From 23476105148afa30e653a7394a2d7262d6e1dcdc Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 17 Jan 2023 13:30:45 -0800 Subject: [PATCH 01/33] Add gssapi-realm to all domains --- domains/sea.fudo.org.nix | 1 + flake.nix | 20 ++++++++++---------- lib.nix | 8 ++++++++ 3 files changed, 19 insertions(+), 10 deletions(-) create mode 100644 lib.nix diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index 212045f..0f75c0a 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -8,6 +8,7 @@ admin-email = "niten@fudo.org"; zone = "sea.fudo.org"; + gssapi-realm = "FUDO.ORG"; ldap-servers = [ "nutboy3" "legatus" ]; diff --git a/flake.nix b/flake.nix index 96a8fe9..7ab0c8a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,19 +1,19 @@ { description = "Fudo Entities"; - inputs = { - fudo-lib.url = "git+https://git.fudo.org/fudo-nix/lib.git"; - }; + inputs = { fudo-lib.url = "git+https://git.fudo.org/fudo-nix/lib.git"; }; outputs = { self, nixpkgs, fudo-lib, ... }: { - nixosModule = { - imports = [ - ./module.nix - ]; + nixosModule = { imports = [ ./module.nix ]; }; + + entities = let helper-lib = fudo-lib.lib { pkgs = nixpkgs; }; + in import ./entities.nix { inherit helper-lib; }; + + lib = import ./lib { + inherit (nixpkgs) lib; + inherit (self) entities; }; - entities = let - helper-lib = fudo-lib.lib { pkgs = nixpkgs; }; - in import ./entities.nix { inherit helper-lib; }; + overlays.default = (final: prev: { lib = prev.lib // (self.lib); }); }; } diff --git a/lib.nix b/lib.nix new file mode 100644 index 0000000..3f982ac --- /dev/null +++ b/lib.nix @@ -0,0 +1,8 @@ +{ lib, entities, ... }: + +let + getHostSite = hostname: entities.hosts."${hostname}".site; + getHostDomain = hostname: entities.domains."${hostname}".domain; + getHostRealm = hostname: (getHostDomain hostname).gssapi-realm; + +in { inherit getHostSite getHostDomain getHostRealm; } From 034dbb40939c4c491d0a2149ac9ebedceae18738 Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 17 Jan 2023 13:40:23 -0800 Subject: [PATCH 02/33] lib is a file, not a dir --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 7ab0c8a..97edf39 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ entities = let helper-lib = fudo-lib.lib { pkgs = nixpkgs; }; in import ./entities.nix { inherit helper-lib; }; - lib = import ./lib { + lib = import ./lib.nix { inherit (nixpkgs) lib; inherit (self) entities; }; From 0377113b44b8c2fd7efce67e82ba1b0b77d29a2c Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 17 Jan 2023 13:42:50 -0800 Subject: [PATCH 03/33] Return actual site/domain, not just the name. --- lib.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib.nix b/lib.nix index 3f982ac..6678add 100644 --- a/lib.nix +++ b/lib.nix @@ -1,8 +1,12 @@ { lib, entities, ... }: let - getHostSite = hostname: entities.hosts."${hostname}".site; - getHostDomain = hostname: entities.domains."${hostname}".domain; + getHostSite = hostname: + let site-name = entities.hosts."${hostname}".site; + in entities.sites."${site-name}"; + getHostDomain = hostname: + let domain-name = entities.hosts."${hostname}".domain; + in entities.domains."${domain-name}"; getHostRealm = hostname: (getHostDomain hostname).gssapi-realm; in { inherit getHostSite getHostDomain getHostRealm; } From fdbbc4c22d15ba6fa581addfe8ce00e21e8fcb14 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 18 Jan 2023 12:54:21 -0800 Subject: [PATCH 04/33] Add KDC to sea.fudo.org (for testing...for now) --- domains/sea.fudo.org.nix | 3 +++ lib.nix | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index 0f75c0a..8d795a3 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -12,6 +12,9 @@ ldap-servers = [ "nutboy3" "legatus" ]; + kerberos-master = "limina"; + kerberos-slaves = [ "nostromo" ]; + prometheus-hosts = [ "limina" ]; grafana-hosts = [ "nostromo" ]; log-aggregator = "nostromo"; diff --git a/lib.nix b/lib.nix index 6678add..50de33c 100644 --- a/lib.nix +++ b/lib.nix @@ -8,5 +8,8 @@ let let domain-name = entities.hosts."${hostname}".domain; in entities.domains."${domain-name}"; getHostRealm = hostname: (getHostDomain hostname).gssapi-realm; + getHostFqdn = hostname: + let hostDomain = entities.hosts."${hostname}".domain; + in "${hostname}.${hostDomain}"; -in { inherit getHostSite getHostDomain getHostRealm; } +in { inherit getHostSite getHostDomain getHostRealm getHostFqdn; } From 2c6e3068e62ef66e995f4e5a6940b7b4c4020209 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 18 Jan 2023 12:59:56 -0800 Subject: [PATCH 05/33] change sea.fudo.org realm too. --- domains/sea.fudo.org.