summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hotdog/config.nix3
-rw-r--r--krebs/1systems/puyak/config.nix10
-rw-r--r--krebs/2configs/binary-cache/prism.nix1
-rw-r--r--krebs/2configs/gitlab-runner-shackspace.nix27
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/2configs/ircd.nix1
-rw-r--r--krebs/2configs/reaktor-krebs.nix25
-rw-r--r--krebs/2configs/reaktor-retiolum.nix15
-rw-r--r--krebs/2configs/repo-sync.nix4
-rw-r--r--krebs/2configs/shack/muell_caller.nix2
-rw-r--r--krebs/2configs/shack/radioactive.nix2
-rw-r--r--krebs/2configs/shack/worlddomination.nix2
-rw-r--r--krebs/3modules/announce-activation.nix4
-rw-r--r--krebs/3modules/bepasty-server.nix2
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/ci.nix4
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/iana-etc.nix55
-rw-r--r--krebs/3modules/krebs/default.nix1
-rw-r--r--krebs/3modules/lass/default.nix82
-rw-r--r--krebs/3modules/lass/ssh/android.rsa1
-rw-r--r--krebs/3modules/makefu/default.nix65
-rw-r--r--krebs/3modules/tinc.nix6
-rw-r--r--krebs/5pkgs/simple/Reaktor/default.nix2
-rw-r--r--krebs/5pkgs/simple/bepasty-client-cli/default.nix2
-rw-r--r--krebs/5pkgs/simple/cac-panel/default.nix2
-rw-r--r--krebs/5pkgs/simple/git-preview.nix17
-rw-r--r--krebs/5pkgs/simple/treq/default.nix2
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix2
-rw-r--r--krebs/source.nix2
30 files changed, 306 insertions, 40 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 2ad22f49c..4fdb53ae7 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,6 +12,9 @@
<stockholm/krebs/2configs/buildbot-all.nix>
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
+ <stockholm/krebs/2configs/ircd.nix>
+ <stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/reaktor-retiolum.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 978bd18e0..d2664ef84 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -27,6 +27,11 @@
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+
+ kernelModules = [ "kvm-intel" ];
+ extraModprobeConfig = ''
+ options thinkpad_acpi fan_control=1
+ '';
};
fileSystems = {
@@ -65,7 +70,10 @@
'';
environment.systemPackages = [ pkgs.zsh ];
- boot.kernelModules = [ "kvm-intel" ];
+
+ system.activationScripts."disengage fancontrol" = ''
+ echo level disengaged > /proc/acpi/ibm/fan
+ '';
users.users.joerg = {
openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
isNormalUser = true;
diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix
index 4813eeb0f..46b386e14 100644
--- a/krebs/2configs/binary-cache/prism.nix
+++ b/krebs/2configs/binary-cache/prism.nix
@@ -7,6 +7,7 @@
];
binaryCachePublicKeys = [
"cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI="
];
};
}
diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix
index d9b4cd589..f4247b6da 100644
--- a/krebs/2configs/gitlab-runner-shackspace.nix
+++ b/krebs/2configs/gitlab-runner-shackspace.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
let
url = "https://git.shackspace.de/";
# generate token from CI-token via:
@@ -6,7 +6,7 @@ let
## cat /etc/gitlab-runner/config.toml
token = import <secrets/shackspace-gitlab-ci-token.nix> ;
in {
- systemd.services.gitlab-runner.path = [
+ systemd.services.gitlab-runner.path = [
"/run/wrappers" # /run/wrappers/bin/su
"/" # /bin/sh
];
@@ -16,19 +16,18 @@ in {
enable = true;
# configFile, configOptions and gracefulTimeout not yet in stable
# gracefulTimeout = "120min";
- configText = ''
- concurrent = 1
- check_interval = 0
-
- [[runners]]
- name = "krebs-shell"
- url = "${url}"
- token = "${token}"
- executor = "shell"
- shell = "sh"
- environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
- [runners.cache]
+ configFile = pkgs.writeText "gitlab-runner.cfg" ''
+ concurrent = 1
+ check_interval = 0
+ [[runners]]
+ name = "krebs-shell"
+ url = "${url}"
+ token = "${token}"
+ executor = "shell"
+ shell = "sh"
+ environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
+ [runners.cache]
'';
};
}
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index c85bac0d4..44743b87d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -8,6 +8,8 @@ with import <stockholm/lib>;
hardware.cpu.intel.updateMicrocode = true;
+ hardware.opengl.enable = true;
+
services.tlp.enable = true;
boot = {
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 116337733..38f58952e 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -92,6 +92,7 @@
};
general {
#maybe we want ident someday?
