59 files changed, 0 insertions, 694 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
deleted file mode 100644
index 0d5359989..000000000
--- a/krebs/3modules/makefu/default.nix
+++ /dev/null
@@ -1,393 +0,0 @@
-## generate keys with:
-# tinc generate-keys
-# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
-
-with import <stockholm/lib>;
-{ config, ... }: let
-
-  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
-    {
-      owner = config.krebs.users.makefu;
-    }
-    # Retiolum defaults
-    (let
-      pubkey-path = ./retiolum + "/${hostName}.pub";
-    in optionalAttrs (pathExists pubkey-path) {
-      nets.retiolum = {
-        tinc.pubkey = readFile pubkey-path;
-        aliases = [
-          "${hostName}.r"
-        ];
-        ip6.addr =
-          (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
-      };
-    })
-    # Retiolum ed25519 keys
-    (let
-      pubkey-path = ./retiolum + "/${hostName}_ed25519.pub";
-    in optionalAttrs (pathExists pubkey-path) {
-      nets.retiolum.tinc.pubkey_ed25519 = readFile pubkey-path;
-    })
-    # Wiregrill defaults
-    (let
-      pubkey-path = ./wiregrill + "/${hostName}.pub";
-    in optionalAttrs (pathExists pubkey-path) {
-      nets.wiregrill = {
-        aliases = [
-          "${hostName}.w"
-        ];
-        ip6.addr =
-          (krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
-        wireguard.pubkey = readFile pubkey-path;
-      };
-    })
-    # SSHD defaults
-    (let
-      pubkey-path = ./sshd + "/${hostName}.pub";
-    in optionalAttrs (pathExists pubkey-path) {
-      ssh.pubkey = readFile pubkey-path;
-      # We assume that if the sshd pubkey exits then there must be a privkey in
-      # the screts store as well
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
-    })
-    host
-  ];
-
-  pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
-  w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
-in {
-  hosts = mapAttrs hostDefaults {
-    cake = rec {
-      cores = 4;
-      ci = false;
-      nets = {
-        retiolum.ip4.addr = "10.243.136.236";
-      };
-    };
-    crapi = rec { # raspi1
-      cores = 1;
-      ci = false;
-      nets = {
-        retiolum.ip4.addr = "10.243.136.237";
-      };
-    };
-    firecracker = {
-      cores = 4;
-      nets = {
-        retiolum.ip4.addr = "10.243.12.12";
-      };
-    };
-
-    studio = rec {
-      ci = false;
-      cores = 4;
-      nets = {
-        retiolum.ip4.addr = "10.243.227.163";
-      };
-    };
-    fileleech = rec {
-      ci = false;
-      cores = 4;
-      nets = {
-        retiolum.ip4.addr = "10.243.113.98";
-      };
-    };
-    tsp = {
-      ci = true;
-      cores = 1;
-      nets = {
-        retiolum.ip4.addr = "10.243.0.212";
-      };
-    };
-    x = {
-      ci = true;
-      cores = 4;
-      syncthing.id = "OA36OF6-JEFCUJQ-OEYVTMH-DPCACQI-3AJRE5G-BFVMOUG-RPYJQE3-4ZCUWA5";
-      nets = {
-        retiolum.ip4.addr = "10.243.0.91";
-        wiregrill = {
-          # defaults
-        };
-      };
-
-    };
-    filepimp = rec {
-      ci = false;
-      cores = 1;
-      nets = {
-        retiolum.ip4.addr = "10.243.153.102";
-      };
-    };
-
-    omo = rec {
-      ci = true;
-      cores = 2;
-      syncthing.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.0.89";
-          aliases = [
-            "omo.r"
-            "dcpp.omo.r"
-            "backup.makefu.r"
-            "torrent.omo.r"
-            "music.omo.r"
-            "music.makefu.r"
-          ];
-        };
-      };
-    };
-    wbob = rec {
-      ci = true;
-      cores = 4;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.214.15";
-          aliases = [
-            "wbob.r"
-            "hydra.wbob.r"
-            "log.wbob.r"
-          ];
-        };
-      };
-    };
-    latte = rec {
-      ci = true;
-      extraZones = {
-        "krebsco.de" = ''
-          latte.euer     IN A      ${nets.internet.ip4.addr}
-        '';
-      };
-      cores = 4;
-      nets = rec {
-        internet = {
-          ip4.addr = "178.254.30.202";
-          ip6.addr = "2a00:6800:3:18c::2";
-          aliases = [
-            "latte.i"
-          ];
-        };
-        #wiregrill = {
-        #  via = internet;
-        #  ip4.addr = "10.244.245.1";
-        #  ip6.addr = w6 "1";
-        #  wireguard.port = 51821;
-        #  wireguard.subnets = [
-        #      (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
-        #      "10.244.245.0/24" # required for routing directly to gum via rockit
-        #  ];
-        #};
-        retiolum = {
-          via = internet;
-          ip4.addr = "10.243.0.214";
-          # never connect via gum (he eats your packets!)
