From 3b601871b7b73c917275ac4f0a19c575a7744b7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Jun 2021 19:05:58 +0200 Subject: external: add nxnv (rtjure) --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 123bbac4..31cd9e2c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -589,6 +589,32 @@ in { }; }; }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { -- cgit v1.2.3 From a400657702a75f928aae7ee5328068a3c8331d27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 20:15:42 +0200 Subject: fetchWallpaper: set isSystemUser --- krebs/3modules/fetchWallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e3..852c8f63 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { -- cgit v1.2.3 From 26a1458a032531ac51a4b4f984a7efe152a121de Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:12:18 +0200 Subject: brockman: isSystemUser --- krebs/3modules/brockman.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a7..7a78880e 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; -- cgit v1.2.3 From 47f3dd93452ed40f4fef64b7bcb327d379c499a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:15:10 +0200 Subject: buildbot: isSystemUser --- krebs/3modules/buildbot/master.nix | 1 + krebs/3modules/buildbot/slave.nix | 1 + 2 files changed, 2 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753a..a845bb28 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fb..d877b991 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { -- cgit v1.2.3 From 8b3cd5aef173520cbea8967a3beae807e508943b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:15:30 +0200 Subject: github-hosts-sync: isSystemUser --- krebs/3modules/github-hosts-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebf..2aa26fa2 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -72,6 +72,7 @@ let mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; + isSystemUser = true; }; # TODO move to lib? -- cgit v1.2.3 From b9d9b711b89a1d5a8eba6e2a68a8bffd454496c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:45:43 +0200 Subject: github-hosts-sync: set isSystemUser at correct location --- krebs/3modules/github-hosts-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 2aa26fa2..d385ec35 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; @@ -72,7 +73,6 @@ let mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; - isSystemUser = true; }; # TODO move to lib? -- cgit v1.2.3 From f21ebcf4dc6a15779f0b5410fa7af295d1858411 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:52:48 +0200 Subject: bepasty-server: isSystemUser --- krebs/3modules/bepasty-server.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e..051646b6 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; -- cgit v1.2.3 From a9f43dff4997510e8845286aabc0f0f059fa459a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:56:41 +0200 Subject: realwallpaper: isSystemUser --- krebs/3modules/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8c..76f33396 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; -- cgit v1.2.3 From 7fa69b3399d8b52526928df81b2a6cad3f931a28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:57:08 +0200 Subject: tinc_graphs: isSystemUser --- krebs/3modules/tinc_graphs.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871..19cce8aa 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; -- cgit v1.2.3 From e044c3121ac1f886eab15a350c4ab9fd909716e9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:08:59 +0200 Subject: ma: isSystemUser everything --- krebs/3modules/airdcpp.