18 files changed, 51 insertions, 20 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 1117dc61c..9d1d56ad3 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -98,7 +98,11 @@ in {
           ];
           wireguard = {
             pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
-            subnets = [ "10.244.1.0/24" "42:1::/32" ];
+            subnets = [
+              "10.244.1.0/24"
+              (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
+              (krebs.genipv6 "wiregrill" "lass" 0).subnetCIDR
+            ];
           };
         };
       };
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 0683492bc..a20801b12 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -1,12 +1,30 @@
 with import <stockholm/lib>;
 { config, ... }: let
 
-  hostDefaults = hostName: host: flip recursiveUpdate host ({
-    owner = config.krebs.users.tv;
-  } // optionalAttrs (host.nets?retiolum) {
-    nets.retiolum.ip6.addr =
-      (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
-  });
+  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+    {
+      owner = config.krebs.users.tv;
+    }
+    (optionalAttrs (host.nets?retiolum) {
+      nets.retiolum = {
+        ip6.addr =
+          (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
+      };
+    })
+    (let
+      pubkey-path = ./wiregrill + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      nets.wiregrill = {
+        aliases = [
+          "${hostName}.w"
+        ];
+        ip6.addr =
+          (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
+        wireguard.pubkey = readFile pubkey-path;
+      };
+    })
+    host
+  ];
 
 in {
   dns.providers = {
@@ -103,6 +121,9 @@ in {
             -----END RSA PUBLIC KEY-----
           '';
         };
+        wiregrill.wireguard.subnets = [
+          (krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
+        ];
       };
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
     };
diff --git a/krebs/3modules/tv/wiregrill/alnus.pub b/krebs/3modules/tv/wiregrill/alnus.pub
new file mode 100644
index 000000000..de85e54da
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/alnus.pub
@@ -0,0 +1 @@
+w7+6kMf1P3Ka0kXXY4CCbr80TrWPYpe/zd13yuvz9SE=
diff --git a/krebs/3modules/tv/wiregrill/mu.pub b/krebs/3modules/tv/wiregrill/mu.pub
new file mode 100644
index 000000000..18edc8986
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/mu.pub
@@ -0,0 +1 @@
+4bboT+cZM1BYvNho9oKbO0MFnPFTvmASR+1IdV4/fwQ=
diff --git a/krebs/3modules/tv/wiregrill/ni.pub b/krebs/3modules/tv/wiregrill/ni.pub
new file mode 100644
index 000000000..257b29833
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/ni.pub
@@ -0,0 +1 @@
+KiIiwkuin+E4FXqFajJjnoGKkHW3H3FzIx5EQrF1+lw=
diff --git a/krebs/3modules/tv/wiregrill/nomic.pub b/krebs/3modules/tv/wiregrill/nomic.pub
new file mode 100644
index 000000000..be9c94be6
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/nomic.pub
@@ -0,0 +1 @@
+UgvgarDtuSvbciNx5SU2NDbctb9/OTQ9Kr8H/O3931A=
diff --git a/krebs/3modules/tv/wiregrill/querel.pub b/krebs/3modules/tv/wiregrill/querel.pub
new file mode 100644
index 000000000..2273cf99d
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/querel.pub
@@ -0,0 +1 @@
+sxaqrsqcDgdM3+QH6mxzqDs3SLWgm7J8AytpIbRZ2n0=
diff --git a/krebs/3modules/tv/wiregrill/wu.pub b/krebs/3modules/tv/wiregrill/wu.pub
new file mode 100644
index 000000000..0d25d9de9
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/wu.pub
@@ -0,0 +1 @@
+68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=
diff --git a/krebs/3modules/tv/wiregrill/xu.pub b/krebs/3modules/tv/wiregrill/xu.pub
new file mode 100644
index 000000000..ba0c7dd04
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/xu.pub
@@ -0,0 +1 @@
+XU76RFN0jG/YjffAPg3e3VuHF/iKMvVoRhHmixvLL1s=
diff --git a/krebs/3modules/tv/wiregrill/zu.pub b/krebs/3modules/tv/wiregrill/zu.pub
new file mode 100644
index 000000000..0238dd653
--- /dev/null
+++ b/krebs/3modules/tv/wiregrill/zu.pub
@@ -0,0 +1 @@
+WrILdnsketejrJuYM/sLEh89GdSVbddv8BG/D3sW7kw=
diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix
index 001ad0bc4..949a98b2a 100644
--- a/tv/1systems/alnus/config.nix
+++ b/tv/1systems/alnus/config.nix
@@ -8,10 +8,6 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
-  # TODO remove non-hardware stuff from ../2configs/hw/x220.nix
-  # networking.wireless.enable collides with networkmanager
-  networking.wireless.enable = mkForce false;
-
   boot = {
     initrd = {
       availableKernelModules = [ "ahci" ];
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index a653ce40d..f1cd7d673 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -5,6 +5,7 @@ with import <stockholm/lib>;
     <stockholm/tv>
     <stockholm/tv/2configs/br.nix>
     <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/hw/x220.nix>
     <stockholm/tv/2configs/retiolum.nix>
   ];
 