-          #tinc.weight = 9001;
-
-          aliases = [
-            "latte.r"
-            "torrent.latte.r"
-          ];
-        };
-      };
-    };
-    gum = rec {
-      ci = true;
-      extraZones = {
-        "krebsco.de" = ''
-          rss.euer          IN A      ${nets.internet.ip4.addr}
-          o.euer            IN A      ${nets.internet.ip4.addr}
-          bw.euer           IN A      ${nets.internet.ip4.addr}
-          bookmark.euer     IN A      ${nets.internet.ip4.addr}
-          boot              IN A      ${nets.internet.ip4.addr}
-          boot.euer         IN A      ${nets.internet.ip4.addr}
-          cache.euer        IN A      ${nets.internet.ip4.addr}
-          cache.gum         IN A      ${nets.internet.ip4.addr}
-          cgit.euer         IN A      ${nets.internet.ip4.addr}
-          dl.euer           IN A      ${nets.internet.ip4.addr}
-          dns.euer          IN A      ${nets.internet.ip4.addr}
-          dockerhub         IN A      ${nets.internet.ip4.addr}
-          euer              IN A      ${nets.internet.ip4.addr}
-          euer              IN MX 1   aspmx.l.google.com.
-          ghook             IN A      ${nets.internet.ip4.addr}
-          git.euer          IN A      ${nets.internet.ip4.addr}
-          gold              IN A      ${nets.internet.ip4.addr}
-          graph             IN A      ${nets.internet.ip4.addr}
-          gum               IN A      ${nets.internet.ip4.addr}
-          io                IN NS     gum.krebsco.de.
-          iso.euer          IN A      ${nets.internet.ip4.addr}
-          feed.euer         IN A      ${nets.internet.ip4.addr}
-          board.euer        IN A      ${nets.internet.ip4.addr}
-          etherpad.euer     IN A      ${nets.internet.ip4.addr}
-          mediengewitter    IN CNAME  over.dose.io.
-          mon.euer          IN A      ${nets.internet.ip4.addr}
-          netdata.euer      IN A      ${nets.internet.ip4.addr}
-          nixos.unstable    IN CNAME  krebscode.github.io.
-          photostore        IN A      ${nets.internet.ip4.addr}
-          pigstarter        IN CNAME  makefu.github.io.
-          share.euer        IN A      ${nets.internet.ip4.addr}
-          wg.euer           IN A      ${nets.internet.ip4.addr}
-          wiki.euer         IN A      ${nets.internet.ip4.addr}
-          wikisearch        IN A      ${nets.internet.ip4.addr}
-
-          meet.euer         IN A      ${nets.internet.ip4.addr}
-          work.euer         IN A      ${nets.internet.ip4.addr}
-          admin.work.euer   IN A      ${nets.internet.ip4.addr}
-          push.work.euer    IN A      ${nets.internet.ip4.addr}
-          api.work.euer     IN A      ${nets.internet.ip4.addr}
-          maps.work.euer    IN A      ${nets.internet.ip4.addr}
-          play.work.euer    IN A      ${nets.internet.ip4.addr}
-          ul.work.euer      IN A      ${nets.internet.ip4.addr}
-          music.euer        IN A      ${nets.internet.ip4.addr}
-        '';
-      };
-      cores = 8;
-      nets = rec {
-        internet = {
-          ip4.addr = "142.132.189.140";
-          ip6.addr = "fe80::9400:1ff:fe24:33f4";
-          aliases = [
-            "gum.i"
-          ];
-        };
-        wiregrill = {
-          via = internet;
-          ip4.addr = "10.244.245.1";
-          ip6.addr = w6 "1";
-          wireguard.port = 51821;
-          wireguard.subnets = [
-              (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
-              "10.244.245.0/24" # required for routing directly to gum via rockit
-          ];
-        };
-        retiolum = {
-          via = internet;
-          ip4.addr = "10.243.0.213";
-          # never connect via gum (he eats your packets!)
