diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/3modules/lass/default.nix | 30 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 93 | ||||
| -rw-r--r-- | krebs/3modules/tinc_graphs.nix | 59 |
3 files changed, 126 insertions, 56 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 65da85ac4..760c2d69d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -91,6 +91,7 @@ with config.krebs.lib; "prism.retiolum" "prism.r" "cgit.prism.retiolum" + "cache.prism.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -107,36 +108,17 @@ with config.krebs.lib; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; - fastpoke = { + domsen-nas = { nets = rec { internet = { - ip4.addr = "193.22.164.36"; aliases = [ - "fastpoke.internet" + "domsen-nas.internet" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.253.152"; - ip6.addr = "42:422a:194f:ff3b:e196:2f82:5cf5:bc00"; - aliases = [ - "fastpoke.retiolum" - "fastpoke.r" - "cgit.fastpoke.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq - DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O - FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ - ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB - EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy - rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB - -----END RSA PUBLIC KEY----- - ''; + ip4.addr = "87.138.180.167"; + ssh.port = 2223; }; }; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b"; + ssh.pubkey = "ssh-dss AAAAB3NzaC1kc3MAAAEBAPH5Hcrc2QzIi7KQLf17N+aUuFfwb7uKxuojzmO3kyb3nMdn3s+rfTCJLWTJeHCeKb6yMpDF1XGXZwVN+omWV8CsA9tivOHYzZws3b0QB/JENjYmhHbNkKijm6EWXSyvsJ2RuFj0PC8+cv77ZFx7VTnrwZk6Excv7v51j+qo5BejLL1ZybISld/n3kQWE+GJqBYJ9zp/25XEl7macH02o58lRhfqygunDlKm4yiq34pfkA7FS4eHNzcXGvmtQlAHeDts1APbKq8OAoYoyCo0gjK9nbAwbfm0yqM51+eIo3H6xLWjSBdMI9guqndNJWps9PpKHa3bvM1xFB3vfoQZ6m8AAAAVAKf8ZCwMgP4ZpqwwNw4vIn1AuLnfAAABAQCVfUrpUWFvf/TXPucJde4CuAmtoMOrjpepAiXK7N9dwGyq/PbVxr4tnJ/RTyNGOFmBroc6/n0MnxR0qmkQPJNtM/Yz+kk+BCgwsyu2uenVOIX/eJFuQPQYiUdktTcgAyChMp99WF4yfKKgv1CDdMkpFi8xgBEN03s1sOKCRNwJ5rlpTNqh9LatuRyzWOIjNd7atkEYIQK92idJgqSmleo+UhJFfoOGjYlRbsnRVbvfqh7GVd7SSydhKhdb2eZjj2J8eMBwHNl1FLtqt02cnFW3FQDdXPbYYakN25z3F3sex/CPuBGJ0HRGq+y/Ynj/m99TPq9vLkzSUQPR4MmQ5feoAAABAG5L9ffMc/8T9dTeF7FEPlS54ka73M+pNY/5ehMykrrS9CVjFmvpeclnxkBpvjt3G5IlvkSsjUEE6kMk7mW9EV+USL0TTU/LavxXD8fLCSiIwResfLDRxjixjxVI1ouZeKNQ6B3tPOWOEIKR5nPlc7iy435nS77/NM3yBFH0KGdepr+3ZmdgWAjDLKjQhNyCz4Joc1IH1Vf5Ccvb6rsaJ91ajiq29iI2ZpLXXIQsS1ZYzO1Gr9xBTNgmzEmeLqFMcxDSJ+rLMF4VDjRdL2zz5BSmv/Ffj2nICMgv/gj3zzuk7zcMpnbvGyA3W8VWb6IjJDvww4rJ21Q2gHBC5XCohJs="; }; cloudkrebs = { cores = 1; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 7d4bef9ad..0b58c75cb 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -48,6 +48,12 @@ with config.krebs.lib; -----END RSA PUBLIC KEY----- ''; }; + siem = { + ip4.addr = "10.8.10.2"; + aliases = [ + "darth.siem" + ]; + }; }; }; tsp = { @@ -98,6 +104,12 @@ with config.krebs.lib; -----END RSA PUBLIC KEY----- ''; }; + siem = { + ip4.addr = "10.8.10.4"; + aliases = [ + "arch.siem" + ]; + }; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; @@ -184,6 +196,8 @@ with config.krebs.lib; internet = { ip4.addr = "104.233.87.86"; aliases = [ + "wry.i" + "paste.i" "wry.internet" "paste.internet" ]; @@ -194,10 +208,10 @@ with config.krebs.lib; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "graphs.wry.retiolum" - "graphs.retiolum" + "graphs.r" "graphs.retiolum" "paste.wry.retiolum" - "paste.retiolum" - "wry.retiolum" + "paste.r" "paste.retiolum" + "wry.r" "wry.retiolum" "wiki.makefu.retiolum" "wiki.wry.retiolum" "blog.makefu.retiolum" @@ -232,15 +246,16 @@ with config.krebs.lib; ip6.addr = "42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"; aliases = [ "filepimp.retiolum" + "filepimp.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY - BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3 - i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7 - 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS - u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa - OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB + MIIBCgKCAQEA43w+A1TMOfugZ/CVwilJn4c36wWSjihaeVe7suZD0DSscKBcbkGg + 3dTCSTnu6Qb9sYd2mKebKXLreO6nhEEoFGsRU0yw/1h8gl7mWYEdTifPfvM5EWwS + wkN9dJ5njwIUSRyWH7QTsLkiRJVFN2UxEwrhAbo1FJ7yuhRgAKqKJSN4yPVViZwR + oHyyobvm/i2J+XSiDI9MRo74vNjnDLvO7R6ErIrhOPP1bD9fx3u+UYUfgS0iCO3X + UN0duBz/faRcl6IRytZOuHaIp30eJ4850ZK8RPz/Dqqj+USMFq60i0oMsuAi/ljB + 8b+eQBt6OXu4MSntxoR8Ja7ht+EOTDnBOwIDAQAB -----END RSA PUBLIC KEY----- ''; }; @@ -339,6 +354,42 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; + shoney = rec { + cores = 1; + nets = { + siem = { + ip4.addr = "10.8.10.1"; + aliases = [ + "sjump.siem" + "graphs.siem" + ]; + }; + internet = { + ip4.addr = "64.137.234.215"; + aliases = [ + "shoney.