From 5fa371dd9327f2b5cd4e97df6a6409e38fc53e85 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 17:49:57 +0100 Subject: kartei: autoimport subdirs --- kartei/default.nix | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/kartei/default.nix b/kartei/default.nix index 1b11f0fd5..3b86250db 100644 --- a/kartei/default.nix +++ b/kartei/default.nix @@ -1,15 +1,13 @@ { config, lib, ... }: { - config = lib.mkMerge (map (path: { krebs = import path { inherit config; }; }) [ - ./dbalan - ./jeschli - ./kmein - ./krebs - ./lass - ./makefu - ./mic92 - ./others - ./palo - ./rtunreal - ./tv - ]); + config = + lib.mkMerge + (lib.mapAttrsToList + (name: _type: let + path = ./. + "/${name}"; + in { + krebs = import path { inherit config; }; + }) + (lib.filterAttrs + (_name: type: type == "directory") + (builtins.readDir ./.))); } -- cgit v1.2.3 From b065ee81dc5e153d1f16a168db82b4eb7bfb2850 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 18:16:48 +0100 Subject: kartei: add template --- kartei/default.nix | 13 +++++++++---- kartei/template/default.nix | 20 ++++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 kartei/template/default.nix diff --git a/kartei/default.nix b/kartei/default.nix index 3b86250db..6024e2351 100644 --- a/kartei/default.nix +++ b/kartei/default.nix @@ -1,4 +1,8 @@ -{ config, lib, ... }: { +{ config, lib, ... }: let + removeTemplate = + # TODO don't remove during CI + lib.flip builtins.removeAttrs ["template"]; +in { config = lib.mkMerge (lib.mapAttrsToList @@ -7,7 +11,8 @@ in { krebs = import path { inherit config; }; }) - (lib.filterAttrs - (_name: type: type == "directory") - (builtins.readDir ./.))); + (removeTemplate + (lib.filterAttrs + (_name: type: type == "directory") + (builtins.readDir ./.)))); } diff --git a/kartei/template/default.nix b/kartei/template/default.nix new file mode 100644 index 000000000..2acf78d38 --- /dev/null +++ b/kartei/template/default.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + users.DUMMYUSER = { + mail = "DUMMYUSER@example.ork"; + }; + hosts.DUMMYHOST = { + owner = config.krebs.users.DUMMYUSER; + nets.retiolum = { + aliases = [ "DUMMYHOST.DUMMYUSER.r" ]; + ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + DUMMYTINCPUBKEYRSA + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "DUMMYTINCPUBKEYED25519"; + }; + }; +} -- cgit v1.2.3 From c084136980f9a29f5b42b32731b6dbe22b3366dc Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 16:37:32 +0100 Subject: krebs: extract users into separate module --- krebs/3modules/default.nix | 17 +---------------- krebs/3modules/users.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 krebs/3modules/users.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 70fc05813..6c76b48e3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -56,6 +56,7 @@ let ./tinc_graphs.nix ./upstream ./urlwatch.nix + ./users.nix ./xresources.nix ./zones.nix ]; @@ -66,10 +67,6 @@ let api = { enable = mkEnableOption "krebs"; - users = mkOption { - type = with types; attrsOf user; - }; - sitemap = mkOption { default = {}; type = types.attrsOf types.sitemap.entry; @@ -112,18 +109,6 @@ let krebs.dns.search-domain = mkDefault "r"; - krebs.users = { - krebs = { - home = "/krebs"; - mail = "spam@krebsco.de"; - }; - root = { - home = "/root"; - pubkey = config.krebs.build.host.ssh.pubkey; - uid = 0; - }; - }; - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix new file mode 100644 index 000000000..c1ad4b44b --- /dev/null +++ b/krebs/3modules/users.nix @@ -0,0 +1,20 @@ +{ config, ... }: let + lib = import ../../lib; +in { + options.krebs.users = lib.mkOption { + type = with lib.types; attrsOf user; + }; + config = lib.mkIf config.krebs.enable { + krebs.users = { + krebs = { + home = "/krebs"; + mail = "spam@krebsco.de"; + }; + root = { + home = "/root"; + pubkey = config.krebs.build.host.ssh.pubkey; + uid = 0; + }; + }; + }; +} -- cgit v1.2.3 From 7b4ea4750ea11e2c4d9f95cc09fbcffe32e66064 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 16:40:21 +0100 Subject: krebs hosts: config only if config.krebs.enable --- krebs/3modules/hosts.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index ae0136303..bd1bb1652 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -11,7 +11,7 @@ in { }; }; - config = { + config = mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) -- cgit v1.2.3 From 6af959ad44a85b1f89ce347480bf18a46a039571 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 16:43:02 +0100 Subject: krebs: extract sitemap into separate module --- krebs/3modules/default.nix | 6 +----- krebs/3modules/sitemap.nix | 8 ++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 krebs/3modules/sitemap.