-          #tinc.weight = 9001;
-
-          aliases = [
-            "gum.r"
-            "blog.gum.r"
-            "blog.makefu.r"
-            "cache.gum.r"
-            "cgit.gum.r"
-            "dcpp.gum.r"
-            "dcpp.nextgum.r"
-            "graph.makefu.r"
-            "logs.makefu.r"
-            "netdata.makefu.r"
-            "nextgum.r"
-            "o.gum.r"
-            "search.makefu.r"
-            "stats.makefu.r"
-            "torrent.gum.r"
-            "tracker.makefu.r"
-            "wiki.gum.r"
-            "wiki.makefu.r"
-            "warrior.gum.r"
-            "rss.makefu.r"
-            "sick.makefu.r"
-            "dl.gum.r"
-            "dl.makefu.r"
-          ];
-        };
-      };
-    };
-
-    sdev = rec {
-      ci = true;
-      cores = 1;
-      nets = {
-        retiolum.ip4.addr = "10.243.83.237";
-      };
-    };
-
-
-# non-stockholm
-
-    flap = rec {
-      cores = 1;
-      extraZones = {
-        "krebsco.de" = ''
-          flap              IN A      ${nets.internet.ip4.addr}
-        '';
-      };
-      nets = {
-        internet = {
-          ip4.addr = "162.248.11.162";
-          aliases = [
-            "flap.i"
-          ];
-        };
-        retiolum = {
-          ip4.addr = "10.243.211.172";
-        };
-      };
-    };
-
-    nukular = rec {
-      cores = 1;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.231.219";
-        };
-      };
-    };
-
-
-    shackdev = rec { # router@shack
-      cores = 1;
-      nets.wiregrill.ip4.addr = "10.244.245.2";
-    };
-
-    rockit = rec { # router@home
-      cores = 1;
-      nets.wiregrill.ip4.addr = "10.244.245.3";
-    };
-
-    senderechner = rec {
-      cores = 2;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.0.163";
-        };
-      };
-    };
-  };
-  users = rec {
-    makefu = {
-      mail = "makefu@x.r";
-      pubkey = pub-for "makefu.x";
-      pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
-      pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
-    };
-    makefu-omo = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.omo";
-    };
-    makefu-tsp = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.tsp";
-    };
-    makefu-vbob = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.vbob";
-    };
-    makefu-tempx = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.tempx";
-    };
-    makefu-android = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.android";
-    };
-    makefu-remote-builder = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.remote-builder";
-    };
