summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hope/config.nix41
-rw-r--r--krebs/1systems/hope/source.nix3
-rw-r--r--krebs/1systems/puyak/config.nix3
-rw-r--r--krebs/2configs/buildbot-all.nix7
-rw-r--r--krebs/2configs/buildbot-krebs.nix5
-rw-r--r--krebs/2configs/go.nix24
-rw-r--r--krebs/2configs/ircd.nix101
-rw-r--r--krebs/2configs/news.nix176
-rw-r--r--krebs/3modules/ci.nix50
-rw-r--r--krebs/3modules/krebs/default.nix40
-rw-r--r--krebs/3modules/lass/default.nix46
-rw-r--r--krebs/3modules/makefu/default.nix30
-rw-r--r--krebs/3modules/mv/default.nix1
-rw-r--r--krebs/3modules/tv/default.nix42
-rw-r--r--krebs/5pkgs/simple/Reaktor/plugins.nix20
-rw-r--r--krebs/5pkgs/simple/dic/default.nix7
-rw-r--r--krebs/5pkgs/simple/populate/default.nix4
-rw-r--r--krebs/source.nix2
18 files changed, 468 insertions, 134 deletions
diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix
new file mode 100644
index 000000000..c19b210c5
--- /dev/null
+++ b/krebs/1systems/hope/config.nix
@@ -0,0 +1,41 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ ip = config.krebs.build.host.nets.internet.ip4.addr;
+ bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
+
+in {
+ imports = [
+ <stockholm/krebs>
+ <stockholm/krebs/2configs>
+ <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix>
+
+ <stockholm/krebs/2configs/secret-passwords.nix>
+ {
+ users.extraUsers = {
+ satan = {
+ name = "satan";
+ uid = 1338;
+ home = "/home/satan";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ initialPassword = "test";
+ };
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.hope;
+
+ networking = let
+ address = config.krebs.build.host.nets.internet.ip4.addr;
+ in {
+ defaultGateway = bestGuessGateway address;
+ interfaces.enp2s1.ip4 = singleton {
+ inherit address;
+ prefixLength = 24;
+ };
+ nameservers = ["8.8.8.8"];
+ };
+}
diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix
new file mode 100644
index 000000000..7121d1d9d
--- /dev/null
+++ b/krebs/1systems/hope/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/krebs/source.nix> {
+ name = "hope";
+}
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index d4a4941ca..31cc024af 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -11,6 +11,9 @@
<stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
+ <stockholm/krebs/2configs/go.nix>
+ <stockholm/krebs/2configs/ircd.nix>
+ <stockholm/krebs/2configs/news.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index acd806d6e..8a647012f 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
imports = [
@@ -7,10 +8,6 @@
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
- krebs.ci.users.krebs.all = true;
- krebs.ci.users.lass.all = true;
- krebs.ci.users.makefu.all = true;
- krebs.ci.users.nin.all = true;
- krebs.ci.users.tv.all = true;
+ krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
}
diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix
index 40ca3c66d..a09b3b98b 100644
--- a/krebs/2configs/buildbot-krebs.nix
+++ b/krebs/2configs/buildbot-krebs.nix
@@ -1,3 +1,4 @@
+with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
imports = [
@@ -7,7 +8,5 @@
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 120;
- krebs.ci.users.krebs.hosts = [
- config.networking.hostName
- ];
+ krebs.ci.hosts = [ config.krebs.build.host ];
}
diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix
new file mode 100644
index 000000000..b75233871
--- /dev/null
+++ b/krebs/2configs/go.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ environment.systemPackages = [
+ pkgs.go-shortener
+ ];
+ krebs.go = {
+ enable = true;
+ };
+ services.nginx = {
+ enable = true;
+ virtualHosts.go = {
+ locations."/".extraConfig = ''
+ proxy_set_header Host go;
+ proxy_pass http://localhost:1337;
+ '';
+ serverAliases = [
+ "go"
+ "go.r"
+ ];
+ };
+ };
+}
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
new file mode 100644
index 000000000..116337733
--- /dev/null
+++ b/krebs/2configs/ircd.nix
@@ -0,0 +1,101 @@
+{ config, pkgs, ... }:
+
+{
+ networking.firewall.allowedTCPPorts = [
+ 6667 6669
+ ];
+
+ services.charybdis = {
+ enable = true;
+ config = ''
+ serverinfo {
+ name = "${config.krebs.build.host.name}.irc.retiolum";
+ sid = "1as";
+ description = "miep!";
+ network_name = "irc.retiolum";
+ hub = yes;
+
+ vhost = "0.0.0.0";
+ vhost6 = "::";
+
+ #ssl_private_key = "etc/ssl.key";
+ #ssl_cert = "etc/ssl.cert";
+ #ssl_dh_params = "etc/dh.pem";
+ #ssld_count = 1;
+
+ default_max_clients = 10000;
+ #nicklen = 30;
+ };
+
+ listen {
+ defer_accept = yes;
+
+ /* If you want to listen on a specific IP only, specify host.
