diff options
Diffstat (limited to 'krebs')
27 files changed, 1070 insertions, 584 deletions
diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix new file mode 100644 index 000000000..9c6a9da08 --- /dev/null +++ b/krebs/1systems/filebitch/config.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; +in +{ + imports = [ + ./hardware-configuration.nix + <stockholm/krebs> + <stockholm/krebs/2configs> + # <stockholm/krebs/2configs/secret-passwords.nix> + + # <stockholm/krebs/2configs/binary-cache/nixos.nix> + # <stockholm/krebs/2configs/binary-cache/prism.nix> + <stockholm/krebs/2configs/shack/ssh-keys.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> + # provides access to /home/share for smbuser via smb + <stockholm/krebs/2configs/shack/share.nix> + { + fileSystems."/home/share" = + { device = "/serve"; + options = [ "bind" "nofail" ]; + }; + } + + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> + ]; + + krebs.build.host = config.krebs.hosts.filebitch; + sound.enable = false; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0" + ''; + networking = { + firewall.enable = true; + interfaces.et0.ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix new file mode 100644 index 000000000..574618e39 --- /dev/null +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: +let + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; +in +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + boot.tmpOnTmpfs = true; + + + boot.initrd.availableKernelModules = [ + "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" + "raid456" + "usbhid" + "usb_storage" + ]; + boot.initrd.kernelModules = [ + "sata_sil" + "megaraid_sas" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5266-931D"; + fsType = "vfat"; + }; + fileSystems."/serve" = + { device = "/dev/cryptvg/serve"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + fileSystems."/serve/incoming" = + { device = "/dev/cryptvg/incoming"; + fsType = "ext4"; + options = [ "nofail" ]; + + }; + fileSystems."/serve/movies" = + { device = "/dev/cryptvg/servemovies"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN"; + + networking.hostId = "54d97450"; # required for zfs use + boot.initrd.luks.devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 2048; + preLVM = true; + }; + in [ + ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ) + ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ) + (usbkey "125" "/dev/md125") + (usbkey "126" "/dev/md126") + (usbkey "127" "/dev/md127") + ]; + + +} diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 059e09ac1..7a096cecf 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -69,6 +69,10 @@ in # grafana.shack <stockholm/krebs/2configs/shack/grafana.nix> + # shackdns.shack + # replacement for leases.shack and shackles.shack + <stockholm/krebs/2configs/shack/shackDNS.nix> + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 5784f2cdc..ca6e0922a 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -27,6 +27,7 @@ "http://cgit.ni.r/krops" "http://cgit.prism.r/krops" "https://git.ingolf-wagner.de/krebs/krops.git" + "https://github.com/krebs/krops.git" ]; nix_writers.urls = [ "http://cgit.hotdog.r/nix-writers" diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix new file mode 100644 index 000000000..e87354978 --- /dev/null +++ b/krebs/2configs/shack/glados/automation/hass-restart.nix @@ -0,0 +1,20 @@ +# needs: +# light.fablab_led +[ + { alias = "State on HA start-up"; + trigger = { + platform = "homeassistant"; + event = "start"; + }; + action = [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "yellow"; + }; + } + ]; + } +] + diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d000af397..e48a54551 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -2,6 +2,7 @@ let shackopen = import ./multi/shackopen.nix; wasser = import ./multi/wasser.nix; + badair = import ./multi/schlechte_luft.nix; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -44,7 +45,7 @@ in { autoExtraComponents = true; config = { homeassistant = { - name = "Bureautomation"; + name = "Glados"; time_zone = "Europe/Berlin"; latitude = "48.8265"; longitude = "9.0676"; @@ -89,7 +90,7 @@ in { }; }; switch = wasser.switch; - light = []; + light = badair.light; media_player = [ { platform = "mpd"; host = "lounge.mpd.shack"; @@ -99,7 +100,8 @@ in { sensor = (import ./sensors/hass.nix) ++ (import ./sensors/power.nix) - ++ shackopen.sensor; + ++ shackopen.sensor + ++ badair.sensor; binary_sensor = shackopen.binary_sensor; @@ -113,8 +115,9 @@ in { trusted_proxies = "127.0.0.1"; }; #conversation = {}; - #history = {}; - #logbook = {}; + history = {}; + logbook = {}; + recorder = {}; tts = [ { platform = "google_translate"; language = "de"; @@ -123,10 +126,12 @@ in { # language = "de-DE"; #} ]; - #recorder = {}; sun = {}; - automation = wasser.automation; + automation = wasser.automation + ++ badair.automation + ++ (import ./automation/hass-restart.nix); + device_tracker = []; }; }; diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix new file mode 100644 index 000000000..6737af842 --- /dev/null +++ b/krebs/2configs/shack/glados/lib/default.nix @@ -0,0 +1,107 @@ +let + prefix = "glados"; +in +{ + esphome = + { + temp = {host, topic ? "temperature" }: + { + platform = "mqtt"; + name = "${host} Temperature"; + device_class = "temperature"; + unit_of_measurement = "°C"; + icon = "mdi:thermometer"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + hum = {host, topic ? "humidity" }: + { + platform = "mqtt"; + unit_of_measurement = "%"; + icon = "mdi:water-percent"; + device_class = "humidity"; + name = "${host} Humidity"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + # copied from "homeassistant/light/fablab_led/led_ring/config" + led = {host, topic ? "led", name ? host}: + { # name: fablab_led + # topic: led_ring + platform = "mqtt"; + inherit name; + schema = "json"; + brightness = true; + rgb = true; + effect = true; + effect_list = [ # TODO: may be different + "Random" + "Strobe" + "Rainbow" + "Color Wipe" + "Scan" + "Twinkle" + "Fireworks" + "Addressable Flicker" + "None" + ]; + state_topic = "${prefix}/${host}/light/${topic}/state"; + command_topic = "${prefix}/${host}/light/${topic}/command"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + qos = 1; + }; + # Feinstaub + dust_25m = { host, name ? "${host} < 2.5µm", topic ? "particulate_matter_25m_concentration" }: + { + platform = "mqtt"; + unit_of_measurement = "µg/m³"; + icon = "mdi:chemical-weapon"; + inherit name; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; + dust_100m = {host, name ? "${host} < 10µm", topic ? "particulate_matter_100m_concentration" }: + { + platform = "mqtt"; + unit_of_measurement = "µg/m³"; + icon = "mdi:chemical-weapon"; + inherit name; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; + switch = {host, name ? "${host} Button", topic ? "btn" }: + # host: ampel + # name: Button 1 + # topic: btn1 + { + inherit name; + platform = "mqtt"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + command_topic = "${prefix}/${host}/switch/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; + }; + tasmota = + { + plug = {host, name ? host, topic ? host}: + { + platform = "mqtt"; + inherit name; + state_topic = "sonoff/stat/${topic}/POWER1"; + command_topic = "sonoff/cmnd/${topic}/POWER1"; + availability_topic = "sonoff/tele/${topic}/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = false; + qos = 1; + }; + }; +} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix new file mode 100644 index 000000000..9cd2c56f4 --- /dev/null +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -0,0 +1,123 @@ +let + glados = import ../lib; +in +{ + # LED + light = [ + (glados.esphome.led { name = "Fablab LED"; host = "fablab_led"; topic = "led_ring"; }) + + (glados.esphome.led { name = "Fablab LED Part A"; host = "fablab_led"; topic = "A";}) + (glados.esphome.led { name = "Fablab LED Part B"; host = "fablab_led"; topic = "B";}) + (glados.esphome.led { name = "Fablab LED Part C"; host = "fablab_led"; topic = "C";}) + (glados.esphome.led { name = "Fablab LED Part D"; host = "fablab_led"; topic = "D";}) + ]; + sensor = [ + (glados.esphome.temp { host = "fablab_feinstaub";}) + (glados.esphome.dust_25m { host = "fablab_feinstaub";}) + (glados.esphome.dust_100m { host = "fablab_feinstaub";}) + ]; + automation = + [ + { alias = "Gute Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + below = 25; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Twinkle"; + color_name = "green"; + }; + } + ]; + } + { alias = "mäßige Luft Fablab"; + trigger = [ + #{ + # platform = "numeric_state"; + # above = 25; + # entity_id = "sensor.fablab_feinstaub_25m"; + #} + { + platform = "numeric_state"; + above = 25; + below = 50; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Twinkle"; + color_name = "yellow"; + }; + } + ]; + } + { alias = "schlechte Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + above = 50; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Twinkle"; + color_name = "red"; + }; + } + ]; + } + { alias = "Luft Sensor nicht verfügbar"; + trigger = [ + { + platform = "state"; + to = "unavailable"; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "blue"; + }; + } + ]; + } + { alias = "Fablab Licht Reboot"; + trigger = [ + { + platform = "state"; + from = "unavailable"; + entity_id = "light.fablab_led"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "orange"; + }; + } + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 578bb0750..cdfe01405 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -1,23 +1,12 @@ let - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; + glados = import ../lib; seconds = 20; in { switch = [ - (tasmota_plug "Wasser" "plug") + (glados.tasmota.plug { host = "Wasser"; topic = "plug";} ) ]; + automation = [ { alias = "Water the plant for ${toString seconds} seconds"; diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix index 634758701..8de0ef391 100644 --- a/krebs/2configs/shack/glados/sensors/hass.nix +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -1,22 +1,5 @@ let - esphome_temp = name: - { platform = "mqtt"; - name = "${name} Temperature"; - device_class = "temperature"; - state_topic = "glados/${name}/sensor/temperature/state"; - availability_topic = "glados/${name}/status"; - payload_available = "online"; - payload_not_available = "offline"; - }; - esphome_hum = name: - { platform = "mqtt"; - device_class = "humidity"; - name = "${name} Humidity"; - state_topic = "glados/${name}/sensor/humidity/state"; - availability_topic = "glados/${name}/status"; - payload_available = "online"; - payload_not_available = "offline"; - }; + glados = import ../lib; in - (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) - ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + (map (host: glados.esphome.temp {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map (host: glados.esphome.hum {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index c1c957da3..c67d8f523 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -4,8 +4,8 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muellshack"; - rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f"; - sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j"; + rev = "c3d1f70325e5b90f280c5be60110e14f4de653ae"; + sha256 = "1dd4kqwdr4v413rmkvmyjzzvw8id9747nifp96pg0c2cy6bhzj24"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muellshack"; port = "8081"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix new file mode 100644 index 000000000..807bb7e65 --- /dev/null +++ b/krebs/2configs/shack/shackDNS.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +let + pkg = + pkgs.fetchgit { + url = "https://git.shackspace.de/rz/shackdns"; + rev = "e55cc906c734b398683f9607b93f1ad6435d8575"; + sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq"; + }; + home = "/var/lib/shackDNS"; + port = "8083"; + config_file = pkgs.writeText "config" '' + # Points to a bind configuration file + dns-db = ${home}/db.shack + + # Points to a shackles configuration file + # See `shackles.json` in repo + shackles-db = ${home}/shackles.json + + # Points to a REST service with the DHCP leases + leases-api = http://dhcp.shack/dhcpd.leases + + # Wrap this binding with https proxy or similar + binding = http://localhost:${port}/ + ''; +in { + # receive response from light.shack / standby.shack + networking.firewall.allowedTCPPorts = [ ]; + + users.users.shackDNS = { + inherit home; + createHome = true; + }; + services.nginx.virtualHosts."leases.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + services.nginx.virtualHosts."shackdns.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + services.nginx.virtualHosts."shackles.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + + systemd.services.shackDNS = { + description = "shackDNS provides an overview over DHCP and DNS as well as a replacement for shackles"; + wantedBy = [ "multi-user.target" ]; + environment.PORT = port; + serviceConfig = { + User = "shackDNS"; + WorkingDirectory = home; + ExecStart = "${pkgs.mono6}/bin/mono ${pkg}/shackDNS.exe ${config_file}"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; + }; + }; +} diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 9c7f507f1..95c869bc9 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -4,6 +4,7 @@ config.krebs.users."0x4A6F".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey + config.krebs.users.xq.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci ]; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index fcdbcbc19..6f06f4510 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -105,6 +105,7 @@ let { krebs = import ./makefu { inherit config; }; } { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } + { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 821859f3c..059e22866 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -68,103 +68,6 @@ in { }; }; }; - dpdkm = { - owner = config.krebs.users.Mic92; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eddie.nets.retiolum.ip4.addr - config.krebs.hosts.eddie.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.170"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - eve = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "95.216.112.61"; - ip6.addr = "2a01:4f9:2b:1605::1"; - aliases = [ "eve.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr - config.krebs.hosts.eve.nets.retiolum.ip6.addr - ]; - ip4.addr = "10.243.29.174"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; homeros = { owner = config.krebs.users.kmein; nets = { @@ -255,190 +158,6 @@ in { }; }; }; - rose = { - owner = config.krebs.users.Mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.52"; - aliases = [ "rose.i" ]; - }; - retiolum = { - via = internet; - addrs = [ - config.krebs.hosts.rose.nets.retiolum.ip4.addr - config.krebs.hosts.rose.net |