
+ {
+ pattern = ''\.open\??$|\.offen\??$'';
+ activate = "match";
+ command.filename = pkgs.writers.writeDash "is_shack_open" ''
+ ${pkgs.curl}/bin/curl -fSsk https://api.shackspace.de/v1/space |
+ ${pkgs.jq}/bin/jq '.doorState.open'
+ '';
+ }
+ ];
+ };
+ }
];
};
systemd.services.announce_doorstatus = {
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci/default.nix
index 5efe41786..0f85b27c0 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci/default.nix
@@ -51,7 +51,7 @@ let
"${url}",
workdir='${name}-${elemAt(splitString "." url) 1}', branches=True,
project='${name}',
- pollinterval=100
+ pollinterval=30
)
'') repo.urls
) cfg.repos;
@@ -84,6 +84,7 @@ let
from buildbot.process import buildstep, logobserver
from twisted.internet import defer
import json
+ import sys
class GenerateStagesCommand(buildstep.ShellMixin, steps.BuildStep):
def __init__(self, **kwargs):
@@ -157,19 +158,29 @@ let
)
)
'') cfg.repos)}
+
+ # fancy irc notification by Mic92 https://github.com/Mic92/dotfiles/tree/master/nixos/eve/modules/buildbot
+ sys.path.append("${./modules}")
+ from irc_notify import NotifyFailedBuilds
+ c['services'].append(
+ NotifyFailedBuilds("irc://buildbot|test@irc.r:6667/#xxx")
+ )
+
'';
enable = true;
- reporters = [''
- reporters.IRC(
- host = "irc.r",
- nick = "buildbot|${hostname}",
- notify_events = [ 'started', 'finished', 'failure', 'success', 'exception', 'problem' ],
- channels = [{"channel": "#xxx"}],
- showBlameList = True,
- authz={'force': True},
- )
- ''];
+ reporters = [
+ ''
+ reporters.IRC(
+ host = "irc.r",
+ nick = "buildbot|${hostname}",
+ notify_events = [ 'started', 'finished', 'failure', 'success', 'exception', 'problem' ],
+ channels = [{"channel": "#xxx"}],
+ showBlameList = True,
+ authz={'force': True},
+ )
+ ''
+ ];
buildbotUrl = "http://build.${hostname}.r/";
};
diff --git a/krebs/3modules/ci/modules/irc_notify.py b/krebs/3modules/ci/modules/irc_notify.py
new file mode 100644
index 000000000..4b7969aaf
--- /dev/null
+++ b/krebs/3modules/ci/modules/irc_notify.py
@@ -0,0 +1,145 @@
+from typing import Optional, Generator, Any
+import socket
+import ssl
+import threading
+import re
+from urllib.parse import urlparse
+import base64
+
+from buildbot.reporters.base import ReporterBase
+from buildbot.reporters.generators.build import BuildStatusGenerator
+from buildbot.reporters.message import MessageFormatter
+from twisted.internet import defer
+
+DEBUG = False
+
+
+def _irc_send(
+ server: str,
+ nick: str,
+ channel: str,
+ sasl_password: Optional[str] = None,
+ server_password: Optional[str] = None,
+ tls: bool = True,
+ port: int = 6697,
+ messages: list[str] = [],
+) -> None:
+ if not messages:
+ return
+
+ # don't give a shit about legacy ip
+ sock = socket.socket(family=socket.AF_INET6)
+ if tls:
+ sock = ssl.wrap_socket(
+ sock, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1_2
+ )
+
+ def _send(command: str) -> int:
+ if DEBUG:
+ print(command)
+ return sock.send((f"{command}\r\n").encode())
+
+ def _pong(ping: str):
+ if ping.startswith("PING"):
+ sock.send(ping.replace("PING", "PONG").encode("ascii"))
+
+ recv_file = sock.makefile(mode="r")
+
+ print(f"connect {server}:{port}")
+ sock.connect((server, port))
+ if server_password:
+ _send(f"PASS {server_password}")
+ _send(f"USER {nick} 0 * :{nick}")
+ _send(f"NICK {nick}")