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index 8d795a3..035a5e5 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -8,7 +8,7 @@ admin-email = "niten@fudo.org"; zone = "sea.fudo.org"; - gssapi-realm = "FUDO.ORG"; + gssapi-realm = "SEA.FUDO.ORG"; ldap-servers = [ "nutboy3" "legatus" ]; From ea87bd198be8a8fac6c5a2987a016f092073fa18 Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 22 Jan 2023 17:24:26 -0800 Subject: [PATCH 06/33] Limina keeps running out of space --- domains/sea.fudo.org.nix | 4 ++-- flake.nix | 2 +- sites/seattle.nix | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index 035a5e5..38702c9 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -12,8 +12,8 @@ ldap-servers = [ "nutboy3" "legatus" ]; - kerberos-master = "limina"; - kerberos-slaves = [ "nostromo" ]; + kerberos-master = "nostromo"; + kerberos-slaves = [ "lambda" ]; prometheus-hosts = [ "limina" ]; grafana-hosts = [ "nostromo" ]; diff --git a/flake.nix b/flake.nix index 97edf39..5534086 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,6 @@ inherit (self) entities; }; - overlays.default = (final: prev: { lib = prev.lib // (self.lib); }); + overlays.default = (final: prev: { lib = prev.lib // self.lib; }); }; } diff --git a/sites/seattle.nix b/sites/seattle.nix index f980154..9902a18 100644 --- a/sites/seattle.nix +++ b/sites/seattle.nix @@ -10,4 +10,9 @@ enable-distributed-builds = false; mail-server = "mail.fudo.org"; local-gateway = "limina"; + network-filesystems = { + "/net/documents" = { host = "nostromo"; }; + "/net/downloads" = { host = "nostromo"; }; + "/net/projects" = { host = "nostromo"; }; + }; } From f5f454596960cdf76aff1d50d4feeaf784e73d31 Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 22 Jan 2023 17:37:08 -0800 Subject: [PATCH 07/33] Stop with the nfs stuff for now --- sites/seattle.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sites/seattle.nix b/sites/seattle.nix index 9902a18..f980154 100644 --- a/sites/seattle.nix +++ b/sites/seattle.nix @@ -10,9 +10,4 @@ enable-distributed-builds = false; mail-server = "mail.fudo.org"; local-gateway = "limina"; - network-filesystems = { - "/net/documents" = { host = "nostromo"; }; - "/net/downloads" = { host = "nostromo"; }; - "/net/projects" = { host = "nostromo"; }; - }; } From 9f42cc680701a836a1ff9ead7f82f46d16a1bdad Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 25 Jan 2023 15:11:45 -0800 Subject: [PATCH 08/33] Forget secondary for now --- domains/sea.fudo.org.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index 38702c9..c2673aa 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -13,7 +13,7 @@ ldap-servers = [ "nutboy3" "legatus" ]; kerberos-master = "nostromo"; - kerberos-slaves = [ "lambda" ]; + kerberos-slaves = [ ]; # [ "lambda" ]; prometheus-hosts = [ "limina" ]; grafana-hosts = [ "nostromo" ]; From c8c5c637c8b4c6550bcb9c8669cba0e8f90288aa Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 26 Jan 2023 13:36:10 -0800 Subject: [PATCH 09/33] add getHostIps to lib --- lib.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib.nix b/lib.nix index 50de33c..4b97b67 100644 --- a/lib.nix +++ b/lib.nix @@ -12,4 +12,18 @@ let let hostDomain = entities.hosts."${hostname}".domain; in "${hostname}.${hostDomain}"; -in { inherit getHostSite getHostDomain getHostRealm getHostFqdn; } + getHostNetworkSettings = hostname: + let + hostDomain = entities.hosts."${hostname}".domain; + hostNetwork = entities.zones."${hostDomain}"; + in hostNetwork.hosts."${hostname}"; + + getHostIpv4 = hostname: (getHostNetworkSettings hostname).ipv4-address; + getHostIpv6 = hostname: (getHostNetworkSettings hostname).ipv6-address; + getHostIps = + filter (o: o != null) [ (getHostIpv4 hostname) (getHostIpv6 hostname) ]; + +in { + inherit getHostSite getHostDomain getHostRealm getHostFqdn getHostIpv4 + getHostIpv6 getHostIps; +} From e257da882c033fe16981b8377a9805f217edd776 Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 26 Jan 2023 13:41:09 -0800 Subject: [PATCH 10/33] Need to 'use lib' --- lib.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lib.nix b/lib.nix index 4b97b67..cb43efa 100644 --- a/lib.nix +++ b/lib.nix @@ -1,5 +1,6 @@ { lib, entities, ... }: +with lib; let getHostSite = hostname: let site-name = entities.hosts."${hostname}".site; From d84bd3e17dbc24b43e22bc124e2cae8d04bd3e4d Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 26 Jan 2023 13:42:59 -0800 Subject: [PATCH 11/33] Func needs arg --- lib.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib.nix b/lib.nix index cb43efa..b4b47a4 100644 --- a/lib.nix +++ b/lib.nix @@ -21,7 +21,7 @@ let getHostIpv4 = hostname: (getHostNetworkSettings hostname).ipv4-address; getHostIpv6 = hostname: (getHostNetworkSettings hostname).ipv6-address; - getHostIps = + getHostIps = hostname: filter (o: o != null) [ (getHostIpv4 hostname) (getHostIpv6 hostname) ]; in { From b63ed56dba2d3dc27338715f3a9d29db571797b1 Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 26 Jan 2023 13:47:43 -0800 Subject: [PATCH 12/33] IP addrs may not exist --- lib.