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb3179..0ac9d335 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; -- cgit v1.2.3 From eb801fa458de69cfecafe172b178838f2cd97d08 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:52:49 +0200 Subject: module urlwatch: add isSystemUser --- krebs/3modules/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db..6a159a5b 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; -- cgit v1.2.3 From 05a77771087ecc02df036739c5e7c0cd29846ff1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 6 Jun 2021 09:34:49 +0200 Subject: jeschli enklave.r: disable ci --- krebs/3modules/jeschli/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 390f7585..41743612 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -49,6 +49,7 @@ in { }; }; enklave = { + ci = false; nets = rec { internet = { ip4.addr = "88.198.164.182"; -- cgit v1.2.3 From 0b5c89dae9242e1817ae6add75253018f9ac644d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 Jun 2021 17:41:21 +0200 Subject: module ergo: init --- krebs/3modules/default.nix | 1 + krebs/3modules/ergo.nix | 136 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+) create mode 100644 krebs/3modules/ergo.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e75afad1..8866e91a 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./ci.nix ./current.nix ./dns.nix + ./ergo.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix new file mode 100644 index 00000000..14f85c4d --- /dev/null +++ b/krebs/3modules/ergo.nix @@ -0,0 +1,136 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption types; + inherit (pkgs) coreutils ergo; + cfg = config.krebs.ergo; + + configFile = pkgs.writeText "ergo.conf" (builtins.toJSON cfg.config); +in + +{ + + ###### interface + + options = { + + krebs.ergo = { + + enable = mkEnableOption "Ergo IRC daemon"; + + config = mkOption { + type = (pkgs.formats.json {}).type; + description = '' + Ergo IRC daemon configuration file. + ''; + default = { + network = { + name = "krebstest"; + }; + server = { + name = "${config.networking.hostName}.r"; + listeners = { + ":6667" = {}; + }; + casemapping = "permissive"; + enforce-utf = true; + lookup-hostnames = false; + ip-cloaking = { + enabled = false; + }; + forward-confirm-hostnames = false; + check-ident = false; + relaymsg = { + enabled = false; + }; + max-sendq = "1M"; + ip-limits = { + count = false; + throttle = false; + }; + }; + datastore = { + path = "${cfg.statedir}/ircd.db"; + }; + accounts = { + authentication-enabled = true; + registration = { + enabled = true; + email-verification = { + enabled = false; + }; + }; + }; + channels = { + default-modes = "+nt"; + }; + limits = { + nicklen = 32; + identlen = 20; + channellen = 64; + awaylen = 390; + kicklen = 390; + topiclen = 390; + }; + }; + }; + + statedir = mkOption { + type = types.path; + default = "/var/lib/ergo"; + description = '' + Location of the state directory of ergo. + ''; + }; + + user = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon user. + ''; + }; + + group = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable ({ + users.users.${cfg.user} = { + description = "Ergo IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups.${cfg.group} = { + gid = config.ids.gids.ircd; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.ergo = { + description = "Ergo IRC daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStartPre = "${ergo}/bin/ergo initdb --conf ${configFile}"; + ExecStart = "${ergo}/bin/ergo run --conf ${configFile}"; + Group = cfg.group; + User = cfg.user; + }; + }; + + }); +} -- cgit v1.2.3 From 3724069be654a3da3d32ca9ce8c3b9ee7eeabdea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 06:48:15 +0200 Subject: mic92: change ip address of eva --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 15136cbc..262c7cdb 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -621,8 +621,8 @@ in { nets = rec { internet = { # eva.thalheim.io - ip4.addr = "52.59.172.193"; - ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; + ip4.addr = "157.90.232.92"; + ip6.addr = "2a01:4f8:1c1c:9a9::1"; aliases = [ "eva.i" ]; }; retiolum = { -- cgit v1.2.3 From c8c3f359c97ef81932d841c20473c5f7d4a3df77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 08:24:34 +0200 Subject: mic92: move loki.r to eva --- krebs/3modules/external/mic92.