17 files changed, 18 insertions, 125 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e6ad449fa..82ede952d 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -130,7 +130,9 @@ let
               shorts = let s = ".${cfg.search-domain}"; in
                 map (removeSuffix s) (filter (hasSuffix s) longs);
             in
-              map (addr: "${addr} ${toString aliases}") net.addrs
+              optionals
+                (aliases != [])
+                (map (addr: "${addr} ${toString aliases}") net.addrs)
           ) (filterAttrs (name: host: host.aliases != []) host.nets)
         ) cfg.hosts
       ));
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index ca8e577d8..8e266e1b3 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -78,11 +78,7 @@ with import <stockholm/lib>;
       extraZones = {
         # TODO generate krebsco.de zone from nets and don't use extraZones at all
         "krebsco.de" = ''
-          krebsco.de. 60 IN MX 5 mx23
-          mx23        60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
           cd          60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
-          cgit        60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
-          cgit.cd     60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
         '';
       };
       nets = {
@@ -90,11 +86,7 @@ with import <stockholm/lib>;
           ip4.addr = "45.62.237.203";
           aliases = [
             "cd.i"
-            "cd.internet"
             "cd.krebsco.de"
-            "cgit.cd.krebsco.de"
-            "cd.viljetic.de"
-            "cgit.cd.viljetic.de"
           ];
           ssh.port = 11423;
         };
@@ -221,7 +213,9 @@ with import <stockholm/lib>;
     ni = {
       extraZones = {
         "krebsco.de" = ''
+          krebsco.de. 60 IN MX 5 ni
           ni          60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+          cgit        60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
           cgit.ni     60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
         '';
       };
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index d453479d2..4397bf786 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -161,7 +161,7 @@ in {
     irc = {
       enable = true;
       nick = "buildbot-lass";
-      server = "cd.retiolum";
+      server = "ni.r";
       channels = [ "retiolum" ];
       allowForce = true;
     };
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 06cae734e..57950e1b7 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -54,7 +54,7 @@ let
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
         channel = "#retiolum";
-        server = "cd.retiolum";
+        server = "ni.r";
         verbose = config.krebs.build.host.name == "prism";
         branches = [ "master" ];
       };
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index f5879a824..baa4bb380 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -15,7 +15,7 @@ let
           nick = config.networking.hostName;
           verbose = false;
           channel = "#retiolum";
-          server = "cd.retiolum";
+          server = "ni.r";
           branches = [ "newest" ];
         };
       });
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8a43d25ff..e8a368fa2 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -41,7 +41,7 @@ in {
     '';
     connectTo = [
       "muhbaasu" "tahoe" "flap" "wry"
-      "cd"
+      "ni"
       "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs"
     ];
   };
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index a460a87e7..0c3676c8b 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -36,7 +36,7 @@
     enable = true;
     debug = true;
     extraEnviron = {
-      REAKTOR_HOST = "cd.retiolum";
+      REAKTOR_HOST = "ni.r";
     };
     plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
     channels = [ "#retiolum" ];
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index 81305272c..b637ca039 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -29,7 +29,7 @@ let
         nick = config.networking.hostName;
         channel = "#retiolum";
         # TODO remove the hardcoded hostname
-        server = "cd.retiolum";
+        server = "ni.r";
       };
     };
   };
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 5c2a0fbd0..553a23972 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -52,7 +52,7 @@ let
         verbose = config.krebs.build.host.name == "gum";
         channel = "#retiolum";
         # TODO remove the hardcoded hostname
-        server = "cd.retiolum";
+        server = "ni.r";
       };
     };
   };
diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix
index a3860a0ef..c2326a5cc 100644
--- a/shared/2configs/cgit-mirror.nix
+++ b/shared/2configs/cgit-mirror.nix
@@ -17,7 +17,7 @@ let
         nick = config.networking.hostName;
         verbose = false;
         channel = "#retiolum";
-        server = "cd.retiolum";
+        server = "ni.r";
       };
     };
   };
diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix
index 753b0f473..4219e5d01 100644
--- a/shared/2configs/repo-sync.nix
+++ b/shared/2configs/repo-sync.nix
@@ -13,7 +13,7 @@ with lib;
         mirror.url = mirror;
       };
       tv = {
-        origin.url = http://cgit.cd/stockholm ;
+        origin.url = http://cgit.ni.r/stockholm;
         mirror.url = mirror;
       };
       lassulus = {
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
index 22144e9ec..7aed6272c 100644
--- a/shared/2configs/shared-buildbot.nix
+++ b/shared/2configs/shared-buildbot.nix
@@ -159,7 +159,7 @@
     irc = {
       enable = true;
       nick = "wolfbot";
-      server = "cd.retiolum";
+      server = "ni.r";
       channels = [ "retiolum" ];
       allowForce = true;
     };
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 043e91510..dd8e2cc64 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -10,85 +10,7 @@ with import <stockholm/lib>;
     ../2configs/hw/CAC-Developer-2.nix
     ../2configs/fs/CAC-CentOS-7-64bit.nix
     ../2configs/exim-smarthost.nix
-    ../2configs/git.nix
     ../2configs/retiolum.nix
-    ../2configs/urlwatch.nix
-    {
-      tv.charybdis = {
-        enable = true;
-        ssl_cert = ../Zcerts/charybdis_cd.crt.pem;
-      };
-      tv.iptables.input-retiolum-accept-tcp = [
-        config.tv.charybdis.port
-        config.tv.charybdis.sslport
-      ];
-    }
-    {
-      tv.ejabberd = {
-        enable = true;
-        hosts = [ "jabber.viljetic.de" ];
-      };
-      tv.iptables.input-internet-accept-tcp = [
-        "xmpp-client"
-        "xmpp-server"
-      ];
-    }
-    {
-      krebs.github-hosts-sync.enable = true;
-      tv.iptables.input-internet-accept-tcp =
-        singleton config.krebs.github-hosts-sync.port;
-    }
-    {
-      krebs.nginx.servers.cgit.server-names = [
-        "cgit.cd.krebsco.de"
-        "cgit.cd.viljetic.de"
-      ];
-      # TODO make public_html also available to cd, cd.retiolum (AKA default)
-      krebs.nginx.servers."https://viljetic.de" = {
-        server-names = singleton "viljetic.de";
-        listen = mkForce []; # disable default
-        ssl = {
-          enable = true;
-          certificate = "/var/lib/acme/viljetic.de/fullchain.pem";
-          certificate_key = "/var/lib/acme/viljetic.de/key.pem";
-        };
-        locations = [
-          (nameValuePair "/" ''
-            root ${pkgs.viljetic-pages};
-          '')
-          (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
-            alias /home/$1/public_html$2;
-          '')
-        ];
-      };
