From 94e9faa655883ec567335187f2684c46fb451da6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 12 Oct 2022 13:32:16 +0200 Subject: drop dev1 server --- krebs/3modules/external/mic92.nix | 30 ------------------------------ 1 file changed, 30 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 58757b0b3..35e72ec2a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -929,35 +929,5 @@ in { }; }; }; - - dev1 = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "65.108.192.175"; - ip6.addr = "2a01:4f9:1a:94a4::1"; - aliases = [ "dev1.i" ]; - }; - retiolum = { - aliases = [ "dev1.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwx2l5llCtEdoTRT9UJKHqa/GTqd5f9mUWX/n3HKQHdeEVao6cH9J - LteQ2rJY+Gh2zt3FZYzRBykvArjGmu1qKKnouldFJis0DygUI1jZVbeeNKbA2lZx - 7+jCUIz4kgpA0ggJt/9Nb0xHMGPpgXSMADPHLKODT2FPxA4026pI6xLAZWY1o1SY - oypaIxaOUbqi9M+eR5KRCngUGHBOQm3rGtgw5wYxHsfJqHvqCmFIicxHVifpbzOf - Hf0hDvk6E54PijcrDUfDBkXrEoa1hFezCMnzv0h+1Y4qfueFtCtPbJdYKUo87X04 - PWT/P+x78VY9e7fJswi4bYflXmE6jVg/0gXPNpWNV1iBmbrFMJMduGNiuyBcSAxp - S1ubP/+5D2hgOLCuflLfnPOozPtvV6F/XYKatQGPmgo4d7+z7g4frFKv6Uu9ZMT0 - p2CN/bnVNAEErPbTVLyk8zX6J3ruCBQxucr3dsqyw7pk74tTQlFwH9BY8tWfRrAP - v7rDLHzv/1KA9GRDkbVPJmCkwIlPd9PcqSeHL9pnV9IkFr0UTVJE5qBLDSRW9XAb - QY6wVgsMocMeAxwrx6q+pdX/NAPbBzrmr0IB+DwYfMhZdGWoWEw+NV1wOsQjBzjw - SA63+XAgJ30QR5Z87d5g2Y7560+6oQavMPdt+5kfPTGa48UR7WwYyzsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "nu1d0uwAE1Lg16SfXkCgGz2blir402mlucwJMfHivrJ"; - }; - }; - }; }; } -- cgit v1.2.3 From 2864eba28a74c96f0256764a75b344fcd6a03f29 Mon Sep 17 00:00:00 2001 From: lc4r Date: Sun, 6 Nov 2022 01:16:35 +0000 Subject: external: add verex --- krebs/3modules/external/default.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 5cb40cfbb..62cbb78a8 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -769,6 +769,31 @@ in { }; }; }; + verex = { + owner = config.krebs.users.lc4r; + nets = { + retiolum = { + ip4.addr = "10.243.232.232"; + aliases = [ "verex.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA7RCGaxVcTK3cPIs5NkbDdKEg/ASLRyKN2tBklvs43fD2lq/t77YK + vtLkZhJokcxzDWNAyUZXgTsmVblYTzbyg+DFhygNwhMSI0vdrG5AoYhWa+eIe8mf + Hxi7TWNTbDx/p66kw2NFDlw6Wbs5enPlMzfZPZj+aI7Dx7GrZRz8TrsKAauSSBKc + Vtl7Aqs2FLk8suiMAOE4JD4Lt/pvR7YSISBo1N6/eBbFEosY1XqYkv+l9a0d948a + k3jfJYRllsBRQzUyseMewwgVEz8Ny+rwk2J4ukSogAlMXXkPD/pYQgdTZwbGWOyY + FMLgb7qULn60aUO6mE/mW9JP90/9cX3CD9McdEFRXV4oM0P9EUq49kN+vinD6JDm + bL9fP+yx3sdzl34dFWDRPwrzn13kTDlRbble8jATRcisxMT1zYiADuRwIx8AeKs7 + O4uc7r/hz8ANO3zksuPhkTUoObTvZyW4mXbac2p6DGv/2aC6jzMRFJsJbWQK1TSr + 9WjeAOknhSP9UGxQWz6AgHNjq04dR3lQk34xMfKfWxRAaMD+T6frWKz++Z07WpUo + OkPlz57jPZ7yeJGwwPM/CMcNNmA6YCqgE2kJo5rVQqlUb90nVRbuiQYYldl1YCIc + Z4X36TKEXPBTiiKf6rFL6dJ64vaVxmOPr3+jdvLSufa/L7uXq3g66ZECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "9ifWNFwaXe6qLVTW0UrOl2jg7erwTUC7f50Th4Vv2iE"; + }; + }; + }; }; users = { @@ -849,5 +874,8 @@ in { feliks = { mail = "feliks@flipdot.org"; }; + lc4r = { + mail = "lc4r@riseup.net"; + }; }; } -- cgit v1.2.3 From be312a1b1e371da31e79fc3d15474ded5bc94c70 Mon Sep 17 00:00:00 2001 From: Alexander Gaus Date: Tue, 8 Nov 2022 22:04:39 +0100 Subject: external: add rtunreal user and hosts --- krebs/3modules/default.nix | 1 + krebs/3modules/external/rtunreal.nix | 51 ++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 krebs/3modules/external/rtunreal.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 01436d352..7af6b13d9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -105,6 +105,7 @@ let { krebs = import ./external/kmein.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } + { krebs = import ./external/rtunreal.nix { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } diff --git a/krebs/3modules/external/rtunreal.nix b/krebs/3modules/external/rtunreal.nix new file mode 100644 index 000000000..8c0e0af2c --- /dev/null +++ b/krebs/3modules/external/rtunreal.nix @@ -0,0 +1,51 @@ +with import ; +{ config, ... }: +let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.rtunreal; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); +in +{ + users = rec { + rtunreal = { + # Mail is temporary as it will change in the future and I + # don't want it to be semi permanent + # mail: krebscotemp(a)user-sites[point]de + }; + }; + hosts = mapAttrs hostDefaults { + rtspinner = { + nets.retiolum = { + aliases = [ "spinner.rtunreal.r" ]; + ip4.addr = "10.243.20.18"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApgnFW2hCP2Lf+CGMtzgiTyA9sphEKGzVtOTJy+LxZ/WchFU6QiU6 + Dl5ybz/Bor25dbwvQCRsQo42gPb+xyjsoHGu2q1NVazMQobePjt/8Qzfqw+Ydz3e + CC0Lq2J7A5HkzHAevvSHjWh52EfAfu9PGnsszDyWY/oKY+JkBd3wdnE4VsZIhUU6 + Zrmuq+JU53Wy4TAcd3JNStvTW3z7MK4BXxovTV3zSq9sg4a120dyrG/d/m35abvm + V20Qb9VPmG+861f7gBn45M1w9d4X+3Ev8zum60Lk9JDRETfnufbOsSWNFVk2nsc3 + wpCYd+7FMq5hBf75At/pQ32kbsMkAMpQDJlHwE/xmhxYU2mzlMLY6JW1gspOt00C + iny5qqmhMoZ3r1VmGuu1aA00V+My+dj5i+pvZiUQ9DG2eYoKM43Var2XsU6lURpL + UhozcYkb+ax9mqlaPjq2BSYLNzmqTJc3FJY6CcyZxIi4aB8EhDeebYD7wIX115tf + wwMIJB9FgmvwBhL2K48P5p8lmxU0sNidvv/Gnr3Fgf1p+jEo8BC9hDK3gigD0lqo + AGmRrjHQN7AjysTMTllDj8RSoO2LhOYTxVtcMsQnPJ9hfFrgnSpSZok64y0h+QJG + q2WZRBwRYORC7JfKNbE6drRtM6DXccMxOM0eQXoDvg3D5Xg4aqWy3ikCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "eHWJxlhbUQY0rT2PLqbqb9W4hf7zHh3+gEIRaGrxAdB"; + }; + }; + }; +} -- cgit v1.2.3 From 3a35c4c0594c04fb7fa2ec157e9a342e2ffd9fee Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 Nov 2022 22:57:52 +0100 Subject: l: init massulus.r --- krebs/3modules/lass/default.nix | 50 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 6 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3e58fee1d..bb5b16135 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,12 +1,6 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host { - ci = true; - monitoring = true; - owner = config.krebs.users.lass; - }; - r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; @@ -592,6 +586,50 @@ in { syncthing.id = "CADHN7J-CWRCWTZ-3GZRLII-JBVZN4N-RGHDGDL-UTAJNYI-RZPHK55-7EYAWQM"; }; + massulus = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.113"; + ip6.addr = r6 "113"; + aliases = [ + "massulus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApwYalnJ2E1e3WOttPCpt + ypNm2adUXS/pejcbF68oRvgv6NRMOKVkoFVEzdnCLYTkYkwcpGd+oRO91F+ekZrN + ndEoicuzHNyG6NTXfW3Sjj9Au/NoAVwOJxAztzXMBAsH5pi4PSiqIQZC4l6cyv2K + zUNm1LvW5Z5/W0J5XCUw3/B4Py7V/HjW9Yxe8MCaCVVP2kF5SwjmfQ+Yp+8csvU3 + F30xFjcTJjjWUPSkubgxtsfkrbbjzdMZhKldi3l9LhbYWD8O4bUTrTau/Emaaf6e + v5paVh9Kczwg7Ugk9Co3GL4tKOE2I7kRQV2Rg0M5NcRBUwfxkl6JTI2PmY0fNmYd + kdLQ1fKlFOrkyHuPBjZET1UniomlLpdycyyZii+YWLoQNj4JlFl8nAlPbqkiy8EF + LcHvB2VfdjjyBY25TtYPjFzFsEYKd8HQ7djs8rvJvmhu4tLDD6NaOqJPWMo7I7rW + EavQWZd+CELCJNN8eJhYWIGpnq+BI00FKayUAX+OSObYCHD1AikiiIaSjfDCrCJb + KVDj/uczOjxHk6TUVbepFA7C8EAxZ01sgHtUDkIfvcDMs4DGn88PmjPW+V/4MfKl + oqT7aVv6BYJdSK63rH3Iw+qTvdtzj+vcoO+HmRt2I2Be4ZPSeDrt+riaLycrVF00 + yFmvsQgi48/0ZSwaVGR8lFUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "QwKNyv97Q2/fmPrVkgbGIhDTVW+uKu+F2enGCtZJgkM"; + port = 1655; + }; + }; + wiregrill = { + ip6.addr = w6 "113"; + aliases = [ + "massulus.w" + ]; + wireguard.pubkey = '' + 4wXpuDBEJS8J1bxS4paz/eZP1MuMfgHDCvOPn4TYtHQ= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH8lFXZ/d2NtqyrpslTGRNBR7FJZCJ6i3UPy0LDl9t7 "; + }; + phone = { nets = { wiregrill = { -- cgit v1.2.3 From 25a384254b15433dfeb67ec03ef7416b1baef5df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 00:02:44 +0100 Subject: l massulus.r: disable ci --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index bb5b16135..dd516428b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -588,6 +588,7 @@ in { massulus = { cores = 1; + ci = false; nets = { retiolum = { ip4.addr = "10.243.0.113"; -- cgit v1.2.3 From 1db7318c3f4e8a50f07e45ae458ab8fcca6686cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 15 Nov 2022 15:48:15 +0100 Subject: lib.host: add consul option --- krebs/3modules/lass/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index dd516428b..ca0c757a3 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -10,6 +10,7 @@ in { }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; + consul = true; ci = true; monitoring = true; }) { @@ -412,6 +413,7 @@ in { }; xerxes = { cores = 2; + consul = false; nets = rec { retiolum = { ip4.addr = "10.243.1.3"; @@ -632,6 +634,7 @@ in { }; phone = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.13"; @@ -647,6 +650,7 @@ in { syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; tablet = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.14"; @@ -661,6 +665,7 @@ in { ci = false; }; hilum = { + consul = false; cores = 1; nets = { retiolum = { @@ -836,6 +841,7 @@ in { }; lasspi = { + consul = false; cores = 1; nets = { retiolum = { @@ -879,6 +885,7 @@ in { }; domsen-pixel = { + consul = false; nets = { wiregrill = { ip4.addr = "10.244.1.17"; -- cgit v1.2.3 From b25095866d498c0447801dc68e83a40c95df1a3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 20 Nov 2022 21:09:11 +0100 Subject: mic92: add host ruby --- krebs/3modules/external/mic92.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 35e72ec2a..2a3604b25 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -929,5 +929,30 @@ in { }; }; }; + + ruby = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + aliases = [ "ruby.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAzqrguDMHqYyidLxbz3jsQS3JVNCy0HaN6wprT1Ge1Anf5E8KtuXh + M9IjYPShzzJ162rYaJdd2lBmc5o435j+0/Gg5pySILni9bILhuRr7TMWN0sjNbgr + x0JRbpMmpW5DOmQx1BSyA+LLNbyVVnCc1XI0P2EaRr1ZrRSU0bpE/7kJ//Zt7ATu + GfqJTuL2aqap12VMKAfjRByyXA9V7szJMRom2Ia3cWSXhie1E0OOvCNT+InKXx4c + QbEGX71noCgsNgxbD8AVSwMnNV15vdnbgwK/1QzA0Cep1uxFS05TXJZLZTjcGwG0 + Kp0kEjntq1rCqgdoUHIubNB17efU/oP6aSrdfvtgeYBjn0zSLHSUYdhf3JHd1Fvf + Ov2TwHxt/sm8d91UjhrkYwjf2nzSruAklYDnIDJiHgLFoT5WuOoVlnfUjRpQEw44 + kp8KXsd24Y0UT5XJO5cQA+kZ1vl2ktHbQGTqYuYDB2FKEnBR/JIwJzJfugcGiyRx + OukQ2/rjnS60JA2pHUEfoezIAMhYAF+EPgOgMcNSSRYUVBpPVKD26oGTrNn0AtnO + ALW1vqUDwxb0cpv877vN1VfqvLE8n8Zgtt7itdT0+vxNPxICvF6//LNYUeDoQ3pj + w+1ZSdYZsvIQ7tDcilnL0hU5/nfsSIbHV+ceuLde1xDt5c7Tnl4v/U0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "TV9byzSblknvqdUjQCwjgLmA8qCB4Tnl/DSd2mbsZTJ"; + }; + }; + }; }; } -- cgit v1.2.3 From ad40a2e283f35a80b958bf33ce1635a1b5e4874d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 Nov 2022 15:04:30 +0100 Subject: ergo: use ergochat package --- krebs/3modules/ergo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix index 50c5ab628..d5f167e79 100644 --- a/krebs/3modules/ergo.nix +++ b/krebs/3modules/ergo.nix @@ -122,7 +122,7 @@ # reloadIfChanged = true; restartTriggers = [ configFile ]; serviceConfig = { - ExecStart = "${pkgs.ergo}/bin/ergo run --conf /etc/ergo.yaml"; + ExecStart = "${pkgs.ergochat}/bin/ergo run --conf /etc/ergo.yaml"; ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID"; DynamicUser = true; StateDirectory = "ergo"; -- cgit v1.2.3 From e533961536b6b41f4758c0db117240eb551dc892 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 Nov 2022 23:34:30 +0100 Subject: l: rotate yubikey pubkey --- krebs/3modules/lass/pgp/yubikey.pgp | 144 ++++++++++++++++++++++++------------ 1 file changed, 96 insertions(+), 48 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp index d7b3c29c5..be1054048 100644 --- a/krebs/3modules/lass/pgp/yubikey.pgp +++ b/krebs/3modules/lass/pgp/yubikey.pgp @@ -58,52 +58,100 @@ D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ 5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31 ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG -5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML -yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS -lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am -ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd -e/UcxBL/zYx8tCBy2F4ep6Anx02HOauTwaqk4KLhB9IcdS8sJQHFY7iEVWNcovwF -8luGEGPJOdOPTMZz4jD4aWFqbT6ragWaG8tisLEe9UhET2LL3r/4DIgAJY4bwg5T -ZyK/1j+Nj1IyYkQ9A6YF96Y5XCi9DF0MYq9NytWNnMCT8F4QCCDRWhgql714/Er/ -qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk -5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A -ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo -VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW -kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW -IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds -D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc -OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+ -NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz -0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN -kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE -saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4 -6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw -73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc -MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL -pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx -WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97 -rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV -qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk -L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a -6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAceQQYAqIrlu8F5y1AQVWHjtyCPee1z/8l -PNnPg40lSbXozg5kQDP965Pge6XReUoUVVRcgeiSUfkHdYPIkh/tkFy1MtzTNize -buadqE41Ds6BD1maO5cpGc5iFnf+YY01vWIhwvgPMbAsUKrPOw/RyvYSwOrnWegh -pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV -X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh -81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN -6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO -Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh -BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP -+gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/ -Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X -qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG -qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb -YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt -Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq -eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt -Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k -nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt -Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC -QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7 -=h9fX +5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLiJBGwEGAEKACACGwIW +IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCY1E8SAJAwXQgBBkBCgAdFiEEVAotn4qI +hqe83vdsfheGip18nM8FAl2iTZIACgkQfheGip18nM9DVxAAuqX7iztddbttkIfN +65R5XJPjz7NRg0AI8G+1qnkvF3c2ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA +/JM782D6lDfSZltW4YBBqkJZdtiPElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhy +l+0RdBuSvR0+KOXXBfoNmsyQM4/hUKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxg +tXyiXU/VxvUWI7cH6I7daRDTFR3L4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6 +eKkn/gt/T7qYxnhcG5guS2DwIay5c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7 +/6hsw2e6TBcn295fEekvBupYVwazefBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTa +TglOeNtRnYGRwHwE/tiJ0G0uwGfvaI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7m +z8MrRNMjtR+Es8gzuw7hNErmbh0SLZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99 +jYjdDDm5lsxCZKLSX4r9Mp236K6DMGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9M +cg5HgeXTdxan6QP35ygDtmNldJGEP+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQ +qnldvrtajUzUegvJUstLS5B1TFQJEGZXvoqNHugHrtcP+waicH+WhpbvPoHJW//U +c7IwcrsOpWNuh0gKV1+LvBV9dGzGZDlhwsncMeNzT8tnxDwhD1CiJ1uzO2H1m+yX +CeljVnYFlP0sl9IT/AiV8NNiuaIpOc5RjRY1yvOZ017/J7Hyhnaw0iap1vNDNOwH +t7tzB1PvM3p6an4Jh0AJZF5adReQTbi9Zw7MW2Yf0XHTT4rFX+Mn5gcuvsV9n39d +6U3k5G6Hf1bSROsXNVwOwF6VbO8NvBm6ehgNyRcGsino/f82HRwvnQPhJgEakZ1h +WWUUnakK14mRRMUns8CMNfFh+50ciK1Q8kAVgYLVA1H1NXM0+68YZMl5CiiaD3pM +17flwcWUdkIu3uWAvc3hSCNw6i9F4Kx1yD/ZdiT0vBapa3ehUXIo5g79NcFl9xnQ +fnYG+nnl2bLZSHP8b+LZsGivOEZuBHoR2ComeTqqJxeT8ZsEdtLcloaSaf2Em2xf +b9OfhGOC7hKfS4HAlLFbEydWuZuA8EpTXd6eqINCFbOb9BjpKvSCCLs5S3s7T4WE +FQB7yHXQQgB1EzYaJxFZstkiD8exu/hiWfwVLaho09QbtPmt2u1lvbxiSxtCdphi +hoKc6wjhD8F9YM5xxitcF7iAV7oEDZ/1JVkvi/1gWFgW0UmEKuy2KN/Eb/mr41NJ +bMauCCfjnCbAzoW6dhHpbO45uQINBF2iTdYBEADTC8saHpJxpU7ZBuuNFD+WZFBK +I8F8ZZ4t79naVhGhCTvcqr5BCwlrpuaUc/og86AxUpVD5z92ClRZC2wJZOemmyAE +OlSu8JDkhwsNRey5QmPN9G0ZIBifP2/LrPSqRE+gJnouzhmFbajQVKHRCYul5B+a +vUS0HlUfu8p7dC0wMTv5jBWHN54XHK4Wnbm4Yea03Xv1HMQS/82MfLQgctheHqeg +J8dNhzmrk8GqpOCi4QfSHHUvLCUBxWO4hFVjXKL8BfJbhhBjyTnTj0zGc+Iw+Glh +am0+q2oFmhvLYrCxHvVIRE9iy96/+AyIACWOG8IOU2civ9Y/jY9SMmJEPQOmBfem +OVwovQxdDGKvTcrVjZzAk/BeEAgg0VoYKpe9ePxK/6n8J09jOpvD+DktbAB7+bww +2F3swdFqyTbLWL4bR4YuHLbqJQbsDm+58iAZWaL4ZOf+iABZqFKa3xhzrrbRHD00 +Qxr+9+3EdXGGs+UDLs9rLzVN4ryP7WHyEMDAI7/OAGTdsJet0JIIWKP3ZvWuRMe/ +AjcGQ/8+xzhN8w/kXdAvf4Vy6VVYTdJipg84CRz1KFQ5P/z92IMzPnbVFljydRX2 +k89ueN1fTMFVlCUI9AyIJeJ6Cx198JHf3eIGBgIZVpAcZG0DyeDU+xCgRZOOH2ug +1bhjhmrQQMSkKtRn7QARAQABiQI8BBgBCgAmAhsMFiEE2811eEYGmzkuqUAdZle+ +io0e6AcFAl+Jdg8FCQWpjzkACgkQZle+io0e6Afw7A//ekxnx2ugVtb9pFMh1Cpq +XZOtlIWc+PZ07DrtSXjCNnAzC5Cmj8nii7Eac1dqnDqBtXWpe3YI7cyrFnc9B8a6 +2xLNKwSTuMTpoNdkr/X7bU6HE7dm0DHt3dtFYoW4vjQxMdj3sp3GLpQ3fDzXw5If +L1lCUKE4aopl6FQEcCjbh9qA8rRnHiKfgWSzh/B0c9BEh/ZwgBsN4FV+r0D7Y2zI +KCFxwJwCZCHtm6MslB7tmZg+gho8RkkiAjM0oXA7zZHMjyhuQWzhkaW3oWjHDjoh +h9DbLnVDzrMsULfdGz/1Plhz4bzkxpND6hmjn/EAxLGhpQoXd8FSvrghpetLM3MU +LG4M5REFVBt7U1uEBn8y91yuWx77ho9N1W+OdNOWOOlAlD+GZBGA7MNR65+W5Dzj +/z3PEs9TELfp8NVN0F2xy8S2/HwfNgeqAzGpBz4GsO9x8WMG2lw7MAW+gVU3POkZ +l0R9fkrTmw4iafodehKnbEsqdebUjPNBkX9SmjSsXDAODe/4u4/TP89nylk+70wB +nXIPL4WR9DA0Pb0ZmLLkGbaDYnmVV58kPyCwID4Yi6Xcj330FdAaVinevAvJBIaD +D9A94elI/PGTrmqcjgr7Kwb0e0kDlYfi/ijI4dV4MVrzybqFOCaMeKIPOfxs9FIv +BETmMh4Ocqj6rAQZs+ofBe6JAjYEGAEKACACGwwWIQTbzXV4RgabOS6pQB1mV76K +jR7oBwUCY1E8SAAKCRBmV76KjR7oBwM+D/0evufvIWftzdge63hol1k4LdZSiSD9 +bh+h8fb/Mm+2HIS8RweHr1+CS8CW/Om9MJoW0ZDsCmC0vU44/vLL3JzbP4+BDuVF +dky1XX/9Z73Fn/LpakITyXd6YJMsknzAA4ZEzhe4uModNSH5IU818I+/Vyvbe1nX +Hfg2FYva4zVn9E5Gd4vpHBF7D99dGg0vUINtux06WKfdsDB59MiZxCSWfqty+yTM +XWwh5fuFIxwjlkKVdrb45101MnUtzJDmxwPxjOpF+z2tJ0qIvs6Zu6FDEh7fcaJM +mKAPtVXKRxTYaS6j7fpNk5ACFgiHDb+0mI60fH0eiQSqp9Q7cyYbt1yiW2bKY4Pg +qDOtcLT+uIYYVmxBHTLx38gT3Gp83O7WqNZ9ouctIXAXHWwTNsKzMhwgaEmmPbkP +7VO8oZZ9hVphirmijgNO1Oz7Qqh5ORYwsGdvYtbPXD4ZUSpqFT5bTMHS5TKPHf70 +5alkwYuwYfLs4m2zYsKadQ+vq12ZX7Z6+DbjfzWAEhzqLP2Y8yGnFSBSmULsALnj +Zg3RN5sxJe3fhTze09Fm8OTopTLoDH5fR91VPhRLGHahvV1Sm/H4ZdtAXTPsHP20 +phAc8mK2DgEM0k7vDO5RtV4xTLjBopiciXIBL+TzCKGmDRX2+9nTyF3Kx9qjN52H +EFFJ1mTed/J7VrkCDQRdok4KARAAyG97rjKhP8Uie1i/16SekDo+GkpodBmvhrZi +Zdwg75YxriHhgioe2AKKmQItOdZOY+mVqMA63FmByDlPodHmQnrIAn/gr7p5V3lM ++l0oVTI8maPO39iT7Nh6W/rv4ni8eMBkL6P2cPPaTpcv76qWl/WcMiEflPNSAFax +yIapq04rafthcIILWmOBbQ+liMn9YT7a6w3nF/Ig4Zxx7hoQE6/HrTC8HcENpCAc +eQQYAqIrlu8F5y1AQVWHjtyCPee1z/8lPNnPg40lSbXozg5kQDP965Pge6XReUoU +VVRcgeiSUfkHdYPIkh/tkFy1MtzTNizebuadqE41Ds6BD1maO5cpGc5iFnf+YY01 +vWIhwvgPMbAsUKrPOw/RyvYSwOrnWeghpKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm +64rKyYS8RIilqTCmIHnpoSIq3n1wOlMVX4sB4N4CfAZRAbI9LZfx1QEYn0dst9+m +CDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1 +MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BP +g6qZH7JeMnlOZXXOg8K5VcLkiGuL1brOHlg94Axha8ffMmqjsde6XOAgvSl5P9k4 +7SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJf +iXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP+gJ01mSEs3+0jriWqg7V+Q59rulMVrUd +V2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOicz +GClK+yWSm/CM02+HATFws66umAl4GQ4XqAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCA +dn55u4pf+B1rmkA3cWhN51SvAriA/YcGqmyJZgXO+qZOPWNHxNUdgq9lVEO132dh +DzH1b9ufnvQMDxF2V681fQ7E3zWEJZZbYLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU1 +61jSawblBTcIRXK9c4hv178xQWAInMjtHst4YCpvclG26ypZLCzvw6swfnXf3A6Q +4A8pZQVvogWZ01dlgofwHm8qlYxT7wSqeicOu3FkSHD8vNwkXnMLqxwkFr4BcSef +zCiXulyMcb3h67ZfXAYAFGrrR581vGEtXy+xfXK5PqBX7CWEl3Vs2an9whEncZuv +1I9iyXDUmGP7Y373JjqNtpS2GMMPA73knB7eI/zpVS5qoxUlqw35Pldvt+L4E3hv +rvE7iZE3w4lB9WUyY1OnSRDU10l2rqWtPtyk3LE2ed5hz5I+gy8/RsXrAooMBXIG +V/GJrhye45wf5F/XQqPulnj38sKhmrQCQTubPgJwG/kTpNdrA3YukE3E7T5ejaGT +T2n5nKat6bj7iQI2BBgBCgAgAhsgFiEE2811eEYGmzkuqUAdZle+io0e6AcFAmNR +PEgACgkQZle+io0e6AfQpg/+K0gD0WVyXYLOEM6jCvtz5/f9nDQnqj90ck9VfpuN +QG+cMSK/u3T4ya0k3UDWxEyRih0BzChOlmwnaupBwN7ZbYAzxM0sglwseSdAPpCE +s63RTnaAxpSWFocsUxtJngSoPnnmD1fVbWL3/j9j6jZkT4NB/l2ekDngMyRqt104 +BmabaLdz44X1VDgg0tXyACkZ8c/8ISBOoPSFg2n9FuCmhI9Atu6hjCFQZOA/youA +fXzeUxU3iFw5UhyNP084jZ9AK2xwp+rB3JzvzMdiqO3OBFemuiU4/ZKQKFg5a/n4 +UAZtO8V2DGe76o1N9uFUvQ41RSAXolPUOTXiZvP4GfiGIhJUXV96QaPHhKWybKlr +4MWG5PpwfuWnGoP8vXtLmz2TDRUfEBOQBzYRBRvXmzekq8nFQCM7dGofLLEchMRv +lYHab2fquGmXiY3LfzyQX+vS3FO9/m2POJcdXcQvSq4MXIzOEzXnJKw5HemfZ3ae +/AlTTfE4og/AYLwacECY6CZqUFOYtQeVx9hSXV97XnoKotde66D4RyFgzFbsIBM/ +bA5qyvdpKb60hqjpj/rhXjlnhH8KwAwOlaPVgI1cgnW8uJTElJEtqHPhuRkU6y9f +au4EZ+tsmaxJ0whuziG1/3LJ62AIM9ZpixDEj4GQYaRdkFrx/1IKiUOlw5GQC3y2 +zxs= +=MmP2 -----END PGP PUBLIC KEY BLOCK----- -- cgit v1.2.3 From e185a086eb87c9a66ccdd53d20762862380c9bf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 09:08:20 +0100 Subject: sync-containers(1): use dhcpcd, support luksfile --- krebs/3modules/sync-containers.nix | 140 +++++++++++++++++++++++++++---------- 1 file changed, 104 insertions(+), 36 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/sync-containers.nix b/krebs/3modules/sync-containers.nix index e2caa0834..60ca993e6 100644 --- a/krebs/3modules/sync-containers.nix +++ b/krebs/3modules/sync-containers.nix @@ -5,27 +5,55 @@ with import ; plain = "/var/lib/containers/${cname}/var/state"; ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs"; securefs = "${cfg.dataLocation}/${cname}/securefs"; + luksfile = "${cfg.dataLocation}/${cname}/luksfile"; + }; + init = cname: { + plain = '' + echo 'no need for init' + ''; + ecryptfs = '' + ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + ''; + securefs = '' + ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + ''; + luksfile = '' + ${pkgs.coreutils}/bin/truncate -s 10G '${(paths cname).luksfile}/fs.luks' + ${pkgs.cryptsetup}/bin/cryptsetup luksFormat '${(paths cname).luksfile}/fs.luks' + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}' + ${pkgs.xfsprogs}/bin/mkfs.xfs '/dev/mapper/luksfile-${cname}' + ''; }; start = cname: { plain = '' : ''; ecryptfs = '' - if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then - if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + + if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state - else - ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state fi + else + echo 'please run init-${cname} first' + exit 1 fi ''; securefs = '' - ## TODO init file systems if it does not exist - # ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + ## check if FS was initialized first if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then ${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions fi ''; + luksfile = '' + mkdir -p /var/lib/containers/${cname}/var/state + if ! test -e /dev/mapper/luksfile-${cname}; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen '${(paths cname).luksfile}/fs.luks' 'luksfile-${cname}' + fi + if ! ${pkgs.mount}/bin/mount | grep -q '^/dev/mapper/luksfile-${cname} on /var/lib/containers/${cname}/var/state'; then + mount '/dev/mapper/luksfile-${cname}' '/var/lib/containers/${cname}/var/state' + fi + ''; }; stop = cname: { plain = '' @@ -37,12 +65,16 @@ with import ; securefs = '' umount /var/lib/containers/${cname}/var/state ''; + luksfile = '' + umount /var/lib/containers/${cname}/var/state + ${pkgs.cryptsetup}/bin/cryptsetup luksClose luksfile-${cname} + ''; }; in { options.krebs.sync-containers = { dataLocation = mkOption { description = '' - location where the encrypted sync-container lie around + location where the encrypted sync-containers lie around ''; default = "/var/lib/sync-containers"; type = types.absolute-pathname; @@ -64,25 +96,11 @@ in { default = []; type = types.listOf types.str; }; - hostIp = mkOption { # TODO find this automatically - description = '' - hostAddress of the privateNetwork - ''; - example = "10.233.2.15"; - type = types.str; - }; - localIp = mkOption { # TODO find this automatically - description = '' - localAddress of the privateNetwork - ''; - example = "10.233.2.16"; - type = types.str; - }; format = mkOption { description = '' file system encrption format of the container ''; - type = types.enum [ "plain" "ecryptfs" "securefs" ]; + type = types.enum [ "plain" "ecryptfs" "securefs" "luksfile" ]; }; }; })); @@ -102,12 +120,11 @@ in { ignorePerms = false; })) cfg.containers); - krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ - file-mode = "u+rw"; - directory-mode = "u+rwx"; - owner = "syncthing"; - keepGoing = false; - })) cfg.containers); + krebs.acl = mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" { + "u:syncthing:rX".parents = true; + "u:syncthing:rwX" = {}; + }) cfg.containers; + systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({ reloadIfChanged = mkForce false; @@ -116,8 +133,11 @@ in { containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({ config = { ... }: { environment.systemPackages = [ + pkgs.dhcpcd pkgs.git + pkgs.jq ]; + networking.useDHCP = mkForce true; system.activationScripts.fuse = { text = '' ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 @@ -131,11 +151,57 @@ in { autoStart = false; enableTun = true; privateNetwork = true; - hostAddress = ctr.hostIp; - localAddress = ctr.localIp; + hostBridge = "ctr0"; })) cfg.containers; - environment.systemPackages = flatten (mapAttrsToList (n: ctr: [ + networking.networkmanager.unmanaged = [ "ctr0" ]; + networking.bridges.ctr0.interfaces = []; + networking.interfaces.ctr0.ipv4.addresses = [{ + address = "10.233.0.1"; + prefixLength = 24; + }]; + # networking.nat = { + # enable = true; + # externalInterface = lib.mkDefault "et0"; + # internalInterfaces = [ "ctr0" ]; + # }; + services.dhcpd4 = { + enable = true; + interfaces = [ "ctr0" ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.233.0.1; + # option domain-name-servers 8.8.8.8; # TODO configure dns server + subnet 10.233.0.0 netmask 255.255.255.0 { + range 10.233.0.10 10.233.0.250; + } + ''; + }; + + users.users.root.packages = flatten (mapAttrsToList (n: ctr: [ + (pkgs.writeDashBin "init-${ctr.name}" '' + set -euf + set -x + + mkdir -p /var/lib/containers/${ctr.name}/var/state + STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name}) + if [ "$STATE" = 'up' ]; then + /run/current-system/sw/bin/nixos-container stop ${ctr.name} + fi + ${(init ctr.name).