summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-09-25 19:56:06 +0200
committerjeschli <jeschli@gmail.com>2018-09-25 19:56:06 +0200
commit8834d1a9ff6eddfc36e3ad07b7f93805b3212b3f (patch)
tree9ce300976ec88d90e5c5c9030111d890dcf5683e /krebs
parentf922d5947acc3151619ec06962197a800d3138eb (diff)
parenta374a452112ba962ab90e45b6b0f27b3a1330e4f (diff)
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/0tests/deploy.nix5
-rw-r--r--krebs/1systems/hotdog/source.nix3
-rw-r--r--krebs/1systems/onebutton/source.nix13
-rw-r--r--krebs/1systems/puyak/source.nix3
-rw-r--r--krebs/1systems/test-all-krebs-modules/source.nix3
-rw-r--r--krebs/1systems/test-arch/source.nix3
-rw-r--r--krebs/1systems/test-centos6/source.nix3
-rw-r--r--krebs/1systems/test-centos7/source.nix3
-rw-r--r--krebs/1systems/test-failing/source.nix3
-rw-r--r--krebs/1systems/test-minimal-deploy/source.nix3
-rw-r--r--krebs/1systems/wolf/source.nix3
-rw-r--r--krebs/2configs/buildbot-stockholm.nix209
-rw-r--r--krebs/2configs/default.nix1
-rw-r--r--krebs/2configs/reaktor-krebs.nix6
-rw-r--r--krebs/2configs/reaktor-retiolum.nix2
-rw-r--r--krebs/3modules/Reaktor.nix1
-rw-r--r--krebs/3modules/announce-activation.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix1
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/ci.nix19
-rw-r--r--krebs/3modules/default.nix6
-rw-r--r--krebs/3modules/krebs/default.nix3
-rw-r--r--krebs/3modules/makefu/default.nix54
-rw-r--r--krebs/3modules/setuid.nix2
-rw-r--r--krebs/5pkgs/simple/Reaktor/default.nix12
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix2
-rw-r--r--krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py12
-rw-r--r--krebs/5pkgs/simple/buildbot-classic/default.nix4
-rw-r--r--krebs/5pkgs/simple/krebspaste/default.nix2
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix230
-rw-r--r--krebs/5pkgs/simple/syncthing-device-id.nix49
-rw-r--r--krebs/krops.nix4
-rw-r--r--krebs/nixpkgs.json6
-rw-r--r--krebs/source.nix29
34 files changed, 182 insertions, 521 deletions
diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix
index d96963500..5fae60ecc 100644
--- a/krebs/0tests/deploy.nix
+++ b/krebs/0tests/deploy.nix
@@ -44,11 +44,6 @@ let
exec >&2
source=${pkgs.writeJSON "source.json" populate-source}
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
- # TODO: make deploy work
- #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
- # --force-populate \
- # --source=${./data/test-source.nix} \
- # --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix
deleted file mode 100644
index 0fa61b20f..000000000
--- a/krebs/1systems/hotdog/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "hotdog";
-}
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
deleted file mode 100644
index 91a998de7..000000000
--- a/krebs/1systems/onebutton/source.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-with import <stockholm/lib>;
-let
- pkgs = import <nixpkgs> {};
- nixpkgs = builtins.fetchTarball {
- url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
- };
-in import <stockholm/krebs/source.nix> {
- name = "onebutton";
- override.nixpkgs = mkForce {
- file = toString nixpkgs;
- };
-
-}
diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix
deleted file mode 100644
index a21651899..000000000
--- a/krebs/1systems/puyak/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "puyak";
-}
diff --git a/krebs/1systems/test-all-krebs-modules/source.nix b/krebs/1systems/test-all-krebs-modules/source.nix
deleted file mode 100644
index 66fdaa773..000000000
--- a/krebs/1systems/test-all-krebs-modules/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-all-krebs-modules";
-}
diff --git a/krebs/1systems/test-arch/source.nix b/krebs/1systems/test-arch/source.nix
deleted file mode 100644
index bff9d4325..000000000
--- a/krebs/1systems/test-arch/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-arch";
-}
diff --git a/krebs/1systems/test-centos6/source.nix b/krebs/1systems/test-centos6/source.nix
deleted file mode 100644
index 3693bbb29..000000000
--- a/krebs/1systems/test-centos6/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-centos6";
-}
diff --git a/krebs/1systems/test-centos7/source.nix b/krebs/1systems/test-centos7/source.nix
deleted file mode 100644
index 44230f08d..000000000
--- a/krebs/1systems/test-centos7/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-centos7";
-}
diff --git a/krebs/1systems/test-failing/source.nix b/krebs/1systems/test-failing/source.nix
deleted file mode 100644
index 60b77a0a0..000000000
--- a/krebs/1systems/test-failing/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-failing";
-}
diff --git a/krebs/1systems/test-minimal-deploy/source.nix b/krebs/1systems/test-minimal-deploy/source.nix
deleted file mode 100644
index 032ab12bb..000000000
--- a/krebs/1systems/test-minimal-deploy/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "test-minimal-deploy";
-}
diff --git a/krebs/1systems/wolf/source.nix b/krebs/1systems/wolf/source.nix
deleted file mode 100644
index c292bfa62..000000000
--- a/krebs/1systems/wolf/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "wolf";
-}
diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index 0aa9288ec..d10fb7203 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -1,47 +1,11 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
+{ config, ... }: with import <stockholm/lib>;
-let
-
- hostname = config.networking.hostName;
-
- sourceRepos = [
- "http://cgit.enklave.r/stockholm"
- "http://cgit.gum.r/stockholm"
- "http://cgit.hotdog.r/stockholm"
- "http://cgit.ni.r/stockholm"
- "http://cgit.prism.r/stockholm"
- ];
-
- # usage: build USER HOST
- # This executable is meant to be run with <stockholm> as working directory.
