diff options
| -rw-r--r-- | kartei/lass/neoprism.nix | 9 | ||||
| -rw-r--r-- | kartei/lass/prism.nix | 3 | ||||
| -rw-r--r-- | kartei/makefu/default.nix | 2 | ||||
| -rw-r--r-- | kartei/tv/hosts/fu.nix | 1 | ||||
| -rw-r--r-- | kartei/tv/hosts/leg.nix | 1 | ||||
| -rw-r--r-- | kartei/tv/hosts/ne.nix | 18 | ||||
| -rw-r--r-- | kartei/tv/hosts/ni.nix | 67 | ||||
| -rw-r--r-- | kartei/tv/hosts/pi.nix | 1 | ||||
| -rw-r--r-- | kartei/tv/hosts/zoppo.nix | 1 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/nameserver.nix | 9 | ||||
| -rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 15 | ||||
| -rw-r--r-- | krebs/3modules/repo-sync.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/ecrypt/default.nix | 111 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/repo-sync/default.nix | 4 |
15 files changed, 36 insertions, 209 deletions
diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix index 73eda0762..086362938 100644 --- a/kartei/lass/neoprism.nix +++ b/kartei/lass/neoprism.nix @@ -1,5 +1,12 @@ { r6, w6, ... }: -{ +rec { + extraZones = { + "krebsco.de" = '' + p 60 IN A ${nets.internet.ip4.addr} + c 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + ''; + }; nets = rec { internet = { ip4 = rec { diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index a44e120b2..33c662bc4 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -3,9 +3,6 @@ rec { extraZones = { "krebsco.de" = '' cache 60 IN A ${nets.internet.ip4.addr} - p 60 IN A ${nets.internet.ip4.addr} - c 60 IN A ${nets.internet.ip4.addr} - paste 60 IN A ${nets.internet.ip4.addr} prism 60 IN A ${nets.internet.ip4.addr} social 60 IN A ${nets.internet.ip4.addr} ''; diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 9df79afbf..e92aeec93 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -251,6 +251,8 @@ in { wikisearch IN A ${nets.internet.ip4.addr} work.euer IN A ${nets.internet.ip4.addr} shop.euer IN A ${nets.internet.ip4.addr} + matrix.euer IN A ${nets.internet.ip4.addr} + element.euer IN A ${nets.internet.ip4.addr} mediengewitter IN CNAME over.dose.io. nixos.unstable IN CNAME krebscode.github.io. diff --git a/kartei/tv/hosts/fu.nix b/kartei/tv/hosts/fu.nix index f33da59c9..c3f2f9297 100644 --- a/kartei/tv/hosts/fu.nix +++ b/kartei/tv/hosts/fu.nix @@ -20,5 +20,4 @@ }; secure = true; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8T+2Oe6qCE0uEb9H7CWZengyhHK30NelmYmpI4Umpm root@fu"; - syncthing.id = "F5B3EPT-OEOFYMV-GATESYO-727M6R4-YBXGW6Q-SG3QWC7-PPVFX4C-AY4UKAJ"; } diff --git a/kartei/tv/hosts/leg.nix b/kartei/tv/hosts/leg.nix index c09749302..5841c72d5 100644 --- a/kartei/tv/hosts/leg.nix +++ b/kartei/tv/hosts/leg.nix @@ -23,5 +23,4 @@ }; secure = true; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiputkYYQbg8sUHu+dMVOEuqhPYwPhPdmkS6LopPx17 root@leg"; - syncthing.id = "5IB2U3K-HNQWNA4-ULYNPZF-XC3HX4D-IKQB72L-GNF6U2P-RNL4OMF-BWGDVAU"; } diff --git a/kartei/tv/hosts/ne.nix b/kartei/tv/hosts/ne.nix index 584d7c433..1191fcb71 100644 --- a/kartei/tv/hosts/ne.nix +++ b/kartei/tv/hosts/ne.nix @@ -2,8 +2,13 @@ extraZones = { "krebsco.de" = '' @ 60 IN MX 5 ne + @ 60 IN TXT "v=spf1 mx -all" ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} + cgit 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} + cgit 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} + cgit.ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} + search.ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} tv 300 IN NS ne ''; }; @@ -11,6 +16,7 @@ internet = { aliases = [ "ne.i" + "cgit.ne.i" ]; ip4 = { addr = "159.195.31.38"; @@ -26,14 +32,26 @@ "ne.m" ]; ip6.addr = "45f:fa21:4bdd:a758:8091:947d:fe84:fac3"; + via = config.krebs.hosts.ne.nets.internet; }; retiolum = { aliases = [ "ne.r" + "cgit.ne.r" + "krebs.ne.r" + "search.ne.r" + "p.ne.r" + "p.tv.r" ]; + ip4.addr = "10.243.113.224"; + via = config.krebs.hosts.ne.nets.internet; }; wiregrill = { ip4.addr = "10.244.3.2"; + via = config.krebs.hosts.ne.nets.internet; + wireguard.subnets = [ + (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR + ]; }; }; } diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix deleted file mode 100644 index 3e3d81c37..000000000 --- a/kartei/tv/hosts/ni.