${ctr.format}} + ${(start ctr.name).${ctr.format}} + /run/current-system/sw/bin/nixos-container start ${ctr.name} + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + set -x + + mkdir -p /var/state/var_src + ln -sfTr /var/state/var_src /var/src + touch /etc/NIXOS + ''} + target_ip=$(/run/current-system/sw/bin/nixos-container run ${ctr.name} -- ip -j a s eth0 | jq -r '.[].addr_info[] | select(.family=="inet") | .local') + + echo "deploy to $target_ip" + '') (pkgs.writeDashBin "start-${ctr.name}" '' set -euf set -x @@ -144,12 +210,12 @@ in { ${(start ctr.name).${ctr.format}} - STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name}) + STATE=$(/run/current-system/sw/bin/nixos-container status ${ctr.name}) if [ "$STATE" = 'down' ]; then - ${pkgs.nixos-container}/bin/nixos-container start ${ctr.name} + /run/current-system/sw/bin/nixos-container start ${ctr.name} fi - ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' set -x mkdir -p /var/state/var_src @@ -158,15 +224,17 @@ in { ''} if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then - ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch + /run/current-system/sw/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch else + echo 'no nixos config, or target already online, bailing out' ${(stop ctr.name).${ctr.format}} + /run/current-system/sw/bin/nixos-container stop ${ctr.name} fi '') (pkgs.writeDashBin "stop-${ctr.name}" '' set -euf - ${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name} + /run/current-system/sw/bin/nixos-container stop ${ctr.name} ${(stop ctr.name).${ctr.format}} '') ]) cfg.containers); -- cgit v1.2.3 From 8f4dd6fb595bb14be37fd69320bad4aa9a51a9db Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 22 Nov 2022 09:17:56 +0100 Subject: ci: raise timeout to 1h --- krebs/3modules/ci/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 0f85b27c0..022da5884 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -115,6 +115,7 @@ let build_name = stage, build_script = stages[stage], ), + timeout = 3600, command="${pkgs.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name -- cgit v1.2.3 From 12ce60ff1435a71ee4cf0431223c129010e7df73 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 22 Nov 2022 14:38:42 +0100 Subject: external xkey: add mail --- krebs/3modules/external/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 62cbb78a8..989961490 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -862,6 +862,7 @@ in { pubkey = ssh-for "xq"; }; xkey = { + mail = "xkey@krebsco.de"; pubkey = ssh-for "xkey"; }; miaoski = { -- cgit v1.2.3 From 606f88e4f0a8c257f9e6be94ca8469da04b381cc Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 22 Nov 2022 20:15:44 +0100 Subject: kartei: init --- krebs/3modules/default.nix | 12 +- krebs/3modules/external/dbalan.nix | 50 -- krebs/3modules/external/default.nix | 882 ------------------- krebs/3modules/external/gpg/kmein.gpg | 30 - krebs/3modules/external/kmein.nix | 193 ----- krebs/3modules/external/mic92.nix | 958 --------------------- krebs/3modules/external/palo.nix | 85 -- krebs/3modules/external/rtunreal.nix | 51 -- krebs/3modules/external/ssh/0x4A6F.pub | 1 - krebs/3modules/external/ssh/exco.pub | 1 - krebs/3modules/external/ssh/hase.pub | 1 - krebs/3modules/external/ssh/kmein.kabsa.pub | 1 - krebs/3modules/external/ssh/kmein.manakish.pub | 1 - krebs/3modules/external/ssh/mic92.pub | 1 - krebs/3modules/external/ssh/neos.pub | 1 - krebs/3modules/external/ssh/qubasa.pub | 1 - krebs/3modules/external/ssh/raute.pub | 1 - krebs/3modules/external/ssh/rtjure.pub | 1 - krebs/3modules/external/ssh/shannan.pub | 1 - krebs/3modules/external/ssh/ulrich.pub | 1 - krebs/3modules/external/ssh/xkey.pub | 1 - krebs/3modules/external/ssh/xq.pub | 1 - krebs/3modules/external/tinc/hasegateway.pub | 13 - krebs/3modules/external/tinc/horisa.pub | 8 - krebs/3modules/external/tinc/justraute.pub | 14 - krebs/3modules/external/tinc/palo.pub | 13 - krebs/3modules/external/tinc/tpsw.pub | 8 - krebs/3modules/jeschli/default.nix | 181 ---- krebs/3modules/krebs/default.nix | 317 ------- krebs/3modules/lass/default.nix | 932 -------------------- krebs/3modules/lass/pgp/mors.pgp | 51 -- krebs/3modules/lass/pgp/yubikey.pgp | 157 ---- krebs/3modules/lass/ssh/android.ed25519 | 1 - krebs/3modules/lass/ssh/blue.rsa | 1 - krebs/3modules/lass/ssh/green.ed25519 | 1 - krebs/3modules/lass/ssh/mors.rsa | 1 - krebs/3modules/lass/ssh/tablet.ed25519 | 1 - krebs/3modules/lass/ssh/yubikey.rsa | 1 - krebs/3modules/makefu/default.nix | 393 --------- krebs/3modules/makefu/pgp/brain.asc | 51 -- krebs/3modules/makefu/pgp/default.asc | 64 -- krebs/3modules/makefu/retiolum/cake.pub | 8 - krebs/3modules/makefu/retiolum/cake_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/crapi.pub | 8 - krebs/3modules/makefu/retiolum/crapi_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/fileleech.pub | 8 - .../3modules/makefu/retiolum/fileleech_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/filepimp.pub | 8 - .../3modules/makefu/retiolum/filepimp_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/firecracker.pub | 14 - .../makefu/retiolum/firecracker_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/flap.pub | 8 - krebs/3modules/makefu/retiolum/flap_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/gum.pub | 8 - krebs/3modules/makefu/retiolum/gum_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/latte.pub | 8 - krebs/3modules/makefu/retiolum/latte_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/nukular.pub | 8 - krebs/3modules/makefu/retiolum/nukular_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/omo.pub | 8 - krebs/3modules/makefu/retiolum/omo_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/sdev.pub | 8 - krebs/3modules/makefu/retiolum/sdev_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/senderechner.pub | 8 - .../makefu/retiolum/senderechner_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/studio.pub | 8 - krebs/3modules/makefu/retiolum/studio_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/tsp.pub | 13 - krebs/3modules/makefu/retiolum/tsp_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/vbob.pub | 8 - krebs/3modules/makefu/retiolum/vbob_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/wbob.pub | 8 - krebs/3modules/makefu/retiolum/wbob_ed25519.pub | 1 - krebs/3modules/makefu/retiolum/x.pub | 8 - krebs/3modules/makefu/retiolum/x_ed25519.pub | 1 - krebs/3modules/makefu/ssh/makefu.android.pub | 1 - krebs/3modules/makefu/ssh/makefu.bob.pub | 1 - krebs/3modules/makefu/ssh/makefu.omo.pub | 1 - .../3modules/makefu/ssh/makefu.remote-builder.pub | 1 - krebs/3modules/makefu/ssh/makefu.tempx.pub | 1 - krebs/3modules/makefu/ssh/makefu.tsp.pub | 1 - krebs/3modules/makefu/ssh/makefu.vbob.pub | 1 - krebs/3modules/makefu/ssh/makefu.x.pub | 1 - krebs/3modules/makefu/sshd/cake.pub | 1 - krebs/3modules/makefu/sshd/crapi.pub | 1 - krebs/3modules/makefu/sshd/fileleech.pub | 1 - krebs/3modules/makefu/sshd/firecracker.pub | 1 - krebs/3modules/makefu/sshd/gum.pub | 1 - krebs/3modules/makefu/sshd/omo.pub | 1 - krebs/3modules/makefu/sshd/sdev.pub | 1 - krebs/3modules/makefu/sshd/studio.pub | 1 - krebs/3modules/makefu/sshd/wbob.pub | 1 - krebs/3modules/makefu/sshd/x.pub | 1 - krebs/3modules/makefu/wiregrill/gum.pub | 1 - krebs/3modules/makefu/wiregrill/rockit.pub | 1 - krebs/3modules/makefu/wiregrill/shackdev.pub | 1 - krebs/3modules/makefu/wiregrill/x.pub | 1 - krebs/3modules/tv/default.nix | 402 --------- krebs/3modules/tv/pgp/CBF89B0B.asc | 51 -- krebs/3modules/tv/wiregrill/alnus.pub | 1 - krebs/3modules/tv/wiregrill/mu.pub | 1 - krebs/3modules/tv/wiregrill/ni.pub | 1 - krebs/3modules/tv/wiregrill/nomic.pub | 1 - krebs/3modules/tv/wiregrill/querel.pub | 1 - krebs/3modules/tv/wiregrill/umz.pub | 1 - krebs/3modules/tv/wiregrill/wu.pub | 1 - krebs/3modules/tv/wiregrill/xu.pub | 1 - krebs/3modules/tv/wiregrill/zu.pub | 1 - 108 files changed, 1 insertion(+), 5130 deletions(-) delete mode 100644 krebs/3modules/external/dbalan.nix delete mode 100644 krebs/3modules/external/default.nix delete mode 100644 krebs/3modules/external/gpg/kmein.gpg delete mode 100644 krebs/3modules/external/kmein.nix delete mode 100644 krebs/3modules/external/mic92.nix delete mode 100644 krebs/3modules/external/palo.nix delete mode 100644 krebs/3modules/external/rtunreal.nix delete mode 100644 krebs/3modules/external/ssh/0x4A6F.pub delete mode 100644 krebs/3modules/external/ssh/exco.pub delete mode 100644 krebs/3modules/external/ssh/hase.pub delete mode 100644 krebs/3modules/external/ssh/kmein.kabsa.pub delete mode 100644 krebs/3modules/external/ssh/kmein.manakish.pub delete mode 100644 krebs/3modules/external/ssh/mic92.pub delete mode 100644 krebs/3modules/external/ssh/neos.pub delete mode 100644 krebs/3modules/external/ssh/qubasa.pub delete mode 100644 krebs/3modules/external/ssh/raute.pub delete mode 100644 krebs/3modules/external/ssh/rtjure.pub delete mode 100644 krebs/3modules/external/ssh/shannan.pub delete mode 100644 krebs/3modules/external/ssh/ulrich.pub delete mode 100644 krebs/3modules/external/ssh/xkey.pub delete mode 100644 krebs/3modules/external/ssh/xq.pub delete mode 100644 krebs/3modules/external/tinc/hasegateway.pub delete mode 100644 krebs/3modules/external/tinc/horisa.pub delete mode 100644 krebs/3modules/external/tinc/justraute.pub delete mode 100644 krebs/3modules/external/tinc/palo.pub delete mode 100644 krebs/3modules/external/tinc/tpsw.pub delete mode 100644 krebs/3modules/jeschli/default.nix delete mode 100644 krebs/3modules/krebs/default.nix delete mode 100644 krebs/3modules/lass/default.nix delete mode 100644 krebs/3modules/lass/pgp/mors.pgp delete mode 100644 krebs/3modules/lass/pgp/yubikey.pgp delete mode 100644 krebs/3modules/lass/ssh/android.ed25519 delete mode 100644 krebs/3modules/lass/ssh/blue.rsa delete mode 100644 krebs/3modules/lass/ssh/green.ed25519 delete mode 100644 krebs/3modules/lass/ssh/mors.rsa delete mode 100644 krebs/3modules/lass/ssh/tablet.ed25519 delete mode 100644 krebs/3modules/lass/ssh/yubikey.rsa delete mode 100644 krebs/3modules/makefu/default.nix delete mode 100644 krebs/3modules/makefu/pgp/brain.asc delete mode 100644 krebs/3modules/makefu/pgp/default.asc delete mode 100644 krebs/3modules/makefu/retiolum/cake.pub delete mode 100644 krebs/3modules/makefu/retiolum/cake_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/crapi.pub delete mode 100644 krebs/3modules/makefu/retiolum/crapi_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/fileleech.pub delete mode 100644 krebs/3modules/makefu/retiolum/fileleech_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/filepimp.pub delete mode 100644 krebs/3modules/makefu/retiolum/filepimp_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/firecracker.pub delete mode 100644 krebs/3modules/makefu/retiolum/firecracker_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/flap.pub delete mode 100644 krebs/3modules/makefu/retiolum/flap_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/gum.pub delete mode 100644 krebs/3modules/makefu/retiolum/gum_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/latte.pub delete mode 100644 krebs/3modules/makefu/retiolum/latte_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/nukular.pub delete mode 100644 krebs/3modules/makefu/retiolum/nukular_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/omo.pub delete mode 100644 krebs/3modules/makefu/retiolum/omo_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/sdev.pub delete mode 100644 krebs/3modules/makefu/retiolum/sdev_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/senderechner.pub delete mode 100644 krebs/3modules/makefu/retiolum/senderechner_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/studio.pub delete mode 100644 krebs/3modules/makefu/retiolum/studio_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/tsp.pub delete mode 100644 krebs/3modules/makefu/retiolum/tsp_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/vbob.pub delete mode 100644 krebs/3modules/makefu/retiolum/vbob_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/wbob.pub delete mode 100644 krebs/3modules/makefu/retiolum/wbob_ed25519.pub delete mode 100644 krebs/3modules/makefu/retiolum/x.pub delete mode 100644 krebs/3modules/makefu/retiolum/x_ed25519.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.android.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.bob.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.omo.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.remote-builder.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.tempx.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.tsp.