summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--krebs/3modules/tv/default.nix142
-rw-r--r--krebs/4lib/types.nix23
-rw-r--r--krebs/5pkgs/default.nix8
4 files changed, 75 insertions, 99 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index d2542041f..08e8995fa 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -91,6 +91,7 @@ with config.krebs.lib;
"prism.retiolum"
"prism.r"
"cgit.prism.retiolum"
+ "cgit.prism.r"
"cache.prism.r"
];
tinc.pubkey = ''
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index efba1bc24..2d18a7e8d 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -7,19 +7,61 @@ with config.krebs.lib;
"viljetic.de" = "regfish";
};
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
- cd = rec {
+ caxi = {
+ cores = 2;
+ extraZones = {
+ "krebsco.de" = ''
+ caxi 60 IN A ${config.krebs.hosts.caxi.nets.internet.ip4.addr}
+ '';
+ };
+ nets = {
+ internet = {
+ ip4 = {
+ addr = "104.233.124.70";
+ prefix = "104.233.124.0/24";
+ };
+ aliases = [
+ "caxi.i"
+ "caxi.krebsco.de"
+ ];
+ ssh.port = 11423;
+ };
+ retiolum = {
+ via = config.krebs.hosts.caxi.nets.internet;
+ ip4.addr = "10.243.113.226";
+ ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af6";
+ aliases = [
+ "caxi.r"
+ "caxi.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxNh1xhvCFzjUOmBq+F6NjUdntKh/7qo7LrsXjPVn92r1hGTVHJO1
+ E+XP5dabZ/mFWySY8GvG7XlZ27wsjkvHEyb16IhOqYrnaONf9LifAWQ3qBlHtp1T
+ eZeP6wcXLhR/pOPy0pT6EABmDHbOzErjYv4pdrXHuxlM10Ljtpp3mClNeXY9eby+
+ HekEE8LY8/zWqJ90lMaxPhLh1VqEvTVTnem5e1F8HDzNvRWa0kWUYG33zPQMyKgR
+ BCvp1DR7Y2LwDmGKnhzBm4JTcP+fcs+z/eGie/CEIgFM0BFJaTBAYZOtUlhBSe0y
+ UYE2W9CJkPN2Uepf53nPnshjKC64fgTr7wIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdJ4xGi+qn4IfMZJ3Kv7AGZGbhlR+GrkD87z2tcyRZy";
+ };
+ cd = {
cores = 2;
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23
- mx23 60 IN A ${nets.internet.ip4.addr}
- cd 60 IN A ${nets.internet.ip4.addr}
- cgit 60 IN A ${nets.internet.ip4.addr}
- cgit.cd 60 IN A ${nets.internet.ip4.addr}
+ mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cgit 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
+ cgit.cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
- nets = rec {
+ nets = {
internet = {
ip4.addr = "45.62.237.203";
aliases = [
@@ -33,7 +75,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
- via = internet;
+ via = config.krebs.hosts.cd.nets.internet;
ip4.addr = "10.243.113.222";
ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
aliases = [
@@ -96,49 +138,14 @@ with config.krebs.lib;
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu";
};
- mkdir = rec {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "104.167.114.142";
- aliases = [
- "mkdir.i"
- "mkdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.113.223";
- ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af4";
- aliases = [
- "mkdir.r"
- "mkdir.retiolum"
- "cgit.mkdir.r"
- "cgit.mkdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
- };
- ire = rec {
+ ire = {
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
- ire 60 IN A ${nets.internet.ip4.addr}
+ ire 60 IN A ${config.krebs.hosts.ire.nets.internet.ip4.addr}
'';
};
- nets = rec {
+ nets = {
internet = {
ip4.addr = "198.147.22.115";
aliases = [
@@ -149,7 +156,7 @@ with config.krebs.lib;
ssh.port = 11423;
};
retiolum = {
- via = internet;
+ via = config.krebs.hosts.ire.nets.internet;
ip4.addr = "10.243.231.66";
ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c";
aliases = [
@@ -229,7 +236,7 @@ with config.krebs.lib;
};
nomic = {
cores = 2;
- nets = rec {
+ nets = {
gg23 = {
ip4.addr = "10.23.1.110";
aliases = ["nomic.gg23"];
@@ -268,41 +275,6 @@ with config.krebs.lib;
};
};
};
- rmdir = rec {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "167.88.34.182";
- aliases = [
- "rmdir.i"
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.113.224";
- ip6.addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
- aliases = [
- "rmdir.r"
- "rmdir.retiolum"
- "cgit.rmdir.r"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLuhLRmt8M5s2Edwwl9XY0KAAivzmPCEweesH5/KhR4";
- };
schnabeldrucker = {
nets = {
gg23 = {
@@ -387,7 +359,7 @@ with config.krebs.lib;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
- users = rec {
+ users = {
mv = {
mail = "mv@cd.r";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
@@ -399,11 +371,11 @@ with config.krebs.lib;
uid = 1337; # TODO use default and document what has to be done (for vv)
};
tv-nomic = {
- inherit (tv) mail;
+ inherit (config.krebs.users.tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
};
tv-xu = {
- inherit (tv) mail;
+ inherit (config.krebs.users.tv) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
};
vv = {
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 0d5b51f76..aa7b7a9f5 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -76,7 +76,6 @@ types // rec {
default =
optional (config.ip4 != null) config.ip4.addr ++
optional (config.ip6 != null) config.ip6.addr;
- readOnly = true;
};
aliases = mkOption {
# TODO nonEmptyListOf hostname
@@ -162,11 +161,21 @@ types // rec {
secret-file = submodule ({ config, ... }: {
options = {
- path = mkOption { type = str; };
- mode = mkOption { type = file-mode; default = "0400"; };
+ name = mkOption {
+ type = filename;
+ default = config._module.args.name;
+ };
+ path = mkOption {
+ type = absolute-pathname;
+ default = "/run/keys/${config.name}";
+ };
+ mode = mkOption {
+ type = file-mode;
+ default = "0400";
+ };
owner = mkOption {
type = user;
- default = config.krebs.users.root;
+ default = users.root;
};
group-name = mkOption {
type = str;
@@ -174,7 +183,7 @@ types // rec {
};
source-path = mkOption {
type = str;
- default = toString <secrets> + "/${config._module.args.name}";
+ default = toString <secrets> + "/${config.name}";
};
};
});
@@ -342,7 +351,9 @@ types // rec {
absolute-pathname = mkOptionType {
name = "POSIX absolute pathname";
check = x: let xs = splitString "/" x; xa = head xs; in
- isString x && (xa == "/" || (xa == "" && all filename.check (tail xs)));
+ isString x
+ && stringLength x > 0
+ && (xa == "/" || (xa == "" && all filename.check (tail xs)));
merge = mergeOneOption;
};
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index f0bda0ee1..cdab64212 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -38,14 +38,6 @@ with config.krebs.lib;
ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
- buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> {
- inherit (pkgs.pythonPackages) twisted jinja2;
- dateutil = pkgs.pythonPackages.dateutil_1_5;
- sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override {
- doCheck = false;
- });
- };
-
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = pkgs.symlinkJoin args;