summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/0tests/data/secrets/syncthing.cert0
-rw-r--r--krebs/0tests/data/secrets/syncthing.key0
-rw-r--r--krebs/1systems/news/config.nix7
-rw-r--r--krebs/1systems/puyak/config.nix6
-rw-r--r--krebs/1systems/puyak/net.nix4
-rw-r--r--krebs/2configs/container-networking.nix7
-rw-r--r--krebs/2configs/ircd.nix1
-rw-r--r--krebs/2configs/news-host.nix1
-rw-r--r--krebs/2configs/news.nix29
-rw-r--r--krebs/2configs/shack/prometheus/alert-rules.nix9
-rw-r--r--krebs/2configs/syncthing.nix4
-rw-r--r--krebs/3modules/external/default.nix1
-rw-r--r--krebs/3modules/external/mic92.nix215
-rw-r--r--krebs/3modules/external/ssh/rtjure.pub1
-rw-r--r--krebs/3modules/go.nix48
-rw-r--r--krebs/3modules/krebs/default.nix2
-rw-r--r--krebs/3modules/lass/default.nix58
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/3modules/realwallpaper.nix9
-rw-r--r--krebs/3modules/sync-containers.nix2
-rw-r--r--krebs/5pkgs/haskell/recht.nix25
-rw-r--r--krebs/5pkgs/simple/nomads-cloud/default.nix3
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix82
-rw-r--r--krebs/5pkgs/simple/realwallpaper/get_constellations.py36
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
26 files changed, 439 insertions, 128 deletions
diff --git a/krebs/0tests/data/secrets/syncthing.cert b/krebs/0tests/data/secrets/syncthing.cert
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/syncthing.cert
diff --git a/krebs/0tests/data/secrets/syncthing.key b/krebs/0tests/data/secrets/syncthing.key
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/syncthing.key
diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix
index 5c4b37aef..79946dad7 100644
--- a/krebs/1systems/news/config.nix
+++ b/krebs/1systems/news/config.nix
@@ -18,13 +18,6 @@
boot.isContainer = true;
networking.useDHCP = false;
krebs.bindfs = {
- "/var/lib/htgen-go" = {
- source = "/var/state/htgen-go";
- options = [
- "-m ${toString config.users.users.htgen-go.uid}"
- ];
- clearTarget = true;
- };
"/var/lib/brockman" = {
source = "/var/state/brockman";
options = [
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 1e0687ba7..2f122f6ff 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -19,6 +19,12 @@
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
+ ## news host
+
+ <stockholm/krebs/2configs/container-networking.nix>
+ <stockholm/krebs/2configs/syncthing.nix>
+ <stockholm/krebs/2configs/news-host.nix>
+
### shackspace ###
# handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix
index 8dab11e16..a46a24952 100644
--- a/krebs/1systems/puyak/net.nix
+++ b/krebs/1systems/puyak/net.nix
@@ -8,8 +8,8 @@ in {
SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}"
'';
networking = {
- firewall.enable = false;
- firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ];
+ firewall.enable = true;
+ firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ];
interfaces."${ext-if}".ipv4.addresses = [
{
address = shack-ip;
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
new file mode 100644
index 000000000..fa4488800
--- /dev/null
+++ b/krebs/2configs/container-networking.nix
@@ -0,0 +1,7 @@
+{ lib, ... }:
+{
+ networking.nat.enable = true;
+ networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.externalInterface = lib.mkDefault "et0";
+ networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+}
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 0de07a027..3ef2e7d2b 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -87,6 +87,7 @@
};
channel {
+ autochanmodes = "+t";
use_invex = yes;
use_except = yes;
use_forward = yes;
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index 82360a670..b7728986f 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,6 +4,7 @@
"shodan"
"mors"
"styx"
+ "puyak"
];
hostIp = "10.233.2.101";
localIp = "10.233.2.102";