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.vbob.pub delete mode 100644 krebs/3modules/makefu/ssh/makefu.x.pub delete mode 100644 krebs/3modules/makefu/sshd/cake.pub delete mode 100644 krebs/3modules/makefu/sshd/crapi.pub delete mode 100644 krebs/3modules/makefu/sshd/fileleech.pub delete mode 100644 krebs/3modules/makefu/sshd/firecracker.pub delete mode 100644 krebs/3modules/makefu/sshd/gum.pub delete mode 100644 krebs/3modules/makefu/sshd/omo.pub delete mode 100644 krebs/3modules/makefu/sshd/sdev.pub delete mode 100644 krebs/3modules/makefu/sshd/studio.pub delete mode 100644 krebs/3modules/makefu/sshd/wbob.pub delete mode 100644 krebs/3modules/makefu/sshd/x.pub delete mode 100644 krebs/3modules/makefu/wiregrill/gum.pub delete mode 100644 krebs/3modules/makefu/wiregrill/rockit.pub delete mode 100644 krebs/3modules/makefu/wiregrill/shackdev.pub delete mode 100644 krebs/3modules/makefu/wiregrill/x.pub delete mode 100644 krebs/3modules/tv/default.nix delete mode 100644 krebs/3modules/tv/pgp/CBF89B0B.asc delete mode 100644 krebs/3modules/tv/wiregrill/alnus.pub delete mode 100644 krebs/3modules/tv/wiregrill/mu.pub delete mode 100644 krebs/3modules/tv/wiregrill/ni.pub delete mode 100644 krebs/3modules/tv/wiregrill/nomic.pub delete mode 100644 krebs/3modules/tv/wiregrill/querel.pub delete mode 100644 krebs/3modules/tv/wiregrill/umz.pub delete mode 100644 krebs/3modules/tv/wiregrill/wu.pub delete mode 100644 krebs/3modules/tv/wiregrill/xu.pub delete mode 100644 krebs/3modules/tv/wiregrill/zu.pub (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7af6b13d9..70fc05813 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,6 +6,7 @@ let out = { imports = [ + ../../kartei ./acl.nix ./airdcpp.nix ./announce-activation.nix @@ -100,17 +101,6 @@ let }; imp = lib.mkMerge [ - { krebs = import ./external { inherit config; }; } - { krebs = import ./external/dbalan.nix { inherit config; }; } - { krebs = import ./external/kmein.nix { inherit config; }; } - { krebs = import ./external/mic92.nix { inherit config; }; } - { krebs = import ./external/palo.nix { inherit config; }; } - { krebs = import ./external/rtunreal.nix { inherit config; }; } - { krebs = import ./jeschli { inherit config; }; } - { krebs = import ./krebs { inherit config; }; } - { krebs = import ./lass { inherit config; }; } - { krebs = import ./makefu { inherit config; }; } - { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { "krebsco.de" = "zones"; diff --git a/krebs/3modules/external/dbalan.nix b/krebs/3modules/external/dbalan.nix deleted file mode 100644 index 301f010d3..000000000 --- a/krebs/3modules/external/dbalan.nix +++ /dev/null @@ -1,50 +0,0 @@ -with import ; -{ config, ... }: -let - hostDefaults = hostName: host: flip recursiveUpdate host ({ - ci = false; - external = true; - monitoring = false; - owner = config.krebs.users.dbalan; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum = { - ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; - }; - } // optionalAttrs (host.nets?wiregrill) { - nets.wiregrill = { - ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; - }; - }); -in -{ - users = rec { - dbalan = { - mail = "dbalan@thaum.space"; - pubkey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAiWF+U3VHNfp1IPU0/TWhMioxJvmoyG1AMZMvnQjy5QAAAABHNzaDo= dj@v60"; - }; - }; - hosts = mapAttrs hostDefaults { - v60 = { - nets.retiolum = { - aliases = [ "v60.dbalan.r" ]; - ip4.addr = "10.243.42.12"; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxVRxcCWfjLu9cNo5ELfXyuwhpJBSfod5f9JkclSpydVHaQBfeVC6 - RKfdknQVL6RXiCMFsSAvCvmnIohmpUCbiQWu29P/g0jzQZZ7zNx5L7JHy18x9qAr - 1scu7FRdVErVuWKXXNt0+j45dA+u5HE6RLsjAHGYtQbAr21VLyLF3qq11IWNrFYU - uqSnM/ZPbOPPHLS8XtsQRdJ2cOkccSCO4W6xBar92aPFuDImH60VuxMFEKYWY2bz - p6q0K0rtRqW1qANTV62SUDeA1wMPlSmvnMFY7qesSLk6tJjJ02HwwiOvK2ov1/Rm - bpwcrqrrbUxbCaZC6t7pBBxUOZlGfnO3woZQm63+4TEw/YDHhxD0HbhH88Wc+eHy - I73tuL1oc01JxL131bJV6jcHG7LrG7wTsTdDaZpjbH54adJP47QpTMb0ggsx2WkD - mpxFFSnTZL7ghZO5NGPvidTBp+wJiSOv5igAjA72CvjR3tOF4d5Lsq4JsQeCStjA - OPrIrN0AnJRg2IFDXZEGwTS9AbLWX147O9VrNimLzezOylH4Eihn7GUJ5KLIPjLy - AvsgIYljoJuhGbM8QoWlakwqOndMeoqhz52ORZ5CDgfybJJEbyrYF8gYFVNJOzds - 9gy/F+27TwfjMgcheN2+ogJp+lD754aCF0EJMwaK8ElzQLqAzbBRGAsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "dcPFpCG94cq1KHD4TH9WgOl9fpc1589YvWkmnkEZcSC"; - }; - }; - }; -} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix deleted file mode 100644 index 989961490..000000000 --- a/krebs/3modules/external/default.nix +++ /dev/null @@ -1,882 +0,0 @@ -with import ; -{ config, ... }: let - - hostDefaults = hostName: host: flip recursiveUpdate host ({ - ci = false; - external = true; - monitoring = false; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; - } // optionalAttrs (host.nets?wiregrill) { - nets.wiregrill.ip6.addr = - (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; - }); - ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); - tinc-for = name: builtins.readFile (./tinc + "/${name}.pub"); - -in { - hosts = mapAttrs hostDefaults { - helsinki = { - owner = config.krebs.users.ajs124; - nets = { - retiolum = { - ip4.addr = "10.243.10.1"; - aliases = [ "helsinki.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA5MnCmT9xVEtv3hoZsjmgF4pVnPgzaWWVrZVguMfXcbTiusgWqBIM - Ms/Ue676J3kQIJT1QSMA2RWDUU++dUcfhHF87vFpnyCnaKjfz6LyAwlSfKluttyY - aFNgcUWlZRl4wkqys/oYhLD1q26mO/ekCA2eohzbB1TCaPY97VM5nl0MkXStMN76 - B+Ipw/gQcZXuWYct8Nj69sETPLnbf6ZBKs+T213as+NUSHVUdmBmV8QtmHDI3e7B - 4wAK1JkFCQgVu9gm/6BvqWroOMcmtxzSceyrY+0MWnAnM+wrLcYYaT2xw1OJyWmM - riOHHMw9iLVxqyQ+3eDucJRQcJzO7I4j8zQaoYxPE1ZSl4wTsaypkMuNOyhYv2C9 - RNPJgTBlr911NnY7TcKauz/lO1Qcl5kHBMrIfwsbsQK+zfN2XX+s21/SPeSJ7k1N - OqXeyX0mz2l7bhBDwTTDtINSz8sB3BL59mVbWY5z5b90oeKPrfygmp7V0CSKgHBr - b5ZIhMRfgcK+HjolcEqdL9INpJZVFYt3vWPNhDpbX5sEOjjR+ODceriL8zdlTBRx - PyB9OiK6tN+L63QFM7H1NFN9fPeOd2WbHvfoeX255kx8FHSALKL5rVSz9Ejwc97k - rG0FItgHXajPazulBfUV0N9ck7SwLTmStKxtQ8NKCoIJLpv2ip4C+t0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "47fX1g6qynVprA+PtniBLEonFp1B70nMrJ8SBCWNJnL"; - }; - }; - }; - horisa = { - cores = 2; - owner = config.krebs.users.ulrich; # main laptop - nets = { - retiolum = { - ip4.addr = "10.243.226.213"; - ip6.addr = "42:0:e644:9099:4f8:b9aa:3856:4e85"; - aliases = [ - "horisa.r" - ]; - tinc.pubkey = tinc-for "horisa"; - }; - }; - }; - hasegateway = { - cores = 1; - owner = config.krebs.users.hase; - nets = { - #internet = { - # ip.addr = "37.24.200.174"; - # aliases = [ "hasegateway.i" ]; - #}; - retiolum = { - ip4.addr = "10.243.226.216"; - ip6.addr = "42:0:e644:9099:4f8:b9aa:3856:4e86"; - aliases = [ - "hasegateway.r" - ]; - tinc.pubkey = tinc-for "hasegateway"; - }; - }; - }; - jongepad = { - owner = config.krebs.users.jonge; - nets = { - retiolum = { - ip4.addr = "10.243.5.6"; - aliases = [ - "jongepad.