-    makefu-bob = {
-      inherit (makefu) mail pgp;
-      pubkey = pub-for "makefu.bob";
-    };
-  };
-}
diff --git a/krebs/3modules/makefu/pgp/brain.asc b/krebs/3modules/makefu/pgp/brain.asc
deleted file mode 100644
index 739385a38..000000000
--- a/krebs/3modules/makefu/pgp/brain.asc
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
-
-mQINBFXn/k4BEACmXMbhoAKsMC/gFqBrQq2mgvo8+FnUe4F6JznVh7NiPH0PUdDw
-jRnK2EEpD+NoDt3A0jtq6C+wnr1V+p/jYAPxRcvv8a7ym+xuA4sBIPrlW1fQIuWF
-EjYnUVnN16Qa1xJiQQyEDeleAxgg0luOdqBZ0myT84a9O0deN8JM+zwqT/+sLY9c
-2fVGNv496/mt7Ct294QbS6cfdR26r8PZ1Wfo8cr8UhFfFft0TE267HJdoJ8NBvH/
-BSEcoaS3kaxk2YyOdAJ1RgEoQY2w1/jeZv5IUyO7azAQUhbqBK7nVbgUd2l3nf4v
-qmgNvvtcAlccY6L2M8BR6TI4Yw2hfbLOHPVTNjFlMXXX/MDYFFF9+GqmYOjyy5dy
-8m4qA4ZEoHG9XT+xsZAsHJRFPBacSp2ydoVdlkJsEQnabb78NXLusgBBxhOmvVHe
-5SeIvsrpn83/aIeHpLUQbzUdK3osERZUBTp9Pr0+dB+UkqThjE3MPntKcawm4cGN
-dXY6iNXH4gGPOjb5ed0OzDiRS2bVyb0/F2wYXvIPE2e0CwJ0io2rRT410HfpFkWD
-OPENdlNYb6FCXc4fpGxdtFL0hE6RZqBvwQAN9iDkEj+DxEwUc+yyroFRI25y+T1z
-68T0xqVfKXUqcOmsACKtjlQ5QcikCj8kC9bNDln7v1Q9argSEJXJDdf3cwARAQAB
-tBhwdyB1c2VyIDxyb290QGxvY2FsaG9zdD6JAjgEEwECACIFAlXn/k4CGwMGCwkI
-BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDtOh4EJ4fmcIecP/1+HMD22wilyb3hQ
-QLKz+Wx37ZM6w0p9o0lMEeeUpcYPtWeVBqID6vxmqFwIOU5LtkHiE0yO8AcW7TYx
-14Ql3mPWd594fKXr04mN9RM9wTr09S0P4nqKuq0cR3x5s4C30DoKoUqt3ZKSZRW/
-4suhvebfYiTjlE5joH4lZy7bMaH2HpvLacZXGcyH7cmYfLuZekf1kNXRDh40IgrH
-uzsXFoflhLEZouKWiV3mWFo1iIckvTDrFNHuJj5oHP2D3J1RYdbPNP+5yOu/34mt
-wPK/R6MxXY+zKWZWU59Ll5nx+2wUkIP/MaE9Ubx1W0UdeB4In/Y/HhV2fwd9DFsq
-cbKofeDRblEdaaTjiqc1MjSxyhPplApgG4389gXX4vszAuyxBq6AecJobYkzmVek
-EOJVVqDFoT+a70p5hWMP5nQV7dE3jyy1esm6cjF9iv0cRf/GqZAIiNdeo9av56OO
-H5uwamTwcRrDsy4xWzowUfJDB+nJzlXw08aQRTfczCZ3n5hXvqqxuoweH08hfm/S
-oa0gU95mCkHYbscaxjXnkEgbuvCiVRhDqd8rZpi5WxNV63zHIaoeXIPVJH0zswIJ
-MT2LofWB8W8in48rmRvUdzZlm/++c/9+evNyNyAyOmdRk6fP0nHdRmuINyeKc67P
-0BrVstk/cywbNbpNBt+2uUJCemBBuQINBFXn/k4BEADQYsT81uL8XE9homHLRai0
-3Xo/gVe5lwXWouzzVImEQIICvmBCjdzA1nPfKvdBcFsBfOro6aefETq/cZeL16It
-zJKhh2HDJ/7oCuJM0OufkwoSBwJ4f0I+0zXsPZV0+P1ijPaKunYW+YpoFm3z8rLc
-iX/kxYRgo13jCNphL/TKOoq3ZTREzDcBk9QR8yLTV5i0j1qrlIsAx7iTv1jrC1L6
-fBZm40+wn0ahz9IgBWWv588i+1f7ekKQBYXi9n2+hSfMQ0ebhW14xG72eXDzV14Q
-Yra+FNMOCeKhmHH9PnVw0NkwRPbtL92ZySeFMHxhYnBPckqBUuEO12TXUMWA9fzj
-rpBjJWEtCRCeaSLAe5Nzleb09NKO3z4ghwedef/Cz8XZ+XDIpE/1yTQy0lSuLosw
-ScmwG9UPYxpWWqJmC+H6GQ0qQmCgmPYG8b20JvnqROmsLooC/xmf4seT8J+fYpKt
-fkQiuOd8RecW+1jyfr7qy2S3roNgNl7hyzlIHmtGnn3rYC4uCe4VjosvcPmnXP6N
-Jcck3dQnFxmE+/JS1zdH47nDGJsn5fFrArdfU9DLGjU/L7BJt99vIvif89B2FF/n
-0cR7bLeY72P1oJw+tgrsjo9uaS9u9vk/J8+Rhf3TIqbHfFh7/42sdkgk3Mqha+Bn