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 410beb041..2da3e6fcc 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -15,6 +15,16 @@
serverAliases = [
"news.r"
];
+ locations."/api".extraConfig = ''
+ proxy_pass http://127.0.0.1:7777/;
+ proxy_pass_header Server;
+ '';
+ locations."= /graph.html".extraConfig = ''
+ alias ${pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html";
+ sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w";
+ }};
+ '';
locations."/".extraConfig = ''
root /var/lib/brockman;
index brockman.json;
@@ -27,6 +37,7 @@
};
systemd.tmpfiles.rules = [
"d /var/lib/brockman 1750 brockman nginx -"
+ "d /run/irc-api 1750 brockman nginx -"
];
systemd.services.brockman-graph = {
@@ -67,12 +78,28 @@
shortener = "http://go.r";
controller = {
nick = "brockman";
- channels = [ "#all" ];
+ extraChannels = [ "#all" ];
};
bots = {};
};
};
+ krebs.reaktor2.api = {
+ hostname = "localhost";
+ port = "6667";
+ nick = "api";
+ API.listen = "inet://127.0.0.1:7777";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#all"
+ ];
+ };
+ }
+ ];
+ };
krebs.reaktor2.news = let
name = "candyman";
in {
diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix
index 12c691466..65e5d9005 100644
--- a/krebs/2configs/shack/prometheus/alert-rules.nix
+++ b/krebs/2configs/shack/prometheus/alert-rules.nix
@@ -14,7 +14,14 @@ in {
labels.severity = "warning";
annotations.summary = "{{ $labels.alias }} root disk full";
annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
- annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
+ annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do:
+1. `nix-collect-garbage -d`
+2. clean up the shack share folder in `/home/share`
+3. check `du -hs /var/ | sort -h`.
+4. run `docker system prune`
+5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data
+5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete
+6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` '';
}
{
alert = "RootPartitionFull";
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 31e33ad5e..125e2aea4 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -10,6 +10,10 @@ in {
configDir = "/var/lib/syncthing";
declarative = {
devices = mk_peers used_peers;
+ key = toString <secrets/syncthing.key>;
+ cert = toString <secrets/syncthing.cert>;
};
};
+
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index c8e360a1e..809d5a7db 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -671,6 +671,7 @@ in {
pubkey = ssh-for "raute";
};
rtjure = {
+ pubkey = ssh-for "rtjure";
};
sokratess = {
};
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index 306ab34eb..15136cbce 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -152,30 +152,6 @@ in {
};
};
};
- dpdkm = {
- owner = config.krebs.users.mic92;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.29.173";
- aliases = [ "dpdkm.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj
- NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp
- qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP
- X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn
- f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa
- bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL
- Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T
- B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w
- tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n
- dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls
- mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
herbert = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -199,35 +175,6 @@ in {
};
};
};
- inspector = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet = {
- ip4.addr = "141.76.44.154";
- aliases = [ "inspector.i" ];
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.29.172";
- aliases = [ "inspector.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG
- EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ
