diff options
36 files changed, 228 insertions, 416 deletions
diff --git a/flake.lock b/flake.lock index 2d9489825..1f99b2828 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1737857314, - "narHash": "sha256-T9THCbnlj4CkKbTP+lisA5PUMoTXE7uh4FyDQzui+dc=", + "lastModified": 1751515480, + "narHash": "sha256-vCYcc/b8WizF6vnjuRVxSiU8hy9L3vOTWDVKpWM7xRE=", "owner": "Mic92", "repo": "buildbot-nix", - "rev": "c077f430f3717d41bb303d031398058665315166", + "rev": "47ad4c7afb169df6f9d48d0df3d7e2f71d9ddd8f", "type": "github" }, "original": { @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -56,11 +56,11 @@ ] }, "locked": { - "lastModified": 1736917206, - "narHash": "sha256-JTBWmyGf8K1Rwb+gviHIUzRJk/sITtT+72HXFkTZUjo=", + "lastModified": 1748000383, + "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "afd0a42e8c61ebb56899315ee4084a8b2e4ff425", + "rev": "231726642197817d20310b9d39dd4afb9e899489", "type": "github" }, "original": { @@ -87,11 +87,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { @@ -116,11 +116,11 @@ ] }, "locked": { - "lastModified": 1737483750, - "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", "type": "github" }, "original": { @@ -42,6 +42,10 @@ users = self.nixosConfigurations.hotdog.config.krebs.users; }; overlays.default = import ./krebs/5pkgs/default.nix; + packages = let + packageNames = self.lib.attrNames (self.lib.mapNixDir (x: null) ./krebs/5pkgs/simple); + appliedOverlay = (system: self.overlays.default {} (self.inputs.nixpkgs.legacyPackages.${system} // { lib = self.lib; })); + in nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: self.lib.getAttrs packageNames (appliedOverlay system)); lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; }; }; } diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix index eb3d08e8d..4e96c300c 100644 --- a/kartei/0x4A6F/default.nix +++ b/kartei/0x4A6F/default.nix @@ -199,5 +199,31 @@ in { }; }; }; + cyclida = { + owner = config.krebs.users."0x4A6F"; + nets = { + retiolum = { + aliases = [ "cyclida.crustacea.r" ]; + ip4.addr = "10.243.42.70"; + ip6.addr = "42:0:4a6f::4270"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxprJNvjDsxHHHisZARf/UELuoiebeY1HfAJmOeDRZ8Jf931zG+DW + tXLsTKlN96Wc2HL+Y3bx366/NfF5bN6/PmNou1HAJgyFEhUHmFfx+8oYlCNSnJUA + vxHHSeB3rE1fmeW+Nr+fjCrb1mMIgY/HgbN7heOx7DDzZk22INtsEXo1tMM2Dfbc + 83IgcFsfFHjb6HUNMHjMl12wpVzm7vwFby/i4Pyk7dpIcqLGis4YDA+GuSbFRFxA + YlE7VkKCGF8zDmNB4iaSD/k1gPi0oJ4DBJ4pe6l/TDOpZ9ROVvBhYwZVoHM55XVL + 9UV2Q+AQwZVqoVtcD9BI3WYbuDAFVI1IA8K85m0/g/5ML+d8oezYu9CXmjtUyG02 + YkHiytMyk8kYxrBr7qBOvy/XegLiF6zf1cVLDTkgTZCDhvIJRBlae6xocWAtlygB + /ngMyKcizrCtZnDGc4lx0DMrkP2lrGTv9ur8NCesqxZZth+XqdecTiQyLHALhp3j + mmLWMkFLgpE5BlZPkUb7LrZu4Y6fH7ARWjlPUAXnBnBrsYKwNLa7RHDrXWaMf2ph + beUgQqFqA20aGq7Bpj8Io7AukDNOb1/JjgtncPmlVRn+0lMDU3YWBrI8g99S+k7R + O62hZbOeZODEHxWAF5Dok5F0rT62alAfsd9zPUJxGmmYi0knVPiA2WUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "yl5m9xZe+8C0jnpd3YOyWdgRkJqo5sv6JQajAEskrTP"; + }; + }; + }; }; } diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix index 084d796a7..61ee37823 100644 --- a/kartei/kmein/default.nix +++ b/kartei/kmein/default.nix @@ -32,6 +32,31 @@ in }; }; hosts = mapAttrs hostDefaults { + kibbeh = { + nets.retiolum = { + aliases = [ + "kibbeh.r" + "kibbeh.kmein.r" + ]; + ip4.addr = "10.243.2.188"; + tinc.pubkey_ed25519 = "4fQvL3t86kqZ6fedkfjrptiLjGsqQyvs04cXbSgyxwD"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAlLQRY0ya5NNVAlap2R3dk5vfLySVZCIgD/CL2xfIMFpC51xLSph0 + 1kMUqgbznYQ44rhu7VBKM/wWuITIPyT7Jd7K8OiBOyeGAyXdJacAnrUPtX3LmDwu + GkpeScAXz496fgHZd9mGFOgofrnrJpbyWWvpez3DGolkjzzMB5POKGYiWnuKUwLA + 8z5STJa5yCxwye8dnGGe0HkimfUkQgOg4/pOXPXq2sIY052yCGLOa1kemMRvFXxT + HAEHVVbAHC99chTj0s7uxerMDJjtWPXrda1VQJKOYB/UF58k4wbV0kspedqJ5IhQ + l3oIVF0Es7kvgRpUeeGTbOEL4UHd98Y9D8vaIZYaSyuGxzjcJpbdO1kqDn6iqSYw + vCL2Qe9dROl/h6UBt9rjab4rXablDaFdZvVBG8hsCTe1+artVj07s0JWeatM6jIf + BMYhduczjSqgDaIoZzeJ4MH+8RAdBHSKBOOGqIctV8+2C4uwwZdsxAXV0wI+7JZT + EtPCueo/yDr4a6jj6a5bG+fkzONuN2jlYTMJmYMDtlbC7UpV2ijZAXuGw43qaj8M + RCnNZOqzTnBmeIx21BMqExABrsei3PqGwSHpj0HSl6IrYam7hWrL/AiqH5Rmbz/3 + FrjpTwAHxH4SbbO+KKnpdK1Bi0iy4IGLQUTDtpp6vhv41y2PgCwRubECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; ful = { nets.retiolum = { aliases = [ diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 2baf6ef5a..9df79afbf 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -205,11 +205,13 @@ in { gum = rec { extraZones = { "krebsco.de" = '' + abook.euer IN A ${nets.internet.ip4.addr} admin.work.euer IN A ${nets.internet.ip4.addr} api.work.euer IN A ${nets.internet.ip4.addr} atuin.euer IN A ${nets.internet.ip4.addr} board.euer IN A ${nets.internet.ip4.addr} bookmark.euer IN A ${nets.internet.ip4.addr} + book.euer IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} build.euer IN A ${nets.internet.ip4.addr} @@ -241,12 +243,14 @@ in { play.work.euer IN A ${nets.internet.ip4.addr} push.work.euer IN A ${nets.internet.ip4.addr} rss.euer IN A ${nets.internet.ip4.addr} + mdrss.euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} work.euer IN A ${nets.internet.ip4.addr} + shop.euer IN A ${nets.internet.ip4.addr} mediengewitter IN CNAME over.dose.io. nixos.unstable IN CNAME krebscode.github.io. @@ -371,6 +375,10 @@ in { pgp.pubkeys.default = builtins.readFile ./pgp/default.asc; pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc; }; + susanne = { + mail = "susanne@shackspace.de"; + pubkey = pub-for "susanne"; + }; makefu-omo = { inherit (makefu) mail pgp; pubkey = pub-for "makefu.omo"; diff --git a/kartei/makefu/ssh/susanne.pub b/kartei/makefu/ssh/susanne.pub new file mode 100644 index 000000000..c8ab55661 --- /dev/null +++ b/kartei/makefu/ssh/susanne.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIm3+udjYo+7nv+Rb4GJJarQJh+ATrLdkUuIaQOst7oS1Qb5PjAYCooOuJDQdZwVKHrqm3DF5XVcn6KxA6s7RxHvjIZfhSZUBg4nxF7Md+ZReHNm84AnL6yYHRCwuuZUQ008mipJklZuaYHMIprF0sfHWvPGxjElYJQaLudP1ZcdaRvSusEpOQ6Phlbln4w+3CezbL1BgsYnZtaQzb6LISYLco/eZ5DS/uLZeSYgzhX1KorO8YtGpaE6XvuruqTuQFcT62HKJ8XT4wwp43ZdqKECY/ee7A4MFlvCl7E3TWDRbhxsh8pdL2q+4SGEWrAtDMHxjxrXMoBXlinZ35OjtV3QnCDIFm1p6p84n9OCnu2wjD1J2/CtntKwV82fI2W7kUDHndsOYiHF4v9jBcnYQaOyeWRljtWc02YVHfxIoP7toqSE7gXGDdb1Kwj6l8dGS3qGAmnRTu7tUeJOD0fgd/OUrO8M/fgUaAcU3dnn5nYNSbTMsD6eIsX6tyhKYSv7c= susi@noether diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix index e81bdd32b..60369d4df 100644 --- a/kartei/tv/default.nix +++ b/kartei/tv/default.nix @@ -1,29 +1,22 @@ -{ config, lib, ... }@attrs: let - inherit (builtins) - getAttr head mapAttrs match pathExists readDir readFile typeOf; - inherit (lib) - const hasAttrByPath mapAttrs' mkDefault mkIf optionalAttrs removeSuffix - toList; +{ config, lib, ... }: let slib = import ../../lib/pure.nix { inherit lib; }; + + extend = x: f: { + lambda = lib.recursiveUpdate x (f x); + set = lib.recursiveUpdate x f; + }.