- # USER is expected to be a subdirectory of the working directory.
- build = pkgs.writeDash "build" ''
- set -efu
-
- user=$1
- host=$2
-
- result=$(nix-build \
- --argstr name "$host" \
- --argstr target "$HOME"/stockholm-build \
- --attr test \
- --no-build-output \
- --no-out-link \
- --show-trace \
- "$user"/krops.nix \
- )
-
- exec "$result"
- '';
-
-
-in
{
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.build = {
- serverAliases = [ "build.${hostname}.r" ];
+ serverAliases = [ "build.${config.networking.hostName}.r" ];
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
@@ -49,155 +13,28 @@ in
'';
};
};
-
- krebs.buildbot.master = {
- slaves = {
- testslave = "lasspass";
- };
- change_source.stockholm = concatMapStrings (repo: ''
- cs.append(
- changes.GitPoller(
- "${repo}",
- workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True,
- project='stockholm',
- pollinterval=10
- )
- )
- '') sourceRepos;
- scheduler = {
- auto-scheduler = ''
- sched.append(
- schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch_re=".*"),
- treeStableTimer=60,
- name="build-all-branches",
- builderNames=[
- "hosts",
- ]
- )
- )
- '';
- force-scheduler = ''
- sched.append(
- schedulers.ForceScheduler(
- name="hosts",
- builderNames=[
- "hosts",
- ]
- )
- )
- '';
- };
- builder_pre = ''
- # prepare grab_repo step for stockholm
- grab_repo = steps.Git(
- repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'),
- mode='full',
- submodules=True,
- )
- '';
- builder = {
- hosts = ''
- from buildbot import interfaces
- from buildbot.steps.shell import ShellCommand
-
- class StepToStartMoreSteps(ShellCommand):
- def __init__(self, **kwargs):
- ShellCommand.__init__(self, **kwargs)
-
- def addBuildSteps(self, steps_factories):
- for sf in steps_factories:
- step = interfaces.IBuildStepFactory(sf).buildStep()
- step.setBuild(self.build)
- step.setBuildSlave(self.build.slavebuilder.slave)
- step_status = self.build.build_status.addStepWithName(step.name)
- step.setStepStatus(step_status)
- self.build.steps.append(step)
-
- def start(self):
- props = self.build.getProperties()
- hosts = json.loads(props.getProperty('hosts_json'))
- for host in hosts:
- user = hosts[host]['owner']
-
- self.addBuildSteps([steps.ShellCommand(
- name=str(host),
- env={
- "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
- "NIX_REMOTE": "daemon",
- },
- command=[
- "${build}", user, host
- ],
- timeout=90001,
- workdir='build', # TODO figure out why we need this?