+ * host definitions apply only to the following port line.
+ */
+ host = "0.0.0.0";
+ port = 6667;
+ sslport = 6697;
+
+ /* Listen on IPv6 (if you used host= above). */
+ host = "::";
+ port = 6667;
+ sslport = 9999;
+ };
+
+ class "users" {
+ ping_time = 2 minutes;
+ number_per_ident = 10;
+ number_per_ip = 2048;
+ number_per_ip_global = 4096;
+ cidr_ipv4_bitlen = 24;
+ cidr_ipv6_bitlen = 64;
+ number_per_cidr = 65536;
+ max_number = 3000;
+ sendq = 1 megabyte;
+ };
+
+ exempt {
+ ip = "127.0.0.1";
+ };
+
+ exempt {
+ ip = "10.243.0.0/16";
+ };
+
+ auth {
+ user = "*@*";
+ class = "users";
+ flags = kline_exempt, exceed_limit, flood_exempt;
+ };
+
+ channel {
+ use_invex = yes;
+ use_except = yes;
+ use_forward = yes;
+ use_knock = yes;
+ knock_delay = 5 minutes;
+ knock_delay_channel = 1 minute;
+ max_chans_per_user = 15;
+ max_bans = 100;
+ max_bans_large = 500;
+ default_split_user_count = 0;
+ default_split_server_count = 0;
+ no_create_on_split = no;
+ no_join_on_split = no;
+ burst_topicwho = yes;
+ kick_on_split_riding = no;
+ only_ascii_channels = no;
+ resv_forcepart = yes;
+ channel_target_change = yes;
+ disable_local_channels = no;
+ };
+ general {
+ #maybe we want ident someday?
+ disable_auth = yes;
+ throttle_duration = 1;
+ throttle_count = 1000;
+ };
+ '';
+ };
+}
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
new file mode 100644
index 000000000..d9176c328
--- /dev/null
+++ b/krebs/2configs/news.nix
@@ -0,0 +1,176 @@
+{ config, pkgs, ... }:
+
+let
+in {
+ environment.systemPackages = [
+ pkgs.newsbot-js
+ ];
+ krebs.newsbot-js = {
+ enable = true;
+ ircServer = "localhost";
+ urlShortenerHost = "go";
+ urlShortenerPort = "80";
+ feeds = pkgs.writeText "feeds" ''
+ aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#news
+ allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#news
+ antirez|http://antirez.com/rss|#news
+ arbor|http://feeds2.feedburner.com/asert/|#news
+ archlinux|http://www.archlinux.org/feeds/news/|#news
+ ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
+ augustl|http://augustl.com/atom.xml|#news
+ bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
+ bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#news
+ bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
+ bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
+ bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
+ bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
+ cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
+ carta|http://feeds2.feedburner.com/carta-standard-rss|#news
+ catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
+ cbc_busi|http://rss.cbc.ca/lineup/business.xml|#news
+ cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#news
+ cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#news
+ cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#news
+ cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#news
+ ccc|http://www.ccc.de/rss/updates.rdf|#news
+ chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
+ chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
+ chan_g|https://boards.4chan.org/g/index.rss|#news
+ chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
+ chan_sci|https://boards.4chan.org/sci/index.rss|#news
+ chan_x|https://boards.4chan.org/x/index.rss|#news
+ c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
+ cryptogon|http://www.cryptogon.com/?feed=rss2|#news
+ csm|http://rss.csmonitor.com/feeds/csm|#news
+ csm_world|http://rss.csmonitor.com/feeds/world|#news
+ danisch|http://www.danisch.de/blog/feed/|#news
+ dod|http://www.defense.gov/news/afps2.xml|#news
+ dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#news
+ ecat|http://ecat.com/feed|#news
+ eia_press|http://www.eia.gov/rss/press_rss.xml|#news
+ eia_today|http://www.eia.gov/rss/todayinenergy.xml|#news
+ embargowatch|https://embargowatch.wordpress.com/feed/|#news
+ ethereum-comments|http://blog.ethereum.org/comments/feed|#news
+ ethereum|http://blog.ethereum.org/feed|#news
+ europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#news
+ eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#news
+ exploitdb|http://www.exploit-db.com/rss.xml|#news
+ fars|http://www.farsnews.com/rss.php|#news #test
+ faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#news
+ faz_politik|http://www.faz.net/rss/aktuell/politik/|#news
+ faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#news
+ fbi|https://www.fbi.gov/news/rss.xml|#news
+ fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#news