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 262c7cdb..3a2e7f40 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -467,7 +467,6 @@ in { ip4.addr = "10.243.29.171"; aliases = [ "rock.r" - "loki.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -630,6 +629,7 @@ in { ip4.addr = "10.243.29.185"; aliases = [ "eva.r" + "loki.r" "prometheus.r" "alertmanager.r" ]; -- cgit v1.2.3 From a0b63d8afb02b9e318af3215db2f66d8a9de60d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 10:11:11 +0200 Subject: bill: add ip addresses + new key --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 3a2e7f40..c5ae0831 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -417,6 +417,11 @@ in { bill = { owner = config.krebs.users.mic92; nets = rec { + internet = { + ip4.addr = "131.159.38.191"; + ip6.addr = "2a09:80c0:38::191"; + aliases = [ "bill.i" ]; + }; retiolum = { addrs = [ config.krebs.hosts.bill.nets.retiolum.ip4.addr @@ -426,12 +431,17 @@ in { aliases = [ "bill.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj - CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9 - GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8 - KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t - zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE - bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB + MIICCgKCAgEAvzM5dWPpmzzmogjuZC5boNvz+MJcIO0WnE9IINBY+CLSw5ZpNDVB + b97EG0Irs92OLJ5eesdPdF5LIyfFcFHOpPN+NdVEfLDWpFZVgOYh4BRy5+JdEk6O + ybcxLFIdgBHxahd3W27FxXC1ALu/AInAA2b4rwYoNBi23idj8+wtL4MJldkr5QaQ + sx8VQxIMy1xY4AbKcHdOt/nMrPoU6GnE9ObdcLys5cGUl/7Vc0NAMK6RrFQo+jfn + 2N0uWA1hZPAfZEEKP91xiOiRSx15WG3q9R/rqPmBh6l+rdPyWdRKcPVndCzVDrgw + WWPcR9A9Yzr0ZrpEIHOfrDOqb2Ur1HlrXHZRpt55IYOKwC7ZimZzKkMj7zl1t2Rq + nC07IJS7OI38amgLI0PSFI/Mx+mAPdYjd0fDcp8q7reOL63QT7cbrOw+cyOzNzGb + I7U7QaHaA2unOa1EYj5Ocd6jI1IyHqQe9FkUqgTaDVU44U3WEo/KY6FZfhqSPPHs + PsFzMj9nOWUGUr0cAn7DloIfNL49voO1C4HaiEvvhbSFIT/8suq3JznFxmP/q+Ph + qYbXI/LXzU2Ln1Abiu9m1OfxTmEOlH9C54zyUvkAfhjcD2/aZWc76g06Oj2L6kZ6 + EC9Ku7Hk37rVOgZjtXUjuf3eUAvImknQ/JMRM3YDQgmu4iU0tJ1UnqkCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; -- cgit v1.2.3 From 63964fda5cde0d00c9f54cbd9777745a974725bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 May 2021 10:32:40 +0200 Subject: mic92: nardole: update key + add ip addresses --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index c5ae0831..4e4c6ea6 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -450,6 +450,11 @@ in { nardole = { owner = config.krebs.users.mic92; nets = rec { + internet = { + ip4.addr = "131.159.38.202"; + ip6.addr = "2a09:80c0:38::202"; + aliases = [ "nardole.i" ]; + }; retiolum = { addrs = [ config.krebs.hosts.nardole.nets.retiolum.ip4.addr @@ -459,12 +464,17 @@ in { aliases = [ "nardole.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf - qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj - 80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka - AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK - FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj - fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB + MIICCgKCAgEAyYIN9FYtTmJTXUlBO4QYp9J7SZbglMEq0QCMpF9xQvCqJHl+C1vm + NzAswlhbaK5J1spi6+zUXtYJEVQyP1xesDlVm9G+hntS7woEWtuLO7VUL9whWINb + mO0OmYIEaWTMPIOKPTgc3tYsUhk7dw962/6I81JQczCHg1z2ItsRho/Kwi/Jo2Gj + jnPJQoRek45+xIzlf9Jx38ntioTQIaLuSw7/lplT1cHNcefLje8FQmVEojY79Ijc + 6Ij4b9tPln8eQErw2sANS6kSUOVRnVkfeRW+3a4iRtd8SzXJ+aX5TCsq910Z1+/H + ClK91GctU0V11s/m8LCp/Wz+o+4Z89JLxnil/ZS/6NHsaHysQPFPbx0Uh5nASF64 + RoWhzp2CSJTC9/UJKdPIpIokMIEGgKjy8Up3nY4yjoUnf6SZfzr4jmXfRmYmVaMp + cCjbMbxBo+MjfXlGRxJAFGkS9zO9/21SEDiWqfOVThg5jbBR/q9ysRGcXndS0ea7 + NzsCbU1/0StxxmZLpBRz2MxGSHqlZbwInm9RjsXbCGa32tTiUz8VxjR3LTUMU8AP + xpPLaIo7TIPdkDvCFL+DtXB9lE2PDpnSHbxyXKVKqxmCW1i/+msrBs/gnQ9VjzyA + L1Ip2MBQd+CFUtaj+VdhjfulvpVcpr5e3nZe7cl38qucUp46tbVsJ3UCAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; -- cgit v1.2.3 From e967ad3c6e401b660526b4bc0223312bf038a5f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 May 2021 12:28:02 +0200 Subject: mic92: add aendernix --- krebs/3modules/external/mic92.