+ for line in recv_file.readline():
+ if re.match(r"^:[^ ]* (MODE|221|376|422) ", line):
+ break
+ else:
+ _pong(line)
+
+ if sasl_password:
+ _send("CAP REQ :sasl")
+ _send("AUTHENTICATE PLAIN")
+ auth = base64.encodebytes(f"{nick}\0{nick}\0{sasl_password}".encode("ascii"))
+ _send(f"AUTHENTICATE {auth.decode('ascii')}")
+ _send("CAP END")
+ _send(f"JOIN :{channel}")
+
+ for m in messages:
+ _send(f"PRIVMSG {channel} :{m}")
+
+ _send("INFO")
+ for line in recv_file:
+ if DEBUG:
+ print(line, end="")
+ # Assume INFO reply means we are done
+ if "End of /INFO" in line:
+ break
+ else:
+ _pong(line)
+
+ sock.send(b"QUIT")
+ print("disconnect")
+ sock.close()
+
+
+def irc_send(
+ url: str, notifications: list[str], password: Optional[str] = None
+) -> None:
+ parsed = urlparse(f"{url}")
+ username = parsed.username or "prometheus"
+ server = parsed.hostname or "chat.freenode.net"
+ if parsed.fragment != "":
+ channel = f"#{parsed.fragment}"
+ else:
+ channel = "#krebs-announce"
+ port = parsed.port or 6697
+ if not password:
+ password = parsed.password
+ if len(notifications) == 0:
+ return
+ # put this in a thread to not block buildbot
+ t = threading.Thread(
+ target=_irc_send,
+ kwargs=dict(
+ server=server,
+ nick=username,
+ sasl_password=password,
+ channel=channel,
+ port=port,
+ messages=notifications,
+ tls=parsed.scheme == "irc+tls",
+ ),
+ )
+ t.start()
+
+
+subject_template = """\
+{{ '☠' if result_names[results] == 'failure' else '☺' if result_names[results] == 'success' else '☝' }} \
+{{ build['properties'].get('project', ['whole buildset'])[0] if is_buildset else buildername }} \
+- \
+{{ build['state_string'] }} \
+{{ '(%s)' % (build['properties']['branch'][0] if (build['properties']['branch'] and build['properties']['branch'][0]) else build['properties'].get('got_revision', ['(unknown revision)'])[0]) }} \
+({{ build_url }})
+""" # # noqa pylint: disable=line-too-long
+
+
+class NotifyFailedBuilds(ReporterBase):
+ def _generators(self) -> list[BuildStatusGenerator]:
+ formatter = MessageFormatter(template_type="plain", subject=subject_template)
+ return [BuildStatusGenerator(message_formatter=formatter)]
+
+ def checkConfig(self, url: str):
+ super().checkConfig(generators=self._generators())
+
+ @defer.inlineCallbacks
+ def reconfigService(self, url: str) -> Generator[Any, object, Any]:
+ self.url = url
+ yield super().reconfigService(generators=self._generators())
+
+ def sendMessage(self, reports: list):
+ msgs = []
+ for r in reports:
+ if r["builds"][0]["state_string"] != "build successful":
+ msgs.append(r["subject"])
+ irc_send(self.url, notifications=msgs)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 5ba436580..7af6b13d9 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -16,7 +16,7 @@ let
./brockman.nix
./build.nix
./cachecache.nix
- ./ci.nix
+ ./ci
./current.nix
./dns.nix
./ergo.nix
@@ -105,6 +105,7 @@ let
{ krebs = import ./external/kmein.nix { inherit config; }; }
{ krebs = import ./external/mic92.nix { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
+ { krebs = import ./external/rtunreal.nix { inherit config; }; }
{ krebs = import ./jeschli { inherit config; }; }
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix
index 50c5ab628..d5f167e79 100644
--- a/krebs/3modules/ergo.nix
+++ b/krebs/3modules/ergo.nix
@@ -122,7 +122,7 @@