-      krebs.nginx.servers."http://viljetic.de" = {
-        server-names = singleton "viljetic.de";
-        locations = [
-          (nameValuePair "/.well-known/acme-challenge/" ''
-            root /var/lib/acme/challenges/viljetic.de/;
-          '')
-          (nameValuePair "/" ''
-            return 301 https://viljetic.de$request_uri;
-          '')
-        ];
-      };
-      security.acme = {
-        certs."viljetic.de" = {
-          email = "tomislav@viljetic.de";
-          webroot = "/var/lib/acme/challenges/viljetic.de";
-          plugins = [
-            "account_key.json"
-            "key.pem"
-            "fullchain.pem"
-          ];
-          user = "nginx";
-        };
-      };
-      tv.iptables.input-internet-accept-tcp = [
-        "http"
-        "https"
-      ];
-    }
   ];
 
   networking = {
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index b38ef00f9..b6724f40e 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -89,7 +89,7 @@ let
         # TODO make nick = config.krebs.build.host.name the default
         nick = config.krebs.build.host.name;
         channel = "#retiolum";
-        server = "cd.retiolum";
+        server = "ni.r";
         verbose = true;
       };
     };
diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix
index ad1116d4f..a914dad43 100644
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@@ -7,9 +7,8 @@ with import <stockholm/lib>;
     enable = true;
     connectTo = filter (ne config.krebs.build.host.name) [
       "gum"
+      "ni"
       "prism"
-      "echelon"
-      "cd"
     ];
     tincPackage = pkgs.tinc_pre;
   };
diff --git a/tv/5pkgs/netcup/default.nix b/tv/5pkgs/netcup/default.nix
index 2443e9e73..6d2ec6896 100644
--- a/tv/5pkgs/netcup/default.nix
+++ b/tv/5pkgs/netcup/default.nix
@@ -16,7 +16,7 @@ in
 stdenv.mkDerivation {
   name = "netcup-1.0.0";
   src = fetchgit {
-    url = "http://cgit.cd.krebsco.de/netcup";
+    url = "http://cgit.ni.krebsco.de/netcup";
     rev = "tags/v1.0.0";
     sha256 = "0m6mk16pblvnapxykxdccvphslbv1gjfziyr86bnqin1xb1g99bq";
   };
diff --git a/tv/Zcerts/charybdis_cd.crt.pem b/tv/Zcerts/charybdis_cd.crt.pem
deleted file mode 100644
index c613ff380..000000000
--- a/tv/Zcerts/charybdis_cd.crt.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEGzCCAwOgAwIBAgIJAJJiphQRTzFPMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD
-VQQGEwJhcTEYMBYGA1UECAwPTWFyaWUgQnlyZCBMYW5kMSIwIAYDVQQHDBlCZW50
-bGV5IFN1YmdsYWNpYWwgVHJlbmNoMQ4wDAYDVQQKDAVrcmViczERMA8GA1UECwwI
-cmV0aW9sdW0xFDASBgNVBAMMC2NkLnJldGlvbHVtMR0wGwYJKoZIhvcNAQkBFg50
-dkB3dS5yZXRpb2x1bTAeFw0xNTA3MTkxODQ2MjhaFw0xNjA3MDkxODQ2MjhaMIGj
-MQswCQYDVQQGEwJhcTEYMBYGA1UECAwPTWFyaWUgQnlyZCBMYW5kMSIwIAYDVQQH
-DBlCZW50bGV5IFN1YmdsYWNpYWwgVHJlbmNoMQ4wDAYDVQQKDAVrcmViczERMA8G
-A1UECwwIcmV0aW9sdW0xFDASBgNVBAMMC2NkLnJldGlvbHVtMR0wGwYJKoZIhvcN
-AQkBFg50dkB3dS5yZXRpb2x1bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMyPb37kchbjZi6WsvpQeGOVEBTU8B4E24GkfetbfYtsFqW6pIKN7DlTFKzJ
-3WKSLIf/cZuBQJucKuc8QXc5ZEXQ66QyCiX6al0j4C0AnHN17OhgH3yvmioWI4kI
-ycD4N5TnaD2V0OK/HlhKCrIEly6+Nczeo+k5vrcgkkSYJivFpgK1r5+taBYiU4cc
-Pgke2p3mRpZFfK61Ft6DlAg2rL2NVt7Qk0pp6BgCrtVIl968SmVKAEQBHnSYd9z2
-bNE2PH3qI+FLIfioOfXazmogxoQWR9LbKPUQ5nFRDXEJZg1hKDzseUkwV/oU8W3K
-a37lOovqy+qwjYELrWP346/OF5UCAwEAAaNQME4wHQYDVR0OBBYEFI7WWP+tabb5
-CH5aY5mJcMdKGeaXMB8GA1UdIwQYMBaAFI7WWP+tabb5CH5aY5mJcMdKGeaXMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKAF8hSu7Cgp2jei3GPVOE+R
-TtZUePjFJw7iUSYaG1loGfY23IgEzS/jPd/m4jueRTDbtDl7cFTUmKKsF1WWH84l
-s49J2HktiHTiHyZphgWFfbjUZO4nbH11Pac64WPfoeTzm9LnM0xXNd/7VCDXRess
-a6pXtAQXAZri9HOsAeNO0WFivu4oug2pyUoLE64o3UemSwBi0JW2W1KvuYGnQXEa
-HqrFGLBSEQuD4wTePdK0USjhNC8ceMx04b1hUQzuMf8pcXdpkLN6bIOaA/FRxmX9
-3L+6CZPVfQvvw10eLjWv3UYgIjOQFCUR4LsvkVxTaEav0KwmyCC4GUr9Vd+n3eQ=
------END CERTIFICATE-----