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 4e4c6ea6..40fdbd4e 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -269,6 +269,30 @@ in { ''; }; }; + aendernix = { + owner = config.krebs.users.mic92; + nets.retiolum = { + ip4.addr = "10.243.29.172"; + aliases = [ + "aendernix.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa + QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl + 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo + JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF + Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4 + RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G + QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41 + pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK + u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG + vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z + H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; anindya = { owner = config.krebs.users.mic92; nets.retiolum = { -- cgit v1.2.3 From 2c87eb31e0ce9357e5746eb317f424a9c83290c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 18 May 2021 19:18:01 +0200 Subject: mic92: remove anindya --- krebs/3modules/external/mic92.nix | 19 ------------------- 1 file changed, 19 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 40fdbd4e..332665e3 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -293,25 +293,6 @@ in { ''; }; }; - anindya = { - owner = config.krebs.users.mic92; - nets.retiolum = { - ip4.addr = "10.243.29.191"; - aliases = [ - "anindya.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu - +J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP - aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz - 4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK - ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1 - Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; dimitra = { owner = config.krebs.users.mic92; nets.retiolum = { -- cgit v1.2.3 From 8545edfa9adf3b49cc47ddbfbd68959871f961b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jun 2021 08:04:53 +0200 Subject: mic92: fix nardole's public ips --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 332665e3..0fca8b81 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -456,8 +456,8 @@ in { owner = config.krebs.users.mic92; nets = rec { internet = { - ip4.addr = "131.159.38.202"; - ip6.addr = "2a09:80c0:38::202"; + ip4.addr = "131.159.102.2"; + ip6.addr = "2a09:80c0:102::2"; aliases = [ "nardole.i" ]; }; retiolum = { -- cgit v1.2.3 From 3aa5d855e1d3406ef41b00a4502109c7f1e464bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 5 Jun 2021 09:15:36 +0200 Subject: mic92: start adding ed25519 as well --- krebs/3modules/external/mic92.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 0fca8b81..6f1e408f 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -448,6 +448,7 @@ in { qYbXI/LXzU2Ln1Abiu9m1OfxTmEOlH9C54zyUvkAfhjcD2/aZWc76g06Oj2L6kZ6 EC9Ku7Hk37rVOgZjtXUjuf3eUAvImknQ/JMRM3YDQgmu4iU0tJ1UnqkCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = bN+knMGCqK+HkdOucynEXxeqGFOS2u8oWLRDV/gNIZI ''; }; }; @@ -481,6 +482,7 @@ in { xpPLaIo7TIPdkDvCFL+DtXB9lE2PDpnSHbxyXKVKqxmCW1i/+msrBs/gnQ9VjzyA L1Ip2MBQd+CFUtaj+VdhjfulvpVcpr5e3nZe7cl38qucUp46tbVsJ3UCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = BA8uWkeHofZb5s9bNy6PjefKNZwemETWAA+Q6okKn1M ''; }; }; -- cgit v1.2.3 From 1a14d5b95ec22d0cf1103d5900a7fa583fdbcb25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Jun 2021 07:34:54 +0200 Subject: mic92: add more ed25519 retiolum keys --- krebs/3modules/external/mic92.