summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hotdog/config.nix4
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/exim-smarthost.nix50
-rw-r--r--krebs/2configs/nscd-fix.nix24
-rw-r--r--krebs/2configs/reaktor-krebs.nix30
-rw-r--r--krebs/2configs/reaktor-retiolum.nix21
-rw-r--r--krebs/2configs/reaktor2.nix152
-rw-r--r--krebs/2configs/shack/mobile.mpd.nix5
-rw-r--r--krebs/2configs/shack/ympd-top-next.patch16
-rw-r--r--krebs/3modules/Reaktor.nix5
-rw-r--r--krebs/3modules/default.nix145
-rw-r--r--krebs/3modules/dns.nix12
-rw-r--r--krebs/3modules/external/default.nix53
-rw-r--r--krebs/3modules/github-known-hosts.nix40
-rw-r--r--krebs/3modules/hosts.nix35
-rw-r--r--krebs/3modules/per-user.nix2
-rw-r--r--krebs/3modules/reaktor2.nix71
-rw-r--r--krebs/3modules/retiolum-hosts.nix28
-rw-r--r--krebs/3modules/tinc.nix1
-rw-r--r--krebs/5pkgs/default.nix2
-rw-r--r--krebs/5pkgs/haskell/blessings.nix4
-rw-r--r--krebs/5pkgs/haskell/much.nix (renamed from krebs/5pkgs/simple/much/cabal.nix)9
-rw-r--r--krebs/5pkgs/haskell/reaktor2.nix27
-rw-r--r--krebs/5pkgs/simple/Reaktor/default.nix6
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix68
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh2
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh0
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py2
-rwxr-xr-x[-rw-r--r--]krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh0
-rw-r--r--krebs/5pkgs/simple/much/default.nix3
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix106
-rw-r--r--krebs/krops.nix20
-rw-r--r--krebs/nixpkgs.json6
33 files changed, 687 insertions, 263 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index cf72e0d73..916073375 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -12,8 +12,8 @@
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/reaktor-retiolum.nix>
- <stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/nscd-fix.nix>
+ <stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/repo-sync.nix>
];
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 914b38051..ec8830711 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -161,6 +161,7 @@ in
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
];
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
new file mode 100644
index 000000000..5dc24f1de
--- /dev/null
+++ b/krebs/2configs/exim-smarthost.nix
@@ -0,0 +1,50 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+ format = from: to: {
+ inherit from;
+ # TODO assert is-retiolum-mail-address to;
+ to = concatMapStringsSep "," (getAttr "mail") (toList to);
+ };
+
+in {
+ krebs.exim-smarthost.internet-aliases =
+ mapAttrsToList format (with config.krebs.users; let
+ brain-ml = [
+ lass
+ makefu
+ tv
+ ];
+ eloop-ml = spam-ml ++ [ ciko ];
+ spam-ml = [
+ lass
+ makefu
+ tv
+ ];
+ ciko.mail = "ciko@slash16.net";
+ in {
+ "anmeldung@eloop.org" = eloop-ml;
+ "brain@krebsco.de" = brain-ml;
+ "cfp@eloop.org" = eloop-ml;
+ "kontakt@eloop.org" = eloop-ml;
+ "root@eloop.org" = eloop-ml;
+ "youtube@eloop.org" = eloop-ml;
+ "eloop2016@krebsco.de" = eloop-ml;
+ "eloop2017@krebsco.de" = eloop-ml;
+ "postmaster@krebsco.de" = spam-ml; # RFC 822
+ "lass@krebsco.de" = lass;
+ "makefu@krebsco.de" = makefu;
+ "spam@krebsco.de" = spam-ml;
+ "tv@krebsco.de" = tv;
+ # XXX These are no internet aliases
+ # XXX exim-retiolum hosts should be able to relay to retiolum addresses
+ "lass@retiolum" = lass;
+ "makefu@retiolum" = makefu;
+ "spam@retiolum" = spam-ml;
+ "tv@retiolum" = tv;
+ "lass@r" = lass;
+ "makefu@r" = makefu;
+ "spam@r" = spam-ml;
+ "tv@r" = tv;
+ });
+}
diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix
new file mode 100644
index 000000000..8e5909e72
--- /dev/null
+++ b/krebs/2configs/nscd-fix.nix
@@ -0,0 +1,24 @@
