diff options
Diffstat (limited to 'krebs')
33 files changed, 687 insertions, 263 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index cf72e0d73..916073375 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,8 +12,8 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/reaktor-retiolum.nix> - <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/krebs/2configs/nscd-fix.nix> + <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/repo-sync.nix> ]; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 914b38051..ec8830711 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -161,6 +161,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix new file mode 100644 index 000000000..5dc24f1de --- /dev/null +++ b/krebs/2configs/exim-smarthost.nix @@ -0,0 +1,50 @@ +with import <stockholm/lib>; +{ config, ... }: let + + format = from: to: { + inherit from; + # TODO assert is-retiolum-mail-address to; + to = concatMapStringsSep "," (getAttr "mail") (toList to); + }; + +in { + krebs.exim-smarthost.internet-aliases = + mapAttrsToList format (with config.krebs.users; let + brain-ml = [ + lass + makefu + tv + ]; + eloop-ml = spam-ml ++ [ ciko ]; + spam-ml = [ + lass + makefu + tv + ]; + ciko.mail = "ciko@slash16.net"; + in { + "anmeldung@eloop.org" = eloop-ml; + "brain@krebsco.de" = brain-ml; + "cfp@eloop.org" = eloop-ml; + "kontakt@eloop.org" = eloop-ml; + "root@eloop.org" = eloop-ml; + "youtube@eloop.org" = eloop-ml; + "eloop2016@krebsco.de" = eloop-ml; + "eloop2017@krebsco.de" = eloop-ml; + "postmaster@krebsco.de" = spam-ml; # RFC 822 + "lass@krebsco.de" = lass; + "makefu@krebsco.de" = makefu; + "spam@krebsco.de" = spam-ml; + "tv@krebsco.de" = tv; + # XXX These are no internet aliases + # XXX exim-retiolum hosts should be able to relay to retiolum addresses + "lass@retiolum" = lass; + "makefu@retiolum" = makefu; + "spam@retiolum" = spam-ml; + "tv@retiolum" = tv; + "lass@r" = lass; + "makefu@r" = makefu; + "spam@r" = spam-ml; + "tv@r" = tv; + }); +} diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix new file mode 100644 index 000000000..8e5909e72 --- /dev/null +++ b/krebs/2configs/nscd-fix.nix @@ -0,0 +1,24 @@ +with import <stockholm/lib>; +{ pkgs, ... }: let + + enable = versionOlderThan "19.03"; + + versionOlderThan = v: + compareVersions + (versions.majorMinor version) + (versions.majorMinor v) + == -1; + + warning = '' + Using custom services.nscd.config because + https://github.com/NixOS/nixpkgs/pull/50316 + ''; + +in + optionalAttrs enable (trace warning { + services.nscd.enable = mkForce true; + services.nscd.config = mkForce (readFile (pkgs.fetchurl { + url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; + sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; + })); + }) diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix deleted file mode 100644 index dc2838cae..000000000 --- a/krebs/2configs/reaktor-krebs.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - krebs.Reaktor.krebs = { - nickname = "Reaktor|krebs"; - channels = [ - "#krebs" - "#nixos-wiki" - ]; - extraEnviron = { - REAKTOR_HOST = "irc.freenode.org"; - REAKTOR_NICKSERV_PASSWORD = "/var/lib/Reaktor/reaktor_nickserv_password"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - task-add - task-delete - task-done - task-list - ] ++ - (attrValues (todo "agenda")) - ; - }; - krebs.secret.files.nix-serve-key = { - path = "/var/lib/Reaktor/reaktor_nickserv_password"; - owner.name = "Reaktor"; - source-path = toString <secrets> + "/reaktor_nickserv_password"; - }; -} diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix deleted file mode 100644 index 824f59d09..000000000 --- a/krebs/2configs/reaktor-retiolum.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; - -{ - krebs.Reaktor.retiolum = { - nickname = "Reaktor|lass"; - channels = [ "#noise" "#xxx" ]; - extraEnviron = { - REAKTOR_HOST = "irc.