summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-01-03 14:32:14 +0100
committertv <tv@krebsco.de>2022-01-03 14:32:14 +0100
commite8611251e6e40a50dedfe8efaa8ea555a96e1a9d (patch)
treeb2062294c7a157b04ff0cdfb56e1c156364a7577 /krebs/3modules
parentdb6e1a0dfc91ea25c0eeebb5254156469f209265 (diff)
parent2313e962e2ac6dc6f1f59800d793101f958e8b37 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/external/mic92.nix6
-rw-r--r--krebs/3modules/makefu/default.nix6
-rw-r--r--krebs/3modules/makefu/retiolum/cake_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/crapi.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/crapi_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/fileleech_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/filepimp_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/firecracker_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/flap_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/gum_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/nukular_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/omo_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/sdev_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/senderechner_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/studio_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/tsp_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/vbob.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/vbob_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/wbob_ed25519.pub1
-rw-r--r--krebs/3modules/makefu/retiolum/x_ed25519.pub1
-rw-r--r--krebs/3modules/tinc.nix15
21 files changed, 42 insertions, 10 deletions
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 9a3c855f4..f8c371b7f 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -300,6 +300,11 @@ in {
};
yasmin = {
owner = config.krebs.users.mic92;
+ nets.internet = {
+ ip4.addr = "131.159.102.7";
+ ip6.addr = "2a09:80c0:102::7";
+ aliases = [ "yasmin.i" ];
+ };
nets.retiolum = {
ip4.addr = "10.243.29.197";
aliases = [
@@ -674,7 +679,6 @@ in {
owner = config.krebs.users.mic92;
nets = rec {
retiolum = {
- ip4.addr = "10.243.29.169";
aliases = [ "bernie.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 7780863a3..62316bfdb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -22,6 +22,12 @@ with import <stockholm/lib>;
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
};
})
+ # Retiolum ed25519 keys
+ (let
+ pubkey-path = ./retiolum + "/${hostName}_ed25519.pub";
+ in optionalAttrs (pathExists pubkey-path) {
+ nets.retiolum.tinc.pubkey_ed25519 = readFile pubkey-path;
+ })
# Wiregrill defaults
(let
pubkey-path = ./wiregrill + "/${hostName}.pub";
diff --git a/krebs/3modules/makefu/retiolum/cake_ed25519.pub b/krebs/3modules/makefu/retiolum/cake_ed25519.pub
new file mode 100644
index 000000000..6c6bf2b33
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/cake_ed25519.pub
@@ -0,0 +1 @@
+zlfSyJdG7vJmvkk1Ul3ZXUix2YduFYUMhM89nRdy8aE
diff --git a/krebs/3modules/makefu/retiolum/crapi.pub b/krebs/3modules/makefu/retiolum/crapi.pub
index 2b6104468..c66f24882 100644
--- a/krebs/3modules/makefu/retiolum/crapi.pub
+++ b/krebs/3modules/makefu/retiolum/crapi.pub
@@ -1,4 +1,3 @@
-Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
diff --git a/krebs/3modules/makefu/retiolum/crapi_ed25519.pub b/krebs/3modules/makefu/retiolum/crapi_ed25519.pub
new file mode 100644
index 000000000..ce5a6f05a
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/crapi_ed25519.pub
@@ -0,0 +1 @@
+Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
diff --git a/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub b/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub
new file mode 100644
index 000000000..ea93cfddb
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/fileleech_ed25519.pub
@@ -0,0 +1 @@
+2YSzoLSQN3k4HC8uozPb/nMmbrTa9eKOD2Ka9Iq8iXM
diff --git a/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub b/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub
new file mode 100644
index 000000000..7a62ff46f
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/filepimp_ed25519.pub
@@ -0,0 +1 @@
+aQDHnUzOhf8zhMOB/ufTaP4rQLrizfN135PVgfTLkaC
diff --git a/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub b/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub
new file mode 100644
index 000000000..76e6def7c
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/firecracker_ed25519.pub
@@ -0,0 +1 @@
+3QIlv3vsykhMlsrsHUbU/vneVbYiE6G1U7HPzK2AbRI