-wAOpUP3tjdDTwow9/2iYjQARAQABiQIfBBgBAgAJBQJV5/5OAhsMAAoJEDtOh4EJ
-4fmcTy8P/03eVL9GoarIjwRxYY8U23fU4xNIypkNrjspjJHVRcKJFCyA2/R9toKf
-0XGJIM2fwBo6beH0rinq8Xm8hrT/gFIWupuDLSTR/km0UD6CtfFOIt+5jw3c5mMR
-u9DbSWAiRYGzQKYYZUy5mdMG/kokDRSm5D0lO+YnLZtpECZn/Zi5rPKzbGyMus+a
-fm8a/eNko+Eg6j8FSYBm+d8SKYdoLJN3R7hYji7JuERMs+UZMsuriSAn2Af2Jn1I
-hc7fiwotrMdNifyWCtYqiFvcrsm8K8EC2J0KsieydBHwCuamlqTrjqVejbITD8Jl
-ghTGNHe/crP7/XKTjKva+1+VJAHDLylZgcArQSKa+SsWB/GoKB0x9UEWThJ1DLi4
-j2GhNlCIYZtPBQMu3+2btDj0A3IUQp4aW0nd5+0zz0H7JVrl+pI37uUxTiXCZG9X
-fjXrcP3niJhraHTG8mWD1v8+cG3NXpv/IZN82Z+sQlpabwjpybag2CeTfhEoFtEl
-V6ez9wpgBKeDsLDLOB8VRgpsikw9f6H8GAUZe2PjKUwiDtptqa37nU+3A6wPiO2s
-AWT/7D6vhMpDncp7E9DcsmsU9LNt7D+ISqi4uLKYJcfmqbJOui2YFo3zsYP8TqQD
-JTZ1lSpFpipJpi6mAzQUS4P3H+aUjeW/LWiSS/YNmGIOAUeB6Y3c
-=rEQB
------END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/makefu/pgp/default.asc b/krebs/3modules/makefu/pgp/default.asc
deleted file mode 100644
index bc5c50b76..000000000
--- a/krebs/3modules/makefu/pgp/default.asc
+++ /dev/null
@@ -1,64 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
-
-mQINBE6quoQBEACemTuY0Ujeygxdyds3ugPbKuIsJMCQSdXAKsCkH4vV5qam8rQP
-AabpYyQfew9nCUCJa4NkKFrLnGz4d7rl1u5ihVqMctYeJqZdtX88DqqNKQXoqKQv
-crF5hcZmUtbGe5eyoMV55hiODPVPTVra6pbxWwhqa0pYeXEyDy1BPoqgcP0DUFho
-yBeoyw71ujgdJZvl5rq6ZVjTGuToNKHn5UBDMu6n0rl9Ha7ukL4Gx8hOhmK8yv87
-zuUzBRQkTgoC48JA3Bt0kb15ghbOV7D411ZhmhEqWwE/OBk3//6MOGu24Mm0OG8J
-+tbEMysck0LYe5q5U/2cmGsqlwV6FXLmnPOj6H4XtdTBDVXo/Hp6A8mVR1sSDopc
-/2TnTwv0cdGOIS1CgxUc/qS6a8h+2UGaLSPnuPBWom163YbO/vgj8Th5q3N2DiRO
-EP+mGCKn1/cghU7WjMny8z59A7SeZ0rRN8KaMlFEZMlgtQf7/6EjL5Ulo5H0vb2m
-G5lAfW5xz55Y6M06sEl2wJ4pkgt+jeWRItKQvyqcdFEfiJfuP0+ESmQIMvz2ZnDC
-ZJzpmjP5uDwqu5THcTHvJ/ptSHRtXEiqqwrpQ0dqtwxLMJtIdgOohVoPAUNTTXcy
-XmL0qZsLFI2We2v0jgYMcYw1gswsksMLLmnVWlAsBqCALRyu4Ptxrkg9NwARAQAB
-tB5tYWtlZnUgPHJvb3RAc3ludGF4LWZlaGxlci5kZT6JAjgEEwECACIFAk6quoQC
-GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMk6uSvVJeKfr5UP/3vvBlZQ
-9DjLRBx9YUjbq34LDl/wdDX7Fwsdb+TccUiOgKW2RAXbdnff2r5VRn4VSDUYoFfN
-qtDrxKl04IWeVwiaTjCJdXp6veSpov5GcmARgPUow8v9Eu2gZw0o1LvW7NFP5e3u
-YxmSTrlVGZMTCkwIkYoaETseCE0qsahWD0zCM19rAEuTkwKOQo58mXFUzNq829Ex
-OAv4zIQE6V7SKKOZzXhvBu3s1ql1SDfmciaszMlwwPtwgFBkg1HrFvuimU7zqGkf
-wQpWt91j8kJZdAC8iUf/7UNh/VZu+n9jtmynunRrY2PgPh6LgeDmiaTbVfHX51/3
-R01dzzTk0dnqwosNoc1u8Xsb/rTs9LDsncteUGKgiEh+LRjouGGh/C1g58dkF0wP
-S00dgnEhI9d8ui/yTPa47l3zDSa/m6Nq6oEGVbZDivNDuTV1jfhrs0v3kx50aK0O
-y+exKMmgxoxeCMZs53iHXiXAcsHSj+Gue6W2jDvRjaPqfxnM3GNd7y9ix8IF43R6
-n1oAZo7zWA4a5iq8yvBTjKqyDJAKu8C4kYM/9FMJlDgUjWYvNI4BiG1iw0iGVAjt
-JHz/QEM/7Mg7fw1rtJB/A9ezLJGyiDcc