Initial checkin

2021-11-22 06:40:37 -08:00 · 2021-11-22 06:40:37 -08:00 · fcaafb347e
commit fcaafb347e
34 changed files with 1272 additions and 0 deletions
--- a/domains/eur.fudo.org.nix
+++ b/domains/eur.fudo.org.nix
@ -0,0 +1,14 @@
+{
+  local-networks = [
+    "208.81.1.128/28"
+    "208.81.3.112/28"
+    "91.229.23.204/31"
+  ];
+
+  local-users = [ "niten" "reaper" ];
+  local-groups = [ "admin" ];
+  local-admins = [ "niten" "reaper" ];
+  admin-email = "niten@fudo.org";
+  gssapi-realm = "FUDO.ORG";
+  primary-nameserver = "legatus";
+}
--- a/domains/fudo.org.nix
+++ b/domains/fudo.org.nix
@ -0,0 +1,16 @@
+{
+  local-networks = [
+    "208.81.1.128/28"
+    "208.81.3.112/28"
+    "91.229.23.204/31"
+  ];
+
+  local-users = [ "niten" "reaper" ];
+  local-groups = [ "fudo" "selby" "admin" ];
+  local-admins = [ "niten" "reaper" ];
+  admin-email = "admin@fudo.org";
+  gssapi-realm = "FUDO.ORG";
+  kerberos-master = "nutboy3";
+  primary-mailserver = "france";
+  zone = "fudo.org";
+}
--- a/domains/informis.land.nix
+++ b/domains/informis.land.nix
@ -0,0 +1,13 @@
+{
+  local-networks = [
+    "172.86.179.17/29"
+  ];
+
+  local-users = [ "niten" "viator" ];
+  local-groups = [ "admin" "informis" ];
+  local-admins = [ "niten" ];
+  admin-email = "viator@informis.land";
+  gssapi-realm = "INFORMIS.LAND";
+  kerberos-master = "procul";
+  primary-nameserver = "procul";
+}
--- a/domains/rus.selby.ca.nix
+++ b/domains/rus.selby.ca.nix
@ -0,0 +1,19 @@
+{
+  local-networks = [ "10.0.0.0/16" ];
+  local-users = [
+    "niten"
+    "ken"
+    "helen"
+    "xiaoxuan"
+    "laura"
+    "vee"
+    "kris"
+    "jeramy"
+    "jess"
+    "andrew"
+  ];
+  local-groups = [ "fudo" "selby" "admin" ];
+  local-admins = [ "niten" ];
+  admin-email = "niten@fudo.org";
+  gssapi-realm = "RUS.SELBY.CA";
+}
--- a/domains/sea.fudo.org.nix
+++ b/domains/sea.fudo.org.nix
@ -0,0 +1,14 @@
+{
+  local-networks = [
+    "10.0.0.0/16"
+    "208.81.1.128/28"
+    "208.81.3.112/28"
+
+  ];
+
+  local-users = [ "niten" "reaper" "xiaoxuan" "ken" ];
+  local-groups = [ "fudo" "selby" "admin" ];
+  local-admins = [ "niten" ];
+  admin-email = "niten@fudo.org";
+  gssapi-realm = "FUDO.ORG";
+}
--- a/entities.nix
+++ b/entities.nix
@ -0,0 +1,10 @@
+{ fudo-lib, ... }:
+
+let
+  import-by-basename = fudo-lib.fs.import-by-basename;
+in {
+  domains = import-by-basename ./domains;
+  hosts = import-by-basename ./hosts;
+  sites = import-by-basename ./sites;
+  zones = import-by-basename ./zones;
+}
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,53 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1637014545,
+        "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "fudo-helpers": {
+      "locked": {
+        "narHash": "sha256-8MjlZPjPVY1776qollku7+AHsVue/lNVtGPi8ZanO2w=",
+        "path": "/state/fudo-helpers",
+        "type": "path"
+      },
+      "original": {
+        "path": "/state/fudo-helpers",
+        "type": "path"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1637590722,