+ fefe|http://blog.fefe.de/rss.xml|#news
+ forbes|http://www.forbes.com/forbes/feed2/|#news
+ forbes_realtime|http://www.forbes.com/real-time/feed2/|#news
+ fox|http://feeds.foxnews.com/foxnews/latest|#news
+ geheimorganisation|http://geheimorganisation.org/feed/|#news
+ GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#news
+ gmanet|http://www.gmanetwork.com/news/rss/news|#news
+ golem|https://rss.golem.de/rss.php|#news
+ google|http://news.google.com/?output=rss|#news
+ greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
+ guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
+ gulli|http://ticker.gulli.com/rss/|#news
+ hackernews|https://news.ycombinator.com/rss|#news
+ handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
+ heise|https://www.heise.de/newsticker/heise-atom.xml|#news
+ hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
+ hindu|http://www.thehindu.com/?service=rss|#news
+ ign|http://feeds.ign.com/ign/all|#news
+ independent|http://www.independent.com/rss/headlines/|#news
+ indymedia|https://de.indymedia.org/rss.xml|#news
+ info_libera|http://www.informationliberation.com/rss.xml|#news
+ klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#news
+ korea_herald|http://www.koreaherald.com/rss_xml.php|#news
+ linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#news
+ lisp|http://planet.lisp.org/rss20.xml|#news
+ liveleak|http://www.liveleak.com/rss|#news
+ lolmythesis|http://lolmythesis.com/rss|#news
+ LtU|http://lambda-the-ultimate.org/rss.xml|#news
+ lukepalmer|http://lukepalmer.wordpress.com/feed/|#news
+ mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#news
+ mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
+ nds|http://www.nachdenkseiten.de/?feed=atom|#news
+ netzpolitik|https://netzpolitik.org/feed/|#news
+ newsbtc|http://newsbtc.com/feed/|#news #financial
+ nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#news
+ npr_busi|http://www.npr.org/rss/rss.php?id=1006|#news
+ npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#news
+ npr_pol|http://www.npr.org/rss/rss.php?id=1012|#news
+ npr_world|http://www.npr.org/rss/rss.php?id=1004|#news
+ nsa|https://www.nsa.gov/rss.xml|#news #bullerei
+ nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#news
+ painload|https://github.com/krebscode/painload/commits/master.atom|#news
+ phys|http://phys.org/rss-feed/|#news
+ piraten|https://www.piratenpartei.de/feed/|#news
+ polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#news #bullerei
+ presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
+ presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
+ prisonplanet|http://prisonplanet.com/feed.rss|#news
+ rawstory|http://www.rawstory.com/rs/feed/|#news
+ reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
+ reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
+ reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
+ reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
+ reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
+ reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
+ reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
+ reddit_sci|http://www.reddit.com/r/science/.rss|#news
+ reddit_tech|http://www.reddit.com/r/technology/.rss|#news
+ reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
+ reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
+ r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
+ reuters|http://feeds.reuters.com/Reuters/worldNews|#news
+ reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#news
+ rt|http://rt.com/rss/news/|#news
+ schallurauch|http://feeds.feedburner.com/SchallUndRauch|#news
+ sciencemag|http://news.sciencemag.org/rss/current.xml|#news
+ scmp|http://www.scmp.com/rss/91/feed|#news
+ sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
+ shackspace|http://blog.shackspace.de/?feed=rss2|#news
+ shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
+ sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news
+ sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news
+ sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#news
+ sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#news
+ sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#news
+ slashdot|http://rss.slashdot.org/Slashdot/slashdot|#news
+ slate|http://feeds.slate.com/slate|#news
+ spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#news
+ spiegelfechter|http://feeds.feedburner.com/DerSpiegelfechter?format=xml|#news
+ spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#news
+ standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#news
+ stern|http://www.stern.de/feed/standard/all/|#news
+ stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#news
+ sz_politik|http://rss.sueddeutsche.de/rss/Politik|#news
+ sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#news #financial
+ sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#news
+ tagesschau|http://www.tagesschau.de/newsticker.rdf|#news
+ taz|http://taz.de/Themen-des-Tages/!p15;rss/|#news
+ telegraph|http://www.telegraph.co.uk/rss.xml|#news
+ telepolis|http://www.heise.de/tp/rss/news-atom.xml|#news
+ the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#news
+ tigsource|http://www.tigsource.com/feed/|#news
+ tinc|http://tinc-vpn.org/news/index.rss|#news
+ topix_b|http://www.topix.com/rss/wire/de/berlin|#news
+ torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#news
+ torrentfreak|http://feeds.feedburner.com/Torrentfreak|#news
+ torr_news|http://feed.torrentfreak.com/Torrentfreak/|#news
+ travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#news
+ un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#news
+ un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#news
+ un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#news
+ un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#news
+ un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#news
+ un_top|http://www.un.org/apps/news/rss/rss_top.asp|#news
+ us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#news
+ vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
+ weechat|http://dev.weechat.org/feed/atom|#news
+ wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
+ xkcd|https://xkcd.com/rss.xml|#news
+ zdnet|http://www.zdnet.com/news/rss.xml|#news
+ '';
+ };
+}
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index b55827e3a..dab87792e 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -17,30 +17,12 @@ in
default = 10;
description = "how long to wait until we test changes (in minutes)";
};
- users = mkOption {
- type = with types; attrsOf (submodule {
- options = {
- all = mkOption {
- type = bool;
- default = false;
- };
- hosts = mkOption {
- type = listOf str;
- default = [];
- };
- };
- });
- example = {
- lass.all = true;
- krebs = {
- all = true;
- hosts = [
- "test-all-krebs-modules"
- "test-arch"
- ];
- };
- };
- default = {};
+ hosts = mkOption {
+ type = types.listOf types.host;
+ default = [];
+ description = ''
+ List of hosts that should be build
+ '';
};
};
@@ -132,23 +114,9 @@ in
timeout=90001
)
- ${let
- user-hosts = mapAttrs (user: a: let
- managed-hosts = attrNames (filterAttrs (_: h: (h.owner.name == user) && h.managed) config.krebs.hosts);
- defined-hosts = a.hosts;
- in
- defined-hosts ++ (optionals a.all managed-hosts)
- ) cfg.users;
-
- in
- concatStringsSep "\n" (
- (mapAttrsToList (user: hosts:
- concatMapStringsSep "\n" (host:
- "build_host(\"${user}\", \"${host}\")"
- ) hosts
- ) user-hosts)
- )
- }
+ ${concatMapStringsSep "\n" (host:
+ "build_host(\"${host.owner.name}\", \"${host.name}\")"
+ ) cfg.hosts}
bu.append(
util.BuilderConfig(
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 27fbb7088..2fe3e5115 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -30,15 +30,48 @@ let
});
in {
hosts = {
+ hope = {
+ ci = true;
+ owner = config.krebs.users.krebs;
+ nets = {
+ internet = {
+ ip4.addr = "45.62.225.18";
+ aliases = [
+ "hope.i"
+ ];
+ ssh.port = 45621;
+ };
+ retiolum = {
+ ip4.addr = "10.243.77.4";
+ ip6.addr = "42:0:0:0:0:0:77:4";
+ aliases = [
+ "hope.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5
+ uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a
+ 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4
+ A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK
+ fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC
+ K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/";
+ };
hotdog = {
+ ci = true;
owner = config.krebs.users.krebs;
- managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.3";
ip6.addr = "42:0:0:0:0:0:77:3";
aliases = [
"hotdog.r"
+ "build.r"
"build.hotdog.r"
"cgit.hotdog.r"
];
@@ -58,8 +91,8 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
};
puyak = {
+ ci = true;
owner = config.krebs.users.krebs;
- managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.77.2";
@@ -68,6 +101,7 @@ in {
"puyak.r"
"build.puyak.r"
"cgit.puyak.r"
+ "go.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -85,8 +119,8 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
};
wolf = {
+ ci = true;
owner = config.krebs.users.krebs;
