summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hope/config.nix41
-rw-r--r--krebs/1systems/hope/source.nix3
-rw-r--r--krebs/3modules/krebs/default.nix32
3 files changed, 76 insertions, 0 deletions
diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix
new file mode 100644
index 000000000..c19b210c5
--- /dev/null
+++ b/krebs/1systems/hope/config.nix
@@ -0,0 +1,41 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ ip = config.krebs.build.host.nets.internet.ip4.addr;
+ bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
+
+in {
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
+
+ <stockholm/krebs/2configs/secret-passwords.nix>
+ {
+ users.extraUsers = {
+ satan = {
+ name = "satan";
+ uid = 1338;
+ home = "/home/satan";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ initialPassword = "test";
+ };
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.hope;
+
+ networking = let
+ address = config.krebs.build.host.nets.internet.ip4.addr;
+ in {
+ defaultGateway = bestGuessGateway address;
+ interfaces.enp2s1.ip4 = singleton {
+ inherit address;
+ prefixLength = 24;
+ };
+ nameservers = ["8.8.8.8"];
+ };
+}
diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix
new file mode 100644
index 000000000..7121d1d9d
--- /dev/null
+++ b/krebs/1systems/hope/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+ name = "hope";
+}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 27fbb7088..9cd103175 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,6 +30,38 @@ let
});
in {
hosts = {
+ hope = {
+ owner = config.krebs.users.krebs;
+ managed = true;
+ nets = {
+ internet = {
+ ip4.addr = "45.62.225.18";
+ aliases = [
+ "hope.i"
+ ];
+ ssh.port = 45621;
+ };
+ retiolum = {
+ ip4.addr = "10.243.77.4";
+ ip6.addr = "42:0:0:0:0:0:77:4";
+ aliases = [
+ "hope.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
+ uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
+ 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
+ A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
+ fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
+ K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
+ };
hotdog = {
owner = config.krebs.users.krebs;
managed = true;