${builtins.typeOf f}; in { dns.providers = { "viljetic.de" = "regfish"; }; hosts = - mapAttrs - (hostName: hostFile: let - hostSource = import hostFile; - hostConfig = getAttr (typeOf hostSource) { - lambda = hostSource attrs; - set = hostSource; - }; - in slib.evalSubmodule slib.types.host [ - hostConfig + builtins.mapAttrs + (hostName: lib.flip (builtins.foldl' extend) [ { name = hostName; owner = config.krebs.users.tv; } - (optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) { + (hostConfig: lib.optionalAttrs (lib.hasAttrByPath ["nets" "retiolum"] hostConfig) { nets.retiolum = { ip6.addr = (slib.krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address; @@ -31,29 +24,31 @@ in { }) (let pubkey-path = ./wiregrill + "/${hostName}.pub"; - in optionalAttrs (pathExists pubkey-path) { + in lib.optionalAttrs (builtins.pathExists pubkey-path) { nets.wiregrill = { aliases = [ "${hostName}.w" ]; ip6.addr = (slib.krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address; - wireguard.pubkey = readFile pubkey-path; + wireguard.pubkey = builtins.readFile pubkey-path; }; }) - (host: mkIf (host.config.ssh.pubkey != null) { - ssh.privkey = mapAttrs (const mkDefault) { - path = "${config.krebs.secret.directory}/ssh.id_${host.config.ssh.privkey.type}"; - type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey)); + (hostConfig: lib.optionalAttrs (hostConfig.ssh.pubkey or null != null) { + ssh.privkey = builtins.mapAttrs (lib.const lib.mkDefault) rec { + path = "${config.krebs.secret.directory}/ssh.id_${type}"; + type = builtins.head (lib.toList (builtins.match "ssh-([^ ]+) .*" hostConfig.ssh.pubkey)); }; }) ]) - (mapAttrs' + (lib.mapAttrs' (name: type: { - name = removeSuffix ".nix" name; - value = ./hosts + "/${name}"; + name = lib.removeSuffix ".nix" name; + value = lib.toFunction (import (./hosts + "/${name}")) { + inherit config lib slib; + }; }) - (readDir ./hosts)); + (builtins.readDir ./hosts)); sitemap = { "http://cgit.krebsco.de" = { desc = "Git repositories"; @@ -70,21 +65,21 @@ in { }; mv-ni = { mail = "mv@ni.r"; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; + pubkey = builtins.readFile (./ssh + "/mv@vod.id_ed25519.pub"); }; tv = { mail = "tv@nomic.r"; - pgp.pubkeys.default = readFile ./pgp/CBF89B0B.asc; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; + pgp.pubkeys.default = builtins.readFile ./pgp/CBF89B0B.asc; + pubkey = builtins.readFile (./ssh + "/tv@wu.id_rsa.pub"); uid = 1337; # TODO use default and document what has to be done (for vv) }; tv-nomic = { inherit (config.krebs.users.tv) mail; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2"; + pubkey = builtins.readFile (./ssh + "/tv@nomic.id_rsa.pub"); }; tv-xu = { inherit (config.krebs.users.tv) mail; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu"; + pubkey = builtins.readFile (./ssh + "/tv@xu.id_rsa.pub"); }; vv = { mail = "vv@mu.r"; diff --git a/kartei/tv/hosts/ne.nix b/kartei/tv/hosts/ne.nix new file mode 100644 index 000000000..d67df6209 --- /dev/null +++ b/kartei/tv/hosts/ne.nix @@ -0,0 +1,41 @@ +{ config, ... }: { + extraZones = { + "krebsco.de" = '' + @ 60 IN MX 5 ne + ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} + ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} + tv 