- managed = true;
nets = {
shack = {
ip4.addr = "10.42.2.150" ;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4e50ef577..257268af2 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -5,7 +5,7 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: recursiveUpdate {
owner = config.krebs.users.lass;
- managed = true;
+ ci = true;
}) {
dishfire = {
cores = 4;
@@ -43,7 +43,7 @@ with import <stockholm/lib>;
cores = 2;
nets = rec {
internet = {
- ip4.addr = "104.233.79.118";
+ ip4.addr = "45.62.226.163";
aliases = [
"echelon.i"
];
@@ -56,7 +56,6 @@ with import <stockholm/lib>;
aliases = [
"echelon.r"
"cgit.echelon.r"
- "go.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -117,6 +116,8 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
domsen-nas = {
+ ci = false;
+ external = true;
nets = rec {
internet = {
aliases = [
@@ -126,40 +127,6 @@ with import <stockholm/lib>;
ssh.port = 2223;
};
};
- managed = false;
- };
- cloudkrebs = {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "104.167.113.104";
- aliases = [
- "cloudkrebs.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.206.102";
- ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762";
- aliases = [
- "cloudkrebs.r"
- "cgit.cloudkrebs.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
- OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
- QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
- 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
- sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
- TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
};
uriel = {
cores = 1;
@@ -328,10 +295,12 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t";
};
iso = {
+ ci = false;
cores = 1;
- managed = false;
};
sokrateslaptop = {
+ ci = false;
+ external = true;
nets = {
retiolum = {
ip4.addr = "10.243.142.104";
@@ -351,7 +320,6 @@ with import <stockholm/lib>;
'';
};
};
- managed = false;
};
};
users = {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 21ea7e23c..6e0e876b8 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -5,8 +5,8 @@ with import <stockholm/lib>;
{
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) {
drop = rec {
+ ci = true;
cores = 1;
- managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.177.9";
@@ -28,8 +28,8 @@ with import <stockholm/lib>;
};
};
studio = rec {
+ ci = true;
cores = 4;
- managed = true;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqBR5gjJkR1TEIs2yx6JRoIOA7+/LJA6kjju8yCauFa studio";
nets = {
@@ -54,8 +54,8 @@ with import <stockholm/lib>;
};
fileleech = rec {
+ ci = true;
cores = 4;
- managed = true;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
@@ -80,8 +80,8 @@ with import <stockholm/lib>;
};
pnp = {
+ ci = true;
cores = 1;
- managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.0.210";
@@ -104,8 +104,8 @@ with import <stockholm/lib>;
};
};
darth = {
+ ci = true;
cores = 4;
- managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.0.84";
@@ -176,7 +176,7 @@ with import <stockholm/lib>;
};
};
tsp = {
- managed = true;
+ ci = true;
cores = 1;
nets = {
retiolum = {
@@ -204,7 +204,7 @@ with import <stockholm/lib>;
};
};
x = {
- managed = true;
+ ci = true;
cores = 4;
nets = {
retiolum = {
@@ -249,8 +249,8 @@ with import <stockholm/lib>;
};
vbob = {
+ ci = true;
cores = 2;
- managed = true;
nets = {
retiolum = {
ip4.addr = "10.243.1.91";
@@ -312,8 +312,8 @@ with import <stockholm/lib>;
};
};
wry = rec {
+ ci = true;
cores = 1;
- managed = true;
extraZones = {
"krebsco.de" = ''
wry IN A ${nets.internet.ip4.addr}
@@ -357,8 +357,8 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry";
};
filepimp = rec {
+ ci = true;
cores = 1;
- managed = true;
nets = {
lan = {
ip4.addr = "192.168.1.12";
@@ -387,8 +387,8 @@ with import <stockholm/lib>;
};
omo = rec {
+ ci = true;
cores = 2;
- managed = true;
nets = {
lan = {
@@ -421,8 +421,8 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
};
wbob = rec {
+ ci = true;
cores = 4;
- managed = true;
nets = {
siem = {
ip4.addr = "10.8.10.7";
@@ -463,8 +463,8 @@ with import <stockholm/lib>;
};
gum = rec {
+ ci = true;
cores = 2;
- managed = true;
extraZones = {
"krebsco.de" = ''
@@ -526,8 +526,8 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
shoney = rec {
+ ci = true;
cores = 1;
- managed = true;
nets = rec {
siem = {
via = internet;
@@ -575,8 +575,8 @@ with import <stockholm/lib>;
};
};
sdev = rec {
+ ci = true;
cores = 1;
- managed = true;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
nets = {
diff --git a/krebs/3modules/mv/default.nix b/krebs