# reloadIfChanged = true;
restartTriggers = [ configFile ];
serviceConfig = {
- ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml";
+ ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml";
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
DynamicUser = true;
StateDirectory = "ergo";
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 5cb40cfbb..62cbb78a8 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -769,6 +769,31 @@ in {
};
};
};
+ verex = {
+ owner = config.krebs.users.lc4r;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.232.232";
+ aliases = [ "verex.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA7RCGaxVcTK3cPIs5NkbDdKEg/ASLRyKN2tBklvs43fD2lq/t77YK
+ vtLkZhJokcxzDWNAyUZXgTsmVblYTzbyg+DFhygNwhMSI0vdrG5AoYhWa+eIe8mf
+ Hxi7TWNTbDx/p66kw2NFDlw6Wbs5enPlMzfZPZj+aI7Dx7GrZRz8TrsKAauSSBKc
+ Vtl7Aqs2FLk8suiMAOE4JD4Lt/pvR7YSISBo1N6/eBbFEosY1XqYkv+l9a0d948a
+ k3jfJYRllsBRQzUyseMewwgVEz8Ny+rwk2J4ukSogAlMXXkPD/pYQgdTZwbGWOyY
+ FMLgb7qULn60aUO6mE/mW9JP90/9cX3CD9McdEFRXV4oM0P9EUq49kN+vinD6JDm
+ bL9fP+yx3sdzl34dFWDRPwrzn13kTDlRbble8jATRcisxMT1zYiADuRwIx8AeKs7
+ O4uc7r/hz8ANO3zksuPhkTUoObTvZyW4mXbac2p6DGv/2aC6jzMRFJsJbWQK1TSr
+ 9WjeAOknhSP9UGxQWz6AgHNjq04dR3lQk34xMfKfWxRAaMD+T6frWKz++Z07WpUo
+ OkPlz57jPZ7yeJGwwPM/CMcNNmA6YCqgE2kJo5rVQqlUb90nVRbuiQYYldl1YCIc
+ Z4X36TKEXPBTiiKf6rFL6dJ64vaVxmOPr3+jdvLSufa/L7uXq3g66ZECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "9ifWNFwaXe6qLVTW0UrOl2jg7erwTUC7f50Th4Vv2iE";
+ };
+ };
+ };
};
users = {
@@ -849,5 +874,8 @@ in {
feliks = {
mail = "feliks@flipdot.org";
};
+ lc4r = {
+ mail = "lc4r@riseup.net";
+ };
};
}
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 58757b0b3..2a3604b25 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -930,32 +930,27 @@ in {
};
};
- dev1 = {
+ ruby = {
owner = config.krebs.users.mic92;
nets = rec {
- internet = {
- ip4.addr = "65.108.192.175";
- ip6.addr = "2a01:4f9:1a:94a4::1";
- aliases = [ "dev1.i" ];
- };
retiolum = {
- aliases = [ "dev1.r" ];
+ aliases = [ "ruby.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAwx2l5llCtEdoTRT9UJKHqa/GTqd5f9mUWX/n3HKQHdeEVao6cH9J
- LteQ2rJY+Gh2zt3FZYzRBykvArjGmu1qKKnouldFJis0DygUI1jZVbeeNKbA2lZx
- 7+jCUIz4kgpA0ggJt/9Nb0xHMGPpgXSMADPHLKODT2FPxA4026pI6xLAZWY1o1SY
- oypaIxaOUbqi9M+eR5KRCngUGHBOQm3rGtgw5wYxHsfJqHvqCmFIicxHVifpbzOf
- Hf0hDvk6E54PijcrDUfDBkXrEoa1hFezCMnzv0h+1Y4qfueFtCtPbJdYKUo87X04
- PWT/P+x78VY9e7fJswi4bYflXmE6jVg/0gXPNpWNV1iBmbrFMJMduGNiuyBcSAxp
- S1ubP/+5D2hgOLCuflLfnPOozPtvV6F/XYKatQGPmgo4d7+z7g4frFKv6Uu9ZMT0
- p2CN/bnVNAEErPbTVLyk8zX6J3ruCBQxucr3dsqyw7pk74tTQlFwH9BY8tWfRrAP
- v7rDLHzv/1KA9GRDkbVPJmCkwIlPd9PcqSeHL9pnV9IkFr0UTVJE5qBLDSRW9XAb
- QY6wVgsMocMeAxwrx6q+pdX/NAPbBzrmr0IB+DwYfMhZdGWoWEw+NV1wOsQjBzjw
- SA63+XAgJ30QR5Z87d5g2Y7560+6oQavMPdt+5kfPTGa48UR7WwYyzsCAwEAAQ==
+ MIICCgKCAgEAzqrguDMHqYyidLxbz3jsQS3JVNCy0HaN6wprT1Ge1Anf5E8KtuXh
+ M9IjYPShzzJ162rYaJdd2lBmc5o435j+0/Gg5pySILni9bILhuRr7TMWN0sjNbgr
+ x0JRbpMmpW5DOmQx1BSyA+LLNbyVVnCc1XI0P2EaRr1ZrRSU0bpE/7kJ//Zt7ATu
+ GfqJTuL2aqap12VMKAfjRByyXA9V7szJMRom2Ia3cWSXhie1E0OOvCNT+InKXx4c
+ QbEGX71noCgsNgxbD8AVSwMnNV15vdnbgwK/1QzA0Cep1uxFS05TXJZLZTjcGwG0
+ Kp0kEjntq1rCqgdoUHIubNB17efU/oP6aSrdfvtgeYBjn0zSLHSUYdhf3JHd1Fvf
+ Ov2TwHxt/sm8d91UjhrkYwjf2nzSruAklYDnIDJiHgLFoT5WuOoVlnfUjRpQEw44
+ kp8KXsd24Y0UT5XJO5cQA+kZ1vl2ktHbQGTqYuYDB2FKEnBR/JIwJzJfugcGiyRx
