diff options
author | tv <tv@krebsco.de> | 2018-01-16 20:19:27 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-01-16 20:19:27 +0100 |
commit | cc4e5322aeca08d121b7769517136b05d7e391ca (patch) | |
tree | 8d8757d91cd631c58d30cb98589973a4983e9d4a /krebs | |
parent | 1c06f938b3d4e4e036184639ecdcadec27b5d8f8 (diff) | |
parent | 74d1531be988057ccadd3de5184d915dcf84c92d (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/repo-sync.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/jeschli/default.nix | 46 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 15 | ||||
-rw-r--r-- | krebs/3modules/makefu/default.nix | 1 | ||||
-rw-r--r-- | krebs/4lib/infest/prepare.sh | 87 | ||||
-rw-r--r-- | krebs/5pkgs/simple/internetarchive/default.nix | 2 |
6 files changed, 128 insertions, 25 deletions
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 84b7d9c0e..48da88a8d 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -58,7 +58,7 @@ let ref = "heads/master"; }; }; - krebs.git = defineRepo name true; + krebs.git = defineRepo name false; }; in { diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 0d161e1c8..c7e882742 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -118,6 +118,52 @@ with import <stockholm/lib>; }; }; }; + enklave = { + nets = rec { + internet = { + ip4.addr = "88.198.164.182"; + aliases = [ + "enklave.i" + ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.27.30"; + ip6.addr = "42::30"; + aliases = [ + "enklave.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIID8gKCA+kAt8zRg/g0jRmqXn6rVul/tdjWtLPcu0aTjNJ5OYZh50i7WqWllGVz + +FfJicuq/Xd1l5qrgUN7MD+Wrfeov+G9lzSgacfPhXMujutXxX3JwW/9f7UN+yoN + Sw29Zj+NWb45HyI5WVwMQ332KbKjNcWdTRe+O39oE6bZWg54oEeZOad2UJ7/83sB + yNEV/B7bJ0+X9HR8XCKrHI/RkjixNauMDlquGzoVyqLKIWwUnBl9CwtNBCYHbvYD + G1rWeCewd9Z6KsqcKSePfa4mn5eOluWcXmbrD/sx8oII40oNUs3kI7a2HExB2Yle + P9Q5MQrXRZfI3bdrh1aHieBodZLtosHPNuJIpo8ZaCX88WLhGR3nhJa1vvM1vNwd + TSSAdobdZUcuIQJKnVxwP4rXQAKPkN2+ddy+tXCGvfFAsdGKDbgPy4FgT+Ed28vg + 3W0fef/3sDNGPY1VAa58/pLz9Un3kNJKUjt00tWamo8daU/3mxZs83nIqDHLq86l + 1+wCl37l+KHe7pUVZ3smoezPRCMoUThmc7VzupbQG+piiSSyiYQi0CuBusa44t76 + 1lMr3pOdRBBAoetZ745ZZVx8s+eYk+C1BmQbLJAfzQ9sbH3LAwXpuAH70mtrFqWl + C3LF89/5mZRbFxALZv9cVx3LqIZDjwpKlwPWorZwo14L+eAagdPCcnVNo6ZcVow2 + mAdNnf7C33fvRsU+rUEIZVPsBHZfAv+f0jqQ65TMvl32VZ0FlxxahSZSj64n8iwr + Z+DOxKA9OcAaTrHQReYLpWUfNceVDLfOmQLeih8hNgClgqPgYJP/OtN+ox3NP6ZX + +Gkx9HO7a+agtyJxjh3NYbT/NkRW8HcjW8KgRN7jlE9sQi5/FoxKQOUdHmLTvjdk + YJXqdPWMYHj2xt4A8x2nzl/si6lwDsod+zdY5RGSdYhoybEOs4wZZIuArmm8GP+C + IbtgutknAuqvm2FOxyWCbLFTimgqC5BgrNUsXFJJLsHQ3bWFJtVpJlSa5Y0iypCP + Yr/cefbDrGfs3eCy7FlYDIkCcH06FPm1LTs6USisrtKFObRQN+zPSPln9FysNmpH + h0YUhrWdTO+wN78K5gc4ALPNUlyqmH61h8jS2qSdrRZLcZWIi4K4banG6EJcWRvV + kaVxghY1i/Z9x43bZRpBPvpM462IDx08vYX9AcFmF7JfjAXPwJO/EqZVsY1YPDzO + vdXWrtTORO8R8Pjq3X952yNqgHBcJQh7Q9TBcj+XBtkidOSnTt3Sp/RumsucUW19 + 0wMempDPiCOAadLmR4cW5XL1ednXurkd+5gHCmB1Sl7FueP5dgLB/mhXjmITE3zH + aQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + }; users = { jeschli = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0567d58ba..37bb31563 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -3,6 +3,9 @@ with import <stockholm/lib>; { + dns.providers = { + "lassul.us" = "zones"; + }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; ci = true; @@ -80,6 +83,18 @@ with import <stockholm/lib>; prism IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} ''; + "lassul.us" = '' + $TTL 3600 + @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN TXT v=spf1 mx -all + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + ''; }; nets = rec { internet = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9f1842b88..56e5c6b82 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -541,6 +541,7 @@ with import <stockholm/lib>; graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ccfc4f49b..78c1c6ec1 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -21,6 +21,10 @@ prepare() {( esac ;; debian) + if grep -Fq Hetzner /etc/motd; then + prepare_hetzner_rescue "$@" + exit + fi case $VERSION_ID in 7) prepare_debian "$@" @@ -72,7 +76,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync - type curl 2>/dev/null || apt-get install curl + type curl 2>/dev/null || apt-get install curl prepare_common } @@ -90,10 +94,33 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +prepare_hetzner_rescue() { + _which() ( + which "$1" + ) + mountpoint /mnt + + type bzip2 2>/dev/null || apt-get install bzip2 + type git 2>/dev/null || apt-get install git + type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl + + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + _prepare_nix_users + _prepare_nix + _prepare_nixos_install +} + get_nixos_install() { echo "installing nixos-install" 2>&1 c=$(mktemp) @@ -107,24 +134,13 @@ EOF nix-env -i -A config.system.build.nixos-install -f "<nixpkgs/nixos>" rm -v $c } + prepare_common() {( + _which() ( + type -p "$1" + ) - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - fi - done + _prepare_nix_users # # mount install directory @@ -173,10 +189,12 @@ prepare_common() {( mount --bind /nix /mnt/nix fi - # - # install nix - # + _prepare_nix + _prepare_nixos_install +)} + +_prepare_nix() { # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -201,17 +219,40 @@ prepare_common() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi +} +_prepare_nix_users() { + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + fi + done +} + + +_prepare_nixos_install() { get_nixos_install + mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi -)} +} prepare "$@" diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index 2f55e6f42..3c83093be 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, fetchPypi, ... }: +{ stdenv, pkgs, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; |