Merge remote-tracking branch 'orange/master'

author: tv <tv@krebsco.de> 2023-10-10 22:30:48 +0200
committer: tv <tv@krebsco.de> 2023-10-10 22:30:48 +0200
commit: 90eb0891c25177b427da5224138f26f6549bdc75 (patch)
tree: 41e05bbb9420d0b9f3b42a7218da302a5058455c
parent: edc9552c6a2f75912cfbc15386d1835a1fbc9dc6 (diff)
parent: 4f4b7a63da0758d80b74e26dd9d65cd69d200bb2 (diff)
10 files changed, 49 insertions, 39 deletions
diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix
index fac48a8ba..fe3725809 100644
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@@ -25,36 +25,11 @@ in {
       inherit (slib) krebs;
     })
   );
-  users = rec {
-    lass = lass-yubikey;
-    lass-yubikey = {
+  users = {
+    lass = {
       mail = "lass@green.r";
       pubkey = builtins.readFile ./ssh/yubikey.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
     };
-    lass-blue = {
-      mail = "lass@blue.r";
-      pubkey = builtins.readFile ./ssh/blue.rsa;
-    };
-    lass-green = {
-      mail = "lass@green.r";
-      pubkey = builtins.readFile ./ssh/green.ed25519;
-    };
-    lass-red = {
-      mail = "lass@red.r";
-      pubkey = builtins.readFile ./ssh/red.ed25519;
-    };
-    lass-mors = {
-      mail = "lass@mors.r";
-      pubkey = builtins.readFile ./ssh/mors.rsa;
-      pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp;
-    };
-    lass-android = {
-      mail = "lassulus@gmail.com";
-      pubkey = builtins.readFile ./ssh/android.ed25519;
-    };
-    lass-tablet = {
-      pubkey = builtins.readFile ./ssh/tablet.ed25519;
-    };
   };
 }
diff --git a/kartei/lass/ignavia.nix b/kartei/lass/ignavia.nix
new file mode 100644
index 000000000..88d290e70
--- /dev/null
+++ b/kartei/lass/ignavia.nix
@@ -0,0 +1,19 @@
+{ r6, w6, ... }:
+{
+  ci = false;
+  nets = {
+    retiolum = {
+      ip4.addr = "10.243.0.25";
+      ip6.addr = r6 "16a2";
+      aliases = [
+        "ignavia.r"
+      ];
+      tinc = {
+        pubkey = builtins.readFile ./ignavia/retiolum.rsa_key.pub;
+        pubkey_ed25519 = builtins.replaceStrings [ "Ed25519PublicKey = " ] [ "" ] (builtins.readFile ./ignavia/retiolum.ed25519_key.pub);
+      };
+    };
+  };
+  ssh.pubkey = builtins.readFile ./ignavia/ssh.id_ed25519.pub;
+  syncthing.id = builtins.replaceStrings [ "\n" ] [ "" ] (builtins.readFile ./ignavia/syncthing.pub);
+}
diff --git a/kartei/lass/ignavia/retiolum.ed25519_key.pub b/kartei/lass/ignavia/retiolum.ed25519_key.pub
new file mode 100644
index 000000000..cbe130fd5
--- /dev/null
+++ b/kartei/lass/ignavia/retiolum.ed25519_key.pub
@@ -0,0 +1 @@
+Ed25519PublicKey = iuu6UcJpUu+72IywGkeGh/PpJJZ9UidbsdTR00JbFQL
diff --git a/kartei/lass/ignavia/retiolum.rsa_key.pub b/kartei/lass/ignavia/retiolum.rsa_key.pub
new file mode 100644
index 000000000..1627ec7e1
--- /dev/null
+++ b/kartei/lass/ignavia/retiolum.rsa_key.pub
@@ -0,0 +1,13 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIICCgKCAgEAx362jbzjyKsPG4zAeZW1mgDWzaBoTz6JpJlN6ycsTLkrAAQrHiCs
+Dz6sbE0zkQUcdFFuagqwROrQU81kx663azBAlHHsMs/vkVmbQk/ilXHHOYYbkRUS
+zCfBe1JwXNPUyZ+v46IgOuvLLBfO00prcDj69sIqWdRMGAvKqYssSHuelBO3UdMl
+7r5nQ+Kc5hOqfHjf1xW7eSL3BsAA1GP/nuHkhUJN4TOKXqlywTxpcJQKI35k1gR/
+zCH53qZQ6/GHe6lHEWIjrKdzg51h7cu6UbyfpVN0zoFSY3gcFemRNKk/LI8DxVZs
+DjBQCpNVzRkrbmRIS0jTpzwSIvA7O204Z4Z7Q7ocrlFP5gKKT7M+Hk18CU0DIHwp
+e5shYBGLPAswmWJQJUyXRyMjS580+ymxw5DRIym2Ogu8w3ztSOxbcWunvLAn9I84
+U6/njQxdKHeuCYBqlO1YHOJ+qKvU4HsV3EYjwGvVzxL4XVg24KvQJ4M6QZvjLYfS
+oysx64tLBW4hYv4dTA0vLSa9/0zreNKucJRAaHYGw9rC6FZDK3b8AZiNOCSz2tWC
