From 18efc15b2a2694dac07f89d33bb1243492358a88 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2023 16:13:42 +0100 Subject: l aergia.r: init --- kartei/lass/aergia.nix | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 kartei/lass/aergia.nix (limited to 'kartei') diff --git a/kartei/lass/aergia.nix b/kartei/lass/aergia.nix new file mode 100644 index 000000000..d186f912c --- /dev/null +++ b/kartei/lass/aergia.nix @@ -0,0 +1,39 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.1"; + ip6.addr = r6 "ae12"; + aliases = [ + "aergia.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAqLtEUExq0qmXbi3aykdoW1WIneePfmm1SnFxCVcEBecJ1z326cNl + EIhYFSzhctwui0vG1dscmNMXHJ0rRQ0QHks1kp/x2MNMlun3Wl8Md9PQrTRGqZOf + ltdlNKzn8QbqcQQa9BYMgnFRzhbzzsSO3q5xqncJJ8qSxxWy/boIR9fO+OI/aUfe + rVLVHj/i5TTAmov5johqQZOyb7ydEbLiTbaaPSo1H/I/as0iv2jaDRdoVBL5/r+q + JvYFfhcdePjpwjRVNohdRwPquyM2ut91e2UyxD5N5eUoQBn+Xr18f6CQlyfJmMrc + /oGL+DScrDzFQ/ezCzks3O02dWAmgJsU6odUyNqtdU2x+0lhSqTRH0IXfdkj5n3k + K5U340/84e8Bn/1BJQoaGpBZJbK8RHdZd/0r+9+aXcI5tm2YAGaPPYzgLUYg06NZ + fMES28iByiCecIPci4vUZ50oOQFGQYaBNA12JC4TRbL/EfLlaax9bRAaUQr7qIXS + OBmKrC8eN9QO53T2d2w8Llk5d1rwq0TE3lyJEFLt7sqrHvlBFJ4fpeC+JqZAObqf + AJlCvFrqDYXBPzuNC2cZQX9QJ4FlGBpOObGg5KtkY0hPUyBO96OMxIDQ2+Jqc7F0 + isAUVvn23h6i3m77jRE1AGFyIC/ReMaCH70/83AJQxRpTkzKcF98xU8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "Jb8RJkm+ufh8o0acM31P2BolEUneYFB4xbtyoLQywLG"; + }; + wiregrill = { + ip6.addr = w6 "ae12"; + aliases = [ + "aergia.w" + ]; + wireguard.pubkey = '' + h2GFkqW1ThHpDiALrLkJEsR5NU1lXHvwk0Kers1vIxg= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAGcqlL5fcxT3iCTlOm5rNPGKZmx1SEDWS71d3Tvbs/"; + syncthing.id = "K5G46ZC-AKEG3WE-MQTG6MB-PC3ZA7O-C2BOKW6-KCXTSEW-RWHKP4B-Q7FCRQ7"; +} -- cgit v1.3.1 From ab06eab6af32e794882687a25746a35a66ef481d Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Jan 2023 16:15:35 +0100 Subject: l ubik.r: init on neoprism.r --- kartei/lass/ubik.nix | 38 ++++++++++++++++++++++++++++++++++++++ lass/1systems/neoprism/config.nix | 1 + lass/1systems/ubik/config.nix | 33 +++++++++++++++++++++++++++++++++ lass/1systems/ubik/physical.nix | 7 +++++++ lass/2configs/ubik-host.nix | 26 ++++++++++++++++++++++++++ 5 files changed, 105 insertions(+) create mode 100644 kartei/lass/ubik.nix create mode 100644 lass/1systems/ubik/config.nix create mode 100644 lass/1systems/ubik/physical.nix create mode 100644 lass/2configs/ubik-host.nix (limited to 'kartei') diff --git a/kartei/lass/ubik.nix b/kartei/lass/ubik.nix new file mode 100644 index 000000000..94a4a8b05 --- /dev/null +++ b/kartei/lass/ubik.nix @@ -0,0 +1,38 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.12"; + ip6.addr = r6 "0b1c"; + aliases = [ + "ubik.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAnWJKDrDmmGZbwVeaBhvOdTR4nsumo1yzOR2Iu+SMTOH6fbgJM5cW + WtlgPhrdOMrBYR956SBiBNkvsdczRrOF7F6hvXyDwwoGdWGsZXzaTMJlNAYjP5Y4 + fbJlDq8/QV/SvVFGeu4XP3g2yuU/aNu/4FkU4jlysX+8wo9qGpIFPLpLvqfuU247 + jHCatNzHfLK60fx7yt57iDhuX2plyFfQVX7xPTxudfGZKD7rEDEnKX4Ghd5dUkOA + z0lr0B1AOrkZgrnajU0ZmkjnNy8lrylCWDOnEPhJdao53gL4XFmUcZaR4uFsWuS7 + V1VM+VivuMTAXRUnJScyLap2mo6dcr9h11kas70c/R7tI2pGmxlNk9t2uYy/jQnC + WmyzNCcqpPSfKikx5sRVAVIuv2wtAKYDuZg+1D4YEfeklA0+ZZlHO43NnRnIoKeO + Za0SNUE6vtd/EPoiifMkOWtHaO0LppgOxMTk8OgUxR6dcTmbuL0Roz3aY0rSW3EG + +li3yjS3YAtMtvhQwuqooVrkBFrcGQLjTnAfCeUHbCjZidGAHnqhESA+Aj+LKx32 + 0ALQY439xAs6Vf3rICs93cO4Yxa8W1F5sHE6ANOGU+jCmSkCWI2hdHGbckD3L0AQ + NBJ+jyXm0kFfVgqRS2i17JPz2ZZxhAHw3KH13Ef1KI4tMdzCvFSayW0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "BcbZOID7dipWNH0/uowqCF7Ivqm4QktMoz11Yv249tG"; + }; + wiregrill = { + ip6.addr = w6 "0b1c"; + aliases = [ + "ubik.w" + ]; + wireguard.pubkey = '' + JakWwg7Rq76jjzLFWPBQJPpzRHbIEbb46VLsSUOKI2I= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHlqW8zqJpjbva0NTty9Ex7R/Jk2emDxHJNpaM3WPt5L"; +} diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 8e5a60c36..dc2702e6a 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -9,6 +9,7 @@ + # other containers diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix new file mode 100644 index 000000000..1d1d32f3f --- /dev/null +++ b/lass/1systems/ubik/config.nix @@ -0,0 +1,33 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.ubik; + + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM"; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nextcloud = { + enable = true; + hostName = "c.apanowicz.de"; + package = pkgs.nextcloud25; + config.adminpassFile = "/run/nextcloud.pw"; + https = true; + }; + systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [ + "+${pkgs.writeDash "copy-pw" '' + ${pkgs.rsync}/bin/rsync \ + --chown nextcloud:nextcloud \ + --chmod 0700 \ + /var/src/secrets/nextcloud.pw /run/nextcloud.pw + ''}" + ]; +} diff --git a/lass/1systems/ubik/physical.nix b/lass/1systems/ubik/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/ubik/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/2configs/ubik-host.nix b/lass/2configs/ubik-host.nix new file mode 100644 index 000000000..874d4ecb8 --- /dev/null +++ b/lass/2configs/ubik-host.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.ubik = { + sshKey = "${toString }/ubik.sync.key"; + }; + containers.ubik.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/ubik/state"; + isReadOnly = false; + }; + containers.ubik.bindMounts."/var/lib/nextcloud/data" = { + hostPath = "/var/ubik"; + isReadOnly = false; + }; + services.nginx.virtualHosts."c.apanowicz.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://ubik.r"; + extraConfig = '' + client_max_body_size 9001M; + ''; + }; + }; +} -- cgit v1.3.1 From bf4a3fe78e4814b9281b7e20d8eae2e0461fed72 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 30 Jan 2023 20:40:25 +0100 Subject: l orange.r: init --- kartei/lass/orange.nix | 38 ++++++++++++++++++++++++++++++++++++++ lass/1systems/orange/config.nix | 21 +++++++++++++++++++++ lass/1systems/orange/physical.nix | 7 +++++++ lass/2configs/orange-host.nix | 15 +++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 kartei/lass/orange.nix create mode 100644 lass/1systems/orange/config.nix create mode 100644 lass/1systems/orange/physical.nix create mode 100644 lass/2configs/orange-host.nix (limited to 'kartei') diff --git a/kartei/lass/orange.nix b/kartei/lass/orange.nix new file mode 100644 index 000000000..7f656c260 --- /dev/null +++ b/kartei/lass/orange.nix @@ -0,0 +1,38 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.15"; + ip6.addr = r6 "012a"; + aliases = [ + "orange.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAlnHedIf4f3/6Wfl5PSSz+7KvdIMkygp5m/U270sdPBh46MqYa8cn + OfPq40LcbWIZqAVex7mP+fK7vq8LTIr+sCKvzY46o3ZLbQQ7cCtQi02GFnSAPhVT + 4XEmPn9dX/nRmI8xQqzh5jRMpgeOKE+xY6QfgkERD9mflkJi5dGYCOVW1UUK7pHR + 7giCrUiLuQbUeIz+G7KOeIRHxU8dwD8it1Jk6KxdM3MW6HwFsuqZu0qjbBPKhTEe + fgzSTDtZEGmcQw5vA/RwjxoRvKYThbK/lLoVJItFAhUCWUJA8bJuIanwzPfOF0JO + xWkxiY3ntvn5ykbvhF6LoHE+kEfcBJzBfRFRSXV5qU5wW1FC4AQylUDrest/qXQh + DY8boUqK/hi/MlC2ciPH+DlBOi5wduWty8F0KqNzjg1IIEOk8H+z9hgBDbdJnYHH + MBjYOZ3MFpoNb2VCJTE7dlIarVdH1OOO2KkzX/GGW7wGQK94iqLHjBcGl15GcGOz + EOivq+783VOtzZGS4jd8D0OcCo725FzhuWi6KR5QTljwrd5C1gGFoAW7RCsUiveZ + 0by9aB+G2DWmSRWZsmPnnbYo6yPvp+WR2yfPu1pKwjyNsmAgTYm4bkwRIvODb6Xk + ShgawP5V8RDp+hUmr27KgJvUJnQbVeJf9SO1pT7IfNOjLwHv26iOo7UCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "dVIOgHjuKLDJ+QB+sDjL9Pk3pXs8wKo+gemGvNG3z1H"; + }; + wiregrill = { + ip6.addr = w6 "012a"; + aliases = [ + "orange.w" + ]; + wireguard.pubkey = '' + NP8zM9+ocwsHhY9Rn6tFqIU1FR8JidqtDs7IKpl3yU8= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnHnTPPwMW1Oy3DBuaT4fG5ryhWmVS9Y8Sw0ezUGuLn"; +} diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix new file mode 100644 index 000000000..3c13ebe85 --- /dev/null +++ b/lass/1systems/orange/config.nix @@ -0,0 +1,21 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.orange; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWzKuXrwQopBc1mzb2VpljmwAs7Y8bRl9a8hBXLC+l"; + }; +} diff --git a/lass/1systems/orange/physical.nix b/lass/1systems/orange/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/orange/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/2configs/orange-host.nix b/lass/2configs/orange-host.nix new file mode 100644 index 000000000..3fbf417a7 --- /dev/null +++ b/lass/2configs/orange-host.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.orange = { + sshKey = "${toString }/orange.sync.key"; + }; + services.nginx.virtualHosts."lassul.us" = { + # enableACME = config.security; + # forceSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://orange.r"; + }; + }; +} -- cgit v1.3.1 From b970b171420253321581241afdd8267f22ce5349 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sun, 22 Jan 2023 19:15:11 +0100 Subject: add warez.r --- kartei/mic92/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'kartei') diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 178cf27a2..75f5b7fc9 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -107,6 +107,7 @@ in { "eve.r" "tts.r" "flood.r" + "warez.r" "navidrome.r" ]; tinc.pubkey = '' -- cgit v1.3.1 From 46ae6fc00c3e1aee5bc5db846ec91e30c430f0f1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 1 Feb 2023 23:27:47 +0100 Subject: filebitch.r: rotate tinc keys --- kartei/krebs/default.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'kartei') diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix index 7419ba13f..414b66e9f 100644 --- a/kartei/krebs/default.nix +++ b/kartei/krebs/default.nix @@ -50,15 +50,20 @@ in { aliases = [ "filebitch.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa - FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX - VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ - 5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU - UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf - eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB + MIICCgKCAgEA8S3eYZB/z1oT8SlSeHXdHVlSZE1Z15KA2Icd/qLnopqIj9qi8rGa + TVptxNPAnI6ohLw3MnFix2fZCizHremrIV5lObSB/hYfqJZq73/Og3zb7GO25cl+ + bb/ApgmTHKjrI0xJPnRxC4Wl0KawEFfX+J3pS0ty9JHN7VNHfPzCnd3NO/LplY+9 + hxsV6Oegt4+X4onv7/5xjd/PYe7CsA3BvKGqtLwznEg/fZdm/e2UJv2U/ddk2MUU + JwDpQ3n4WYSv4ltY6TcTP1CiFHNOzaPV4AxUROimvI8natuTC+Yapv/J5DDowatX + Fo51GXXptTr3lASHNfonWDBTmhkELp3uS48MYO6z/fxLNqS4Un7q845sEN4GQQXL + StdUQEDp7+ycui2zHG7GHfbGqK5qZ1/hVU8sofnlfIGlfgwcMN4NHjhS5GifQGPC + Fuwx5e/r06HI9FaC5BM6muouaFiGWkK2Xb/coSZb7eoXffVIyiX1didrlwCYzI5b + K/KMQRsJu1mhAjUrlxxvtW5Y2yj+kP70Kz9FaPAIlWirMK+EQFCToK63CbCO5X2y + 5Pxkomg/KCeZ9grBSugnI2i6WqYeyOTGHM45VugxhU39mgBxzcIVjDy+UKVh/ILS + 3IYJVNzCFcbDueHp+G56ClCT1HYYPuAieFhawzwAQ7jUN3mhvdOr5fUCAwEAAQ== -----END RSA PUBLIC KEY----- - Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC ''; + tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL"; }; }; ssh.privkey.path = ; -- cgit v1.3.1