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - task-add - task-delete - task-done - task-list - ] ++ - (attrValues (todo "agenda")) - ; - }; -} diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix new file mode 100644 index 000000000..ff6b539ba --- /dev/null +++ b/krebs/2configs/reaktor2.nix @@ -0,0 +1,152 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: + +let + #for shared state directory + stateDir = config.krebs.reaktor2.r.stateDir; + + generators = pkgs.reaktor2-plugins.generators; + hooks = pkgs.reaktor2-plugins.hooks; + commands = pkgs.reaktor2-plugins.commands; + + task = name: let + rcFile = builtins.toFile "taskrc" '' + confirmation=no + ''; + in { + pattern = "^${name}-([a-z]+)(?::\\s*(.*))?"; + activate = "match"; + command = 1; + arguments = [2]; + env.TASKDATA = "${stateDir}/${name}"; + commands = { + add.filename = pkgs.writeDash "${name}-task-add" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} add "$1" + ''; + list.filename = pkgs.writeDash "${name}-task-list" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} export \ + | ${pkgs.jq}/bin/jq -r ' + .[] | select(.id != 0) | "\(.id) \(.description)" + ' + ''; + delete.filename = pkgs.writeDash "${name}-task-delete" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} delete "$1" + ''; + done.filename = pkgs.writeDash "${name}-task-done" '' + ${pkgs.taskwarrior}/bin/task rc:${rcFile} done "$1" + ''; + }; + }; + + systemPlugin = { + plugin = "system"; + config = { + workdir = stateDir; + hooks.JOIN = [ + { + activate = "always"; + command = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_join"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX env, touch + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.json"; + }; + }; + } + ]; + hooks.PRIVMSG = [ + { + pattern = "^bier bal(ance)*$"; + activate = "match"; + command = { + env = { + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "bier-balance" '' + ${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \ + | ${pkgs.coreutils}/bin/tail +2 \ + | ${pkgs.miller}/bin/mlr --icsv --opprint cat + ''; + }; + } + { + pattern = ''^(\S+)\s+([+-][1-9][0-9]*)\s+(\S+)$''; + activate = "match"; + arguments = [1 2 3]; + command = { + env = { + # TODO; get state as argument + state_file = "${stateDir}/ledger"; + }; + filename = pkgs.writeDash "ledger-add" '' + set -x + tonick=$1 + amt=$2 + unit=$3 + printf '%s\n %s %d %s\n %s %d %s\n' "$(date -Id)" "$tonick" "$amt" "$unit" "$_from" "$(expr 0 - "''${amt#+}")" "$unit" >> $state_file + ''; + }; + } + hooks.sed + (generators.command_hook { + inherit (commands) hello random-emoji nixos-version stockholm-issue; + tell = { + filename = + "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; + env = { + PATH = makeBinPath [ + pkgs.coreutils # XXX date, env + pkgs.jq # XXX sed + pkgs.utillinux # XXX flock + ]; + state_file = "${stateDir}/tell.txt"; + }; + }; + }) + (task "agenda") + ]; + }; + }; + +in { + + krebs.reaktor2 = { + freenode = { + hostname = "irc.freenode.org"; + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + r = { + nick = "reaktor2|krebs"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#noise" + "#xxx" + ]; + }; + } + systemPlugin + ]; + username = "reaktor2"; + }; + }; +} diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix index 2dc466edb..751d233ec 100644 --- a/krebs/2configs/shack/mobile.mpd.nix +++ b/krebs/2configs/shack/mobile.mpd.nix @@ -1,5 +1,8 @@ {lib,pkgs, ... }: let + pkg = lib.overrideDerivation pkgs.ympd (old: { + patches = [ ./ympd-top-next.patch ]; + }); mpdHost = "mpd.shack"; ympd = name: port: let webPort = 10000 + port; @@ -7,7 +10,7 @@ let systemd.services."ympd-${name}" = { description = "mpd for ${name}"; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; + serviceConfig.ExecStart = "${pkg}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; }; services.nginx.virtualHosts."mobile.${name}.mpd.shack" = { serverAliases = [ diff --git a/krebs/2configs/shack/ympd-top-next.patch b/krebs/2configs/shack/ympd-top-next.patch new file mode 100644 index 000000000..fd424f11a --- /dev/null +++ b/krebs/2configs/shack/ympd-top-next.patch @@ -0,0 +1,16 @@ +diff --git a/htdocs/index.html b/htdocs/index.html +index ed77279..eaf92b6 100644 +--- a/htdocs/index.html ++++ b/htdocs/index.html +@@ -76,6 +76,11 @@ + + <div class="col-md-10 col-xs-12"> + <div class="notifications top-right"></div> ++ ++ <ul class="pager"> ++ <li id="prev" class="page-btn hide"><a href="">Previous</a></li> ++ <li id="next" class="page-btn"><a href="">Next</a></li> ++ </ul> + + <div class="panel panel-primary"> + <!