+        "narHash": "sha256-qijxxjkTJzh5C5zisPPA3xRQa8K//h8svYT9TIiOQX0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2de4d2ce892111cf4178329492d35d034485985c",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "fudo-helpers": "fudo-helpers",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,20 @@
+{
+  description = "Fudo Entities";
+
+  inputs = {
+    fudo-helpers.url = "path:/state/fudo-helpers";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, fudo-helpers, flake-utils, ... }: {
+    nixosModule = {
+      imports = [
+        ./module.nix
+      ];
+    };
+
+    entities = let
+      fudo-lib = fudo-helpers.lib { pkgs = nixpkgs; };
+    in import ./entities.nix { inherit fudo-lib; };
+  };
+}
--- a/hosts/atom.nix
+++ b/hosts/atom.nix
@ -0,0 +1,11 @@
+{
+  description = "Niten's toy laptop.";
+  enable-gui = false;
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "mobile.fudo.org";
+  site = "mobile";
+  profile = "laptop";
+  arch = "x86_64-linux";
+  nixos-system = true;
+}
--- a/hosts/cashew.nix
+++ b/hosts/cashew.nix
@ -0,0 +1,16 @@
+{
+  description = "fudo.org primary dns server.";
+  rp = "reaper";
+  admin-email = "reaper@fudo.org";
+  domain = "fudo.org";
+  site = "nuttyclub-vm";
+  profile = "container";
+  enable-gui = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "e5f456e3183a4dc186181a70bc3af2d1";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5/2uOE13eKUnXboxPYoZxZkS6sw5m0emR684HFr34l";
+    key-path = "/state/master-key/ed25519_key";
+  };
+}
--- a/hosts/clunk.nix
+++ b/hosts/clunk.nix
@ -0,0 +1,19 @@
+{
+  description = "rus.selby.ca gateway box.";
+  docker-server = true;
+  # ssh-fingerprints = [
+  #   "1 1 0e23d2156b1f9fca8552a0105c125aed76e51728"
+  #   "1 2 6d8dfc355102c9870945c6d79c1d19934d29e8b63303260101df51716963b7f5"
+  #   "4 1 c31a6ecaa02210e3ad72a835a072a05f043c2ef4"
+  #   "4 2 296ce1b91ac942a8b91e5c6316ea520d0cec14ac819a04bb262af6d4bdced696"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "rus.selby.ca";
+  site = "russell";
+  profile = "server";
+  # ssh-pubkeys =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB07Jf/NB4OlFSEI/eLJlNLA2sM9cHw1hX43r43nQ7a5";
+  arch = "x86_64-linux";
+  nixos-system = true;
+}
--- a/hosts/downstairs-desktop.nix
+++ b/hosts/downstairs-desktop.nix
@ -0,0 +1,21 @@
+{
+  description = "Downstairs desktop in Russell.";
+  ssh-fingerprints = [
+    "1 1 ce704716ec0c3e330a243648531a10a2c78dd1ff"
+    "1 2 6042bbc9b16122a4b63b1cfb84e179ae65911361e9d88ee3f0cd6659428ba27e"
+    "3 1 de6dda3f72ee7043c804a7ad382033f3565b3b84"
+    "3 2 cb611dd503fa15e913a101be15295f9084fa585b3225b6c1084521bff9b2140b"
+    "4 1 a9a139b92851b3d9df2742a13bfea59c3e6e842e"
+    "4 2 2260bfab177ab1ffb6a855b02b5a1aa719d765610e6a7bc79b09c340ce7c1236"
+  ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "rus.selby.ca";
+  site = "russell";
+  profile = "desktop";
+  # ssh-pubkeys = [
+  #   "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPqyDT/JqTxWZbpOXzy1Sxba2z2hNzt2BqjLspPvJLVc9zks1GMlnKAY5Nb7y7oi+CzeZMU+KAa069wZ/mYvpas="
+  # ];
+  arch = "x86_64-linux";
+  nixos-system = false;
+}
--- a/hosts/france.nix
+++ b/hosts/france.nix
@ -0,0 +1,24 @@
+{
+  description = "Primary fudo.org server.";