- 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF
- m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw
- WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd
- eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03
- OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau
- ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x
- B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG
- q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj
- 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
eddie = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -303,6 +250,82 @@ in {
};
};
};
+ okelmann = {
+ owner = config.krebs.users.mic92;
+ nets.retiolum = {
+ ip4.addr = "10.243.29.190";
+ aliases = [
+ "okelmann.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxquUuiW9a304H9Ls81+2BMm4bviDUU2Zogu0F1mPp6X8TpdjYpDs
+ +tlakSTEPHo+aIdcV9rHpjOC3tirNbYU56D8DdoSo1Ra6XNFbxWrw7usSR9gz7L+
+ kYp1Uij4gKTfg6YQkU0lkufk13if6zvb/GjoBUTS/Tx+8sZm2/JKEK8JLQaCkmMu
+ LAUTsHj35Q8S99TzCLAoQLo136AtvPqcwwHVwkdX+S4WqtlODxfJ7T+9KFxGg54B
+ 1M6btg8iL5sdTFrLIBi7oK6GuLK9izvZ4O9O9H2bStW6LodqPtw2v5WA8li+YJx7
+ LBgLO4aAAA6bF9WFcYyKBh6iCX0WxB7LowIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ anindya = {
+ owner = config.krebs.users.mic92;
+ nets.retiolum = {
+ ip4.addr = "10.243.29.191";
+ aliases = [
+ "anindya.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA8yWr01WlmM4RYuJdxvzvfdN3C5T3DOknWvK7U3y92HYgtQfYtZwu
+ +J8r1fpTsdIS8wKdSEqz7Mjhb1JabJBB1fv/2mkAF4V/gkMbP0jqZ6QQL29kgkNP
+ aI/+zG1yh4kEDgSn843J6XnTsJ/4Na2zmbVP1iIIQYMXyh+meWsBVR6DKV5ighjz
+ 4h3wKbuMmDrS50aTk8ahgWoiqcE2DTUMeprw4SIL+RTepmsCINQtAJui5Ys6AAbK
+ ab6gxMzRH2txLBcTfSrbqTX3qHZHLlB9Ai5FEItWqMBxquD6OCxn8DNU+5LgGpt1
+ Z37SI1U0c4uu1oo7kOSx6wYP2ZVOatys6QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ dimitra = {
+ owner = config.krebs.users.mic92;
+ nets.retiolum = {
+ ip4.addr = "10.243.29.192";
+ aliases = [
+ "dimitra.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAtgvjWP2KIawJDk32P8Uiwz95REACx43CXUIgcBx5qg9ZQrHnJZxH
+ RkXLnWUmjpnEmPUfvg/b8YCyoHgzD6GQEXcWaiMXBQ/nsrSEN4mpY7tzInerzGsv
+ /M66WzPUWSUC9kbncLXt+2A64B23h1ki+MyMyKGIpHq21+F1b6ZHW2rkMnk3BKa4
+ aJKNfadjP4V1lnPd40VBpcA3dlQfGF057GJz+2fzlfh1Bp41r/uP2NHieSAlyBws
+ IaVZPWbfxFyYU8JbrlYUAlLjdXFG1meo5On0K0N8tTBKfnD1nwSqTPAfM7WqOm4A
+ ImYB8LzjmIdXM+QUqbVFTgiY4jBDg61krwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ philipsaendig = {
+ owner = config.krebs.users.mic92;
+ nets.retiolum = {
+ ip4.addr = "10.243.29.193";
+ aliases = [
+ "philipsaendig.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAyWdCrXD0M9CIt0ZgVB6W5ozOvLDoxPmGzLBJUnAZV8f9oqfaIEIX
+ 5TIaxozN3QMEgS0ChaOHTNFiQZjiiwJL/wPx1eFvKfDkkn7ayrRS/pP+bKhcDpKl
+ 4tPejipee9T2ZhYg9tbk291CDBe1fHR5S2F8kPm8OuqwE2Fv9N8wldcsDLxHcTZl
+ +wp4Oe/Wn5WLvZb3SUao17vKnNBLfMMCGC01yRfhZub41NkGYVWBjErsIVxQ+/rF
+ Y7DdCekus+BQCKz+beEmtzG7d0Xwqwkif51HQ05CvwFNEtdUGodd8OrIO+gpIV6S
+ oN+Q5zxsenLo6QRfsLD+nn7A7qbzd57kUwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
martha = {
owner = config.krebs.users.mic92;
nets = rec {
@@ -363,6 +386,80 @@ in {
};
};
};
+ sauron = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ internet = {
+ ip4.addr = "129.215.165.75";
+ aliases = [ "sauron.i" ];
+ };
+ retiolum = {
+ via = internet;
+ addrs = [
+ config.krebs.hosts.sauron.nets.retiolum.ip4.addr
+ config.krebs.hosts.sauron.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.194";
+ aliases = [ "sauron.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ
+ GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1
+ XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E
+ W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf
+ 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG
+ 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ bill = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.bill.nets.retiolum.ip4.addr
