From a041768aa153d51391ebcb80f3ceddf1d2379885 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 28 Dec 2021 23:49:34 +0100 Subject: k 3 ma: make ed25519 keys available for hosts --- krebs/3modules/makefu/default.nix | 6 ++++++ krebs/3modules/makefu/retiolum/cake_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/crapi.pub | 1 - krebs/3modules/makefu/retiolum/crapi_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/fileleech_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/sdev_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/studio_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/wbob_ed25519.pub | 1 + 8 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/makefu/retiolum/cake_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/crapi_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/fileleech_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/sdev_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/studio_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/wbob_ed25519.pub (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7780863a3..51c38b899 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -22,6 +22,12 @@ with import ; (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; }; }) + # Retiolum ed25519 keys + (let + pubkey-path = ./retiolum + "/${hostName}_ed25519.pub"; + in optionalAttrs (pathExists pubkey-path) { + nets.retiolum.tinc.pubkey_ed25519 = builtins.trace "using ed25519 key for host ${hostName}" (readFile pubkey-path); + }) # Wiregrill defaults (let pubkey-path = ./wiregrill + "/${hostName}.pub"; diff --git a/krebs/3modules/makefu/retiolum/cake_ed25519.pub b/krebs/3modules/makefu/retiolum/cake_ed25519.pub new file mode 100644 index 000000000..6c6bf2b33 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/cake_ed25519.pub @@ -0,0 +1 @@ +zlfSyJdG7vJmvkk1Ul3ZXUix2YduFYUMhM89nRdy8aE diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub index 2b6104468..c66f24882 100644 --- a/krebs/3modules/makefu/retiolum/crapi.pub +++ b/krebs/3modules/makefu/retiolum/crapi.pub @@ -1,4 +1,3 @@ -Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66 OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L diff --git a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub b/krebs/3modules/makefu/retiolum/crapi_ed25519.pub new file mode 100644 index 000000000..ce5a6f05a --- /dev/null +++ b/krebs/3modules/makefu/retiolum/crapi_ed25519.pub @@ -0,0 +1 @@ +Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F diff --git a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub b/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub new file mode 100644 index 000000000..ea93cfddb --- /dev/null +++ b/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub @@ -0,0 +1 @@ +2YSzoLSQN3k4HC8uozPb/nMmbrTa9eKOD2Ka9Iq8iXM diff --git a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub b/krebs/3modules/makefu/retiolum/sdev_ed25519.pub new file mode 100644 index 000000000..fef79aa68 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/sdev_ed25519.pub @@ -0,0 +1 @@ +OxXCkjs3OzIsMXcSVcr7dJD55iRFRjUc0eERPdU1OjO diff --git a/krebs/3modules/makefu/retiolum/studio_ed25519.pub b/krebs/3modules/makefu/retiolum/studio_ed25519.pub new file mode 100644 index 000000000..13a09ad1b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/studio_ed25519.pub @@ -0,0 +1 @@ +WLUvBME38jEpXIEFniyVIjyvMw7JTNJBQb/NIXcxmzL diff --git a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub b/krebs/3modules/makefu/retiolum/wbob_ed25519.pub new file mode 100644 index 000000000..eeef652e2 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/wbob_ed25519.pub @@ -0,0 +1 @@ +b3uia4Sns0ljQrccLE0QxzeAB4APTiJEB98neQQosdF -- cgit v1.2.3 From 3330b6a2c4bd6a2fb4614dd9283d97d40f9f1a41 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 29 Dec 2021 00:05:10 +0100 Subject: k 3 ma: add ed25519 keys for all hosts --- krebs/3modules/makefu/retiolum/filepimp_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/firecracker_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/flap_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/gum_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/nukular_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/omo_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/senderechner_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/tsp_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/vbob.pub | 8 ++++++++ krebs/3modules/makefu/retiolum/vbob_ed25519.pub | 1 + krebs/3modules/makefu/retiolum/x_ed25519.pub | 1 + 11 files changed, 18 insertions(+) create mode 100644 krebs/3modules/makefu/retiolum/filepimp_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/firecracker_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/flap_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/gum_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/nukular_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/omo_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/senderechner_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/tsp_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/vbob.pub create mode 100644 krebs/3modules/makefu/retiolum/vbob_ed25519.pub create mode 100644 krebs/3modules/makefu/retiolum/x_ed25519.pub (limited to 'krebs') diff --git a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub b/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub new file mode 100644 index 000000000..7a62ff46f --- /dev/null +++ b/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub @@ -0,0 +1 @@ +aQDHnUzOhf8zhMOB/ufTaP4rQLrizfN135PVgfTLkaC diff --git a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub b/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub new file mode 100644 index 000000000..76e6def7c --- /dev/null +++ b/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub @@ -0,0 +1 @@ +3QIlv3vsykhMlsrsHUbU/vneVbYiE6G1U7HPzK2AbRI diff --git a/krebs/3modules/makefu/retiolum/flap_ed25519.pub b/krebs/3modules/makefu/retiolum/flap_ed25519.pub new file mode 100644 index 000000000..47da38477 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/flap_ed25519.pub @@ -0,0 +1 @@ +1o7+d8jjitc1vJB1sYFY8qvbcePssD6c+sgfxqq+BXD diff --git a/krebs/3modules/makefu/retiolum/gum_ed25519.pub b/krebs/3modules/makefu/retiolum/gum_ed25519.pub new file mode 100644 index 000000000..5b6f2426e --- /dev/null +++ b/krebs/3modules/makefu/retiolum/gum_ed25519.pub @@ -0,0 +1 @@ +6M/fxVpfUCpbWvOXR9eHjt3o7sgjAEoIT/hXcDN970E diff --git a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub b/krebs/3modules/makefu/retiolum/nukular_ed25519.pub new file mode 100644 index 000000000..0cae03b83 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/nukular_ed25519.pub @@ -0,0 +1 @@ +nL4hL0aJvufqdSvTafAnc/g0wjznIwuHlEq/h/OxEsF diff --git a/krebs/3modules/makefu/retiolum/omo_ed25519.pub b/krebs/3modules/makefu/retiolum/omo_ed25519.pub new file mode 100644 index 000000000..dd11ab7dd --- /dev/null +++ b/krebs/3modules/makefu/retiolum/omo_ed25519.pub @@ -0,0 +1 @@ +SVuxrF4CQGRl3evQurw0wh44g72/0qwRACF+/n2i2rE diff --git a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub b/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub new file mode 100644 index 000000000..f0968aa12 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub @@ -0,0 +1 @@ +LegGLszL9hZXoanCQnv0VxuoLviT2K/yvQGYuCsloUH diff --git a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub b/krebs/3modules/makefu/retiolum/tsp_ed25519.pub new file mode 100644 index 000000000..c7baf9067 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/tsp_ed25519.pub @@ -0,0 +1 @@ +gzMYJY6/6sgG4ZgYWzeDs6svTvsDIeJEAGxPbrJUFVN diff --git a/krebs/3modules/makefu/retiolum/vbob.pub b/krebs/3modules/makefu/retiolum/vbob.pub new file mode 100644 index 000000000..168437e78 --- /dev/null +++ b/krebs/3modules/makefu/retiolum/vbob.pub @@ -0,0 +1,8 @@ +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr +4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI +AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP +hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o +Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s +AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub b/krebs/3modules/makefu/retiolum/vbob_ed25519.pub new file mode 100644 index 000000000..5e287f36b --- /dev/null +++ b/krebs/3modules/makefu/retiolum/vbob_ed25519.pub @@ -0,0 +1 @@ +fRPhdsYqwPuYgL2p/CmAUCVykU9GbiRfHQ8SULPQNGE diff --git a/krebs/3modules/makefu/retiolum/x_ed25519.pub b/krebs/3modules/makefu/retiolum/x_ed25519.pub new file mode 100644 index 000000000..fbf63d08e --- /dev/null +++ b/krebs/3modules/makefu/retiolum/x_ed25519.pub @@ -0,0 +1 @@ +81FOjlXXS22WWZzLnL4sDCuXmvMoYkbhy0wlBlr60zM -- cgit v1.2.3 From 6f96a15df66161e217258a5626f94121b0a39459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 2 Jan 2022 14:53:24 +0100 Subject: mic92: add ip address for yasmin --- krebs/3modules/external/mic92.