+with import <stockholm/lib>;
+{ pkgs, ... }: let
+
+ enable = versionOlderThan "19.03";
+
+ versionOlderThan = v:
+ compareVersions
+ (versions.majorMinor version)
+ (versions.majorMinor v)
+ == -1;
+
+ warning = ''
+ Using custom services.nscd.config because
+ https://github.com/NixOS/nixpkgs/pull/50316
+ '';
+
+in
+ optionalAttrs enable (trace warning {
+ services.nscd.enable = mkForce true;
+ services.nscd.config = mkForce (readFile (pkgs.fetchurl {
+ url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf;
+ sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs";
+ }));
+ })
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
deleted file mode 100644
index dc2838cae..000000000
--- a/krebs/2configs/reaktor-krebs.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.krebs = {
- nickname = "Reaktor|krebs";
- channels = [
- "#krebs"
- "#nixos-wiki"
- ];
- extraEnviron = {
- REAKTOR_HOST = "irc.freenode.org";
- REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- task-add
- task-delete
- task-done
- task-list
- ] ++
- (attrValues (todo "agenda"))
- ;
- };
- krebs.secret.files.nix-serve-key = {
- path = "/var/lib/Reaktor/reaktor_nickserv_password";
- owner.name = "Reaktor";
- source-path = toString <secrets> + "/reaktor_nickserv_password";
- };
-}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
deleted file mode 100644
index 824f59d09..000000000
--- a/krebs/2configs/reaktor-retiolum.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-
-{
- krebs.Reaktor.retiolum = {
- nickname = "Reaktor|lass";
- channels = [ "#noise" "#xxx" ];
- extraEnviron = {
- REAKTOR_HOST = "irc.r";
- };
- plugins = with pkgs.ReaktorPlugins; [
- sed-plugin
- task-add
- task-delete
- task-done
- task-list
- ] ++
- (attrValues (todo "agenda"))
- ;
- };
-}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
new file mode 100644
index 000000000..ff6b539ba
--- /dev/null
+++ b/krebs/2configs/reaktor2.nix
@@ -0,0 +1,152 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+let
+ #for shared state directory
+ stateDir = config.krebs.reaktor2.r.stateDir;
+
+ generators = pkgs.reaktor2-plugins.generators;
+ hooks = pkgs.reaktor2-plugins.hooks;
+ commands = pkgs.reaktor2-plugins.commands;
+
+ task = name: let
+ rcFile = builtins.toFile "taskrc" ''
+ confirmation=no
+ '';
+ in {
+ pattern = "^${name}-([a-z]+)(?::\\s*(.*))?";
+ activate = "match";
+ command = 1;
+ arguments = [2];
+ env.TASKDATA = "${stateDir}/${name}";
+ commands = {
+ add.filename = pkgs.writeDash "${name}-task-add" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1"
+ '';
+ list.filename = pkgs.writeDash "${name}-task-list" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \
+ | ${pkgs.jq}/bin/jq -r '
+ .[] | select(.id != 0) | "\(.id) \(.description)"
+ '
+ '';
+ delete.filename = pkgs.writeDash "${name}-task-delete" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1"
+ '';
+ done.filename = pkgs.writeDash "${name}-task-done" ''
+ ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1"
+ '';
+ };
+ };
+
+ systemPlugin = {
+ plugin = "system";
+ config = {
+ workdir = stateDir;
+ hooks.JOIN = [
+ {
+ activate = "always";
+ command = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX env, touch
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.json";
+ };
+ };
+ }
+ ];
+ hooks.PRIVMSG = [
+ {
+ pattern = "^bier bal(ance)*$";
+ activate = "match";
+ command = {
+ env = {
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "bier-balance" ''
+ ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
+ | ${pkgs.coreutils}/bin/tail +2 \
+ | ${pkgs.miller}/bin/mlr --icsv --opprint cat
+ '';
+ };
+ }
+ {
+ pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$'';
+ activate = "match";
+ arguments = [1 2 3];
+ command = {