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6c76b48e3..a8cf6c767 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -49,6 +49,7 @@ let ./secret.nix ./setuid.nix ./shadow.nix + ./sitemap.nix ./ssl.nix ./sync-containers.nix ./systemd.nix @@ -67,11 +68,6 @@ let api = { enable = mkEnableOption "krebs"; - sitemap = mkOption { - default = {}; - type = types.attrsOf types.sitemap.entry; - }; - zone-head-config = mkOption { type = with types; attrsOf str; description = '' diff --git a/krebs/3modules/sitemap.nix b/krebs/3modules/sitemap.nix new file mode 100644 index 000000000..ec2179db1 --- /dev/null +++ b/krebs/3modules/sitemap.nix @@ -0,0 +1,8 @@ +let + lib = import ../../lib; +in { + options.krebs.sitemap = lib.mkOption { + type = with lib.types; attrsOf sitemap.entry; + default = {}; + }; +} -- cgit v1.2.3 From a278a6503bf1c8de8e233f72faa442baaab29ab0 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 16:49:41 +0100 Subject: krebs dns: move config to dns module --- krebs/3modules/default.nix | 10 ---------- krebs/3modules/dns.nix | 13 +++++++++++-- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a8cf6c767..e8f5d1611 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -95,16 +95,6 @@ let imp = lib.mkMerge [ { - krebs.dns.providers = { - "krebsco.de" = "zones"; - shack = "hosts"; - i = "hosts"; - r = "hosts"; - w = "hosts"; - }; - - krebs.dns.search-domain = mkDefault "r"; - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) [privkey]; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8acc4ccd8..8a74d3067 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,12 +1,21 @@ with import ; -{ +{ config, ... }: { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; }; - krebs.dns.search-domain = mkOption { type = types.nullOr types.hostname; }; }; + config = mkIf config.krebs.enable { + krebs.dns.providers = { + "krebsco.de" = "zones"; + shack = "hosts"; + i = "hosts"; + r = "hosts"; + w = "hosts"; + }; + krebs.dns.search-domain = mkDefault "r"; + }; } -- cgit v1.2.3 From fe2262d70618880de6f37ba15449b9be67bc5ec6 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 17:08:55 +0100 Subject: lib.types.net.ip*: add net-independent defaults --- lib/types.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index 0e0e093fb..67a0c6f1b 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -136,7 +136,7 @@ rec { default = null; }; ip4 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip4: { options = { addr = mkOption { type = addr4; @@ -146,13 +146,15 @@ rec { } // { retiolum.default = "10.243.0.0/16"; wiregrill.default = "10.244.0.0/16"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip4.config.addr}/32"; + }); }; - }); + })); default = null; }; ip6 = mkOption { - type = nullOr (submodule { + type = nullOr (submodule (ip6: { options = { addr = mkOption { type = addr6; @@ -163,9 +165,11 @@ rec { } // { retiolum.default = "42:0::/32"; wiregrill.default = "42:1::/32"; - }.${config._module.args.name} or {}); + }.${config._module.args.name} or { + default = "${ip6.config.addr}/128"; + }); }; - }); + })); default = null; }; ssh = mkOption { -- cgit v1.2.3 From 5c05e2a9b68b01e1f0f69a1e4414bce21a801f1f Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 23 Nov 2022 11:25:12 +0100 Subject: nix-writers: fetch submodule via https --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 7ecb497ea..869980fa0 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,6 @@ [submodule "submodules/nix-writers"] path = submodules/nix-writers - url = http://cgit.krebsco.de/nix-writers + url = https://cgit.krebsco.de/nix-writers [submodule "submodules/krops"] path = submodules/krops url = https://cgit.krebsco.de/krops -- cgit v1.2.3 From 5272ff228597afa4040ce567aa4969eea6567e71 Mon Sep 17 00:00:00 2001 From: xkey Date: Thu, 24 Nov 2022 22:18:53 +0100 Subject: kartei xkey: get hosts config out of kartei/others --- kartei/others/default.nix | 104 -------------------------------------- kartei/xkey/default.nix | 126 ++++++++++++++++++++++++++++++++++++++++++++++ kartei/xkey/ssh/xkey.pub | 1 + 3 files changed, 127 insertions(+), 104 deletions(-) create mode 100644 kartei/xkey/default.nix create mode 100644 kartei/xkey/ssh/xkey.pub diff --git a/kartei/others/default.nix b/kartei/others/default.nix index 214880cb3..f3ea8b80c 100644 --- a/kartei/others/default.nix +++ b/kartei/others/default.nix @@ -592,106 +592,6 @@ in { syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC"; nets = {}; }; - catalonia = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.13.12"; - aliases = [ "catalonia.