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib.nix b/lib.nix index b4b47a4..97a0e48 100644 --- a/lib.nix +++ b/lib.nix @@ -19,8 +19,12 @@ let hostNetwork = entities.zones."${hostDomain}"; in hostNetwork.hosts."${hostname}"; - getHostIpv4 = hostname: (getHostNetworkSettings hostname).ipv4-address; - getHostIpv6 = hostname: (getHostNetworkSettings hostname).ipv6-address; + getIfAttr = as: a: if hasAttr as a then getAttr as a else null; + + getHostIpv4 = hostname: + getIfAttr (getHostNetworkSettings hostname) "ipv4-address"; + getHostIpv6 = hostname: + getIfAttr (getHostNetworkSettings hostname) "ipv6-address"; getHostIps = hostname: filter (o: o != null) [ (getHostIpv4 hostname) (getHostIpv6 hostname) ]; From 1649beae33239f3f062ca3f0169b36d2f2b11b0c Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 26 Jan 2023 14:03:26 -0800 Subject: [PATCH 13/33] Reverse order for hasAttr --- lib.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib.nix b/lib.nix index 97a0e48..d3a7f5f 100644 --- a/lib.nix +++ b/lib.nix @@ -22,9 +22,9 @@ let getIfAttr = as: a: if hasAttr as a then getAttr as a else null; getHostIpv4 = hostname: - getIfAttr (getHostNetworkSettings hostname) "ipv4-address"; + getIfAttr "ipv4-address" (getHostNetworkSettings hostname); getHostIpv6 = hostname: - getIfAttr (getHostNetworkSettings hostname) "ipv6-address"; + getIfAttr "ipv6-address" (getHostNetworkSettings hostname); getHostIps = hostname: filter (o: o != null) [ (getHostIpv4 hostname) (getHostIpv6 hostname) ]; From 42527423edebb17d348d07e73199af6b69356c60 Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 26 Jan 2023 22:21:49 -0800 Subject: [PATCH 14/33] Make lambda the krb 2nd again --- domains/sea.fudo.org.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index c2673aa..38702c9 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -13,7 +13,7 @@ ldap-servers = [ "nutboy3" "legatus" ]; kerberos-master = "nostromo"; - kerberos-slaves = [ ]; # [ "lambda" ]; + kerberos-slaves = [ "lambda" ]; prometheus-hosts = [ "limina" ]; grafana-hosts = [ "nostromo" ]; From 4d8fdf983169c7acd97d67d9c168819581d6b2da Mon Sep 17 00:00:00 2001 From: niten Date: Sat, 4 Feb 2023 20:41:59 -0800 Subject: [PATCH 15/33] Remove newlines from DKIM keys --- zones/fudo.org.nix | 2 +- zones/selby.ca.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/zones/fudo.org.nix b/zones/fudo.org.nix index b5a0750..97f2ecf 100644 --- a/zones/fudo.org.nix +++ b/zones/fudo.org.nix @@ -130,7 +130,7 @@ verbatim-dns-records = [ '' - mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "\n"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwulTvtxhB2UD1aWmey"\n"B63gZyhU2wWl8zhkQYePOpOMY0l2Qew6Dw+neYNTaEUBRtbeoVHhVwI28/kH8HqRte9mQGyQR4JphW7sr4osuD603cdzJMpptYbr2XPRkOxDmY9iBBSNgXjp103TQL8HA/7HlLGUsPWYDxjh94Mbb/KzGfBiVLBc3vUIVXZdnlLJa/xzIZAT1NXnT3hRHyt7on+6x+uIQ2FOTvyQvTfAASwJa012LzqxlZXykGE7WnHkNFDeyCiSepr4LroW9"\n"+Dt+AYKWDu1gvF75jy6enewHse06doJoRkvFq+h1ZIymkFfRacYTK43X2ZOXTMLEOrf5lQIDAQAB" ) ; ----- DKIM key mail for fudo.org'' + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwulTvtxhB2UD1aWmeyB63gZyhU2wWl8zhkQYePOpOMY0l2Qew6Dw+neYNTaEUBRtbeoVHhVwI28/kH8HqRte9mQGyQR4JphW7sr4osuD603cdzJMpptYbr2XPRkOxDmY9iBBSNgXjp103TQL8HA/7HlLGUsPWYDxjh94Mbb/KzGfBiVLBc3vUIVXZdnlLJa/xzIZAT1NXnT3hRHyt7on+6x+uIQ2FOTvyQvTfAASwJa012LzqxlZXykGE7WnHkNFDeyCiSepr4LroW9+Dt+AYKWDu1gvF75jy6enewHse06doJoRkvFq+h1ZIymkFfRacYTK43X2ZOXTMLEOrf5lQIDAQAB" ) ; ----- DKIM key mail for fudo.org'' ]; subdomains = { diff --git a/zones/selby.ca.nix b/zones/selby.ca.nix index fdd0c62..df5504c 100644 --- a/zones/selby.ca.nix +++ b/zones/selby.ca.nix @@ -10,7 +10,8 @@ }; verbatim-dns-records = [ - ''mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "\n"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68IHVXbgnu0rqAvsM3mKT9WmlvYM22COWh5Fzl"\n"FOUguZ3nWCrcZGt8l5G004tDjCwgdCz4e0eUq3VqtPIcGfMd56jK61XAqN7wz"\n"RXTjEjiaGSENjBX+geoUM+DIS84jeZOFtB7Sm1kqMKfkEarygtNTtibqvFzk34vREVhwcgF3bTl5BjhU9D+7lWwt6VBKCUvMFcJPCHuuM/jMkZb+unllsu8LbtbhWT2TcnHhup/7Yfu4Z79RhdxnL8jbwIPbiCLBkOEbN/"\n"624EYHRhtEAPYuQKOjWt1IemQtE6BCxEsHhaSB4W1l1Ji21Q3vDyf0s+LM2ETjT2jxmcYR7G+e10QIDAQAB" ) ; ----- DKIM key mail for selby.ca'' + '' + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68IHVXbgnu0rqAvsM3mKT9WmlvYM22COWh5FzlFOUguZ3nWCrcZGt8l5G004tDjCwgdCz4e0eUq3VqtPIcGfMd56jK61XAqN7wzRXTjEjiaGSENjBX+geoUM+DIS84jeZOFtB7Sm1kqMKfkEarygtNTtibqvFzk34vREVhwcgF3bTl5BjhU9D+7lWwt6VBKCUvMFcJPCHuuM/jMkZb+unllsu8LbtbhWT2TcnHhup/7Yfu4Z79RhdxnL8jbwIPbiCLBkOEbN/624EYHRhtEAPYuQKOjWt1IemQtE6BCxEsHhaSB4W1l1Ji21Q3vDyf0s+LM2ETjT2jxmcYR7G+e10QIDAQAB" ) ; ----- DKIM key mail for selby.ca'' ]; srv-records.tcp = { From 69d5b303e567e5154038707fc6658028c0a0c509 Mon Sep 17 00:00:00 2001 From: niten Date: Sat, 4 Feb 2023 20:46:57 -0800 Subject: [PATCH 16/33] Try breaking it up again --- zones/fudo.org.