-- Default panel contents --> diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 669483f3c..308c6d41d 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -113,10 +113,11 @@ let ''; in nameValuePair "Reaktor-${name}" { path = with pkgs; [ - utillinux #flock for tell_on-join git # for nag + jq # for tell python # for caps - ]; + utillinux # flock for tell + ]; description = "Reaktor IRC Bot"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2e7c61fb5..9303a81fb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -18,14 +18,17 @@ let ./charybdis.nix ./ci.nix ./current.nix + ./dns.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix ./fetchWallpaper.nix ./github-hosts-sync.nix + ./github-known-hosts.nix ./git.nix ./go.nix ./hidden-ssh.nix + ./hosts.nix ./htgen.nix ./iana-etc.nix ./iptables.nix @@ -39,8 +42,10 @@ let ./per-user.nix ./power-action.nix ./Reaktor.nix + ./reaktor2.nix ./realwallpaper.nix ./retiolum-bootstrap.nix + ./retiolum-hosts.nix ./rtorrent.nix ./secret.nix ./setuid.nix @@ -58,28 +63,10 @@ let api = { enable = mkEnableOption "krebs"; - dns = { - providers = mkOption { - type = with types; attrsOf str; - }; - }; - - hosts = mkOption { - type = with types; attrsOf host; - default = {}; - }; - users = mkOption { type = with types; attrsOf user; }; - # XXX is there a better place to define search-domain? - # TODO search-domains :: listOf hostname - search-domain = mkOption { - type = types.hostname; - default = "r"; - }; - sitemap = mkOption { default = {}; type = types.attrsOf types.sitemap.entry; @@ -125,6 +112,8 @@ let w = "hosts"; }; + krebs.dns.search-domain = mkDefault "r"; + krebs.users = { krebs = { home = "/krebs"; @@ -137,93 +126,6 @@ let }; }; - networking.extraHosts = let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in concatStringsSep "\n" (flatten ( - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = longs ++ shorts; - longs = filter check net.aliases; - shorts = let s = ".${cfg.search-domain}"; in - map (removeSuffix s) (filter (hasSuffix s) longs); - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filterAttrs (name: host: host.aliases != []) host.nets) - ) cfg.hosts - )); - - # TODO dedup with networking.extraHosts - nixpkgs.config.packageOverrides = oldpkgs: - let - domains = attrNames (filterAttrs (_: eq "hosts") cfg.dns.providers); - check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - in - { - retiolum-hosts = oldpkgs.writeText "retiolum-hosts" '' - ${concatStringsSep "\n" (flatten ( - map (host: - let - net = host.nets.retiolum; - aliases = longs; - longs = filter check net.aliases; - in - optionals - (aliases != []) - (map (addr: "${addr} ${toString aliases}") net.addrs) - ) (filter (host: hasAttr "retiolum" host.nets) - (attrValues cfg.hosts))))} - ''; - }; - - krebs.exim-smarthost.internet-aliases = let - format = from: to: { - inherit from; - # TODO assert is-retiolum-mail-address to; - to = concatMapStringsSep "," (getAttr "mail") (toList to); - }; - in mapAttrsToList format (with config.krebs.users; let - brain-ml = [ - lass - makefu - tv - ]; - eloop-ml = spam-ml ++ [ ciko ]; - spam-ml = [ - lass - makefu - tv - ]; - ciko.mail = "ciko@slash16.net"; - in { - "anmeldung@eloop.org" = eloop-ml; - "brain@krebsco.de" = brain-ml; - "cfp@eloop.org" = eloop-ml; - "kontakt@eloop.org" = eloop-ml; - "root@eloop.org" = eloop-ml; - "youtube@eloop.org" = eloop-ml; - "eloop2016@krebsco.de" = eloop-ml; - "eloop2017@krebsco.de" = eloop-ml; - "postmaster@krebsco.de" = spam-ml; # RFC 822 - "lass@krebsco.de" = lass; - "makefu@krebsco.de" = makefu; - "spam@krebsco.de" = spam-ml; - "tv@krebsco.de" = tv; - # XXX These are no internet aliases - # XXX exim-retiolum hosts should be able to relay to retiolum addresses - "lass@retiolum" = lass; - "makefu@retiolum" = makefu; - "spam@retiolum" = spam-ml; - "tv@retiolum" = tv; - "lass@r" = lass; - "makefu@r" = makefu; - "spam@r" = spam-ml; - "tv@r" = tv; - }); - services.openssh.hostKeys = let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); @@ -238,31 +140,6 @@ let }; }) // - { - github = { - hostNames = [ - "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob - "192.30.252.