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 6f1e408f..64c85c12 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -39,6 +39,7 @@ in { DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764 UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 6VktF9Fg9E0hCW5g+rwGnrPACPSx/8vkl+hPNaFYeND ''; }; }; @@ -72,6 +73,7 @@ in { UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = qnJmS6W7QSKG3mjW1kPnHGeVmKzhGkyP9xBLGwH5XvD ''; }; }; @@ -148,6 +150,7 @@ in { IzbYu49VO/B1rktYzZ2l2ENQy6OILXWbvFjC8Pt8f1ZZQ4A21PyNA1AdyJ/rbVj7 awm3OnnvKSvMCXWnwHPFHjksb3qMx96Aep1cw3ZBx0sQQ41UWBoOsi8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = ikUmx5IC1dvfaHFhpZM9xotwF2LH6EkvpcPTRm6TjeD ''; }; }; @@ -242,8 +245,6 @@ in { -----END RSA PUBLIC KEY----- ''; tinc.subnets = [ - # ohorn lan - "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" # docker network "42:0000:002b:1605:3::/80" ]; @@ -361,6 +362,7 @@ in { 4frtEIGbfdKqQ6nNTvTpCrAo+WAm3NE3khTYqGe4LqX/JMoGtWXp/Ex9IdG+sflM mESMjuHp9vPY4aZGPtYPP93Cxv3q7gm+EfIGebajISpaG28J+XjiNNsCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = emKq1mfkW4/aCoCwmeFU3DtppKs+KsTvd9YGoFkFgdC ''; }; }; @@ -386,8 +388,6 @@ in { /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500::/64" ]; }; }; }; @@ -415,6 +415,7 @@ in { 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ ''; }; }; @@ -544,6 +545,7 @@ in { W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP ''; }; }; @@ -570,9 +572,8 @@ in { W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = bXEnZa/jn2ntL0R4sMsRd7NIoHgzrzUnJ3ReJUQ8iFG ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500:f610:15d1:27a3:674b" ]; }; }; }; @@ -698,6 +699,7 @@ in { EMp7y5QJySmKwJ/XsS6yiHeYXLFwWvfReja/IRFL4RiDSW+6ES4PTEXxoLVDpqgv KF44qim4UBabCMTPVtZcU3Rr+ufBALKJCwIDAQAB -----END RSA PUBLIC KEY----- + Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP ''; }; }; @@ -726,6 +728,7 @@ in { fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7 SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = pjCpkZToBUBbjUNVMWfYJePZ6g7m7Ccr9WedfKEFsXD ''; }; }; -- cgit v1.2.3 From b8374d440e509dca4e920f917236eaa9ba5251e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Jun 2021 07:54:56 +0200 Subject: mic92: add ed25519 keys for eve/eva --- krebs/3modules/external/mic92.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 64c85c12..a31075d3 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -243,6 +243,8 @@ in { 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- + + Ed25519PublicKey = 7J1JgVyiy540akMdd/kONta0fMHSl5+FQJ1QhN84TzP ''; tinc.subnets = [ # docker network @@ -676,6 +678,7 @@ in { 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== -----END PUBLIC KEY----- + Ed25519PublicKey = 7rbs+10zzfwOPj5RoS1i/01QXuw7uIHGOHIgsjB2fHK ''; }; }; -- cgit v1.2.3 From 8740d705b95dfa5afa91cee99b7797891d73aac2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 6 Jun 2021 08:05:52 +0200 Subject: mic92: new ed25519 key for rose --- krebs/3modules/external/mic92.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index a31075d3..bbefb8ed 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -547,7 +547,7 @@ in { W3jpl1y5zShr5Hz90QoYcUTsxg9uk/+yqKpwUySZ6Gh4q0bo5k7nkM9i8mCMfNGZ 0UU94QmwS9RoV4Mt4pSLYRcCs0mVeEjLuIfTFHkXc6LCjBWMn8ICfeMCAwEAAQ== -----END RSA PUBLIC KEY----- - Ed25519PublicKey = PmZ8i6lB0Ij/d8qjA0y3QI2rMAlrTZn1ES/hUSNNWMP + Ed25519PublicKey = 0O1LrgXAFOuei1NfU0vow+qUfim3htBOyCJvPrQFwHE ''; }; }; -- cgit v1.2.3 From 8b18facc0202706766faf2fa4e947b3920b19adc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 8 Jun 2021 18:09:03 +0200 Subject: mic92: add ed25519 keys for hydrogen --- krebs/3modules/external/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 