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zones/fudo.org.nix b/zones/fudo.org.nix index 97f2ecf..3290005 100644 --- a/zones/fudo.org.nix +++ b/zones/fudo.org.nix @@ -130,7 +130,7 @@ verbatim-dns-records = [ '' - mail._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwulTvtxhB2UD1aWmeyB63gZyhU2wWl8zhkQYePOpOMY0l2Qew6Dw+neYNTaEUBRtbeoVHhVwI28/kH8HqRte9mQGyQR4JphW7sr4osuD603cdzJMpptYbr2XPRkOxDmY9iBBSNgXjp103TQL8HA/7HlLGUsPWYDxjh94Mbb/KzGfBiVLBc3vUIVXZdnlLJa/xzIZAT1NXnT3hRHyt7on+6x+uIQ2FOTvyQvTfAASwJa012LzqxlZXykGE7WnHkNFDeyCiSepr4LroW9+Dt+AYKWDu1gvF75jy6enewHse06doJoRkvFq+h1ZIymkFfRacYTK43X2ZOXTMLEOrf5lQIDAQAB" ) ; ----- DKIM key mail for fudo.org'' + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; \n p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwulTvtxhB2UD1aWmey\nB63gZyhU2wWl8zhkQYePOpOMY0l2Qew6Dw+neYNTa\nEUBRtbeoVHhVwI28/kH8HqRte9mQGyQR4JphW7sr4osuD603cdzJMpptYbr2XPRkOxDmY9iBBS\nNgXjp103TQL8HA/7HlLGUsPWYDxjh94Mbb/KzGfBiVLBc3vUIVXZdn\nlLJa/xzIZAT1NXnT3hRHyt7on+6x+uIQ2FOTvyQvTfAASwJa012LzqxlZXykGE7WnHkNFDeyCiSepr4LroW9+Dt+AYKW\nDu1gvF75jy6enewHse06doJoRkvFq+h1ZIymkFfRacYTK43X2ZOXTMLEOrf5lQIDAQAB" ) ; ----- DKIM key mail for fudo.org'' ]; subdomains = { From a9ab640e08bfdb6423f331aeae7fe5949dee00dd Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 5 Feb 2023 07:07:37 -0800 Subject: [PATCH 17/33] Try explicit wrapping instead of \n --- zones/fudo.org.nix | 11 +++++++---- zones/selby.ca.nix | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/zones/fudo.org.nix b/zones/fudo.org.nix index 3290005..6f34b46 100644 --- a/zones/fudo.org.nix +++ b/zones/fudo.org.nix @@ -128,10 +128,13 @@ usashi.ipv4-address = "209.177.109.150"; }; - verbatim-dns-records = [ - '' - mail._domainkey IN TXT ( "v=DKIM1; k=rsa; \n p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwulTvtxhB2UD1aWmey\nB63gZyhU2wWl8zhkQYePOpOMY0l2Qew6Dw+neYNTa\nEUBRtbeoVHhVwI28/kH8HqRte9mQGyQR4JphW7sr4osuD603cdzJMpptYbr2XPRkOxDmY9iBBS\nNgXjp103TQL8HA/7HlLGUsPWYDxjh94Mbb/KzGfBiVLBc3vUIVXZdn\nlLJa/xzIZAT1NXnT3hRHyt7on+6x+uIQ2FOTvyQvTfAASwJa012LzqxlZXykGE7WnHkNFDeyCiSepr4LroW9+Dt+AYKW\nDu1gvF75jy6enewHse06doJoRkvFq+h1ZIymkFfRacYTK43X2ZOXTMLEOrf5lQIDAQAB" ) ; ----- DKIM key mail for fudo.org'' - ]; + verbatim-dns-records = ['' + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwulTvtxhB2UD1aWmeyB63gZyhU2wWl8zhkQYePOpOMY0l2" + "Qew6Dw+neYNTaEUBRtbeoVHhVwI28/kH8HqRte9mQGyQR4JphW7sr4osuD603cdzJMpptYbr2XPRkOxDmY9iBBSNgXjp1" + "03TQL8HA/7HlLGUsPWYDxjh94Mbb/KzGfBiVLBc3vUIVXZdnlLJa/xzIZAT1NXnT3hRHyt7on+6x+uIQ2FOTvyQvTfAAS" + "wJa012LzqxlZXykGE7WnHkNFDeyCiSepr4LroW9+Dt+AYKWDu1gvF75jy6enewHse06doJoRkvFq+h1ZIymkFfRacYTK4" + "3X2ZOXTMLEOrf5lQIDAQAB" ) ; ----- DKIM key mail for fudo.org'']; subdomains = { test = { diff --git a/zones/selby.ca.nix b/zones/selby.ca.nix index df5504c..d768abe 100644 --- a/zones/selby.ca.nix +++ b/zones/selby.ca.nix @@ -9,10 +9,13 @@ webmail = "webmail.fudo.org."; }; - verbatim-dns-records = [ - '' - mail._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68IHVXbgnu0rqAvsM3mKT9WmlvYM22COWh5FzlFOUguZ3nWCrcZGt8l5G004tDjCwgdCz4e0eUq3VqtPIcGfMd56jK61XAqN7wzRXTjEjiaGSENjBX+geoUM+DIS84jeZOFtB7Sm1kqMKfkEarygtNTtibqvFzk34vREVhwcgF3bTl5BjhU9D+7lWwt6VBKCUvMFcJPCHuuM/jMkZb+unllsu8LbtbhWT2TcnHhup/7Yfu4Z79RhdxnL8jbwIPbiCLBkOEbN/624EYHRhtEAPYuQKOjWt1IemQtE6BCxEsHhaSB4W1l1Ji21Q3vDyf0s+LM2ETjT2jxmcYR7G+e10QIDAQAB" ) ; ----- DKIM key mail for selby.ca'' - ]; + verbatim-dns-records = ['' + mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68IHVXbgnu0rqAvsM3mKT9WmlvYM22COWh5FzlFOUguZ3n" + "WCrcZGt8l5G004tDjCwgdCz4e0eUq3VqtPIcGfMd56jK61XAqN7wzRXTjEjiaGSENjBX+geoUM+DIS84jeZOFtB7Sm1k" + "qMKfkEarygtNTtibqvFzk34vREVhwcgF3bTl5BjhU9D+7lWwt6VBKCUvMFcJPCHuuM/jMkZb+unllsu8LbtbhWT2TcnH" + "hup/7Yfu4Z79RhdxnL8jbwIPbiCLBkOEbN/624EYHRhtEAPYuQKOjWt1IemQtE6BCxEsHhaSB4W1l1Ji21Q3vDyf0s+L" + "M2ETjT2jxmcYR7G+e10QIDAQAB" ) ; ----- DKIM key mail for selby.ca'']; srv-records.tcp = { http = [{ From 15b5a7b8717513d80d4c96ef6a44cb6e05a00604 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 1 Mar 2023 10:13:31 -0800 Subject: [PATCH 18/33] Add Nexus domain --- domains/fudo.org.nix | 11 ++++++----- domains/informis.land.nix | 1 + domains/sea.fudo.org.nix | 1 + entities.nix | 3 +-- lib.nix | 6 +++++- nexus/fudo.link.nix | 5 +++++ sites/joes-datacenter-0.nix | 1 + sites/nuttyclub.nix | 1 + sites/portage.nix | 1 + sites/seattle.nix | 1 + sites/worldstream.nix | 1 + 11 files changed, 24 insertions(+), 8 deletions(-) create mode 100644 nexus/fudo.link.nix diff --git a/domains/fudo.org.nix