+ env = {
+ # TODO; get state as argument
+ state_file = "${stateDir}/ledger";
+ };
+ filename = pkgs.writeDash "ledger-add" ''
+ set -x
+ tonick=$1
+ amt=$2
+ unit=$3
+ printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file
+ '';
+ };
+ }
+ hooks.sed
+ (generators.command_hook {
+ inherit (commands) hello random-emoji nixos-version stockholm-issue;
+ tell = {
+ filename =
+ "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg";
+ env = {
+ PATH = makeBinPath [
+ pkgs.coreutils # XXX date, env
+ pkgs.jq # XXX sed
+ pkgs.utillinux # XXX flock
+ ];
+ state_file = "${stateDir}/tell.txt";
+ };
+ };
+ })
+ (task "agenda")
+ ];
+ };
+ };
+
+in {
+
+ krebs.reaktor2 = {
+ freenode = {
+ hostname = "irc.freenode.org";
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#krebs"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ username = "reaktor2";
+ };
+ r = {
+ nick = "reaktor2|krebs";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#noise"
+ "#xxx"
+ ];
+ };
+ }
+ systemPlugin
+ ];
+ username = "reaktor2";
+ };
+ };
+}
diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix
index 2dc466edb..751d233ec 100644
--- a/krebs/2configs/shack/mobile.mpd.nix
+++ b/krebs/2configs/shack/mobile.mpd.nix
@@ -1,5 +1,8 @@
{lib,pkgs, ... }:
let
+ pkg = lib.overrideDerivation pkgs.ympd (old: {
+ patches = [ ./ympd-top-next.patch ];
+ });
mpdHost = "mpd.shack";
ympd = name: port: let
webPort = 10000 + port;
@@ -7,7 +10,7 @@ let
systemd.services."ympd-${name}" = {
description = "mpd for ${name}";
wantedBy = [ "multi-user.target" ];
- serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
+ serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
};
services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
serverAliases = [
diff --git a/krebs/2configs/shack/ympd-top-next.patch b/krebs/2configs/shack/ympd-top-next.patch
new file mode 100644
index 000000000..fd424f11a
--- /dev/null
+++ b/krebs/2configs/shack/ympd-top-next.patch
@@ -0,0 +1,16 @@
+diff --git a/htdocs/index.html b/htdocs/index.html
+index ed77279..eaf92b6 100644
+--- a/htdocs/index.html
++++ b/htdocs/index.html
+@@ -76,6 +76,11 @@
+
+ <div class="col-md-10 col-xs-12">
+ <div class="notifications top-right"></div>
++
++ <ul class="pager">
++ <li id="prev" class="page-btn hide"><a href="">Previous</a></li>
++ <li id="next" class="page-btn"><a href="">Next</a></li>
++ </ul>
+
+ <div class="panel panel-primary">
+ <!-- Default panel contents -->
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 669483f3c..308c6d41d 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -113,10 +113,11 @@ let
'';
in nameValuePair "Reaktor-${name}" {
path = with pkgs; [
- utillinux #flock for tell_on-join
git # for nag
+ jq # for tell
python # for caps
- ];
+ utillinux # flock for tell
+ ];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2e7c61fb5..9303a81fb 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -18,14 +18,17 @@ let
./charybdis.nix
./ci.nix
./current.nix
+ ./dns.nix
./exim.nix
./exim-retiolum.nix
./exim-smarthost.nix
./fetchWallpaper.nix
./github-hosts-sync.nix
+ ./github-known-hosts.nix
./git.nix
./go.nix
./hidden-ssh.nix
+ ./hosts.nix
./htgen.nix
./iana-etc.nix
./iptables.nix
@@ -39,8 +42,10 @@ let
./per-user.nix
./power-action.nix
./Reaktor.nix
+ ./reaktor2.nix
./realwallpaper.nix
./retiolum-bootstrap.nix
+ ./retiolum-hosts.nix
./rtorrent.nix
./secret.nix
./setuid.nix
@@ -58,28 +63,10 @@ let
api = {
enable = mkEnableOption "krebs";
- dns = {
- providers = mkOption {
- type = with types; attrsOf str;
- };
- };
-
- hosts = mkOption {
- type = with types; attrsOf host;
- default = {};
- };
-
users = mkOption {
type = with types; attrsOf user;
};
- # XXX is there a better place to define search-domain?