31cd9e2c..8f49b64c 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -701,6 +701,7 @@ in { 1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtM ''; }; }; -- cgit v1.2.3 From 899b6874ab1b8925d7f28742583939ad00101fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 9 Jun 2021 10:24:23 +0200 Subject: mic92: fix key for hydrogen --- krebs/3modules/external/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 8f49b64c..8e6fa225 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -701,7 +701,7 @@ in { 1T6DILDF71H92PNylujKSPA0CKI160xJ61Xy/T6MYl5u0+RblAgYr77o5HJwmXCe jFrCu3SKUIlJWYHWE8yNoR+VVYeXakbDFYE3KpVyBDG+ljUbia+Oel8CAwEAAQ== -----END RSA PUBLIC KEY----- - Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtM + Ed25519PublicKey = 3IKIoZqg0jm9+pOOka2FEtihx0y8qAdJqKTuRfJtMpK ''; }; }; -- cgit v1.2.3 From 85cd96ed8bffc97307400e80933548fbfbb353f9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 9 Jun 2021 11:37:27 +0200 Subject: gollum: follow upstream --- krebs/3modules/default.nix | 1 - krebs/3modules/gollum.nix | 112 --------------------------------------------- 2 files changed, 113 deletions(-) delete mode 100644 krebs/3modules/gollum.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8866e91a..30ca82b9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -29,7 +29,6 @@ let ./github-known-hosts.nix ./git.nix ./go.nix - ./gollum.nix ./hidden-ssh.nix ./hosts.nix ./htgen.nix diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix deleted file mode 100644 index 4b4e04d1..00000000 --- a/krebs/3modules/gollum.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.krebs.gollum; -in - -{ - options.krebs.gollum = { - enable = mkOption { - type = types.bool; - default = false; - description = "Enable the Gollum service."; - }; - - address = mkOption { - type = types.str; - default = "0.0.0.0"; - description = "IP address on which the web server will listen."; - }; - - port = mkOption { - type = types.int; - default = 4567; - description = "Port on which the web server will run."; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Content of the configuration file"; - }; - - mathjax = mkOption { - type = types.bool; - default = false; - description = "Enable support for math rendering using MathJax"; - }; - - allowUploads = mkOption { - type = types.nullOr (types.enum [ "dir" "page" ]); - default = null; - description = "Enable uploads of external files"; - }; - - emoji = mkOption { - type = types.bool; - default = false; - description = "Parse and interpret emoji tags"; - }; - - branch = mkOption { - type = types.str; - default = "master"; - example = "develop"; - description = "Git branch to serve"; - }; - - stateDir = mkOption { - type = types.path; - default = "/var/lib/gollum"; - description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; - }; - - }; - - config = mkIf cfg.enable { - - users.users.gollum = { - group = config.users.users.gollum.name; - description = "Gollum user"; - home = cfg.stateDir; - createHome = false; - isSystemUser = true; - }; - - users.groups.gollum = { }; - - systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" - ]; - - systemd.services.gollum = { - description = "Gollum wiki"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.git ]; - - preStart = '' - # This is safe to be run on an existing repo - git init ${cfg.stateDir} - ''; - - serviceConfig = { - User = config.users.users.gollum.name; - Group = config.users.groups.gollum.name; - ExecStart = '' - ${pkgs.gollum}/bin/gollum \ - --port ${toString cfg.port} \ - --host ${cfg.address} \ - --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \ - --ref ${cfg.branch} \ - ${optionalString cfg.mathjax "--mathjax"} \ - ${optionalString cfg.emoji "--emoji"} \ - ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ - ${cfg.stateDir} - ''; - }; - }; - }; -} -- cgit v1.2.3