+ OukQ2/rjnS60JA2pHUEfoezIAMhYAF+EPgOgMcNSSRYUVBpPVKD26oGTrNn0AtnO
+ ALW1vqUDwxb0cpv877vN1VfqvLE8n8Zgtt7itdT0+vxNPxICvF6//LNYUeDoQ3pj
+ w+1ZSdYZsvIQ7tDcilnL0hU5/nfsSIbHV+ceuLde1xDt5c7Tnl4v/U0CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
- tinc.pubkey_ed25519 = "nu1d0uwAE1Lg16SfXkCgGz2blir402mlucwJMfHivrJ";
+ tinc.pubkey_ed25519 = "TV9byzSblknvqdUjQCwjgLmA8qCB4Tnl/DSd2mbsZTJ";
};
};
};
diff --git a/krebs/3modules/external/rtunreal.nix b/krebs/3modules/external/rtunreal.nix
new file mode 100644
index 000000000..8c0e0af2c
--- /dev/null
+++ b/krebs/3modules/external/rtunreal.nix
@@ -0,0 +1,51 @@
+with import <stockholm/lib>;
+{ config, ... }:
+let
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = false;
+ external = true;
+ monitoring = false;
+ owner = config.krebs.users.rtunreal;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum = {
+ ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ };
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill = {
+ ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ };
+ });
+in
+{
+ users = rec {
+ rtunreal = {
+ # Mail is temporary as it will change in the future and I
+ # don't want it to be semi permanent
+ # mail: krebscotemp(a)user-sites[point]de
+ };
+ };
+ hosts = mapAttrs hostDefaults {
+ rtspinner = {
+ nets.retiolum = {
+ aliases = [ "spinner.rtunreal.r" ];
+ ip4.addr = "10.243.20.18";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEApgnFW2hCP2Lf+CGMtzgiTyA9sphEKGzVtOTJy+LxZ/WchFU6QiU6
+ Dl5ybz/Bor25dbwvQCRsQo42gPb+xyjsoHGu2q1NVazMQobePjt/8Qzfqw+Ydz3e
+ CC0Lq2J7A5HkzHAevvSHjWh52EfAfu9PGnsszDyWY/oKY+JkBd3wdnE4VsZIhUU6
+ Zrmuq+JU53Wy4TAcd3JNStvTW3z7MK4BXxovTV3zSq9sg4a120dyrG/d/m35abvm
+ V20Qb9VPmG+861f7gBn45M1w9d4X+3Ev8zum60Lk9JDRETfnufbOsSWNFVk2nsc3
+ wpCYd+7FMq5hBf75At/pQ32kbsMkAMpQDJlHwE/xmhxYU2mzlMLY6JW1gspOt00C
+ iny5qqmhMoZ3r1VmGuu1aA00V+My+dj5i+pvZiUQ9DG2eYoKM43Var2XsU6lURpL
+ UhozcYkb+ax9mqlaPjq2BSYLNzmqTJc3FJY6CcyZxIi4aB8EhDeebYD7wIX115tf
+ wwMIJB9FgmvwBhL2K48P5p8lmxU0sNidvv/Gnr3Fgf1p+jEo8BC9hDK3gigD0lqo
+ AGmRrjHQN7AjysTMTllDj8RSoO2LhOYTxVtcMsQnPJ9hfFrgnSpSZok64y0h+QJG
+ q2WZRBwRYORC7JfKNbE6drRtM6DXccMxOM0eQXoDvg3D5Xg4aqWy3ikCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB";
+ };
+ };
+ };
+}
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index c038fd4c6..02c673e43 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -628,7 +628,7 @@ let
# TODO fix correctly with stringAfter
chown -R ${toString config.users.users.git.uid}:nogroup "$repodir"
fi
- ln -s ${hooks} "$repodir/hooks"
+ ln -Tfs ${hooks} "$repodir/hooks"
''
) (attrValues cfg.repos)}
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b05e774b4..ca0c757a3 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -1,12 +1,6 @@
with import <stockholm/lib>;
{ config, ... }: let
- hostDefaults = hostName: host: flip recursiveUpdate host {
- ci = true;
- monitoring = true;
- owner = config.krebs.users.lass;
- };
-
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
@@ -16,6 +10,7 @@ in {
};
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
+ consul = true;
ci = true;
monitoring = true;
}) {
@@ -55,7 +50,6 @@ in {
'';
pubkey_ed25519 = "P+bhzhgTNdohWdec//t/e+8cI7zUOsS+Kq/AOtineAO";
};
- tinc.port = 655;
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
@@ -78,7 +72,7 @@ in {
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr}