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.205.131"; + ip6.addr = "42:490d:cd82:d2bb:56d5:abd1:b88b:e8b4"; + aliases = [ + "shoney.retiolum" + "shoney.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAsYXzbotmODJqos+Ilve8WyO2qBti6eMDSOP59Aqb18h8A5b4tCTL + ygDo2xLLzRaINQAxfdaKcdMOWSEkiy1j/pBYs1tfqv4mT6BO+1t8LXz82D+YcT+4 + okGXklZ/H5L+T9cynbpKIwzTrw0DuOUhzs/WRFJU60B4cJ0Tl3IQs5ePX1SevVht + M5n1ob47SCHxEuC+ZLNdLc6KRumcp3Ozk6Yxj3lZ0tqyngxY1C+1kTJwRyw9A7vO + +DAH8t1YusYi7ICHcYt5J1p0ZGizcs8oEnZLBy4D+bJX86g7zbix1lZ37LxDCpQ5 + uCoAYFes7QqLVDYhucZ5ElRWdATM2mBtZwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; # non-stockholm @@ -426,6 +477,28 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; + lariat = rec { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.64.7"; + aliases = [ + "lariat.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAqiDzxADQYY8cWBH+R5aKSoxaFHLvPvVMgB7R1Y6QVTqD5YUCuINX + eBLFV9idHnHzdZU+xo/c8EFQf0hvyP0z3bcXaiw+RlpEYdK6tuaypJ3870toqWmA + 269H8ufA3DA0hxlY7dwnhg8Rb7KGIlNN8fy4RMGe73PupF5aAmiDiEhPalv4E0qJ + unmk5y1OHQFPxYm++yLo5SVFlcO89jDtGpvg5papp8JvtxTkrshby1lXf/sph3Cv + d1z6h7S+HgT+BMwTZY5dIrwYAcob/t1sRmWsY62P1n02RbiJFm27wg0t/ZcfsI2o + yBjRTiK5ACJaIdpM99/902gJsuJASPGB2QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + soundflower = rec { cores = 1; nets = { @@ -568,6 +641,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; + } // { # hosts only maintained in stockholm, not owned by me muhbaasu = rec { cores = 1; nets = { @@ -596,7 +670,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; }; - } // { # hosts only maintained in stockholm, not owned by me tpsw = { cores = 2; owner = config.krebs.users.ciko; # main laptop diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index dec89d249..0f1bae090 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -20,6 +20,18 @@ let default = "${pkgs.geolite-legacy}/share/GeoIP/GeoIPCity.dat"; }; + hostsPath = mkOption { + type = types.str; + description = "Path to Hosts directory"; + default = "${config.krebs.retiolum.hostsPackage}"; + }; + + network = mkOption { + type = types.str; + description = "Tinc Network to use"; + default = "retiolum"; + }; + nginx = { enable = mkEnableOption "enable tinc_graphs to be served with nginx"; @@ -73,10 +85,10 @@ let }; imp = { - environment.systemPackages = [ pkgs.tinc_graphs]; + environment.systemPackages = [ pkgs.tinc_graphs ]; systemd.timers.tinc_graphs = { description = "Build Tinc Graphs via via timer"; - wantedBy = [ "timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = cfg.timerConfig; }; systemd.services.tinc_graphs = { @@ -85,7 +97,8 @@ let EXTERNAL_FOLDER = external_dir; INTERNAL_FOLDER = internal_dir; GEODB = cfg.geodbPath; - TINC_HOSTPATH = config.krebs.retiolum.hostsPackage; + TINC_HOSTPATH = cfg.hostsPath; + TINC_NETWORK = cfg.network; }; restartIfChanged = true; @@ -103,7 +116,7 @@ let cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}" fi ''; - ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; + ExecStart = ''${pkgs.tinc_graphs}/bin/all-the-graphs "${cfg.network}"''; ExecStartPost = pkgs.writeDash "tinc_graphs-post" '' # TODO: this may break if workingDir is set to something stupid @@ -121,24 +134,26 @@ let uid = genid "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; - - krebs.nginx.servers = mkIf cfg.nginx.enable { - tinc_graphs_complete = mkMerge [ cfg.nginx.complete { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${internal_dir}; - '') - ]; - }] ; - tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { - locations = [ - (nameValuePair "/" '' - autoindex on; - root ${external_dir}; - '') - ]; - }]; + krebs.nginx = mkIf cfg.nginx.enable { + enable = mkDefault true; + servers = { + tinc_graphs_complete = mkMerge [ cfg.nginx.complete { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${internal_dir}; + '') + ]; + }] ; + tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous { + locations = [ + (nameValuePair "/" '' + autoindex on; + root ${external_dir}; + '') + ]; + }]; + }; }; }; |