- )])
-
- ShellCommand.start(self)
-
-
- f = util.BuildFactory()
- f.addStep(grab_repo)
-
- f.addStep(steps.SetPropertyFromCommand(
- env={
- "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
- "NIX_REMOTE": "daemon",
- },
- name="get_hosts",
- command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """
- with import <nixpkgs> {};
- let
- eval-config = cfg:
- import <nixpkgs/nixos/lib/eval-config.nix> {
- modules = [
- (import cfg)
- ];
- }
- ;
-
- system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here
-
- ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
-
- filtered-attrs = lib.mapAttrs ( n: v: {
- owner = v.owner.name;
- }) ci-systems;
-
- in filtered-attrs
- """],
- property="hosts_json"
- ))
- f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
-
- bu.append(
- util.BuilderConfig(
- name="hosts",
- slavenames=slavenames,
- factory=f
- )
- )
- '';
- };
+ krebs.ci = {
enable = true;
- web.enable = true;
- irc = {
- enable = true;
- nick = "build|${hostname}";
- server = "irc.r";
- channels = [ "noise" "xxx" ];
- allowForce = true;
+ repos = {
+ disko.urls = [
+ "http://cgit.gum.r/disko"
+ "http://cgit.hotdog.r/disko"
+ "http://cgit.ni.r/disko"
+ "http://cgit.prism.r/disko"
+ ];
+ nix_writers.urls = [
+ "http://cgit.hotdog.r/nix-writers"
+ "http://cgit.ni.r/nix-writers"
+ "http://cgit.prism.r/nix-writers"
+ "https://git.ingolf-wagner.de/krebs/nix-writers.git"
+ ];
+ stockholm.urls = [
+ "http://cgit.enklave.r/stockholm"
+ "http://cgit.gum.r/stockholm"
+ "http://cgit.hotdog.r/stockholm"
+ "http://cgit.ni.r/stockholm"
+ "http://cgit.prism.r/stockholm"
+ ];
};
- extraConfig = ''
- c['buildbotURL'] = "http://build.${hostname}.r/"
- '';
- };
-
- krebs.buildbot.slave = {
- enable = true;
- masterhost = "localhost";
- username = "testslave";
- password = "lasspass";
- packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
};
}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 7b970923d..fafcd72c3 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -49,6 +49,7 @@ with import <stockholm/lib>;
users.mutableUsers = false;
users.extraUsers.root.openssh.authorizedKeys.keys = [
# TODO
+ config.krebs.users.jeschli-brauerei.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey
diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix
index ba3715161..dc2838cae 100644
--- a/krebs/2configs/reaktor-krebs.nix
+++ b/krebs/2configs/reaktor-krebs.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
];
extraEnviron = {
REAKTOR_HOST = "irc.freenode.org";
+ REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password";
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
@@ -21,4 +22,9 @@ with import <stockholm/lib>;
(attrValues (todo "agenda"))
;
};
+ krebs.secret.files.nix-serve-key = {
+ path = "/var/lib/Reaktor/reaktor_nickserv_password";
+ owner.name = "Reaktor";
+ source-path = toString <secrets> + "/reaktor_nickserv_password";
+ };
}
diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix
index 90573ca1c..824f59d09 100644
--- a/krebs/2configs/reaktor-retiolum.nix
+++ b/krebs/2configs/reaktor-retiolum.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
{
krebs.Reaktor.retiolum = {
nickname = "Reaktor|lass";
- channels = [ "#xxx" ];
+ channels = [ "#noise" "#xxx" ];
extraEnviron = {
REAKTOR_HOST = "irc.r";
};
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 99a7a55ef..677b6f7b8 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -122,6 +122,7 @@ let
wantedBy = [ "multi-user.target" ];
environment = {
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ PYTHONPATH = "${pkgs.Reaktor}/lib/python3.6/site-packages";
REAKTOR_NICKNAME = botcfg.nickname;
REAKTOR_DEBUG = (if botcfg.debug then "True" else "False");
REAKTOR_CHANNELS = lib.concatStringsSep "," botcfg.channels;
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index 8f8440eb7..76eb4b136 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -53,7 +53,7 @@ in {
};
};
config = mkIf cfg.enable {
- system.activationScripts.announce-activation = ''
+ system.activationScripts.announce-activation = stringAfter [ "etc" ] ''
${announce-activation}
'';
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index a02f3645d..209dbe980 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -82,6 +82,7 @@ let
irc = words.IRC("${cfg.irc.server}", "${cfg.irc.nick}",
channels=${builtins.toJSON cfg.irc.channels},
notify_events={
+ 'started': 1,
'success': 1,
'failure': 1,
'exception': 1,
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index fba585448..544f9c4e0 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -160,8 +160,6 @@ let
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
- #remove garbage from old versions
- rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index cf82401d3..16c6d4315 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -26,8 +26,8 @@ let
hostname = config.networking.hostName;
getJobs = pkgs.writeDash "get_jobs" ''
- nix-build --no-out-link ./ci.nix 2>&1 > /dev/null
- nix-instantiate --eval --strict --json ./ci.nix
+ nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null
+ nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
'';
imp = {
@@ -53,9 +53,12 @@ let
nameValuePair name ''
sched.append(
schedulers.SingleBranchScheduler(
- change_filter=util.ChangeFilter(branch_re=".*"),
+ change_filter=util.ChangeFilter(
+ branch_re=".*",
+ project='${name}',
+ ),
treeStableTimer=60,
- name="build-all-branches",
+ name="${name}-all-branches",
builderNames=[
"${name}",
]
@@ -97,6 +100,10 @@ let
command=[
new_steps[new_step]
],
+ env={
+ "NIX_REMOTE": "daemon",
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ },
timeout=90001,
workdir='build', # TODO figure out why we need this?