+  docker-server = true;
+  rp = "admin";
+  admin-email = "admin@fudo.org";
+  domain = "fudo.org";
+  site = "portage";
+  profile = "server";
+  arch = "x86_64-linux";
+  machine-id = "d33245603a854e48ba90002639e063f8";
+  nixos-system = true;
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQyRAJQpFaBanQKdu3SWCu0mjqSdF7WC1WNdKdQ1edQ";
+    key-path = "/state/master-key/ed25519-key";
+  };
+  initrd-network = {
+    ip = "208.81.3.117";
+    interface = "enp4s0f0";
+    keypair = {
+      public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAooY0j3xhs3PS5vFDXya1ljjo7fFXT98HDICVa3yBl";
+      private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+    };
+  };
+}
--- a/hosts/lambda.nix
+++ b/hosts/lambda.nix
@ -0,0 +1,26 @@
+{
+  description = "sea.fudo.org experiment server.";
+  docker-server = true;
+  # ssh-fingerprints = [
+  #   "1 1 01c67478e2cc7a386a2468adb9d4627a53d69af5"
+  #   "1 2 750bc70f88a6c774077f20603a143b9f07436d9d074af78875850ae4df8971eb"
+  #   "4 1 fdb3da40dc48540a3f5644e360db9225a584f64e"
+  #   "4 2 310115023c1f98ae88ac94eb38dd529352f3036048d72c87e87c0ab53f186438"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  profile = "server";
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB5JY6jnHCRLxjqWKYkK8Xpmfyq2nA+0noPazYGd9a+";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBr+kFxYjFp/BoaKT2SPV7aVTEspY/7bQ5RycElczGg";
+    key-path = "/state/master-key/key";
+  };
+  enable-gui = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "c031cda2e88a4cedb3b22f41f9042646";
+  # initrd-ip = "10.0.5.11";
+}
--- a/hosts/legatus.nix
+++ b/hosts/legatus.nix
@ -0,0 +1,25 @@
+{
+  description = "eur.fudo.org server.";
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "eur.fudo.org";
+  site = "worldstream";
+  profile = "server";
+  tmp-on-tmpfs = false;
+  enable-gui = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "749bbf411088411b8784b76bb44bd617";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsTkxsVViISxZYtqwNs6DEK2XgyBUPhqio4XPQbMKNo";
+    key-path = "/state/master-key/ed25519_key";
+  };
+  # initrd-network = {
+  #   ip = "172.86.179.18";
+  #   interface = "enp0s25";
+  #   keypair = {
+  #     public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgvl/pxPGN5XuUFsEywHV/PJMI+wPHA6NKTtE8SZC04";
+  #     private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+  #   };
+  # };
+}
--- a/hosts/limina.nix
+++ b/hosts/limina.nix
@ -0,0 +1,32 @@
+{
+  description = "Seattle Gateway Server.";
+  # ssh-fingerprints = [
+  #   "1 1 36cbb85f83e84a4052777cf9b3cfb0f7947f3e4e"
+  #   "1 2 041c59238f599f7a3a4ec39151f5bc79fdcf917ec7ef2c400ed19a8d148fbeeb"
+  #   "4 1 07318d35f52203d337d4f457acc6d00ebf0e1aad"
+  #   "4 2 c58ef49cb6e150995ae0bd5dd502a0fc18289caf1438fb0bc9821455c8d1f41f"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  profile = "server";
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqymGZ5dI6ChI1Qx1QfjBo/h0+xFwpRx/wQSDxWQprI";
+  tmp-on-tmpfs = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "0a1d961dbcc04037ab7938f15801c765";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA44EqP6HHjIPBFuxKvi2oZc1sNU+N4pNMtlS89KWuDm";
