summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/lass/default.nix30
-rw-r--r--krebs/3modules/makefu/default.nix93
-rw-r--r--krebs/3modules/tinc_graphs.nix59
3 files changed, 126 insertions, 56 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 65da85ac4..760c2d69d 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cache.prism.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -107,36 +108,17 @@ with config.krebs.lib;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
- fastpoke = {
+ domsen-nas = {
nets = rec {
internet = {
- ip4.addr = "193.22.164.36";
aliases = [
- "fastpoke.internet"
+ "domsen-nas.internet"
];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.253.152";
- ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00";
- aliases = [
- "fastpoke.retiolum"
- "fastpoke.r"
- "cgit.fastpoke.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq
- DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O
- FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ
- ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB
- EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy
- rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
+ ip4.addr = "87.138.180.167";
+ ssh.port = 2223;
};
};
- ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b";
+ ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs=";
};
cloudkrebs = {
cores = 1;
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 7d4bef9ad..0b58c75cb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -48,6 +48,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.2";
+ aliases = [
+ "darth.siem"
+ ];
+ };
};
};
tsp = {
@@ -98,6 +104,12 @@ with config.krebs.lib;
-----END RSA PUBLIC KEY-----
'';
};
+ siem = {
+ ip4.addr = "10.8.10.4";
+ aliases = [
+ "arch.siem"
+ ];
+ };
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster";
@@ -184,6 +196,8 @@ with config.krebs.lib;
internet = {
ip4.addr = "104.233.87.86";
aliases = [
+ "wry.i"
+ "paste.i"
"wry.internet"
"paste.internet"
];
@@ -194,10 +208,10 @@ with config.krebs.lib;
ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad";
aliases = [
"graphs.wry.retiolum"
- "graphs.retiolum"
+ "graphs.r" "graphs.retiolum"
"paste.wry.retiolum"
- "paste.retiolum"
- "wry.retiolum"
+ "paste.r" "paste.retiolum"
+ "wry.r" "wry.retiolum"
"wiki.makefu.retiolum"
"wiki.wry.retiolum"
"blog.makefu.retiolum"
@@ -232,15 +246,16 @@ with config.krebs.lib;
ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0";
aliases = [
"filepimp.retiolum"
+ "filepimp.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
- BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
- i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
- 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
- u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
- OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg
+ 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS
+ wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR
+ oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X
+ UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB
+ 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
@@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
+ shoney = rec {
+ cores = 1;
+ nets = {
+ siem = {
+ ip4.addr = "10.8.10.1";
+ aliases = [
+ "sjump.siem"
+ "graphs.siem"
+ ];
+ };
+ internet = {
+ ip4.addr = "64.137.234.215";
+ aliases = [
+ "shoney.i"
+ ];
+ };
+ retiolum = {
+ ip4.addr = "10.243.205.131";
+ ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4";
+ aliases = [
+ "shoney.retiolum"
+ "shoney.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL
+ ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4
+ okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht
+ M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO
+ +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5
+ uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
# non-stockholm
@@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
+ lariat = rec {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.64.7";
+ aliases = [
+ "lariat.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX
+ eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA
+ 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ
+ unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv
+ d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o
+ yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
soundflower = rec {
cores = 1;
nets = {
@@ -568,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
+ } // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
cores = 1;
nets = {
@@ -596,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
- } // { # hosts only maintained in stockholm, not owned by me
tpsw = {
cores = 2;
owner = config.krebs.users.ciko; # main laptop
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index dec89d249..0f1bae090 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -20,6 +20,18 @@ let
default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat";
};
+ hostsPath = mkOption {
+ type = types.str;
+ description = "Path to Hosts directory";
+ default = "${config.krebs.retiolum.hostsPackage}";
+ };
+
+ network = mkOption {
+ type = types.str;
+ description = "Tinc Network to use";
+ default = "retiolum";
+ };
+
nginx = {
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
@@ -73,10 +85,10 @@ let
};
imp = {
- environment.systemPackages = [ pkgs.tinc_graphs];
+ environment.systemPackages = [ pkgs.tinc_graphs ];
systemd.timers.tinc_graphs = {
description = "Build Tinc Graphs via via timer";
- wantedBy = [ "timers.target"];
+ wantedBy = [ "timers.target" ];
timerConfig = cfg.timerConfig;
};
systemd.services.tinc_graphs = {
@@ -85,7 +97,8 @@ let
EXTERNAL_FOLDER = external_dir;
INTERNAL_FOLDER = internal_dir;
GEODB = cfg.geodbPath;
- TINC_HOSTPATH = config.krebs.retiolum.hostsPackage;
+ TINC_HOSTPATH = cfg.hostsPath;
+ TINC_NETWORK = cfg.network;
};
restartIfChanged = true;
@@ -103,7 +116,7 @@ let
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
- ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
+ ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"'';
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
# TODO: this may break if workingDir is set to something stupid
@@ -121,24 +134,26 @@ let
uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
-
- krebs.nginx.servers = mkIf cfg.nginx.enable {
- tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${internal_dir};
- '')
- ];
- }] ;
- tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${external_dir};
- '')
- ];
- }];
+ krebs.nginx = mkIf cfg.nginx.enable {
+ enable = mkDefault true;
+ servers = {
+ tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${internal_dir};
+ '')
+ ];
+ }] ;
+ tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
+ locations = [
+ (nameValuePair "/" ''
+ autoindex on;
+ root ${external_dir};
+ '')
+ ];
+ }];
+ };
};
};