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAtJsF5jL/M72PCptLFC5iIEt0qAL544H/VLijvZEG9gnoqbs94aNJ - MM5Sr3yMB01WkcT1Lph3r4dxV0/QECu3Ca4xxuUntu42tFXhkikQGcZLuo2h4zr4 - +wReudCCc7VqMcJDxriyyoW3i7smZnQGzo36gpKHbZfil8dJo0QE8mnujqkQCA0G - hjR7xdG+/usDgRUarfpNgoHKyZfLcomQLUuR8I3aHsdaCLgMJ8v5DjGymp2bIswT - puPx3IEZSXH8y6MZoISvLn+hwcWat34Bj1PF7vfgldivqHaDFpifpXvjbCmxcel9 - WVZRSEvLSVT4FnpaJ7JkAaUpG+GOHVlPWARq9t9AZXKR1Zex9MIkHzWi/TIIkawj - wJNvUwvBYJ1UCuCby4/3nKlY7zWjj23YM6dTJDGMhJKR5m2SHp9SC0m0QdfSjN5z - 8sJauCigGZ6rlmxkO4/2BBGshY8jWDl/z2oFiQfo7R2oZkJdWNHLGKtTZtqQQ3e6 - SAE/HQvipiv35rMzHw3E9AJBhhQqT3vTLLZvMTBS6BRFvpqDNhXik1aFenNV4tjZ - XeYU1eXI4XzQqoW/avPTuLt8O0Ya/nziLXCaIy+hlx5Hd49hkGb+1saQ5yPUgoEt - wE9sy5+9b5ebn8B+N0yw7wnUYN8V8dmPmRwLt71IuBwHn/aAoXyWwFsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - justraute = { - owner = config.krebs.users.raute; # laptop - nets = { - retiolum = { - ip4.addr = "10.243.183.231"; - aliases = [ - "justraute.r" - ]; - tinc.pubkey = tinc-for "justraute"; - }; - }; - }; - - porree = { - owner = config.krebs.users.pinpox; - nets = { - retiolum = { - ip4.addr = "10.243.100.101"; - aliases = [ "porree.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvUeG5/8O8ZyDulpvdKNcA20aZIUv3YdUe9XJ0lNUgMCg6YdWTmba - 03wfm/SPoUM4ZOb6/QyEmdNWxQbeKVPZ8cNs/uDLMmpEoSaSKWsp7ZqtrxxincUY - AGhyrU0h59lIZXZtmIp1Uc3Y7GYdX9MM2RsOs+0dYwCzZlHjarmNjxLRBcEbugMR - +86zrwtcLGKBmMMhRbMQ/y07zwxb5wFSF7nSgFD0yzFjmaBLU6mYtzRR0hb17n34 - xmB7Lpj7ROtbB20btTmdyXHuE8P+5mohJavqAnpKiLNFLt9tNk1Vc4qAxlDkubZW - SoHuPNyE/563jooL1DHDQ2EZ4lDweTYlT0gAOYGCcNVoCFCs/rbFK4u2p5FCVAfE - bhc0Fm3fKNk6An1wIsSEg7UcYeTbaFBHbqr+7TiLyS2aehkgy4FF4n6ACDeF9cHM - 80OHh+N1wz7uL7BHcniTws7VWyloPOoEUJlZEDzHF/p1nfpDULsqNM0o8QGNmOeT - 4J2Sp+jJLin/8g2tPH+zMSge5rnFlPuBaRVZ5dwajdyq3USNgtVH1lZFx8sTLsAC - JEW9Jn3xPDCaLGWp2fFzsg0hPxOG0SYD75coZcfikJ6MedvHFHAmf9KBYJxFWcXa - JGky/WwdAF2f34e2vk/mWrjfgBIDzXU01Opm99lgWuMr5HMkCzH1kssCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "pXVWAPo/1JWhRs/0ip4Hz0bOSHTJa7FfaI74elU8XsL"; - }; - }; - }; - - qubasa = { - owner = config.krebs.users.qubasa; - nets = { - retiolum = { - ip4.addr = "10.243.29.175"; - aliases = [ "qubasa.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwEaIkC/JxEI6mAnA2lnoNYRSVAVOggtm7XBAX2tTq9OCnwgh6Nnr - Bv8S6j8HBybMqZHKBlfFUo+Trm7Ig/g8KI8xwm2ThO83GnXLyu5qoIFLgjAtvx9w - uh/ZGIn2MKHy0aZ6J/HqDEbsr6XC/YpLb3mA3C5Msaiand0zmAh1oYQVvNJMLgLA - HgBr7a14ngyndwGiBoFDoHu2gtPXTallruv/eopnOVaidkyNRDlMhbqr/Xkxlwov - E2pewl+IKvt5WnGzCHDFvHYCDpeKX9ZAiBBJQ5tgGhxScN5rJ4Omx7iVbnjjPMzs - 1VSRgOqR1xPk5aMa0ByV2P978mNJL6MwIEhnGjg6Dyr1hvmjFxKjj+Pd8IWAeli9 - G3Xq4xJ8+vRbFBoqzBuxcUOTN/V1i1XECGMxEg5cE+9tp+2mvOSpiChkpxeGA42Y - KbcVR7df2bjIQ+8IQzgPkpGnpG/XwC8JKsy+2jiiXOWrwUDfEFrkFaqGNareTeST - ynkbl+y8PgtoHloubckKoXqyY/zHTG3gDDW7SLfr/OpHqyq8MtITyojwMB/Ijyzo - 6mAPiTLI7oFYpWIP0UiM7u4o6iDW9S8G9l+vLZJyEmhEUZJUkWoXRy2Ibd6ix0L3 - eA6izpRuehl1OLePY4HNkuqOgXiEf1mgNcoGnyx3kzKYa1cUlMP0ve8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "dqJq+qESCNakC3p9duc5LrG26D1scj58Hy1S5kPGtME"; - }; - }; - }; - kfbox = { - owner = config.krebs.users.pinpox; - nets = { - retiolum = { - ip4.addr = "10.243.100.102"; - aliases = [ "kfbox.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAis/ORNebUUz/yBTjouXVNoBHTVaEcpZE+cD9EWv975k0evxxb4s5 - W87fZ6YkQgYtgFScaBMgqDbUdi/zMAkhJb2cn+fOGvuH7QqfiuEdG+lncllN9JlS - LpkP11COWmf60ThFieOa39xOT6atZc4cE0MMhw7CJUdIK7Y/EsHH1rVCWFdAKRIw - 4tM7H2Goi7+Tp2guRVFnM/lzRPnIbGOUQxrkMDB2gmpHdCpYWfAQZGzvxlIqrazC - oPcaF0Pk6URkxGWeRUqJnwcGWxxaiA1KW+okma+Mv5k1DMr8pIK0ywWULMkNzjpP - IIJybkeKomOaQmzjZ2RKulOS8A4OOxiDw9Y6I4x+1qFa1seAmYWWafnHCRPQb40g - q5LCTfJaSvYfEEhs9xfo7vBd4IoYsymIQpLUV4BeNINazpRwNIb2AmHSknMnPZFR - Hu8kvN/D6vNlSt7hR+sWU2XgNTJV/MizvG/6N+9wGSPL15dmt8XiSCjSv2mzBSaW - 7bVFoa57Y0OOwZUeK9SRJKMKPfxcNH9zGTMsb0Qnn0zFwscNnkDyA8Z4zPt4GpCX - b3qlAwKFHHVByuDiWrjr6zfSKU/rEU/CRBoWnTcIwSZRhxvAiX82XgUf0qDtFKY9 - Wh+K8/4tfwX9niGTznIIic6Qmbm1O5MNjaPSPCK2bEgEMhQt9YkA4scCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "fXVRppte1zStbyfrbgJwamJXZnHYJkcC15f90u0sUJM"; - }; - }; - }; - keller = { - owner = config.krebs.users.qubasa; - nets = { - retiolum = { - ip4.addr = "10.243.30.2"; - aliases = [ "kelle.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3jJgnaEJnKiBILtdtIROVfJJ1IgQSdfAw83aNE8xinkIFkP8lSFS - Nd1C9pRI2r8Tjut/MB0b7MRlwOS2FWP1COcKzZGR4gKSiwK9oWGy6Vf5Qvrsd5M+ - 0roUsf6Km/muJgqhWYY4OOaDK3LSp4mAo8H9+pibH9GuMuhu/Ebe0gtwnoOuuQs5 - GeHtaBrtpiGX2WvIU2S1TwDw0cmheEbqyaQ9COSqdOW1ldbfAbh7Zv38iUzMNXJ2 - yAWUfT5eYsIWlQc55JzEABuxIZEFj7BiR2vQYjVa+sIjsb+vI/6SFK4uiuqPP0dW - xFAQyRuQbW0gyooMLXnZ6ByD/t4mFpk7Eo1Sxiv8CdgDI/lELZ1h7jTYKrcuPHYc - P9m2Ut9FxuFMl+s2etkVUVGba2Kz9b9iwvvAZUtU85UrsQCkrghIT0Hm0SIdYQHO - +WyCw46okk5xLicXEd+RgwlWWq+AJeo0LKof3uoRnjQq1kkU5E0nGX/YqRa3YIxV - qmShTnQSTGUe6qVz1uAoh+ljTEUWWgW5UKuHPn1gdqFcIJ+4DSkJgiQ/cbSXtyp0 - 35bQuqjpFe/bwW1PuK6YspMRK2hQrYkypQNrvjcz0RJJc/1ULILTl0NaZEMtCcj2 - t7KpA6wY6WIz5+uTVBnc3vQrcBebfSWzl0IWxjaSufp8ojq5B7mz8s0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "HeSMxgGaB9alyS0n766TJ3qA2fAwvJmMyLPFbYhfZdJ"; - }; - }; - }; - - ahorn = { - owner = config.krebs.users.pinpox; - nets = { - retiolum = { - ip4.addr = "10.243.100.100"; - aliases = [ "ahorn.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAyfCuWUYEqp4vEt+a6DRvFpIrBu+GlkpNs/mE4OHzATQLNnWooOXQ - 4mncdpx7OKf5jKxQY6NytW2ogRTEr8F5B52O5jE4OAoj64WG2xhuzO82MDIuVJ0h - ihiiVZ2O8Dx5sfhto7sr2Z9bsbpAZ3lSZC23I+NXk55KVxwl7YPzmZGD/dXLy/OC - R7KTvNbkO5T+BkcRpeigSV/ROymenxbpOoEFZb9PXpE4NJCOaX1ZnUrD93xVUhh1 - 7aHqqA3iWqjU8AK7Xp2Hm06pHNVjP0TfmleGtcCt47D6zQytmfjGwptdva4RqMfT - 0BWvjGoQYDmgLveYIYssWlcjfvn9oRRvlFS6QeUZ8pP/YsvgnR4wfILFbQMKvGFn - OXrmZ6vG2rqmJCGfuo3sd3YdhPwHWDmNz0ORJRQ8EcDAblfyjkGS8CZvC/Cmh2vU - bPEEl78g30Kpd8dFpym24C8LwtujK+rzk6EJJrfu0DAlxlDGJyGC89yKktkYV6Mh - Cy9Mwfz8eFRF2IcwEJNgi10/GMiN9LYk3R49wQN/6poQd62cS0C8bBkeWIgvSn5Q - zpvvg7ChjmvDc6rxiO1XXWODXVWFogu6IxMRKUgxk9EheX0UEu2ZpzalqmQqPm9Y - J1rBAUDan+au0WkocTbCIB3Y18byvrRuegxeny6XzS8ECFnsZSyWzo8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "rMX99xOg69naxQoRc/wHCmaHC5aq+7vjwpzjK0z73KJ"; - }; - }; - }; - - rtjure = { - owner = config.krebs.users.rtjure; - nets = { - retiolum = { - ip4.addr = "10.243.122.122"; - aliases = [ - "rtjure.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3YkPPsO3WDGrXyOBdAxxP1MNNuPa19Gx1pA73FKv0gnfp4wYyjwl - sc9A0C5yr741+LhJNqfkUT9Vb7dE2PZcEcAxZ6Vk9FBkkCWHGVyMfeqeK/hTuYqk - FKGNPcGWCKZDM6CYSNYr2PW3ER8xMrQP9VSvHk1smdqr8cj3wWJ8TRtUmHzkvPZc - C4bgrLDiQ8uev5VCt4POilrnjfcBNzgOFxWZ5uneTwM6tLhOj9uaylJEtDbW2XrF - ocm8cGrYkS4c1x77mz/eYfJUJQFhTVGp29QTIiIHglP7W67LLq4qMvREvRhGTovd - AT4KUOEXRgcPzHhbcVNeu2/ekKGHAubpjFfqxW7Y9zRTOXeSwyDnVbh+jg/VBGIV - 2BQZnUqNSQIHVeHQCoI3ugdSsqK5Gf1z9cKqpeNfwo+JK72NTC+nH2d5ypRksTzv - VoTrFrv0P2qtKkhI79zY3ezw3HjCf6osKz9/EAYgzGH1Ix4WD3jjc1gqePiHYYlL - EQV4HkwmarmMNrNA8qRDhKCTK4G7CS6btOcSsCM3y1lYbkubaOncIACSWIJ1uAMJ - SEY30YYtOw2P