@@ -13,10 +14,7 @@ with import <stockholm/lib>;
 
   tv.x0vncserver.enable = true;
 
-  # hardware configuration
-  boot.initrd.luks.devices.muca = {
-    device = "/dev/disk/by-uuid/7b24a931-40b6-44a6-ba22-c805cf164e91";
-  };
+  boot.initrd.luks.devices.muca.device = "/dev/sda2";
   boot.initrd.luks.cryptoModules = [ "aes" "sha512" "xts" ];
   boot.initrd.availableKernelModules = [ "ahci" ];
   boot.kernelModules = [ "fbcon" "kvm-intel" ];
@@ -34,7 +32,7 @@ with import <stockholm/lib>;
       options = [ "defaults" "discard" ];
     };
     "/boot" = {
-      device = "/dev/disk/by-uuid/CEB1-9743";
+      device = "/dev/sda1";
       fsType = "vfat";
     };
   };
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index 996a5e7ec..a89f07e8a 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -64,4 +64,6 @@ with import <stockholm/lib>;
     gnupg
     tmux
   ];
+
+  networking.wireless.enable = true;
 }
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix
index 17eeff5da..4c491d65b 100644
--- a/tv/1systems/wu/config.nix
+++ b/tv/1systems/wu/config.nix
@@ -41,6 +41,8 @@ with import <stockholm/lib>;
     };
   };
 
+  networking.wireless.enable = true;
+
   services.printing.enable = true;
 
   services.udev.extraRules = ''
diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix
index 5421cab92..b9c76cf49 100644
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@@ -147,6 +147,8 @@ with import <stockholm/lib>;
     gptfdisk
   ];
 
+  networking.wireless.enable = true;
+
   #services.bitlbee.enable = true;
   #services.tor.client.enable = true;
   #services.tor.enable = true;
diff --git a/tv/1systems/zu/config.nix b/tv/1systems/zu/config.nix
index 414d2f226..bbfcfafc1 100644
--- a/tv/1systems/zu/config.nix
+++ b/tv/1systems/zu/config.nix
@@ -44,6 +44,8 @@ with import <stockholm/lib>;
     };
   };
 
+  networking.wireless.enable = true;
+
   services.printing.enable = true;
 
   #services.bitlbee.enable = true;
diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix
index 8625078da..4df5e097a 100644
--- a/tv/2configs/hw/AO753.nix
+++ b/tv/2configs/hw/AO753.nix
@@ -25,8 +25,6 @@ with import <stockholm/lib>;
     config.boot.kernelPackages.broadcom_sta
   ];
 
-  networking.wireless.enable = true;
-
   nix = {
     buildCores = 2;
     maxJobs = 2;
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 38a89cfc3..35e7d8941 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -26,8 +26,6 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.wireless.enable = true;
-
   # Required for Centrino.
   hardware.enableRedistributableFirmware = true;