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y - gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA - VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE - Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e - FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ - HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 - mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 - zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 - sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 - ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf - vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; - }; - }; - }; - sicily = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.161.1"; - aliases = [ "sicily.r" "mukke.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg - aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam - xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod - 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/ - IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7 - KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC - 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L - LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp - T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB - w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO - 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN"; - }; - }; - }; - rojava = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.23.42"; - aliases = [ "rojava.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd - B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb - HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 - Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD - lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW - +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs - 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 - vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx - HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ - XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 - yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; - }; - }; - }; - aland = { - owner = config.krebs.users.xkey; - nets = { - retiolum = { - ip4.addr = "10.243.12.34"; - aliases = [ "aland.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY - CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU - plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb - DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx - aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ - OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 - ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X - TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa - aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX - zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf - VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; - }; - }; - }; papawhakaaro = { owner = config.krebs.users.feliks; nets = { @@ -857,10 +757,6 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; - xkey = { - mail = "xkey@krebsco.de"; - pubkey = ssh-for "xkey"; - }; miaoski = { }; filly = { diff --git a/kartei/xkey/default.nix b/kartei/xkey/default.nix new file mode 100644 index 000000000..a8a6648ce --- /dev/null +++ b/kartei/xkey/default.nix @@ -0,0 +1,126 @@ +with import ../../lib; +{ config, ... }: +let + maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else []; + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.kmein; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); + ssh-for = name: builtins.readFile (./ssh + "/${name}.pub"); +in +{ + users = rec { + xkey = { + mail = "xkey@krebsco.de"; + pubkey = ssh-for "xkey"; + }; + }; + hosts = mapAttrs hostDefaults { + aland = { + nets = { + retiolum = { + ip4.addr = "10.243.12.34"; + aliases = [ "aland.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAwR1e8/4Lx7gqSyFhA5WpfT4LsnXqYARR6y+gYAOSre6wMvBm/OBY + CKEYCCfqQD3naukID9FqleXaZdIxp6xxBIYZ1yi1Xn032MPP0S37oZAxJlXvlEaU + plG9ct6Zh6qTzpghP2UyYD4RxhLwvsRTycwLF93D+a1z1/CNNDLSoTS11BLtvhDb + DmxTVY/1hWJUiVR4KyRsYnJ3N1Heg/4R/Su4oFm+DatfFYdzhaNsk9q3YYIRdRcx + aHLF65ygVTjG/rUJp/OvkeU1G5rc0ldpd7zR8N8kkjgI1lmZe50mUGghKr1zexV+ + OkIjXGrwTk4RZk3kZO6PZu56rrsR8HZirfrtJWRy7UgAm3S/lZku7X4SN3+7pfL1 + ero6/XB4CHeQ9OpQemcR5o6AR0ncE0TApqeoLd1U710XmwM09ifawAO3jm9ER19X + TKFHeBzqsToPmternXnAKgg2NYyKStkavQu6JTl/uOXdfqfMc9TU6mzV8aBo7ZDa + aLdlg0phcFCcZT8zJGzA3des70AHWmQ7G49pBysnXk8p+1l3SPazGAlIWBCT6oZX + zUUauGEgsuTkDC+JijUm/1HrrMfiigHeBTZKPLqe/75MkumukXqTzd3zfUEcA5Vf + VgEnL2jNVFfocJtmhLQdkmnSiIQslRSOHMC94ZWa0ku0kHZ3XawwwY0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "gOEzoUsuJyaGIjoZIyS9uZa+zLYfN6BEZrbCTeAWW7A"; + }; + }; + }; + catalonia = { + nets = { + retiolum = { + ip4.addr = "10.243.13.12"; + aliases = [ "catalonia.