summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix15
-rw-r--r--makefu/2configs/git/brain-retiolum.nix3
2 files changed, 17 insertions, 1 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index f80c397ee..21ea7e23c 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -6,6 +6,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
drop = rec {
cores = 1;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.177.9";
@@ -28,6 +29,7 @@ with import <stockholm/lib>;
};
studio = rec {
cores = 4;
+ managed = true;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
nets = {
@@ -53,6 +55,7 @@ with import <stockholm/lib>;
fileleech = rec {
cores = 4;
+ managed = true;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
@@ -78,6 +81,7 @@ with import <stockholm/lib>;
pnp = {
cores = 1;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.0.210";
@@ -101,6 +105,7 @@ with import <stockholm/lib>;
};
darth = {
cores = 4;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.0.84";
@@ -171,6 +176,7 @@ with import <stockholm/lib>;
};
};
tsp = {
+ managed = true;
cores = 1;
nets = {
retiolum = {
@@ -198,6 +204,7 @@ with import <stockholm/lib>;
};
};
x = {
+ managed = true;
cores = 4;
nets = {
retiolum = {
@@ -243,6 +250,7 @@ with import <stockholm/lib>;
vbob = {
cores = 2;
+ managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.1.91";
@@ -305,6 +313,7 @@ with import <stockholm/lib>;
};
wry = rec {
cores = 1;
+ managed = true;
extraZones = {
"krebsco.de" = ''
wry IN A ${nets.internet.ip4.addr}
@@ -349,6 +358,7 @@ with import <stockholm/lib>;
};
filepimp = rec {
cores = 1;
+ managed = true;
nets = {
lan = {
ip4.addr = "192.168.1.12";
@@ -378,6 +388,7 @@ with import <stockholm/lib>;
omo = rec {
cores = 2;
+ managed = true;
nets = {
lan = {
@@ -411,6 +422,7 @@ with import <stockholm/lib>;
};
wbob = rec {
cores = 4;
+ managed = true;
nets = {
siem = {
ip4.addr = "10.8.10.7";
@@ -452,6 +464,7 @@ with import <stockholm/lib>;
gum = rec {
cores = 2;
+ managed = true;
extraZones = {
"krebsco.de" = ''
@@ -514,6 +527,7 @@ with import <stockholm/lib>;
};
shoney = rec {
cores = 1;
+ managed = true;
nets = rec {
siem = {
via = internet;
@@ -562,6 +576,7 @@ with import <stockholm/lib>;
};
sdev = rec {
cores = 1;
+ managed = true;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
nets = {
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index 18275e3df..05754dc7f 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -8,6 +8,7 @@ let
krebs-repos = mapAttrs make-krebs-repo {
brain = { };
+ krebs-secrets = { };
};
@@ -33,7 +34,7 @@ let
set-owners repo [ config.krebs.users.makefu ] ++ set-ro-access repo krebsminister;
set-ro-access = with git; repo: user:
- optional repo.public {
+ singleton {
inherit user;
repo = [ repo ];
perm = fetch;