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, slib, ... }: { - extraZones = { - "krebsco.de" = '' - ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - krebsco.de. 60 IN MX 5 ni - krebsco.de. 60 IN TXT "v=spf1 mx -all" - tv 300 IN NS ni - ''; - }; - nets = { - internet = { - ip4 = { - addr = "185.162.251.237"; - }; - ip6 = { - addr = "2a03:4000:1a:cf::1"; - prefixLength = 64; - }; - aliases = [ - "ni.i" - "cgit.ni.i" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.ni.nets.internet; - ip4.addr = "10.243.113.223"; - aliases = [ - "ni.r" - "cgit.ni.r" - "krebs.ni.r" - "search.ni.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA7NHuW8eLVhpBfL70WwcSGVmv4dijKLJs5cH/BmqK8zN2lpiLKt12 - bhaE1YEhGoGma7Kef1Fa0V9xUkJy6C1+sVlfWp/LeY8VRSX5E3u36TEl6kl/4zu6 - Ea/44BoGUSOC9ImxVEX51czA10PFjUSrGFyK0oaRlKNsTwwpNiBOY7/6i74bhn59 - OIsySRUBd2QPjYhJkiuc7gltVfwt6wteZh8R4w2rluVGYLQPsmN/XEWgJbhzI4im - W+3/bdewHVF1soZWtdocPLeXTn5HETX5g8p2V3bwYL37oIwkCcYxOeQtT7W+lNJ2 - NvIiVh4Phojl4dBUgUQGT0NApMnsaG/4LJpSC4AGiqbsznBdSPhepob7zJggPnWY - nfAs+YrUUZp1wovhSgWfYTRglRuyYvWkoGbq411H1efawyZ0gcMr+HQlSn2keQOv - lbcvdgOAxQiEcPVixPq3mTeKaSxWyIJGFceuqtnILGifRNvViX0uo9g5rLQ41PrJ - 9F3azz3gD2Uh73j5pvLU72cge7p1a7epPYWTJYf8oc5JcI3nYTKpSqH8IYaWUjv9 - q0NwOYFDhYtUcTwdbUNl/tUWKyBcovIe7f40723pHSijiPV2WDZC2M/mOc3dvWKF - Mf00uin+7uMuKtnG6+1z5nKb/AWrqN1RZu0rnG/IkZPKwa19HYsYcOkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "nDuK96NlNhcxzlX7G30w/706RxItb+FhkFkz/VhUgCE"; - }; - wiregrill = { - via = config.krebs.hosts.ni.nets.internet; - ip4.addr = "10.244.3.1"; - wireguard.subnets = [ - (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR - ]; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; -} diff --git a/kartei/tv/hosts/pi.nix b/kartei/tv/hosts/pi.nix index 991bc0086..cfcc71a28 100644 --- a/kartei/tv/hosts/pi.nix +++ b/kartei/tv/hosts/pi.nix @@ -1,4 +1,3 @@ { nets.wiregrill.ip4.addr = "10.244.3.102"; - syncthing.id = "NLR6FLV-2MJQSZ6-4M5QBBB-X2UM225-YGB6IYW-F2EGFV6-D7ZDCWY-27EQAAM"; } diff --git a/kartei/tv/hosts/zoppo.nix b/kartei/tv/hosts/zoppo.nix index 4d312105f..abbcc08dc 100644 --- a/kartei/tv/hosts/zoppo.nix +++ b/kartei/tv/hosts/zoppo.nix @@ -20,5 +20,4 @@ }; secure = true; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMk5DVtgzKmbJTsJs81GIMYE3YblnJJTc/FtVukKJK4J root@zoppo"; - syncthing.id = "F4GDV3I-QX6QAA5-32MXHXE-2RJDYBO-RFXGDFR-EGMN4IQ-OJDKL62-NCUWOAQ"; } diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 60479fd90..8e03e3b52 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,7 +27,7 @@ ### shackspace ### # handle the worlddomination map via coap - #../../2configs/shack/worlddomination.nix (FIXME error: python3.13-LinkHeader-0.4.3 does not configure a `format`. To build with setuptools as before, set `pyproject = true` and `build-system = [ setuptools ]`.) + ../../2configs/shack/worlddomination.nix ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index c394f312d..c61b5c1b1 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -70,10 +70,6 @@ in { address: ${config.krebs.hosts.ne.nets.internet.ip4.addr} key: krebs_transfer_notify_key - - id: krebscode_ni - address: ${config.krebs.hosts.ni.nets.internet.ip4.addr} - key: krebs_transfer_notify_key - acl: - id: acme_acl key: acme @@ -124,7 +120,6 @@ in { notify: henet_ns1 notify: hostingde_ns1 notify: krebscode_ne - notify: krebscode_ni acl: transfer_to_henet_secondary acl: transfer_to_hostingde_secondary acl: transfer_to_krebscode_secondary @@ -174,8 +169,8 @@ in { echo server krebsco.de. echo zone krebsco.de. echo origin krebsco.de. - echo add _25._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data - echo add _443._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data + echo add _25._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data + echo add _443._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data echo show echo send echo answer diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 66a4095db..eba6cc83b 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -3,7 +3,7 @@ with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2020-12-01"; + name = "worlddomination-2025-04-02"; src = pkgs.fetchFromGitHub { owner = "shackspace"; repo = "worlddomination"; @@ -11,9 +11,8 @@ let sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E="; }; buildInputs = [ - (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - LinkHeader aiocoap grequests paramiko @@ -31,16 +30,6 @@ let pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap - LinkHeader = pythonPackages.buildPythonPackage { - name = "LinkHeader-0.4.3"; - src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; - propagatedBuildInputs = [ ]; - meta = with pkgs.lib; { - homepage = ""; - license = licenses.bsdOriginal; - description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; - }; - }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 afrihost = "10.42.25.201"; # africa diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 7b2be4057..62d99e160 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -17,6 +17,7 @@ let branches = mkOption { type = types.attrsOf (types.submodule ({ config, ... }: { options = { + smart = mkEnableOption "smart sync behavior"; origin = mkOption { type = types.source-types.git; }; diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix deleted file mode 100644 index f83f8cfe7..000000000 --- a/krebs/5pkgs/simple/ecrypt/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, lib }: - -#usage: ecrypt mount /var/crypted /var/unencrypted -pkgs.writers.writeDashBin "ecrypt" '' - set -euf - - PATH=${lib.makeBinPath (with pkgs; [ - coreutils - ecryptfs - gnused - gnugrep - jq - mount - keyutils - umount - ])} - - # turn echo back on if killed - trap 'stty echo' INT - - case "$1" in - init) - shift - mkdir -p "$1" "$2" - - # abort if src or dest are not empty - if [ -e "$1"/.cfg.json ]; then - echo 'source dir is already configured, aborting' - exit 1 - elif ls -1qA "$2" | grep -q .; then - echo 'destination dir is not empty, aborting' - exit 1 - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - mount -t ecryptfs \ - -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - - # add sig to json state file - jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json - fi - ;; - - mount) - shift - if ! [ -e "$1"/.cfg.json ]; then - echo '.cfg.json missing in src' - exit 1 - fi - old_sig=$(cat "$1"/.cfg.json | jq -r .sig) - - # check if key is already in keyring, otherwise add it - - if keyctl list @u | grep -q "$old_sig"; then - echo 'pw already saved' - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - - # check if passphrase matches sig - if [ "$old_sig" != "$new_sig" ]; then - echo 'passphrase does not match sig, bailing out' - new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/') - keyctl revoke "$new_keyid" - keyctl unlink "$new_keyid" - exit 1 - fi - fi - - sig=$old_sig - keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/') - if (ls -1qA "$2" | grep -q .); then - echo 'destination is not empty, bailing out' - exit 1 - else - mount -i -t ecryptfs \ - -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - fi - ;; - - unmount) - shift - - sig=$(cat "$1"/.cfg.json | jq -r .sig) - keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/') - - umount "$2" || : - keyctl revoke "$keyid" - keyctl unlink "$keyid" - ;; - - *) - echo 'usage: - ecrypt init /tmp/src/ /tmp/dst/ - ecrypt mount /tmp/src/ /tmp/dst/ - ecrypt unmount /tmp/src/ /tmp/dst/ - ' - esac -'' diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 801e3b1ba..1c88c2e91 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -2,7 +2,7 @@ with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; - version = "0.2.7"; + version = "1.0.0"; pyproject = true; build-system = [ python3Packages.setuptools ]; propagatedBuildInputs = [ @@ -14,7 +14,7 @@ with python3Packages; buildPythonPackage rec { owner = "krebs"; repo = "repo-sync"; rev = version; - sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; + hash = "sha256-dkhPUaCL+tZn5rF7NN8A6NK/0tz669dLLYRGtRxO+fM="; }; meta = { homepage = http://github.com/makefu/repo-sync; |