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y + gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA + VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE + Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e + FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ + HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 + mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 + zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 + sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 + ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf + vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "PiqJGofbo6941m20NJM3yhUoWKTNyLCtTPzsKcrvFSL"; + }; + }; + }; + rojava = { + nets = { + retiolum = { + ip4.addr = "10.243.23.42"; + aliases = [ "rojava.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3Xafx5PYDNRxRwWGo25paveBgEFQYWWOg5YYcqSlBsUzWkEwZPdd + B0O8xJDIS3SDZrDW5aC43RGe+l6L68OBzB79DNAhxcdzzDQkAqI4IsaWBzgEFIbb + HG+Asx2ZN1biykCR4GN77JYGwa7RrCgsA3LdT6ICGPWbLU3M/QeaIbTooDq/PF61 + Eu8i/S/qqhC/KBDq9CXL+amiyjoe4l+iLIKtCmvJZge1v8cc9n4iHqfP1JPXMPrD + lu9Mshxy8um62oaC/jvyw9R511LaEcT/Hvxi030tiL/H/1dOIhx+4RJsapHGw4LW + +ud1UAU8WXSRmYqeRw11+obZycnxZF0R0xEKGVIxCnf+vAriEM2iqruRKP1gYVzs + 3DW+dq5eirkzdmJZsTY3lX+q/hR9lfzQFuq9G6lrqKyx5L7FZNCMviMfw63TfHF2 + vV4D77hrRH1yp/c5UUo8H9j9/u62JyZ/pSszjKgVy+nSD+zJ6waEZWip7T8V/pmx + HOTIZC5xGKyxX/6DTVU7YJzLlaiZLJ3RudNrTXY9w24NEhum5A7BaEmyJbbqRdx+ + XJ3+vf9jPCW9wUGKO5vsu67x/xy8eEVx7Tm5aVWlpXGvlfTiOvhUCPNDOa/HMYp4 + yuy4xLEIhAlt7jI02aYe3Cj3CbJEYdNJj+qBPzpfKCuCyATQzGmgaq0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "WuvA0epfMZnPysLc+oKQydgWAz9/Mc+fM1DujeKj65F"; + }; + }; + }; + sicily = { + nets = { + retiolum = { + ip4.addr = "10.243.161.1"; + aliases = [ "sicily.r" "mukke.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAzjCrsMRptg22QJTXsNgrxE/CjpGiDD9NYExqiDQ7kyKJ7+nrjtJg + aI1bL7CmlfbleE47VmkZBbyglI7wELA0X//WW6laz/5XwBKQyYSgt1ZtcordYoam + xeNmV9a4dcpYO5y+YXxac8epX8TVSu1c0H7jEMcGrvTXDZwijEPQTMCvj2pookod + 1seiLKjKZTW7TWVUZ3Hi/NZh2EEZu/mN0zZbGSGQv0cDdD6/kxw/ZstE6c7cYF7/ + IFdGLuLGa60em8AKCFT0WXRF9UnuZ7txw96qcrZotIlSY9ssJf8veBFDfiyKWiO7 + KBZXa7c2/5T+GOIBr/XZGH6vpCMFIuHq8A7wWPcbV0NvA6yssn8R7LrrEC2qU+RC + 7DhUwC70tODQyZ4IT/8eEntGdJwi4Zy6Uer5EMFkHCTBG6N3xKev+LppH+HGwH9L + LJ1qGEhK7PFcXFyLMEnBu4f316BEf9Hii4xDegBICTHGQfsHI2xE1GfeToqkvnyp + T4BgR6f6wVPsj+nP7UkCacIOtgUyjcTVuf4Da8PsX0liEYOcxSl2t9uZ1ks82DQB + w+p3Y03KRQh8TpidHWyydkya25xCO8x0t6q1q2xlIVKClGb3EG8YFRM+nEKT5sZO + 8nhqW50G+zUK3Y4vI3qzKjG9T5xi8Jwy8Zqd2h0VkNWXpn3NqqZkZwkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "G7t9IdhukaYPMc82H/EqEiH10t5C4DneQpcxJDiUjqN"; + }; + }; + }; + }; +} diff --git a/kartei/xkey/ssh/xkey.pub b/kartei/xkey/ssh/xkey.pub new file mode 100644 index 000000000..a50522fce --- /dev/null +++ b/kartei/xkey/ssh/xkey.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwyWKyTjg00x1M1PCDBXbixmdZObZiMLAW0f9KGFvC -- cgit v1.2.3 From e88697ebee7da9f53b3d44996c51f51b606df3fb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 29 Nov 2022 22:20:52 +0100 Subject: nix-writers: 3.4.0 -> 3.5.0 --- submodules/nix-writers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/nix-writers b/submodules/nix-writers index c528cf970..f65c77bdc 160000 --- a/submodules/nix-writers +++ b/submodules/nix-writers @@ -1 +1 @@ -Subproject commit c528cf970e292790b414b4c1c8c8e9d7e73b2a71 +Subproject commit f65c77bdcc58be2081a0ffbda849289c5191b5e8 -- cgit v1.2.3 From f8fb430fc1bbc3ee6356971bbd1bdeba1b9a0d69 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 1 Dec 2022 23:40:37 +0100 Subject: kartei tv ni: add search subdomain --- kartei/tv/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix index e6cfedb02..3c66f60f6 100644 --- a/kartei/tv/default.nix +++ b/kartei/tv/default.nix @@ -169,6 +169,8 @@ in { cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} + search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} krebsco.de. 60 IN MX 5 ni krebsco.de. 60 IN TXT v=spf1 mx -all tv 300 IN NS ni @@ -196,6 +198,7 @@ in { aliases = [ "ni.r" "cgit.ni.r" + "search.ni.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3