+I/C/sw/UgZMev66MHVuO/K6xR5hpi1tW6ONZ3ecFp4N+MS8lUOQrCQ/L6UU58Qgr
+AmAP6hM3FM1TCHEOC2jpLcUIHAdLf+xdzdp2ExPZJiMAUeV310i/dlECAwEAAQ==
+-----END RSA PUBLIC KEY-----
diff --git a/kartei/lass/ignavia/ssh.id_ed25519.pub b/kartei/lass/ignavia/ssh.id_ed25519.pub
new file mode 100644
index 000000000..9e6c348f8
--- /dev/null
+++ b/kartei/lass/ignavia/ssh.id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjhIyEbkirWJcsuJHwnZx4QcFhIDNGGsMzJOp4lVnQY lass@aergia
diff --git a/kartei/lass/ignavia/syncthing.pub b/kartei/lass/ignavia/syncthing.pub
new file mode 100644
index 000000000..9c38cbda1
--- /dev/null
+++ b/kartei/lass/ignavia/syncthing.pub
@@ -0,0 +1 @@
+NWYGIWH-M2HDGLM-32HL27Z-DGO3ALT-QVCWEET-P436GDZ-4ELEB67-7OE6XQ2
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index bd4f36cbe..905eaaef7 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -48,9 +48,7 @@ with import ../../lib/pure.nix { inherit lib; };
 
   users.mutableUsers = false;
   users.extraUsers.root.openssh.authorizedKeys.keys = [
-    config.krebs.users.jeschli-brauerei.pubkey
     config.krebs.users.lass.pubkey
-    config.krebs.users.lass-mors.pubkey
     config.krebs.users.makefu.pubkey
     config.krebs.users.tv.pubkey
     config.krebs.users.kmein.pubkey
diff --git a/krebs/2configs/tor/initrd.nix b/krebs/2configs/tor/initrd.nix
index 21c46a0a7..768439734 100644
--- a/krebs/2configs/tor/initrd.nix
+++ b/krebs/2configs/tor/initrd.nix
@@ -7,9 +7,7 @@
     enable = true;
     port = 22;
     authorizedKeys = [
-      config.krebs.users.jeschli-brauerei.pubkey
       config.krebs.users.lass.pubkey
-      config.krebs.users.lass-mors.pubkey
       config.krebs.users.makefu.pubkey
       config.krebs.users.tv.pubkey
     ];
diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix
index c88dd5919..6d3a71324 100644
--- a/krebs/3modules/sync-containers3.nix
+++ b/krebs/3modules/sync-containers3.nix
@@ -32,6 +32,17 @@ in {
             type = lib.types.bool;
             default = true;
           };
+          startCommand = lib.mkOption {
+            type = lib.types.str;
+            default = ''
+              set -efu
+              mkdir -p /var/state/var_src
+              ln -Tfrs /var/state/var_src /var/src
+              if test -e /var/src/nixos-config; then
+                /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
+              fi
+            '';
+          };
         };
       }));
     };
@@ -52,14 +63,7 @@ in {
               NIX_REMOTE = "daemon";
             };
             wantedBy = [ "multi-user.target" ];
-            serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ''
-              set -efu
-              mkdir -p /var/state/var_src
-              ln -Tfrs /var/state/var_src /var/src
-              if test -e /var/src/nixos-config; then
-                /run/current-system/sw/bin/nixos-rebuild -I /var/src switch || :
-              fi
-            '';
+            serviceConfig.ExecStart = pkgs.writers.writeDash "autoswitch" ctr.startCommand;
             unitConfig.X-StopOnRemoval = false;
           };
         };
diff --git a/submodules/disko b/submodules/disko
deleted file mode 160000
-Subproject 7b186e0f812a7c54a1fa86b8f7c0f01afecc69c
author	tv <tv@krebsco.de>	2023-10-10 22:30:48 +0200
committer	tv <tv@krebsco.de>	2023-10-10 22:30:48 +0200
commit	90eb0891c25177b427da5224138f26f6549bdc75 (patch)
tree	41e05bbb9420d0b9f3b42a7218da302a5058455c
parent	edc9552c6a2f75912cfbc15386d1835a1fbc9dc6 (diff)
parent	4f4b7a63da0758d80b74e26dd9d65cd69d200bb2 (diff)