- IN MX 5 lassul.us.
+ IN MX 5 mail.lassul.us.
60 IN TXT v=spf1 mx a:lassul.us -all
60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
@@ -97,6 +91,9 @@ in {
streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
mumble 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
mail 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ confusion 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -123,6 +120,7 @@ in {
"prism.r"
"cache.prism.r"
"cgit.prism.r"
+ "bota.r"
"flix.r"
"jelly.r"
"paste.r"
@@ -131,7 +129,6 @@ in {
"search.r"
"radio-news.r"
];
- tinc.port = 655;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -192,7 +189,6 @@ in {
aliases = [
"mors.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -229,7 +225,6 @@ in {
aliases = [
"shodan.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -267,7 +262,6 @@ in {
aliases = [
"icarus.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -304,7 +298,6 @@ in {
aliases = [
"daedalus.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -339,7 +332,6 @@ in {
aliases = [
"skynet.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -376,7 +368,6 @@ in {
aliases = [
"littleT.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -422,6 +413,7 @@ in {
};
xerxes = {
cores = 2;
+ consul = false;
nets = rec {
retiolum = {
ip4.addr = "10.243.1.3";
@@ -429,7 +421,6 @@ in {
aliases = [
"xerxes.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -482,7 +473,6 @@ in {
aliases = [
"yellow.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN PUBLIC KEY-----
@@ -523,7 +513,6 @@ in {
aliases = [
"blue.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN PUBLIC KEY-----
@@ -566,7 +555,6 @@ in {
aliases = [
"green.r"
];
- tinc.port = 0;
tinc = {
pubkey = ''
-----BEGIN PUBLIC KEY-----
@@ -600,7 +588,53 @@ in {
syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM";
};
+ massulus = {
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.113";
+ ip6.addr = r6 "113";
+ aliases = [
+ "massulus.r"
+ ];
+ tinc = {
+ pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt
+ ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN
+ ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K
+ zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3
+ F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e
+ v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd
+ kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF
+ LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW
+ EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb
+ KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl
+ oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00
+ yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM";
+ port = 1655;
+ };
+ };
+ wiregrill = {
+ ip6.addr = w6 "113";
+ aliases = [
+ "massulus.w"
+ ];
+ wireguard.pubkey = ''
+ 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ=
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 ";
+ };
+
phone = {
+ consul = false;
nets = {
wiregrill = {
ip4.addr = "10.244.1.13";
@@ -616,6 +650,7 @@ in {
syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ";
};
tablet = {
+ consul = false;
nets = {
wiregrill = {
ip4.addr = "10.244.1.14";
@@ -630,6 +665,7 @@ in {
ci = false;
};
hilum = {
+ consul = false;
cores = 1;
nets = {
retiolum = {
@@ -638,7 +674,6 @@ in {
aliases = [
"hilum.r"
];
<