diff --git a/krebs/3modules/makefu/retiolum/flap_ed25519.pub b/krebs/3modules/makefu/retiolum/flap_ed25519.pub
new file mode 100644
index 000000000..47da38477
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/flap_ed25519.pub
@@ -0,0 +1 @@
+1o7+d8jjitc1vJB1sYFY8qvbcePssD6c+sgfxqq+BXD
diff --git a/krebs/3modules/makefu/retiolum/gum_ed25519.pub b/krebs/3modules/makefu/retiolum/gum_ed25519.pub
new file mode 100644
index 000000000..5b6f2426e
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/gum_ed25519.pub
@@ -0,0 +1 @@
+6M/fxVpfUCpbWvOXR9eHjt3o7sgjAEoIT/hXcDN970E
diff --git a/krebs/3modules/makefu/retiolum/nukular_ed25519.pub b/krebs/3modules/makefu/retiolum/nukular_ed25519.pub
new file mode 100644
index 000000000..0cae03b83
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/nukular_ed25519.pub
@@ -0,0 +1 @@
+nL4hL0aJvufqdSvTafAnc/g0wjznIwuHlEq/h/OxEsF
diff --git a/krebs/3modules/makefu/retiolum/omo_ed25519.pub b/krebs/3modules/makefu/retiolum/omo_ed25519.pub
new file mode 100644
index 000000000..dd11ab7dd
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/omo_ed25519.pub
@@ -0,0 +1 @@
+SVuxrF4CQGRl3evQurw0wh44g72/0qwRACF+/n2i2rE
diff --git a/krebs/3modules/makefu/retiolum/sdev_ed25519.pub b/krebs/3modules/makefu/retiolum/sdev_ed25519.pub
new file mode 100644
index 000000000..fef79aa68
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/sdev_ed25519.pub
@@ -0,0 +1 @@
+OxXCkjs3OzIsMXcSVcr7dJD55iRFRjUc0eERPdU1OjO
diff --git a/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub b/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub
new file mode 100644
index 000000000..f0968aa12
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/senderechner_ed25519.pub
@@ -0,0 +1 @@
+LegGLszL9hZXoanCQnv0VxuoLviT2K/yvQGYuCsloUH
diff --git a/krebs/3modules/makefu/retiolum/studio_ed25519.pub b/krebs/3modules/makefu/retiolum/studio_ed25519.pub
new file mode 100644
index 000000000..13a09ad1b
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/studio_ed25519.pub
@@ -0,0 +1 @@
+WLUvBME38jEpXIEFniyVIjyvMw7JTNJBQb/NIXcxmzL
diff --git a/krebs/3modules/makefu/retiolum/tsp_ed25519.pub b/krebs/3modules/makefu/retiolum/tsp_ed25519.pub
new file mode 100644
index 000000000..c7baf9067
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/tsp_ed25519.pub
@@ -0,0 +1 @@
+gzMYJY6/6sgG4ZgYWzeDs6svTvsDIeJEAGxPbrJUFVN
diff --git a/krebs/3modules/makefu/retiolum/vbob.pub b/krebs/3modules/makefu/retiolum/vbob.pub
new file mode 100644
index 000000000..168437e78
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/vbob.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/retiolum/vbob_ed25519.pub b/krebs/3modules/makefu/retiolum/vbob_ed25519.pub
new file mode 100644
index 000000000..5e287f36b
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/vbob_ed25519.pub
@@ -0,0 +1 @@
+fRPhdsYqwPuYgL2p/CmAUCVykU9GbiRfHQ8SULPQNGE
diff --git a/krebs/3modules/makefu/retiolum/wbob_ed25519.pub b/krebs/3modules/makefu/retiolum/wbob_ed25519.pub
new file mode 100644
index 000000000..eeef652e2
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/wbob_ed25519.pub
@@ -0,0 +1 @@
+b3uia4Sns0ljQrccLE0QxzeAB4APTiJEB98neQQosdF
diff --git a/krebs/3modules/makefu/retiolum/x_ed25519.pub b/krebs/3modules/makefu/retiolum/x_ed25519.pub
new file mode 100644
index 000000000..fbf63d08e
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/x_ed25519.pub
@@ -0,0 +1 @@
+81FOjlXXS22WWZzLnL4sDCuXmvMoYkbhy0wlBlr60zM
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index a18248351..21ddde1c6 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -222,12 +222,6 @@ with import <stockholm/lib>;
nameValuePair netname {}
) config.krebs.tinc;
- environment.etc = mapAttrs' (netname: cfg:
- nameValuePair "tinc/${netname}" {
- source = cfg.confDir;
- }
- ) config.krebs.tinc;
-
krebs.systemd.services = mapAttrs (netname: cfg: {
}) config.krebs.tinc;
@@ -239,8 +233,6 @@ with import <stockholm/lib>;
cfg.iproutePackage
cfg.tincPackage
];
- reloadIfChanged = true;
- restartTriggers = [ cfg.confDir ];
serviceConfig = {
Restart = "always";
LoadCredential = filter (x: x != "") [
@@ -249,6 +241,13 @@ with import <stockholm/lib>;
)
"rsa_key:${cfg.privkey}"
];
+ ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
+ ${pkgs.coreutils}/bin/mkdir -p /etc/tinc
+ ${pkgs.rsync}/bin/rsync -vaL --delete \
+ --chown ${cfg.user.name} \
+ --chmod u=rwX,g=rX \
+ ${cfg.confDir}/ /etc/tinc/${netname}/
+ '';
ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"