*" - "192.30.253.*" - "192.30.254.*" - "192.30.255.*" - "185.199.108.*" - "185.199.109.*" - "185.199.110.*" - "185.199.111.*" - "13.229.188.59" - "13.250.177.223" - "18.194.104.89" - "18.195.85.27" - "35.159.8.160" - "52.74.223.119" - ]; - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - } - // mapAttrs (name: host: { hostNames = @@ -272,8 +149,8 @@ let let longs = net.aliases; shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") + map (removeSuffix ".${cfg.dns.search-domain}") + (filter (hasSuffix ".${cfg.dns.search-domain}") longs); add-port = a: if net.ssh.port != 22 @@ -297,8 +174,8 @@ let (concatMap (host: attrValues host.nets) (mapAttrsToList (_: host: recursiveUpdate host - (optionalAttrs (hasAttr config.krebs.search-domain host.nets) { - nets."" = host.nets.${config.krebs.search-domain} // { + (optionalAttrs (hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { aliases = [host.name]; addrs = []; }; diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix new file mode 100644 index 000000000..b7e2a2cbb --- /dev/null +++ b/krebs/3modules/dns.nix @@ -0,0 +1,12 @@ +with import <stockholm/lib>; +{ + options = { + krebs.dns.providers = mkOption { + type = types.attrsOf types.str; + }; + + krebs.dns.search-domain = mkOption { + type = types.hostname; + }; + }; +} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index baa49dbe0..089113ac6 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -84,8 +84,8 @@ in { nets = rec { internet = { # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; + ip4.addr = "95.216.112.61"; + ip6.addr = "2a01:4f9:2b:1605::1"; aliases = [ "eve.i" ]; }; retiolum = { @@ -141,6 +141,29 @@ in { }; }; }; + idontcare = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.idontcare.nets.retiolum.ip4.addr + config.krebs.hosts.idontcare.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.177"; + aliases = [ "idontcare.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O + qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A + OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An + lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb + O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw + jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; justraute = { owner = config.krebs.users.raute; # laptop nets = { @@ -344,6 +367,30 @@ in { }; }; }; + matchbox = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.176"; + aliases = [ "matchbox.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqwB9pzV889vpMp/am+T0sfm5qO/wAWS/tv0auYK3Zyx3ChxrQX2m + VrxO5a/bjR/g1fi/t2kJIV/6tsVSRHfzKuKHprE2KxeNOmwUuSjjiM4CboASMR+w + nra6U0Ldf5vBxtEj5bj384QxwxxVLhSw8NbE43FCM07swSvAT8Y/ZmGUd738674u + TNC6zM6zwLvN0dxCDLuD5bwUq7y73JNQTm2YXv1Hfw3T8XqJK/Xson2Atv2Y5ZbE + TA0RaH3PoEkhkVeJG/EuUIJhvmunS5bBjFSiOiUZ8oEOSjo9nHUMD0u+x1BZIg/1 + yy5B5iB4YSGPAtjMJhwD/LRIoI8msWpdVCCnA+FlKCKAsgC7JbJgcOUtK9eDFdbO + 4FyzdUJbK+4PDguraPGzIX7p+K3SY8bbyo3SSp5rEb+CEWtFf26oJm7eBhDBT6K4 + Ofmzp0GjFbS8qkqEGCQcfi4cAsXMVCn4AJ6CKs89y19pLZ42fUtWg7WgUZA7GWV/ + bPE2RSBMUkGb0ovgoe7Z7NXsL3AST8EQEy+3lAEyUrPFLiwoeGJZmfTDTy1VBFI4 + nCShp7V+MSmz4DnLK1HLksLVLmGyZmouGsLjYUnEa414EI6NJF3bfEO2ZRGaswyR + /vW066YCTe7wi+YrvrMDgkdbyfn/ecMTn2iXsTb4k9/fuO0+hsqL+isCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; miaoski = { owner = config.krebs.users.miaoski; nets = { @@ -369,7 +416,7 @@ in { pubkey = ssh-for "kmein"; }; Mic92 = { - mail = "joerg@higgsboson.tk"; + mail = "joerg@thalheim.io"; pubkey = ssh-for "Mic92"; }; palo = { diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix new file mode 100644 index 000000000..def06f17a --- /dev/null +++ b/krebs/3modules/github-known-hosts.nix @@ -0,0 +1,40 @@ +{ + services.openssh.knownHosts.github = { + hostNames = [ + "github.com" + # List generated with |