- # TODO search-domains :: listOf hostname
- search-domain = mkOption {
- type = types.hostname;
- default = "r";
- };
-
sitemap = mkOption {
default = {};
type = types.attrsOf types.sitemap.entry;
@@ -125,6 +112,8 @@ let
w = "hosts";
};
+ krebs.dns.search-domain = mkDefault "r";
+
krebs.users = {
krebs = {
home = "/krebs";
@@ -137,93 +126,6 @@ let
};
};
- networking.extraHosts = let
- domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
- check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
- in concatStringsSep "\n" (flatten (
- mapAttrsToList (hostname: host:
- mapAttrsToList (netname: net:
- let
- aliases = longs ++ shorts;
- longs = filter check net.aliases;
- shorts = let s = ".${cfg.search-domain}"; in
- map (removeSuffix s) (filter (hasSuffix s) longs);
- in
- optionals
- (aliases != [])
- (map (addr: "${addr} ${toString aliases}") net.addrs)
- ) (filterAttrs (name: host: host.aliases != []) host.nets)
- ) cfg.hosts
- ));
-
- # TODO dedup with networking.extraHosts
- nixpkgs.config.packageOverrides = oldpkgs:
- let
- domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers);
- check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
- in
- {
- retiolum-hosts = oldpkgs.writeText "retiolum-hosts" ''
- ${concatStringsSep "\n" (flatten (
- map (host:
- let
- net = host.nets.retiolum;
- aliases = longs;
- longs = filter check net.aliases;
- in
- optionals
- (aliases != [])
- (map (addr: "${addr} ${toString aliases}") net.addrs)
- ) (filter (host: hasAttr "retiolum" host.nets)
- (attrValues cfg.hosts))))}
- '';
- };
-
- krebs.exim-smarthost.internet-aliases = let
- format = from: to: {
- inherit from;
- # TODO assert is-retiolum-mail-address to;
- to = concatMapStringsSep "," (getAttr "mail") (toList to);
- };
- in mapAttrsToList format (with config.krebs.users; let
- brain-ml = [
- lass
- makefu
- tv
- ];
- eloop-ml = spam-ml ++ [ ciko ];
- spam-ml = [
- lass
- makefu
- tv
- ];
- ciko.mail = "ciko@slash16.net";
- in {
- "anmeldung@eloop.org" = eloop-ml;
- "brain@krebsco.de" = brain-ml;
- "cfp@eloop.org" = eloop-ml;
- "kontakt@eloop.org" = eloop-ml;
- "root@eloop.org" = eloop-ml;
- "youtube@eloop.org" = eloop-ml;
- "eloop2016@krebsco.de" = eloop-ml;
- "eloop2017@krebsco.de" = eloop-ml;
- "postmaster@krebsco.de" = spam-ml; # RFC 822
- "lass@krebsco.de" = lass;
- "makefu@krebsco.de" = makefu;
- "spam@krebsco.de" = spam-ml;
- "tv@krebsco.de" = tv;
- # XXX These are no internet aliases
- # XXX exim-retiolum hosts should be able to relay to retiolum addresses
- "lass@retiolum" = lass;
- "makefu@retiolum" = makefu;
- "spam@retiolum" = spam-ml;
- "tv@retiolum" = tv;
- "lass@r" = lass;
- "makefu@r" = makefu;
- "spam@r" = spam-ml;
- "tv@r" = tv;
- });
-
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
@@ -238,31 +140,6 @@ let
};
})
//
- {
- github = {
- hostNames = [
- "github.com"
- # List generated with
- # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
- "192.30.252.*"
- "192.30.253.*"
- "192.30.254.*"
- "192.30.255.*"
- "185.199.108.*"
- "185.199.109.*"
- "185.199.110.*"
- "185.199.111.*"
- "13.229.188.59"
- "13.250.177.223"
- "18.194.104.89"
- "18.195.85.27"
- "35.159.8.160"
- "52.74.223.119"
- ];
- publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
- };
- }
- //
mapAttrs
(name: host: {
hostNames =
@@ -272,8 +149,8 @@ let
let
longs = net.aliases;
shorts =
- map (removeSuffix ".${cfg.search-domain}")
- (filter (hasSuffix ".${cfg.search-domain}")
+ map (removeSuffix ".${cfg.dns.search-domain}")
+ (filter (hasSuffix ".${cfg.dns.search-domain}")
longs);
add-port = a:
if net.ssh.port != 22
@@ -297,8 +174,8 @@ let
(concatMap (host: attrValues host.nets)
(mapAttrsToList
(_: host: recursiveUpdate host
- (optionalAttrs (hasAttr config.krebs.search-domain host.nets) {
- nets."" = host.nets.${config.krebs.search-domain} // {
+ (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) {