+ config.krebs.hosts.bill.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.195";
+ aliases = [ "bill.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzg0wJuDvsbflRKSJ7+ug9y7Gn+BH3CR44fuCPZpWmIcGIUbA6rXj
+ CD8pF5heOvXNCFlEip2wqTkaCJPnUs3x8BRtORmD6OxDdmqt0xH54u7CixKzrPp9
+ GIQydv+ZsGA2z3aDbmBydRPDIvYGhW68FJn10qlGRjCZ5zCl1eVEZ/wMddFXc0B8
+ KDbxh7qOkjXon6EOGACVbnrnUR3F1GsIvCxX0cCDrO0P8XHwwsZiAfUwXYkiqw7t
+ zPcty6Bbr34mSJbb9cFb/qQlfPWT0HVgo+Q65HVkr/64o/9tTyREZcj1dk5PpEPE
+ bt7PGlOF1oPZpVFQh8S+NviHTtqrvkuISQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ nardole = {
+ owner = config.krebs.users.mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.nardole.nets.retiolum.ip4.addr
+ config.krebs.hosts.nardole.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.173";
+ aliases = [ "nardole.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA05JzZLPH4+t2X8TI1nYsv4WCQ/OUmuMy9YbKUIRITE2EVA+x47Cf
+ qdYPucWUpF7ap1rykxHBcPnmORO/NjAymlt25FDyyYQ2uWm17VE7P7jefAUnX7xj
+ 80Rt7aWCXfldQuRAbza35G+Kl50Y6ydkZYkKCbyQ8fMhuzNp6Wn/pAJD3yr+zdka
+ AsIoir9Ut9/9CKayRqGF+zaIf2Lj7nl5GL8bCAVJydU98GjlnXt7iuaWCt0H7NiK
+ FWOjkGhAUlQI9I6l+5ELWClpyk5X+isfbUbYaCCspZJvos+vDE8hJuH5PrH8NuJj
+ fJv8HrHkcGphn/Nn1TotpHBkyMyE5h6akwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
rock = {
owner = config.krebs.users.mic92;
nets = {
@@ -463,12 +560,12 @@ in {
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv
- 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC
- pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r
- NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44
- 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd
- WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB
+ MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39
+ P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o
+ MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg
+ dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h
+ TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K
+ zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
diff --git a/krebs/3modules/external/ssh/rtjure.pub b/krebs/3modules/external/ssh/rtjure.pub
new file mode 100644
index 000000000..4c69e1836
--- /dev/null
+++ b/krebs/3modules/external/ssh/rtjure.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVFTzk646b/XXTFyWoKLw92jLmqC3EwAURtSZkWPxcZv+OPd76cgLl2bKgEHZ1/n4784zqNM85q+pk1NJfaTNB2SMksM5p8yFdCKcrMci0mdIcjp53z0SxUU4EozUnuntfFPnvjMAG5i1ppungkala9svc6x4vHuinHSvGXDJW7YsF5vSbDppGvgji9HKN8iagPhT1gnOf4o5ZqgD9cwS/3cXZx+gcSNnEolhr1WKcglDGeMJKQoNLkfojgLw4ZE4DpNYN5CJ64adZOXun9DrhV2iYgkKurJ9CxJXSP9ULQKKMayDCJBE5XTWxgH6oyOAjurYQoYozI4/yKZXRgrIz97gHgXqh45/q64gNe9XbLXzhz4neOE77L1WYEE+sUYqXIlKwtFQHqYLuU09ZCkiKft9N0A2Lpcm0m7ebpSBd6PH8sF9hrAjtNACReTYritXF7b+LT5Zkxu98BgK36rcOnMkPpMm+svh+MiCCE4jm6HT+O2yikYSnc2q7W6ljjxs= rtjure@nxdc
diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix
index 4df73509c..fea25e036 100644
--- a/krebs/3modules/go.nix
+++ b/krebs/3modules/go.nix
@@ -20,61 +20,41 @@ let
};
imp = {
+ services.redis = {
+ enable = true;
+ };
+
krebs.htgen.go = {
port = cfg.port;
script = ''. ${pkgs.writeDash "go" ''
- find_item() {
- if test ''${#1} -ge 7; then
- set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
- -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
- if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
- echo "$1"
- return 0
- fi
- fi
- return 1
- }
-
- STATEDIR=$HOME
- mkdir -p "$STATEDIR/items"
+ set -x
case "$Method $Request_URI" in
"GET /"*)
- if item=$(find_item "''${Request_URI#/}"); then
- uri=$(cat "$item")
+ if item=$(${pkgs.redis}/bin/redis-cli --raw get "''${Request_URI#/}"); then
printf 'HTTP/1.1 302 Found\r\n'
printf 'Content-Type: text/plain\r\n'
printf 'Connection: closed\r\n'
- printf 'Location: %s\r\n' "$uri"
+ printf 'Location: %s\r\n' "$item"
printf '\r\n'
exit
fi
;;
"POST /")