b/domains/fudo.org.nix index 86ded17..1b2dee6 100644 --- a/domains/fudo.org.nix +++ b/domains/fudo.org.nix @@ -24,9 +24,10 @@ postgresql-server = "nutboy3"; log-aggregator = "nutboy3"; chat-server = "legatus"; - backplane = { - nameserver = "legatus"; - dns-service = "nutboy3"; - domain = "fudo.link"; - }; + # backplane = { + # nameserver = "legatus"; + # dns-service = "nutboy3"; + # domain = "fudo.link"; + # }; + nexus.domains = [ "fudo.link" ]; } diff --git a/domains/informis.land.nix b/domains/informis.land.nix index 1e4d8b4..b141baf 100644 --- a/domains/informis.land.nix +++ b/domains/informis.land.nix @@ -21,4 +21,5 @@ dns-service = "nutboy3"; domain = "fudo.link"; }; + nexus.domains = [ "fudo.link" ]; } diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index 38702c9..b95b1a1 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -22,4 +22,5 @@ dns-service = "nutboy3"; domain = "fudo.link"; }; + nexus.domains = [ "fudo.link" ]; } diff --git a/entities.nix b/entities.nix index 78ab754..e9b3c2a 100644 --- a/entities.nix +++ b/entities.nix @@ -1,7 +1,6 @@ { helper-lib, ... }: -let - import-by-basename = helper-lib.fs.import-by-basename; +let import-by-basename = helper-lib.fs.import-by-basename; in { domains = import-by-basename ./domains; hosts = import-by-basename ./hosts; diff --git a/lib.nix b/lib.nix index d3a7f5f..70f0d8d 100644 --- a/lib.nix +++ b/lib.nix @@ -28,7 +28,11 @@ let getHostIps = hostname: filter (o: o != null) [ (getHostIpv4 hostname) (getHostIpv6 hostname) ]; + getDomainPostgresqlServer = hostname: + let domain-name = entities.hosts."${hostname}".domain; + in getHostFqdn entities.domain."${domain-name}".postgresql-server; + in { inherit getHostSite getHostDomain getHostRealm getHostFqdn getHostIpv4 - getHostIpv6 getHostIps; + getHostIpv6 getHostIps getDomainPostgresqlServer; } diff --git a/nexus/fudo.link.nix b/nexus/fudo.link.nix new file mode 100644 index 0000000..4c46957 --- /dev/null +++ b/nexus/fudo.link.nix @@ -0,0 +1,5 @@ +{ + servers = [ "nutboy3" "legatus" ]; + dns-servers = [ "legatus" ]; + gssapi-realm = "FUDO.ORG"; +} diff --git a/sites/joes-datacenter-0.nix b/sites/joes-datacenter-0.nix index 615f7d0..d27c6ac 100644 --- a/sites/joes-datacenter-0.nix +++ b/sites/joes-datacenter-0.nix @@ -8,4 +8,5 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" ]; mail-server = "mail.informis.land"; + nexus.domains = [ "fudo.link" ]; } diff --git a/sites/nuttyclub.nix b/sites/nuttyclub.nix index 8b6490c..cce87fb 100644 --- a/sites/nuttyclub.nix +++ b/sites/nuttyclub.nix @@ -9,4 +9,5 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" ]; mail-server = "mail.fudo.org"; + nexus.domains = [ "fudo.link" ]; } diff --git a/sites/portage.nix b/sites/portage.nix index 79d2207..a379c69 100644 --- a/sites/portage.nix +++ b/sites/portage.nix @@ -9,4 +9,5 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" ]; mail-server = "mail.fudo.org"; + nexus.domains = [ "fudo.link" ]; } diff --git a/sites/seattle.nix b/sites/seattle.nix index f980154..818bab1 100644 --- a/sites/seattle.nix +++ b/sites/seattle.nix @@ -10,4 +10,5 @@ enable-distributed-builds = false; mail-server = "mail.fudo.org"; local-gateway = "limina"; + nexus.domains = [ "fudo.link" ]; } diff --git a/sites/worldstream.nix b/sites/worldstream.nix index edeb3d6..8064ef6 100644 --- a/sites/worldstream.nix +++ b/sites/worldstream.nix @@ -9,4 +9,5 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" ]; mail-server = "mail.fudo.org"; + nexus.domains = [ "fudo.link" ]; } From 93c9f68d63dfeb3733c5b1eef1daebb6a8024b70 Mon Sep 17 00:00:00 2001 From: niten Date: Fri, 3 Mar 2023 12:08:23 -0800 Subject: [PATCH 19/33] Include the nexus domain(s) --- entities.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/entities.nix b/entities.nix index e9b3c2a..f650af7 100644 --- a/entities.nix +++ b/entities.nix @@ -4,6 +4,7 @@ let import-by-basename = helper-lib.fs.import-by-basename; in { domains = import-by-basename ./domains; hosts = import-by-basename ./hosts; + nexus.domains = import-by-basename ./nexus; sites = import-by-basename ./sites; zones = import-by-basename ./zones; } From 3dc70be963de3a55f39ef44334028313da8ae069 Mon Sep 17 00:00:00 2001 From: niten Date: Fri, 3 Mar 2023 16:03:18 -0800 Subject: [PATCH 20/33] domain -> domains --- lib.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib.nix b/lib.nix index 70f0d8d..488ce36 100644 --- a/lib.nix +++ b/lib.nix @@ -30,7 +30,7 @@ let getDomainPostgresqlServer = hostname: let domain-name = entities.hosts."${hostname}".domain; - in getHostFqdn entities.domain."${domain-name}".postgresql-server; + in getHostFqdn entities.domains."