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 9a3c855f4..95eae20b0 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -300,6 +300,11 @@ in { }; yasmin = { owner = config.krebs.users.mic92; + nets.internet = { + ip4.addr = "131.159.102.7"; + ip6.addr = "2a09:80c0:102::7"; + aliases = [ "yasmin.i" ]; + }; nets.retiolum = { ip4.addr = "10.243.29.197"; aliases = [ -- cgit v1.2.3 From 43650744d68f71a10c251ae3073412d4d2a41f3f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Jan 2022 22:07:14 +0100 Subject: nixpkgs: 5730959 -> d1e59cf --- krebs/nixpkgs.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index f90e6b08c..43f298973 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "573095944e7c1d58d30fc679c81af63668b54056", - "date": "2021-12-10T10:33:46-08:00", - "path": "/nix/store/c0bvhzf1xsjrmzrda8jasa1da76x0zyk-nixpkgs", - "sha256": "07s5cwhskqvy82b4rld9b14ljc0013pig23i3jx3l3f957rk95pg", + "rev": "d1e59cfc49961e121583abe32e2f3db1550fbcff", + "date": "2022-01-01T22:20:39+08:00", + "path": "/nix/store/azrxsxpszjwgg75jk1pkzlzjcj0qnw8d-nixpkgs", + "sha256": "03ldf1dlxqf3g8qh9x5vp6vd9zvvr481fyjds111imll69y60wpm", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From fa81a9343a3ff47ec88d517766546db617d4ebec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Jan 2022 22:08:10 +0100 Subject: nixpkgs-unstable: ac169ec -> 59bfda7 --- krebs/nixpkgs-unstable.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index babaad004..cab3ab115 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", - "date": "2021-12-26T18:43:05+01:00", - "path": "/nix/store/l1qmvpx4pj24ijsm44n64vw2fnl9dpc7-nixpkgs", - "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh", + "rev": "59bfda72480496f32787cec8c557182738b1bd3f", + "date": "2021-12-31T15:09:52+01:00", + "path": "/nix/store/wy2iidg15nwgmn8xir8fbr1lfz1hqphb-nixpkgs", + "sha256": "18akd1chfvniq1q774rigfxgmxwi0wyjljpa1j9ls59szpzr316d", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, -- cgit v1.2.3 From 88ec249276ccf86591279b104908d9786d2be63a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 2 Jan 2022 22:14:24 +0100 Subject: mic92: drop ipv4 for bernie --- krebs/3modules/external/mic92.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 95eae20b0..f8c371b7f 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -679,7 +679,6 @@ in { owner = config.krebs.users.mic92; nets = rec { retiolum = { - ip4.addr = "10.243.29.169"; aliases = [ "bernie.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From afaf87781a282e6fbba596b0cbf652552961e54e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Jan 2022 23:21:28 +0100 Subject: krebs.tinc: make /etc/tinc/ writable by tincd --- krebs/3modules/tinc.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index a18248351..21ddde1c6 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -222,12 +222,6 @@ with import ; nameValuePair netname {} ) config.krebs.tinc; - environment.etc = mapAttrs' (netname: cfg: - nameValuePair "tinc/${netname}" { - source = cfg.confDir; - } - ) config.krebs.tinc; - krebs.systemd.services = mapAttrs (netname: cfg: { }) config.krebs.tinc; @@ -239,8 +233,6 @@ with import ; cfg.iproutePackage cfg.tincPackage ]; - reloadIfChanged = true; - restartTriggers = [ cfg.confDir ]; serviceConfig = { Restart = "always"; LoadCredential = filter (x: x != "") [ @@ -249,6 +241,13 @@ with import ; ) "rsa_key:${cfg.privkey}" ]; + ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + ${pkgs.coreutils}/bin/mkdir -p /etc/tinc + ${pkgs.rsync}/bin/rsync -vaL --delete \ + --chown ${cfg.user.name} \ + --chmod u=rwX,g=rX \ + ${cfg.confDir}/ /etc/tinc/${netname}/ + ''; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" "-D" -- cgit v1.2.3 From 057adcb836ec7deedf0a0b2dd7f7dc7206c3f740 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Jan 2022 00:47:03 +0100 Subject: k 3 ma: removing trace output for ed25519 keys --- krebs/3modules/makefu/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 51c38b899..62316bfdb 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,7 +26,7 @@ with import ; (let pubkey-path = ./retiolum + "/${hostName}_ed25519.pub"; in optionalAttrs (pathExists pubkey-path) { - nets.retiolum.tinc.pubkey_ed25519 = builtins.trace "using ed25519 key for host ${hostName}" (readFile pubkey-path); + nets.retiolum.tinc.pubkey_ed25519 = readFile pubkey-path; }) # Wiregrill defaults (let -- cgit v1.2.3