summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hope/config.nix41
-rw-r--r--krebs/1systems/hope/source.nix3
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/onebutton/config.nix22
-rw-r--r--krebs/2configs/news-spam.nix3
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/2configs/shack/worlddomination.nix85
-rw-r--r--krebs/3modules/krebs/default.nix32
-rw-r--r--krebs/3modules/lass/default.nix95
-rw-r--r--krebs/3modules/lass/pgp/icarus.pgp51
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/3modules/newsbot-js.nix1
-rw-r--r--krebs/kops.nix2
13 files changed, 186 insertions, 153 deletions
diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix
deleted file mode 100644
index c19b210c5..000000000
--- a/krebs/1systems/hope/config.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
-
- ip = config.krebs.build.host.nets.internet.ip4.addr;
- bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
-
-in {
- imports = [
- <stockholm/krebs>
- <stockholm/krebs/2configs>
- <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
-
- <stockholm/krebs/2configs/secret-passwords.nix>
- {
- users.extraUsers = {
- satan = {
- name = "satan";
- uid = 1338;
- home = "/home/satan";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- initialPassword = "test";
- };
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.hope;
-
- networking = let
- address = config.krebs.build.host.nets.internet.ip4.addr;
- in {
- defaultGateway = bestGuessGateway address;
- interfaces.enp2s1.ip4 = singleton {
- inherit address;
- prefixLength = 24;
- };
- nameservers = ["8.8.8.8"];
- };
-}
diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix
deleted file mode 100644
index 7121d1d9d..000000000
--- a/krebs/1systems/hope/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/krebs/source.nix> {
- name = "hope";
-}
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 98fb88702..662e094d1 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -21,4 +21,5 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
+ environment.variables.NIX_REMOTE = "daemon";
}
diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix
index c634d73ce..dca00a206 100644
--- a/krebs/1systems/onebutton/config.nix
+++ b/krebs/1systems/onebutton/config.nix
@@ -1,33 +1,34 @@
{ config, pkgs, lib, ... }:
{
+ # :l <nixpkgs>
+ # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [
<stockholm/krebs>
<stockholm/krebs/2configs>
- { # minimal disk usage
- environment.noXlibs = true;
+ { # flag to rebuild everything yourself:
+ # environment.noXlibs = true;
+
+ # minimal disk usage
nix.gc.automatic = true;
nix.gc.dates = "03:10";
- programs.info.enable = false;
- programs.man.enable = false;
- services.journald.extraConfig = "SystemMaxUse=50M";
+ documentation.man.enable = false;
+ documentation.info.enable = false;
services.nixosManual.enable = false;
+ services.journald.extraConfig = "SystemMaxUse=50M";
}
];
krebs.build.host = config.krebs.hosts.onebutton;
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
+
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
- # !!! If your board is a Raspberry Pi 1, select this:
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
- # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
- # boot.kernelParams = ["cma=32M"];
-
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
@@ -41,4 +42,7 @@
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
services.openssh.enable = true;
+
+ networking.wireless.enable = true;
+ hardware.enableRedistributableFirmware = true;
}
diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix
index 63848c234..69c503bf9 100644
--- a/krebs/2configs/news-spam.nix
+++ b/krebs/2configs/news-spam.nix
@@ -2,6 +2,7 @@
{
krebs.newsbot-js.news-spam = {
+ urlShortenerHost = "go.lassul.us";
feeds = pkgs.writeText "feeds" ''
[SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews
[SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews
@@ -120,7 +121,7 @@
[SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews
[SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews
[SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews
- [SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews
+ [SPAM]shackspace|http://shackspace.de/atom.xml|#snews
[SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews
[SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews
[SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 2628c7986..49a5e3459 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -11,7 +11,7 @@
painload|https://github.com/krebscode/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
- shackspace|http://blog.shackspace.de/?feed=rss2|#news
+ shackspace|http://shackspace.de/atom.xml|#news
tinc|http://tinc-vpn.org/news/index.rss|#news
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 828b6cd70..44176a341 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -2,8 +2,56 @@
with import <stockholm/lib>;