+ default_floodcount = 1000;
disable_auth = yes;
throttle_duration = 1;
throttle_count = 1000;
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
new file mode 100644
index 000000000..6b17b457d
--- /dev/null
+++ b/krebs/2configs/reaktor-krebs.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ krebs.Reaktor.krebs = {
+ nickname = "Reaktor|krebs";
+ channels = [
+ "#krebs"
+ "#nixos-wiki"
+ ];
+ extraEnviron = {
+ REAKTOR_HOST = "irc.freenode.org";
+ };
+ plugins = with pkgs.ReaktorPlugins; [
+ sed-plugin
+ wiki-todo-add
+ wiki-todo-done
+ wiki-todo-show
+ ];
+ };
+ services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = ''
+ default_type "text/plain";
+ alias /var/lib/Reaktor/state/wiki-todo;
+ '';
+}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
new file mode 100644
index 000000000..144b7d484
--- /dev/null
+++ b/krebs/2configs/reaktor-retiolum.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ krebs.Reaktor.retiolum = {
+ nickname = "Reaktor|lass";
+ channels = [ "#xxx" ];
+ extraEnviron = {
+ REAKTOR_HOST = "irc.r";
+ };
+ plugins = with pkgs.ReaktorPlugins; [
+ sed-plugin
+ ];
+ };
+}
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index b0b0b2f62..84b7d9c0e 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -15,8 +15,8 @@ let
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = false;
- channel = "#retiolum";
- server = "ni.r";
+ channel = "#xxx";
+ server = "irc.r";
branches = [ "master" ];
};
});
diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix
index 7e8d278f6..19768cb2e 100644
--- a/krebs/2configs/shack/muell_caller.nix
+++ b/krebs/2configs/shack/muell_caller.nix
@@ -12,7 +12,7 @@ let
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
- requests2
+ requests
paramiko
python
]))
diff --git a/krebs/2configs/shack/radioactive.nix b/krebs/2configs/shack/radioactive.nix
index 378b54056..566146d6e 100644
--- a/krebs/2configs/shack/radioactive.nix
+++ b/krebs/2configs/shack/radioactive.nix
@@ -12,7 +12,7 @@ let
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
- requests2
+ requests
python
]))
];
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index d0f9f5fa6..828b6cd70 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -37,7 +37,7 @@ let
docopt
LinkHeader
aiocoap
- requests2
+ requests
paramiko
python
]))
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 5a3a788c2..8f8440eb7 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -35,7 +35,7 @@ in {
irc = {
# TODO rename channel to target?
channel = mkOption {
- default = "#retiolum";
+ default = "#xxx";
type = types.str; # TODO types.irc-channel
};
nick = mkOption {
@@ -47,7 +47,7 @@ in {
type = types.int;
};
server = mkOption {
- default = "ni.r";
+ default = "irc.r";
type = types.hostname;
};
};
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 0ca13366b..dd29a4e17 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -3,7 +3,7 @@
with import <stockholm/lib>;
let
gunicorn = pkgs.pythonPackages.gunicorn;
- bepasty = pkgs.pythonPackages.bepasty-server;
+ bepasty = pkgs.bepasty;
gevent = pkgs.pythonPackages.gevent;
python = pkgs.pythonPackages.python;
cfg = config.krebs.bepasty;
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 544f9c4e0..0af553c5d 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -160,6 +160,8 @@ let
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
+ #remove garbage from old versions
+ rm -r ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index dab87792e..adbc1ebe1 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -133,8 +133,8 @@ in
irc = {
enable = true;
nick = "build|${hostname}";
- server = "ni.r";
- channels = [ "retiolum" "noise" ];
+ server = "irc.r";
+ channels = [ "xxx" "noise" ];
allowForce = true;
};
extraConfig = ''
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 42df3f053..48cf7971b 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -24,6 +24,7 @@ let
./go.nix
./hidden-ssh.nix
./htgen.nix
+ ./iana-etc.nix
./iptables.nix
./kapacitor.nix
./monit.nix
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
new file mode 100644
index 000000000..f6d47f27e
--- /dev/null
+++ b/krebs/3modules/iana-etc.nix
@@ -0,0 +1,55 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+ options.krebs.iana-etc.services = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule ({ config, ... }: {
+ options = {
+ port = mkOption {
+ default = config._module.args.name;
+ type = types.addCheck types.str (test "[1-9][0-9]*");
+ };
+ } // genAttrs ["tcp" "udp"] (protocol: mkOption {
+ default = null;
+ type = types.nullOr (types.submodule {
+ options = {
+ name = mkOption {
+ type = types.str;
+ };
+ };
+ });
+ });
+ }));
+ };
+
+ config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) {
+ services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
+ exec < ${pkgs.iana_etc}/etc/services
+ exec > $out
+ awk -F '[ /]+' '
+ BEGIN {
+ port=0
+ }
+ ${concatMapStringsSep "\n" (entry: ''
+ $2 == ${entry.port} {
+ port=$2
+ next
+ }
+ port == ${entry.port} {
+ ${concatMapStringsSep "\n"
+ (proto: let
+ s = "${entry.${proto}.name} ${entry.port}/${proto}";
+ in
+ "print ${toJSON s}")
+ (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+ port=0
+ }
+ '') (attrValues config.krebs.iana-etc.services)}
+ {
+ print $0
+ }
+ '
+ '');
+ };
+
+}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 2fe3e5115..1e626f0a0 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -74,6 +74,7 @@ in {
"build.r"
"build.hotdog.r"
"cgit.hotdog.r"
+ "irc.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index ca3c8b45b..3e03e71cb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -83,7 +83,7 @@ with import <stockholm/lib>;
};
nets = rec {
internet = {
- ip4.addr = "213.239.205.240";
+ ip4.addr = "46.4.114.247";
aliases = [
"prism.i"
"paste.i"
@@ -103,6 +103,47 @@ with import <stockholm/lib>;
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
+ fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo
+ rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z
+ ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB
+ wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio
+ /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA
+ BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C
+ 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5
+ Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu
+ 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH
+ TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb
+ g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ
+ kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg
+ 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo
+ 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz
+ cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451
+ k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0
+ dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu
+ ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i
+ jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/
+ AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE
+ T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
+ };
+ archprism = rec {
+ cores = 4;
+ nets = rec {
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.0.104";
+ ip6.addr = "42::fa17";
+ aliases = [
+ "archprism.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
@@ -112,6 +153,13 @@ with import <stockholm/lib>;
-----END RSA PUBLIC KEY-----
'';
};
+ internet = {
+ ip4.addr = "213.239.205.240";
+ aliases = [
+ "archprism.i"
+ ];
+ ssh.port = 45621;
+ };
};
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
@@ -384,8 +432,19 @@ with import <stockholm/lib>;
eddie = {
ci = false;
external = true;
- nets = {
- retiolum = {
+ nets = rec {
+ internet = {
+ ip4.addr = "129.215.90.4";
+ aliases = [ "eddie.i" ];
+ };
+ retiolum = rec {
+ via = internet;
+ addrs = [
+ # edinburgh university
+ "129.215.0.0/16"
+ ip4.addr
+ ip6.addr
+ ];
ip4.addr = "10.243.29.170";
ip6.addr = "42:4992:6a6d:700::1";
aliases = [ "eddie.r" ];
@@ -437,8 +496,13 @@ with import <stockholm/lib>;
inspector = {
ci = false;
external = true;
- nets = {
+ nets = rec {
+ internet = {
+ ip4.addr = "141.76.44.154";
+ aliases = [ "inspector.i" ];
+ };
retiolum = {
+ via = internet;
ip4.addr = "10.243.29.172";
ip6.addr = "42:4992:6a6d:800::1";
aliases = [ "inspector.r" ];
@@ -467,6 +531,10 @@ with import <stockholm/lib>;
pubkey = builtins.readFile ./ssh/mors.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
};
+ lass-android = {
+ mail = "lassulus@gmail.com";
+ pubkey = builtins.readFile ./ssh/android.rsa;
+ };
lass-helios = {
mail = "lass@helios.r";
pubkey = builtins.readFile ./ssh/helios.rsa;
@@ -487,10 +555,14 @@ with import <stockholm/lib>;
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
- prism-repo-sync = {
+ archprism-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C";
mail = "lass@prism.r";
};
+ prism-repo-sync = {
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe";
+ mail = "lass@prism.r";
+ };
mors-repo-sync = {
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h";
mail = "lass@mors.r";
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
new file mode 100644
index 000000000..f5190f45c
--- /dev/null
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 6e0e876b8..401cba97a 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -4,6 +4,31 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
+ cake = rec {
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.136.236";
+ ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1";
+ aliases = [
+ "cake.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu
+ jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+
+ MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq
+ 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7
+ 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP
+ MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
+ };
drop = rec {
ci = true;
cores = 1;
@@ -78,6 +103,37 @@ with import <stockholm/lib>;
};
};
};
+ latte = rec {
+ ci = true;
+ cores = 1;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte";
+ nets = {
+ internet = {
+ ip4.addr = "185.215.224.160";
+ aliases = [
+ "latte.i"
+ ];
+ };
+ retiolum = {
+ ip4.addr = "10.243.80.249";
+ ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9";
+ aliases = [
+ "latte.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
+ 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
+ r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
+ 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
+ GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
+ vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
pnp = {
ci = true;
@@ -460,6 +516,8 @@ with import <stockholm/lib>;
'';
};
};
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr";
};
gum = rec {
@@ -522,7 +580,8 @@ with import <stockholm/lib>;
'';
};
};
- ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ # configured manually
+ # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
shoney = rec {
@@ -973,6 +1032,10 @@ with import <stockholm/lib>;
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum";
};
+ makefu-android = {
+ inherit (makefu) mail pgp;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x";
+ };
makefu-bob = {
inherit (makefu) mail pgp;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD";
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 8af15c13b..b032f3148 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -1,5 +1,5 @@
-{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
+{ config, pkgs, ... }:
let
out = {
options.krebs.tinc = api;
@@ -11,7 +11,7 @@ let
description = ''
define a tinc network
'';
- type = with types; attrsOf (submodule (tinc: {
+ type = types.attrsOf (types.submodule (tinc: {
options = let
netname = tinc.config._module.args.name;
in {
@@ -116,7 +116,7 @@ let
phases = [ "installPhase" ];
installPhase = ''
mkdir $out
- ${concatStrings (lib.mapAttrsToList (_: host: ''
+ ${concatStrings (mapAttrsToList (_: host: ''
echo ${shell.escape host.nets."${tinc.config.netna