${domain-name}".postgresql-server; in { inherit getHostSite getHostDomain getHostRealm getHostFqdn getHostIpv4 From 814d85f3dde9f018fb1264fa868fe192a3e526bf Mon Sep 17 00:00:00 2001 From: niten Date: Fri, 3 Mar 2023 16:06:48 -0800 Subject: [PATCH 21/33] getDomainPostgresqlServer should take a domain --- lib.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib.nix b/lib.nix index 488ce36..5ce67c2 100644 --- a/lib.nix +++ b/lib.nix @@ -28,9 +28,8 @@ let getHostIps = hostname: filter (o: o != null) [ (getHostIpv4 hostname) (getHostIpv6 hostname) ]; - getDomainPostgresqlServer = hostname: - let domain-name = entities.hosts."${hostname}".domain; - in getHostFqdn entities.domains."${domain-name}".postgresql-server; + getDomainPostgresqlServer = domain: + getHostFqdn entities.domains."${domain}".postgresql-server; in { inherit getHostSite getHostDomain getHostRealm getHostFqdn getHostIpv4 From 813570822007cd9d21fb8f982d95f6091f7fdcda Mon Sep 17 00:00:00 2001 From: niten Date: Mon, 6 Mar 2023 17:45:04 -0800 Subject: [PATCH 22/33] Actually, port 53 is free on nutboy --- nexus/fudo.link.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nexus/fudo.link.nix b/nexus/fudo.link.nix index 4c46957..d03030b 100644 --- a/nexus/fudo.link.nix +++ b/nexus/fudo.link.nix @@ -1,5 +1,5 @@ { servers = [ "nutboy3" "legatus" ]; - dns-servers = [ "legatus" ]; + dns-servers = [ "nutboy3" ]; gssapi-realm = "FUDO.ORG"; } From 5bee22176cdfafd2b045fd6cb1be2c5758f0160d Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 7 Mar 2023 08:18:26 -0800 Subject: [PATCH 23/33] Nope, switch back to legatus. --- nexus/fudo.link.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nexus/fudo.link.nix b/nexus/fudo.link.nix index d03030b..4c46957 100644 --- a/nexus/fudo.link.nix +++ b/nexus/fudo.link.nix @@ -1,5 +1,5 @@ { servers = [ "nutboy3" "legatus" ]; - dns-servers = [ "nutboy3" ]; + dns-servers = [ "legatus" ]; gssapi-realm = "FUDO.ORG"; } From 402c8080958a9dfde0020677dd2a648b97da325b Mon Sep 17 00:00:00 2001 From: niten Date: Mon, 20 Mar 2023 13:56:31 -0700 Subject: [PATCH 24/33] Harden wormhole0 --- hosts/wormhole0.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/wormhole0.nix b/hosts/wormhole0.nix index 1d08c31..12121ad 100644 --- a/hosts/wormhole0.nix +++ b/hosts/wormhole0.nix @@ -14,4 +14,5 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGb+mT3UyDIKow36CVQJlJCyJqJfmReWFWAS2ZVpaB6p"; key-path = "/state/master-key/key"; }; + hardened = true; } From c2b6a9c670cbeefbd8bb1541ec82c3a075ef7ac2 Mon Sep 17 00:00:00 2001 From: niten Date: Mon, 20 Mar 2023 15:36:42 -0700 Subject: [PATCH 25/33] Fuckin hprop --- domains/sea.fudo.org.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix index b95b1a1..1c8813f 100644 --- a/domains/sea.fudo.org.nix +++ b/domains/sea.fudo.org.nix @@ -13,7 +13,7 @@ ldap-servers = [ "nutboy3" "legatus" ]; kerberos-master = "nostromo"; - kerberos-slaves = [ "lambda" ]; + # kerberos-slaves = [ "lambda" ]; prometheus-hosts = [ "limina" ]; grafana-hosts = [ "nostromo" ]; From 6938cc6fa11a2d67f891cff9a0277be234332fbb Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 23 Apr 2023 17:29:06 -0700 Subject: [PATCH 26/33] Update MAC addresses for cameras --- zones/sea.fudo.org.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix index 5a3a470..ef7452a 100644 --- a/zones/sea.fudo.org.nix +++ b/zones/sea.fudo.org.nix @@ -77,6 +77,10 @@ in { ipv4-address = "10.0.0.7"; mac-address = "7C:D9:5C:9F:6F:E9"; }; + cam-switch = { + ipv4-address = "10.0.0.8"; + mac-address = "94:18:65:7F:9E:18"; + }; nostromo = { ipv4-address = "10.0.0.10"; mac-address = "02:14:25:55:ee:5a"; @@ -95,15 +99,15 @@ in { cam-entrance = { ipv4-address = "10.0.0.31"; - mac-address = "9c:8e:cd:0e:99:7b"; + mac-address = "9C:8E:CD:3B:A0:F1"; }; cam-driveway = { ipv4-address = "10.0.0.32"; - mac-address = "9c:8e:cd:0d:3b:09"; + mac-address = "9C:8E:CD:3B:A1:70"; }; - cam-deck = { + cam-steps = { ipv4-address = "10.0.0.33"; - mac-address = "9c:8e:cd:0e:98:c8"; + mac-address = "9C:8E:CD:3B:A0:70"; }; cam-patio = { ipv4-address = "10.0.0.34"; From e94e468dcf50e6a1ad647fcfccbd075e329f3099 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 3 May 2023 12:47:18 -0700 Subject: [PATCH 27/33] Add jas & toothless --- hosts/jas.nix | 16 ++++++++++++++++ hosts/toothless.nix | 17 +++++++++++++++++ zones/sea.fudo.org.nix | 8 ++++++++ 3 files changed, 41 insertions(+) create mode 100644 hosts/jas.nix create mode 100644 hosts/toothless.nix diff --git a/hosts/jas.nix b/hosts/jas.nix new file mode 100644 index 0000000..95cd9c3 --- /dev/null +++ b/hosts/jas.nix @@ -0,0 +1,16 @@ +{ + description = "Jasper's gaming desktop."; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = true; + profile = "desktop"; + domain = "sea.fudo.org"; + site = "seattle"; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = ""; + master-key = { + public-key = ""; + key-path = "/state/master-key/key"; + }; +} diff --git a/hosts/toothless.nix b/hosts/toothless.nix new file mode 100644 index 0000000..311729e --- /dev/null +++ b/hosts/toothless.nix @@ -0,0 +1,17 @@ +{ + description = "sea.fudo.org compute server."; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = false; + profile = "server"; + domain = "sea.fudo.org"; + site = "seattle"; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "39ebe622cf40413b950d832105e0bb2e"; + master-key = { + public-key = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQrT/X6qvurQ6GJ450PZaKLyolOVWqMXjRozLq9Gy/O"; + key-path = "/state/master-key/key"; + }; +} diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix index ef7452a..35a5519 100644 --- a/zones/sea.fudo.org.nix +++ b/zones/sea.fudo.org.nix @@ -89,6 +89,10 @@ in { ipv4-address = "10.0.0.11"; mac-address = "02:f5:fe:8c:22:fe"; }; + toothless = { + ipv4-address = "10.0.0.12"; + mac-address = "02:ee:76:17:99:ed"; + }; socrates = { ipv4-address = "10.0.0.20"; mac-address = "02:f2:30:b8:71:42"; @@ -165,6 +169,10 @@ in { ipv4-address = "10.0.0.111"; mac-address = "02:0d:df:2d:46:90"; }; + jas = { + ipv4-address = "10.0.0.112"; + mac-address = "02:e2:5c:60:08:51"; + }; ubiquiti-wifi = { ipv4-address = "10.0.0.126"; mac-address = "04:18:d6:20:48:fb"; From 2f9b763df67c396ed698383ea88c148ea175eef2 Mon Sep 17 00:00:00 2001 From: niten Date: Sat, 6 May 2023 21:49:08 -0700 Subject: [PATCH 28/33] jas -> jazz --- hosts/{jas.nix => jazz.nix} | 2 +- zones/sea.fudo.org.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename hosts/{jas.nix => jazz.nix} (86%) diff --git a/hosts/jas.nix b/hosts/jazz.nix similarity index 86% rename from hosts/jas.nix rename to hosts/jazz.nix index 95cd9c3..3d30e09 100644 --- a/hosts/jas.nix +++ b/hosts/jazz.nix @@ -8,7 +8,7 @@ site = "seattle"; arch = "x86_64-linux"; nixos-system = true; - machine-id = ""; + machine-id = "2f6c424858f5401098f79cee215e3268"; master-key = { public-key = ""; key-path = "/state/master-key/key"; diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix index 35a5519..0c7a1da 100644 --- a/zones/sea.fudo.org.nix +++ b/zones/sea.fudo.org.nix @@ -169,9 +169,9 @@ in { ipv4-address = "10.0.0.111"; mac-address = "02:0d:df:2d:46:90"; }; - jas = { + jazz = { ipv4-address = "10.0.0.112"; - mac-address = "02:e2:5c:60:08:51"; + mac-address = "02:57:9a:a4:10:d3"; }; ubiquiti-wifi = { ipv4-address = "10.0.0.126"; From 038a50f8da3c7737f444710ad896a0bd2875fd9b Mon Sep 17 00:00:00 2001 From: niten Date: Sun, 7 May 2023 08:31:33 -0700 Subject: [PATCH 29/33] Add master public key for jazz --- hosts/jazz.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/jazz.nix b/hosts/jazz.nix index 3d30e09..cfca48b 100644 --- a/hosts/jazz.nix +++ b/hosts/jazz.nix @@ -10,7 +10,8 @@ nixos-system = true; machine-id = "2f6c424858f5401098f79cee215e3268"; master-key = { - public-key = ""; + public-key = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPw2lRIAf7aC5bPO1AALAx9FPEFNJr1Qn5rxB1ahmX8p"; key-path = "/state/master-key/key"; }; } From b631a811933550040c41a44aa6611b1ef54d97e2 Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 11 May 2023 10:12:27 -0700 Subject: [PATCH 30/33] Add aliases for minecraft creative & survival --- zones/sea.fudo.org.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix index 0c7a1da..5928df2 100644 --- a/zones/sea.fudo.org.nix +++ b/zones/sea.fudo.org.nix @@ -11,6 +11,8 @@ in { # kadmin = "nostromo"; # kdc = "nostromo"; minecraft = "nostromo"; + survival = "toothless"; + creative = "nostromo"; music = "doraemon"; #panopticon = "lambda"; #panopticon-od = "lambda"; From 0d65fc63b8e38501d3565ac5a40350bdeb2f8eff Mon Sep 17 00:00:00 2001 From: niten Date: Thu, 11 May 2023 13:44:50 -0700 Subject: [PATCH 31/33] Add chat alias to sea.fudo.org --- zones/sea.fudo.org.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix index 5928df2..bea460c 100644 --- a/zones/sea.fudo.org.nix +++ b/zones/sea.fudo.org.nix @@ -1,6 +1,7 @@ let local-domain = "sea.fudo.org"; in { aliases = { + chat = "nostromo"; deploy = "socrates"; #dns-hole = "limina"; #gateway = "limina"; From 5336a126bda3e2fcbec93bdd9254fa799f4a18eb Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 17 May 2023 09:55:13 -0700 Subject: [PATCH 32/33] Add new SSH deploy key for lambda --- sites/joes-datacenter-0.nix | 1 + sites/nuttyclub.nix | 1 + sites/portage.nix | 1 + sites/seattle.nix | 1 + sites/worldstream.nix | 1 + 5 files changed, 5 insertions(+) diff --git a/sites/joes-datacenter-0.nix b/sites/joes-datacenter-0.nix index d27c6ac..ca7ba6b 100644 --- a/sites/joes-datacenter-0.nix +++ b/sites/joes-datacenter-0.nix @@ -6,6 +6,7 @@ deploy-pubkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ62rYnn1pMY5pgOak4I0Go9VJmiYuK1GOMhVDf94glowiiMx1qzieyNhgBXGXb9Eo7c2TchiGNnQJM8OHPmMwBSUdEJ9+BZLKlY6LMzZlWanr7V9WWZb7hGK42woZiSZBBvzrRJ+Skeo2/6/ZOB6PnUAbl9Z0X3IWvTK8da6GWZlNUfDaTqpeu/9+YvqJpb/xJCr7/LC6Y3yjnKrchhmz1MguN4XOOhhLwcpuhyBIUSnU24RScGAgXBAdJL2IrE6yDmRwmNIVaEPlp/sV5UG8M74r/pBDI+VKsKFOzr3xeEQYMU8+As4ufLEqLW7n1IP2frIXCV+jkErqNONDAhD5+B9mdoTjifF57B48Re7+o/3W/1dXV6qWhEj6vgTinsKLr/QBLkXVggjZUeXZ4wkStEh/ab0K4QnHEfg8F+PHyCBKXyNqCib4GCa7pxvUYXgokZGRMCVRXf4o0UsK7PeAjYRgB79LLKFt4X2xyJLhMhxsTHTfIQRHMAUpfavzo+0=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkbTj6x4GmbqcAhs01wBBz+uP7BHbLgFpeUx18zLy7t" ]; mail-server = "mail.informis.land"; nexus.domains = [ "fudo.link" ]; diff --git a/sites/nuttyclub.nix b/sites/nuttyclub.nix index cce87fb..2981350 100644 --- a/sites/nuttyclub.nix +++ b/sites/nuttyclub.nix @@ -7,6 +7,7 @@ deploy-pubkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ62rYnn1pMY5pgOak4I0Go9VJmiYuK1GOMhVDf94glowiiMx1qzieyNhgBXGXb9Eo7c2TchiGNnQJM8OHPmMwBSUdEJ9+BZLKlY6LMzZlWanr7V9WWZb7hGK42woZiSZBBvzrRJ+Skeo2/6/ZOB6PnUAbl9Z0X3IWvTK8da6GWZlNUfDaTqpeu/9+YvqJpb/xJCr7/LC6Y3yjnKrchhmz1MguN4XOOhhLwcpuhyBIUSnU24RScGAgXBAdJL2IrE6yDmRwmNIVaEPlp/sV5UG8M74r/pBDI+VKsKFOzr3xeEQYMU8+As4ufLEqLW7n1IP2frIXCV+jkErqNONDAhD5+B9mdoTjifF57B48Re7+o/3W/1dXV6qWhEj6vgTinsKLr/QBLkXVggjZUeXZ4wkStEh/ab0K4QnHEfg8F+PHyCBKXyNqCib4GCa7pxvUYXgokZGRMCVRXf4o0UsK7PeAjYRgB79LLKFt4X2xyJLhMhxsTHTfIQRHMAUpfavzo+0=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkbTj6x4GmbqcAhs01wBBz+uP7BHbLgFpeUx18zLy7t" ]; mail-server = "mail.fudo.org"; nexus.domains = [ "fudo.link" ]; diff --git a/sites/portage.nix b/sites/portage.nix index a379c69..4f2825e 100644 --- a/sites/portage.nix +++ b/sites/portage.nix @@ -7,6 +7,7 @@ deploy-pubkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ62rYnn1pMY5pgOak4I0Go9VJmiYuK1GOMhVDf94glowiiMx1qzieyNhgBXGXb9Eo7c2TchiGNnQJM8OHPmMwBSUdEJ9+BZLKlY6LMzZlWanr7V9WWZb7hGK42woZiSZBBvzrRJ+Skeo2/6/ZOB6PnUAbl9Z0X3IWvTK8da6GWZlNUfDaTqpeu/9+YvqJpb/xJCr7/LC6Y3yjnKrchhmz1MguN4XOOhhLwcpuhyBIUSnU24RScGAgXBAdJL2IrE6yDmRwmNIVaEPlp/sV5UG8M74r/pBDI+VKsKFOzr3xeEQYMU8+As4ufLEqLW7n1IP2frIXCV+jkErqNONDAhD5+B9mdoTjifF57B48Re7+o/3W/1dXV6qWhEj6vgTinsKLr/QBLkXVggjZUeXZ4wkStEh/ab0K4QnHEfg8F+PHyCBKXyNqCib4GCa7pxvUYXgokZGRMCVRXf4o0UsK7PeAjYRgB79LLKFt4X2xyJLhMhxsTHTfIQRHMAUpfavzo+0=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkbTj6x4GmbqcAhs01wBBz+uP7BHbLgFpeUx18zLy7t" ]; mail-server = "mail.fudo.org"; nexus.domains = [ "fudo.link" ]; diff --git a/sites/seattle.nix b/sites/seattle.nix index 818bab1..6fc9d5a 100644 --- a/sites/seattle.nix +++ b/sites/seattle.nix @@ -6,6 +6,7 @@ deploy-pubkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ62rYnn1pMY5pgOak4I0Go9VJmiYuK1GOMhVDf94glowiiMx1qzieyNhgBXGXb9Eo7c2TchiGNnQJM8OHPmMwBSUdEJ9+BZLKlY6LMzZlWanr7V9WWZb7hGK42woZiSZBBvzrRJ+Skeo2/6/ZOB6PnUAbl9Z0X3IWvTK8da6GWZlNUfDaTqpeu/9+YvqJpb/xJCr7/LC6Y3yjnKrchhmz1MguN4XOOhhLwcpuhyBIUSnU24RScGAgXBAdJL2IrE6yDmRwmNIVaEPlp/sV5UG8M74r/pBDI+VKsKFOzr3xeEQYMU8+As4ufLEqLW7n1IP2frIXCV+jkErqNONDAhD5+B9mdoTjifF57B48Re7+o/3W/1dXV6qWhEj6vgTinsKLr/QBLkXVggjZUeXZ4wkStEh/ab0K4QnHEfg8F+PHyCBKXyNqCib4GCa7pxvUYXgokZGRMCVRXf4o0UsK7PeAjYRgB79LLKFt4X2xyJLhMhxsTHTfIQRHMAUpfavzo+0=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkbTj6x4GmbqcAhs01wBBz+uP7BHbLgFpeUx18zLy7t" ]; enable-distributed-builds = false; mail-server = "mail.fudo.org"; diff --git a/sites/worldstream.nix b/sites/worldstream.nix index 8064ef6..e701df5 100644 --- a/sites/worldstream.nix +++ b/sites/worldstream.nix @@ -7,6 +7,7 @@ deploy-pubkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZ62rYnn1pMY5pgOak4I0Go9VJmiYuK1GOMhVDf94glowiiMx1qzieyNhgBXGXb9Eo7c2TchiGNnQJM8OHPmMwBSUdEJ9+BZLKlY6LMzZlWanr7V9WWZb7hGK42woZiSZBBvzrRJ+Skeo2/6/ZOB6PnUAbl9Z0X3IWvTK8da6GWZlNUfDaTqpeu/9+YvqJpb/xJCr7/LC6Y3yjnKrchhmz1MguN4XOOhhLwcpuhyBIUSnU24RScGAgXBAdJL2IrE6yDmRwmNIVaEPlp/sV5UG8M74r/pBDI+VKsKFOzr3xeEQYMU8+As4ufLEqLW7n1IP2frIXCV+jkErqNONDAhD5+B9mdoTjifF57B48Re7+o/3W/1dXV6qWhEj6vgTinsKLr/QBLkXVggjZUeXZ4wkStEh/ab0K4QnHEfg8F+PHyCBKXyNqCib4GCa7pxvUYXgokZGRMCVRXf4o0UsK7PeAjYRgB79LLKFt4X2xyJLhMhxsTHTfIQRHMAUpfavzo+0=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkbTj6x4GmbqcAhs01wBBz+uP7BHbLgFpeUx18zLy7t" ]; mail-server = "mail.fudo.org"; nexus.domains = [ "fudo.link" ]; From 45f0457328e0bdf5dbc6c103af0d703d46d9a2b2 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 17 May 2023 10:01:03 -0700 Subject: [PATCH 33/33] Add factorio alias --- zones/sea.fudo.org.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix index bea460c..b1e46b3 100644 --- a/zones/sea.fudo.org.nix +++ b/zones/sea.fudo.org.nix @@ -5,6 +5,7 @@ in { deploy = "socrates"; #dns-hole = "limina"; #gateway = "limina"; + factorio = "toothless"; #hole = "limina"; home = "lambda"; home-assist = "wormhole0";