let
+ pkg = pkgs.stdenv.mkDerivation {
+ name = "worlddomination-2018-04-21";
+ src = pkgs.fetchgit {
+ url = "https://github.com/shackspace/worlddomination/";
+ rev = "1b32403b9";
+ sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i";
+ };
+ buildInputs = [
+ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
+ docopt
+ LinkHeader
+ aiocoap
+ grequests
+ paramiko
+ python
+ ]))
+ ];
+ installPhase = ''
+ install -m755 -D backend/push_led.py $out/bin/push-led
+ install -m755 -D backend/loop_single.py $out/bin/loop-single
+ # copy the provided file to the package
+ install -m755 -D backend/wd.lst $out/${wdpath}
+ '';
+ };
pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap
+ grequests = pythonPackages.buildPythonPackage rec {
+ pname = "grequests";
+ version = "0.3.1";
+ name = "${pname}-${version}";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "kennethreitz";
+ repo = "grequests";
+ rev = "d1e70eb";
+ sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
+ };
+
+ doCheck = false;
+
+ propagatedBuildInputs = with pythonPackages; [ requests gevent ];
+
+ meta = with lib;{
+ description = "Asynchronous HTTP requests";
+ homepage = https://github.com/kennethreitz/grequests;
+ license = with licenses; [ bsd2 ];
+ maintainers = with maintainers; [ matejc ];
+ };
+ };
+
aiocoap = pythonPackages.buildPythonPackage {
name = "aiocoap-0.3";
src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
@@ -25,32 +73,9 @@ let
description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
};
};
- pkg = pkgs.stdenv.mkDerivation {
- name = "worlddomination-2017-06-10";
- src = pkgs.fetchgit {
- url = "https://github.com/shackspace/worlddomination/";
- rev = "72fc9b5";
- sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf";
- };
- buildInputs = [
- (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
- docopt
- LinkHeader
- aiocoap
- requests
- paramiko
- python
- ]))
- ];
- installPhase = ''
- install -m755 -D backend/push_led.py $out/bin/push-led
- install -m755 -D backend/loop_single.py $out/bin/loop-single
- # copy the provided file to the package
- install -m755 -D backend/wd.lst $out/${wdpath}
- '';
- };
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
+ afrihost = "10.42.25.201"; # africa
timeout = 10; # minutes
in {
systemd.services.worlddomination = {
@@ -64,4 +89,16 @@ in {
PermissionsStartOnly = true;
};
};
+
+ systemd.services.worlddomination-africa = {
+ description = "run worlddomination africa";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "nobody"; # TODO separate user
+ ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}";
+ Restart = "always";
+ PrivateTmp = true;
+ PermissionsStartOnly = true;
+ };
+ };
}
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index a916c1873..a938f8ec9 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,38 +30,6 @@ let
});
in {
hosts = {
- hope = {
- ci = true;
- owner = config.krebs.users.krebs;
- nets = {
- internet = {
- ip4.addr = "45.62.225.18";
- aliases = [
- "hope.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- ip4.addr = "10.243.77.4";
- ip6.addr = "42:0:0:0:0:0:77:4";
- aliases = [
- "hope.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
- uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
- 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
- A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
- fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
- K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
- };
hotdog = {
ci = true;
owner = config.krebs.users.krebs;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0c3e68c39..aa0b43f9a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
ci = true;
+ monitoring = true;
}) {
dishfire = {
cores = 4;
@@ -43,39 +44,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
};
- echelon = {
- cores = 2;
- nets = rec {
- internet = {
- ip4.addr = "64.137.242.41";
- aliases = [
- "echelon.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.206.103";
- ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763";
- aliases = [
- "echelon.r"
- "cgit.echelon.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ
- oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX
- MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f
- 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA
- n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p
- do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
- };
prism = rec {
cores = 4;
extraZones = {
@@ -86,14 +54,18 @@ with import <stockholm/lib>;
"lassul.us" = ''
$TTL 3600
@ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300)
- 60 IN NS ns16.ovh.net.
- 60 IN NS dns16.ovh.net.
- 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN TXT v=spf1 mx a:lassul.us -all
- cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- io 60 IN NS ions.lassul.us.
- ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN NS ns16.ovh.net.