300 IN NS ne + ''; + }; + nets = { + internet = { + aliases = [ + "ne.i" + ]; + ip4 = rec { + addr = "159.195.31.38"; + prefix = "${addr}/32"; + }; + ip6 = rec { + addr = "2a0a:4cc0:c1:5eb0::1"; + prefix = "${addr}/64"; + prefixLength = 64; + }; + ssh.port = 11423; + }; + mycelium = { + aliases = [ + "ne.m" + ]; + ip6.addr = "45f:fa21:4bdd:a758:8091:947d:fe84:fac3"; + }; + retiolum = { + aliases = [ + "ne.r" + ]; + }; + wiregrill = { + ip4.addr = "10.244.3.2"; + }; + }; +} diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix index d64874d9c..fed171f23 100644 --- a/kartei/tv/hosts/ni.nix +++ b/kartei/tv/hosts/ni.nix @@ -1,6 +1,4 @@ -{ config, lib, ... }: let - slib = import ../../../lib/pure.nix { inherit lib; }; -in { +{ config, lib, slib, ... }: { extraZones = { "krebsco.de" = '' ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} diff --git a/kartei/tv/ssh/mv@vod.id_ed25519.pub b/kartei/tv/ssh/mv@vod.id_ed25519.pub new file mode 100644 index 000000000..7b7d2e260 --- /dev/null +++ b/kartei/tv/ssh/mv@vod.id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod diff --git a/kartei/tv/ssh/tv@nomic.id_rsa.pub b/kartei/tv/ssh/tv@nomic.id_rsa.pub new file mode 100644 index 000000000..519beb0e6 --- /dev/null +++ b/kartei/tv/ssh/tv@nomic.id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2 diff --git a/kartei/tv/ssh/tv@wu.id_rsa.pub b/kartei/tv/ssh/tv@wu.id_rsa.pub new file mode 100644 index 000000000..b6e2634e8 --- /dev/null +++ b/kartei/tv/ssh/tv@wu.id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu diff --git a/kartei/tv/ssh/tv@xu.id_rsa.pub b/kartei/tv/ssh/tv@xu.id_rsa.pub new file mode 100644 index 000000000..76d4f6962 --- /dev/null +++ b/kartei/tv/ssh/tv@xu.id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 542106d5f..0c361cc42 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -11,7 +11,7 @@ # brain hosts/puyak/root ../../2configs/hw/getty-for-esp.nix - ../../2configs/buildbot/worker.nix + # ../../2configs/buildbot/worker.nix ## initrd unlocking # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat /crypt-ramfs/passphrase' @@ -67,7 +67,7 @@ } # create samba share for anonymous usage with the laser and 3d printer pc - ../../2configs/shack/share.nix + # ../../2configs/shack/share.nix # mobile.lounge.mpd.shack ../../2configs/shack/mobile.mpd.nix @@ -159,7 +159,6 @@ services.logind.lidSwitchExternalPower = "ignore"; - environment.systemPackages = [ pkgs.zsh ]; system.activationScripts."disengage fancontrol" = '' diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix index ceb11ca64..11b8b3ec1 100644 --- a/krebs/2configs/exim-smarthost.nix +++ b/krebs/2configs/exim-smarthost.nix @@ -35,6 +35,7 @@ in { "brain@krebsco.de" = brain-ml; "eloop2022@krebsco.de" = eloop-ml; "2024@eloop.org" = eloop-ml; + "2025@eloop.org" = eloop-ml; "root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead "spam@eloop.org" = eloop-ml; "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix index b81c229b6..3c7205167 100644 --- a/krebs/2configs/mastodon.nix +++ b/krebs/2configs/mastodon.nix @@ -1,4 +1,14 @@ { config, lib, pkgs, ... }: +let + mastodon-clear-cache = pkgs.writers.writeDashBin "mastodon-clear-cache" '' + /run/current-system/sw/bin/mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 + /run/current-system/sw/bin/mastodon-tootctl media remove-orphans + /run/current-system/sw/bin/mastodon-tootctl preview_cards remove --days=14 + /run/current-system/sw/bin/mastodon-tootctl accounts prune + /run/current-system/sw/bin/mastodon-tootctl statuses remove --days 4 + /run/current-system/sw/bin/mastodon-tootctl media remove --days 4 + ''; +in { services.postgresql = { enable = true; @@ -25,12 +35,20 @@ 443 ]; + systemd.services.mastodon-clear-cache = { + description = "Mastodon Clear Cache"; + wantedBy = [ "timers.target" ]; + startAt = "daily"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${mastodon-clear-cache}/bin/mastodon-clear-cache"; + User = "mastodon"; + WorkingDirectory = "/var/lib/mastodon"; + }; + }; + environment.systemPackages = [ - (pkgs.writers.writeDashBin "clear-mastodon-cache" '' - mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30 - mastodon-tootctl media remove-orphans - mastodon-tootctl preview_cards remove --days=14 - '') + mastodon-clear-cache (pkgs.writers.writeDashBin "create-mastodon-user" '' set -efu nick=$1 diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index 633f6f5d5..fb22dc6f9 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -66,6 +66,10 @@ in { - id: hostingde_ns1 address: 134.0.30.178 + - id: krebscode_ne + address: ${config.krebs.hosts.ne.nets.internet.ip4.addr} + key: krebs_transfer_notify_key + - id: krebscode_ni address: ${config.krebs.hosts.ni.nets.internet.ip4.addr} key: krebs_transfer_notify_key @@ -119,6 +123,7 @@ in { dnssec-policy: rsa2k notify: henet_ns1 notify: hostingde_ns1 + notify: krebscode_ne notify: krebscode_ni acl: transfer_to_henet_secondary acl: transfer_to_hostingde_secondary diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index bc483e8d0..0ba22af78 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -26,21 +26,17 @@ "guest ok" = "yes"; }; }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - - # for legacy systems - client min protocol = NT1 - server min protocol = NT1 - workgroup = WORKGROUP - server string = ${config.networking.hostName} - netbios name = ${config.networking.hostName} - ''; + settings.global = { + "guest account" = "smbguest"; + "map to guest" = "bad user"; + # disable printing + "load printers" = "no"; + "printing" = "bsd"; + "printcap name" = "/dev/null"; + "disable spoolss" = "yes"; + "workgroup" = "WORKGROUP"; + "server string" = config.networking.hostName; + "netbios name" = config.networking.hostName; + }; }; } diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 80957f3a5..183a81f99 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -2,6 +2,7 @@ { users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users."0x4A6F".pubkey + config.krebs.users.susanne.pubkey config.krebs.users.hase.pubkey config.krebs.users.neos.pubkey config.krebs.users.raute.pubkey diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index b7a8f18df..66a4095db 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -7,11 +7,11 @@ let src = pkgs.fetchFromGitHub { owner = "shackspace"; repo = "worlddomination"; - rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c"; - sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y"; + rev = "934387c3525e819e6b5981c417a7561d70b8b61a"; + sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E="; }; buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ docopt LinkHeader aiocoap @@ -30,41 +30,7 @@ let }; p |