)])
@@ -121,7 +128,7 @@ let
},
name="get_steps",
command=["${getJobs}"],
- property="steps_json"
+ extract_fn=lambda rc, stdout, stderr: { 'steps_json': stdout },
))
f_${name}.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
@@ -141,7 +148,7 @@ let
enable = true;
nick = "build|${hostname}";
server = "irc.r";
- channels = [ "noise" ];
+ channels = [ "xxx" "noise" ];
allowForce = true;
};
extraConfig = ''
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 82ae3b02e..41b701cd0 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -182,6 +182,11 @@ let
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
+ brain-ml = [
+ lass
+ makefu
+ tv
+ ];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
@@ -191,6 +196,7 @@ let
ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
+ "brain@krebsco.de" = brain-ml;
"cfp@eloop.org" = eloop-ml;
"kontakt@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml;
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index e6eb3d287..889ee2817 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -129,6 +129,8 @@ in {
"graphite.shack"
"acng.shack"
"drivedroid.shack"
+ "mobile.lounge.mpd.shack"
+ "lounge.mpd.wolf.shack"
];
};
retiolum = {
@@ -138,6 +140,7 @@ in {
"wolf.r"
"build.wolf.r"
"cgit.wolf.r"
+ "lounge.mpd.wolf.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9630d7a7f..454f9bc65 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1,7 +1,9 @@
{ config, ... }:
with import <stockholm/lib>;
-
+## generate keys with:
+# tinc generate-keys
+# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
cake = rec {
@@ -29,6 +31,32 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake";
};
+ crapi = rec { # raspi1
+ cores = 1;
+ ci = false;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.136.237";
+ ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee2";
+ aliases = [
+ "crapi.r"
+ ];
+ tinc.pubkey = ''
+ Ed25519PublicKey = Zkh6vtSNBvKYUjCPsMyAFJmxzueglCDoawVPCezKy4F
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAloXLBfZQEVW9mJ7uwOoa+DfV4ek/SG+JQuexJMugei/iNy0NjY66
+ OVIkzFmED32c3D7S1+Q+5Mc3eR02k1o7XERpZeZhCtJOBlS4xMzCKH62E4USvH5L
+ R4O8XX1o/tpeOuZvpnpY1oPmFFc/B5G2jWWQR4Slpbw7kODwYYm5o+B7n+MkVNrk
+ OEOHLaaO6I5QB3GJvDH2JbwzDKLVClQM20L/EvIwnB+Xg0q3veKFj0WTXEK+tuME
+ di++RV4thhZ9IOgRTJOeT94j7ulloh15gqYaIqRqgtzfWE2TnUxvl+upB+yQHNtl
+ bJFLHkE34cQGxEv9dMjRe8i14+Onhb3B6wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGaV5Ga5R8RTrA+nclxw6uy5Z+hPBLitQTfuXdsmbVW6 crapi";
+ };
drop = rec {
ci = true;
cores = 1;
@@ -298,6 +326,13 @@ with import <stockholm/lib>;
-----END RSA PUBLIC KEY-----
'';
};
+ #wiregrill = {
+ # ip6.addr = "42:4200:0000:0000:0000:0000:0000:a4db";
+ # aliases = [
+ # "x.w"
+ # ];
+ # wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+ #};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@x";
@@ -457,8 +492,6 @@ with import <stockholm/lib>;
ip6.addr = "42:f9f0::10";
aliases = [
"omo.r"
- "logs.makefu.r"
- "stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -525,7 +558,9 @@ with import <stockholm/lib>;
"krebsco.de" = ''
cache.euer IN A ${nets.internet.ip4.addr}
cache.gum IN A ${nets.internet.ip4.addr}
+ graph IN A ${nets.internet.ip4.addr}
gold IN A ${nets.internet.ip4.addr}
+ iso.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
@@ -537,13 +572,24 @@ with import <stockholm/lib>;
"nextgum.i"
];
};
+ #wiregrill = {
+ # via = internet;
+ # ip6.addr = "42:4200:0000:0000:0000:0000:0000:70d3";
+ # aliases = [
+ # "gum.w"
+ # ];
+ # wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ #};
retiolum = {
via = internet;
ip4.addr = "10.243.0.213";
ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3";
aliases = [
"nextgum.r"
+ "graph.r"
"cache.gum.r"
+ "logs.makefu.r"
+ "stats.makefu.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -579,7 +625,6 @@ with import <stockholm/lib>;
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
mon.euer IN A ${nets.internet.ip4.addr}
- graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
photostore IN A ${nets.internet.ip4.addr}
@@ -604,7 +649,6 @@ with import <stockholm/lib>;
"o.gum.r"
"tracker.makefu.r"
- "graph.r"
"search.makefu.r"
"wiki.makefu.r"
"wiki.gum.r"
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 02176ec4a..3ba598a45 100644
--- a/krebs/3modules/setuid.nix
+++ b/