- uri=$(mktemp -t htgen.$$.content.XXXXXXXX)
- trap 'rm $uri >&2' EXIT
-
- head -c "$req_content_length" \
+ uri=$(head -c "$req_content_length" \
| sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
| xargs -0 echo -e \
| tee /tmp/tee.log \
| ${pkgs.urix}/bin/urix \
| head -1 \
- > "$uri"
- sha256=$(sha256sum -b "$uri" | cut -d\ -f1)
- base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
- item="$STATEDIR/items/$base32"
- ref="http://$req_host/$base32"
+ )
- if ! test -e "$item"; then
- mkdir -v -p "$STATEDIR/items" >&2
- cp -v "$uri" "$item" >&2
- fi
+ sha256=$(echo "$uri" | sha256sum -b | cut -d\ -f1)
+ base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256")
+ base32short=$(echo "$base32" | cut -c48-52)
+ ${pkgs.redis}/bin/redis-cli set "$base32short" "$uri" >/dev/null
- base32short=$(echo "$base32" | cut -b-7)
- if item=$(find_item "$base32short"); then
- ref="http://$req_host/$base32short"
- fi
+ ref="http://$req_host/$base32short"
printf 'HTTP/1.1 200 OK\r\n'
printf 'Content-Type: text/plain; charset=UTF-8\r\n'
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 8c164cfe3..37b939358 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -77,6 +77,7 @@ in {
"wiki.r"
"wiki.hotdog.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc
@@ -177,6 +178,7 @@ in {
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
+ syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
};
wolf = {
ci = true;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 6978c0b4e..d29988be2 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -67,7 +67,9 @@ in {
"cgit.prism.r"
"paste.r"
"p.r"
+ "search.r"
];
+ tinc.port = 655;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje
@@ -126,6 +128,7 @@ in {
aliases = [
"uriel.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzw0pvoEmqeqiZrzSOPH0IT99gr1rrvMZbvabXoU4MAiVgGoGrkmR
@@ -151,6 +154,7 @@ in {
aliases = [
"mors.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAsj1PCibKOfF68gmFQ+wwyfhUWpqKqpznrJX1dZ+daae7l7nBHvsE
@@ -184,6 +188,7 @@ in {
aliases = [
"shodan.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA9bUSItw8rEu2Cm2+3IGHyRxopre9lqpFjZNG2QTnjXkZ97QlDesT
@@ -218,6 +223,7 @@ in {
aliases = [
"icarus.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
@@ -251,6 +257,7 @@ in {
aliases = [
"daedalus.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzlIJfYIoQGXishIQGFNOcaVoeelqy7a731FJ+VfrqeR8WURQ6D+8
@@ -282,6 +289,7 @@ in {
aliases = [
"skynet.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArNpBoTs7MoaZq2edGJLYUjmoLa5ZtXhOFBHjS1KtQ3hMtWkcqpYX
@@ -315,6 +323,7 @@ in {
aliases = [
"littleT.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEA2nPi6ui8nJhEL3lFzDoPelFbEwFWqPnQa0uVxLAhf2WnmT/vximF
@@ -364,6 +373,7 @@ in {
aliases = [
"xerxes.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
@@ -414,6 +424,7 @@ in {
aliases = [
"red.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG
@@ -444,6 +455,7 @@ in {
aliases = [
"yellow.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP
@@ -481,6 +493,7 @@ in {
aliases = [
"blue.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd
@@ -520,6 +533,7 @@ in {
aliases = [
"green.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwpgFxMxWQ0Cp3I82bLWk
@@ -574,6 +588,7 @@ in {
aliases = [
"morpheus.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
@@ -611,6 +626,7 @@ in {
aliases = [
"hilum.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAul1zLdJ76kIqVWjxT2bb
@@ -651,6 +667,7 @@ in {
aliases = [
"styx.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn
@@ -692,6 +709,7 @@ in {
aliases = [
"coaxmetal.r"
];
+ tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
@@ -724,6 +742,46 @@ in {
syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
};
+ echelon = {
+ cores = 1;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.0.3";
+ ip6.addr = r6 "4";
+ aliases = [
+ "echelon.r"