diff options
101 files changed, 2468 insertions, 1716 deletions
diff --git a/.gitmodules b/.gitmodules index 5825f86da..4779748c8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,6 @@ [submodule "lass/5pkgs/autowifi"] path = lass/5pkgs/autowifi url = https://github.com/Lassulus/autowifi +[submodule "submodules/disko"] + path = submodules/disko + url = https://github.com/nix-community/disko diff --git a/doc/Commit_Messages_Guideline.md b/doc/Commit_Messages_Guideline.md index e704ee575..63d479cf7 100644 --- a/doc/Commit_Messages_Guideline.md +++ b/doc/Commit_Messages_Guideline.md @@ -21,11 +21,11 @@ rather fuzzy and may mean different things, just choose what would fit best. Here are a numbers of samples for defining the component: -* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum.r: change ip` +* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum: change ip` * Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO` * Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `<rationale>` * Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type` -* Change host `gum` in `makefu/1systems/gum`: `ma gum.r: add taskserver` +* Change host `gum` in `makefu/1systems/gum`: `ma gum: add taskserver` * Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy` ## `<rationale>` diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index e5626d923..7419ba13f 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -15,7 +15,6 @@ with import ../../lib; "test-all-krebs-modules" ] (name: { inherit name; - cores = 1; nets = { retiolum = { ip4.addr = "10.243.73.57"; @@ -36,7 +35,6 @@ in { hosts = mapAttrs hostDefaults ({ filebitch = { ci = true; - cores = 4; nets = { shack = { ip4 = { @@ -134,7 +132,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo "; }; onebutton = { - cores = 1; nets = { retiolum = { ip4.addr = "10.243.0.101"; @@ -163,7 +160,6 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; }; ponte = { - cores = 1; owner = config.krebs.users.krebs; extraZones = { "krebsco.de" = /* bindzone */ '' @@ -212,7 +208,6 @@ in { }; puyak = { ci = true; - cores = 4; nets = { retiolum = { ip4.addr = "10.243.77.2"; diff --git a/kartei/lass/blue.nix b/kartei/lass/blue.nix new file mode 100644 index 000000000..ddec9553d --- /dev/null +++ b/kartei/lass/blue.nix @@ -0,0 +1,40 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.77"; + ip6.addr = r6 "b1ce"; + aliases = [ + "blue.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd + QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc + sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM + wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu + PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ + RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/ + HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm + khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP + 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N + w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6 + ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J + Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "vf3JzuLpEkjcwZtuJ/0M9Zjfp5ChKXvkORMXsZ4nJKL"; + }; + }; + wiregrill = { + ip6.addr = w6 "b1ce"; + aliases = [ + "blue.w" + ]; + wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + syncthing.id = "J2LMIPD-PBEPVKL-A3MN6NQ-KL6DZ4N-K4GGWZB-E2EPLFN-PDLVAOC-DCSZHAD"; +} diff --git a/kartei/lass/coaxmetal.nix b/kartei/lass/coaxmetal.nix new file mode 100644 index 000000000..d32f279fe --- /dev/null +++ b/kartei/lass/coaxmetal.nix @@ -0,0 +1,42 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.17"; + ip6.addr = r6 "17"; + aliases = [ + "coaxmetal.r" + ]; + tinc = { + pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA + xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK + gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU + WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek + ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 + G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F + G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO + IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX + K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE + 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly + bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo + l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + pubkey_ed25519 = "bEGgA5Wupw+Dgh6Ub7V21Y3wOmyspW1rKGrZsVhi3cO"; + }; + }; + wiregrill = { + ip6.addr = w6 "17"; + aliases = [ + "coaxmetal.w" + ]; + wireguard.pubkey = '' + lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; + syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; +} diff --git a/kartei/lass/daedalus.nix b/kartei/lass/daedalus.nix new file mode 100644 index 000000000..891cbd293 --- /dev/null +++ b/kartei/lass/daedalus.nix @@ -0,0 +1,33 @@ +{ r6, w6, ... }: +{ + nets = rec { + retiolum = { + ip4.addr = "10.243.133.115"; + ip6.addr = r6 "daed"; + aliases = [ + "daedalus.r" + ]; + tinc = { + pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8 + 5hz7go+l3Z7IhTc/HbpGFJ5QJJNFSuSpLfZVyi+cKAUVheTivIniHFIRw37JbJ4+ + qWTlVe3uvOiZ0cA9S6LrbzqAUTLbH0JlWj36mvGIPICDr9YSEkIUKbenxjJlIpX8 + ECEBm8RU1aq3PUo/cVjmpqircynVJBbRCXZiHoxyLXNmh23d0fCPCabEYWhJhgaR + arkYRls5A14HGMI52F3ehnhED3k0mU8/lb4OzYgk34FjuZGmyRWIfrEKnqL4Uu2w + 3pmEvswG1WYG/3+YE80C5OpCE4BUKAzYSwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + pubkey_ed25519 = "ybmNcRLtZ0NxlxIRE3bdc2G4lLXtTGXu+iRaXMTKCNG"; + }; + }; + wiregrill = { + ip6.addr = w6 "daed"; + aliases = [ + "daedalus.w" + ]; + wireguard.pubkey = "ZVTTWbJfe8Oq6E6QW1qgXU91FnkuKDGJO3MF3I3gDFI="; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5Ovdcsljr5dOl7+2sQNKpGpdX0SlOIuCZKEiWEp8g"; +} diff --git a/kartei/lass/default.nix b/kartei/lass/default.nix index e17e000dd..de776fca0 100644 --- a/kartei/lass/default.nix +++ b/kartei/lass/default.nix @@ -3,6 +3,12 @@ with import ../../lib; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; + hostFiles = + builtins.map (lib.removeSuffix ".nix") ( + builtins.filter + (x: lib.hasSuffix ".nix" x && x != "default.nix") + (lib.attrNames (builtins.readDir ./.)) + ); in { dns.providers = { @@ -13,895 +19,10 @@ in { consul = true; ci = true; monitoring = true; - }) { - dishfire = { - cores = 4; - nets = rec { - internet = { - ip4 = rec { - addr = "157.90.232.92"; - prefix = "${addr}/32"; - }; - aliases = [ - "dishfire.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.133.99"; - ip6.addr = r6 "d15f:1233"; - aliases = [ - "dishfire.r" - "grafana.lass.r" - "prometheus.lass.r" - "alert.lass.r" - ]; - tinc = { - pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs - Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 - |