+ 60 IN NS dns16.ovh.net.
+ 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ 60 IN TXT v=spf1 mx a:lassul.us -all
+ 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" )
+ default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB"
+ cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ io 60 IN NS ions.lassul.us.
+ ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
+ lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
'';
};
nets = rec {
@@ -149,6 +121,7 @@ with import <stockholm/lib>;
};
domsen-nas = {
ci = false;
+ monitoring = false;
external = true;
nets = rec {
internet = {
@@ -161,6 +134,7 @@ with import <stockholm/lib>;
};
};
uriel = {
+ monitoring = false;
cores = 1;
nets = {
gg23 = {
@@ -399,10 +373,12 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX";
};
iso = {
+ monitoring = false;
ci = false;
cores = 1;
};
sokrateslaptop = {
+ monitoring = false;
ci = false;
external = true;
nets = {
@@ -426,6 +402,7 @@ with import <stockholm/lib>;
};
};
turingmachine = {
+ monitoring = false;
ci = false;
external = true;
nets = {
@@ -454,6 +431,7 @@ with import <stockholm/lib>;
};
};
eddie = {
+ monitoring = false;
ci = false;
external = true;
nets = rec {
@@ -494,6 +472,7 @@ with import <stockholm/lib>;
};
};
borg = {
+ monitoring = false;
ci = false;
external = true;
nets = {
@@ -521,6 +500,7 @@ with import <stockholm/lib>;
};
};
inspector = {
+ monitoring = false;
ci = false;
external = true;
nets = rec {
@@ -552,6 +532,7 @@ with import <stockholm/lib>;
};
};
dpdkm = {
+ monitoring = false;
ci = false;
external = true;
nets = rec {
@@ -659,6 +640,37 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
};
+ red = {
+ monitoring = false;
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.13";
+ ip6.addr = "42:0:0:0:0:0:0:12ed";
+ aliases = [
+ "red.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN PUBLIC KEY-----
+ MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
+ 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF
+ Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI
+ phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0
+ FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox
+ TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa
+ mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w
+ oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE
+ cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ
+ 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa
+ 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW
+ ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ==
+ -----END PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp";
+ };
};
users = {
lass = {
@@ -686,6 +698,7 @@ with import <stockholm/lib>;
lass-icarus = {
mail = "lass@icarus.r";
pubkey = builtins.readFile ./ssh/icarus.rsa;
+ pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp;
};
lass-xerxes = {
mail = "lass@xerxes.r";
diff --git a/krebs/3modules/lass/pgp/icarus.pgp b/krebs/3modules/lass/pgp/icarus.pgp
new file mode 100644
index 000000000..f41478a09
--- /dev/null
+++ b/krebs/3modules/lass/pgp/icarus.pgp
@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq
+fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f
++gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2
+KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql
+Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd
+N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7
+rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do
+bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m
+8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ
+TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX
+JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB
+tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy
+FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD
+pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD
+AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+
+s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn
+qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV
+88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA
+BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x
+a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq
+tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D
+TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ
+mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3
+w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA
+YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD
+K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y
+cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx
+UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP
+9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq
+8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK
+9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw
+QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB
+84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS
+Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx
+LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI
+ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw
+EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp
+HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL
+f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2
+P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx
+Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk
+cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF
+WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj
+CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4
+bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67
+uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh
+HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA==
+=gJia
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e137da7ca..d7a750c6e 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -539,6 +539,7 @@ with import <stockholm/lib>;
dl.euer IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
+ mon.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix
index d372081ee..00e346f8e 100644
--- a/krebs/3modules/newsbot-js.nix
+++ b/krebs/3modules/newsbot-js.nix
@@ -93,6 +93,7 @@ let
User = "newsbot-js";
Restart = "always";
ExecStart = "${newsbot.package}/bin/newsbot";
+ WatchdogSec = "86400";
};
}
) cfg;
diff --git a/krebs/kops.nix b/krebs/kops.nix
index f544b93d2..abd60ee5a 100644
--- a/krebs/kops.nix
+++ b/krebs/kops.nix
@@ -13,7 +13,7 @@
krebs-source = {
nixpkgs.git = {
- ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3";
+ ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7";
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 08:24:07 +0000