+ nets."" = host.nets.${cfg.dns.search-domain} // {
aliases = [host.name];
addrs = [];
};
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
new file mode 100644
index 000000000..b7e2a2cbb
--- /dev/null
+++ b/krebs/3modules/dns.nix
@@ -0,0 +1,12 @@
+with import <stockholm/lib>;
+{
+ options = {
+ krebs.dns.providers = mkOption {
+ type = types.attrsOf types.str;
+ };
+
+ krebs.dns.search-domain = mkOption {
+ type = types.hostname;
+ };
+ };
+}
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index baa49dbe0..089113ac6 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -84,8 +84,8 @@ in {
nets = rec {
internet = {
# eve.thalheim.io
- ip4.addr = "188.68.39.17";
- ip6.addr = "2a03:4000:13:31e::1";
+ ip4.addr = "95.216.112.61";
+ ip6.addr = "2a01:4f9:2b:1605::1";
aliases = [ "eve.i" ];
};
retiolum = {
@@ -141,6 +141,29 @@ in {
};
};
};
+ idontcare = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.idontcare.nets.retiolum.ip4.addr
+ config.krebs.hosts.idontcare.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.177";
+ aliases = [ "idontcare.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O
+ qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A
+ OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An
+ lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb
+ O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw
+ jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
justraute = {
owner = config.krebs.users.raute; # laptop
nets = {
@@ -344,6 +367,30 @@ in {
};
};
};
+ matchbox = {
+ owner = config.krebs.users.Mic92;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.29.176";
+ aliases = [ "matchbox.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m
+ VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w
+ nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u
+ TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE
+ TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1
+ yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO
+ 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4
+ Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/
+ bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4
+ nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR
+ /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
miaoski = {
owner = config.krebs.users.miaoski;
nets = {
@@ -369,7 +416,7 @@ in {
pubkey = ssh-for "kmein";
};
Mic92 = {
- mail = "joerg@higgsboson.tk";
+ mail = "joerg@thalheim.io";
pubkey = ssh-for "Mic92";
};
palo = {
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
new file mode 100644
index 000000000..def06f17a
--- /dev/null
+++ b/krebs/3modules/github-known-hosts.nix
@@ -0,0 +1,40 @@
+{
+ services.openssh.knownHosts.github = {
+ hostNames = [
+ "github.com"
+ # List generated with
+ # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
+ "192.30.252.*"
+ "192.30.253.*"
+ "192.30.254.*"
+ "192.30.255.*"
+ "185.199.108.*"
+ "185.199.109.*"
+ "185.199.110.*"
+ "185.199.111.*"
+ "140.82.112.*"
+ "140.82.113.*"
+ "140.82.114.*"
+ "140.82.115.*"
+ "140.82.116.*"
+ "140.82.117.*"
+ "140.82.118.*"
+ "140.82.119.*"
+ "140.82.120.*"
+ "140.82.121.*"
+ "140.82.122.*"
+ "140.82.123.*"
+ "140.82.124.*"
+ "140.82.125.*"
+ "140.82.126.*"
+ "140.82.127.*"
+ "13.229.188.59"
+ "13.250.177.223"
+ "18.194.104.89"
+ "18.195.85.27"
+ "35.159.8.160"
+ "52.74.223.119"
+ ];
+ publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+ };
+}
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
new file mode 100644
index 000000000..0985bb539
--- /dev/null
+++ b/krebs/3modules/hosts.nix
@@ -0,0 +1,35 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+ # TODO dedup functions with ./retiolum-hosts.nix
+ check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
+ domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
+in {