+    key-path = "/state/master-key/key";
+  };
+  initrd-network = {
+    ip = "10.0.5.1";
+    interface = "enp2s0";
+    keypair = {
+      public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIcnHmIo08UgpNwBLe0RKYipxtznWlxLlKNgzBP/lot";
+      private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+    };
+  };
+}
--- a/hosts/mail-container.nix
+++ b/hosts/mail-container.nix
@ -0,0 +1,11 @@
+{
+  description = "Fudo mailserver container";
+  rp = "admin";
+  admin-email = "admin@fudo.org";
+  domain = "fudo.org";
+  site = "portage";
+  profile = "container";
+  arch = "x86_64-linux";
+  machine-id = "5a907f8cf2644b0ba5a786fd45b758b3";
+  nixos-system = false;
+}
--- a/hosts/nostromo.nix
+++ b/hosts/nostromo.nix
@ -0,0 +1,48 @@
+{
+  description = "sea.fudo.org primary server.";
+  docker-server = true;
+  # ssh-fingerprints = [
+  #   "1 1 075ee0ae86debffa6fd61436984b39e4699c93c6"
+  #   "1 2 17a555b21fe08841c8dfb0d598dc2da117b94bf5a94cbf2c6b391eafd3e2c15e"
+  #   "4 1 ce86eabbe6f015e6422d0f5ef9ae32cc7beb1f42"
+  #   "4 2 44a5741825d43e571f6f9eb91e8c102eea75a4632dd8a9c80668e091a5fdf7f5"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  profile = "server";
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHT8Uf6m8ZrSn4nmPyIO+JWLbgXJGX4jJTk0wfqDzzjb";
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "709076ea18254f8f9097c4e54dde5ab3";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODtNR4b43ZJgyGo9Hc+CmC4+bzgxbsVYI9fhDqjyRSo";
+    key-path = "/state/master-key/key";
+  };
+  # initrd-ip = "10.0.5.10";
+  encrypted-filesystems.sea-store = {
+    encrypted-device = "/dev/nostromo-store/locked";
+    key-path = "/run/keys/sea-store";
+    filesystem-type = "btrfs";
+    options = [ "noatime" "nodiratime" "compress=zstd" "noexec" ];
+    mountpoints = {
+      "/export/documents" = {
+        options = [ "subvol=@documents" ];
+        group = "sea-documents";
+        users = [ "niten" ];
+      };
+      "/export/downloads" = {
+        options = [ "subvol=@downloads" ];
+        group = "sea-downloads";
+        users = [ "niten" ];
+      };
+      "/export/projects" = {
+        options = [ "subvol=@projects" ];
+        group = "sea-projects";
+        users = [ "niten" ];
+      };
+    };
+  };
+}
--- a/hosts/nutboy3.nix
+++ b/hosts/nutboy3.nix
@ -0,0 +1,24 @@
+{
+  description = "fudo.org server.";
+  rp = "reaper";
+  admin-email = "reaper@fudo.org";
+  domain = "fudo.org";
+  site = "nuttyclub";
+  profile = "server";
+  enable-gui = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "d608fb62dc1e493a9a0ebf173ab255b2";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+ERn09oMqk3jpgXVFWMGv7uYz0fRLVtz5BHZtOXfA0";
+    key-path = "/state/master-key/ed25519_key";
+  };
+  initrd-network = {
+    ip = "199.87.154.175";
+    interface = "eno1";
+    keypair = {
+      public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPj/4DezCd6uA2IeSr4Y3hxy3gNhT/GJwA40LHlns5w";
+      private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+    };
+  };
+}
--- a/hosts/plato.nix
+++ b/hosts/plato.nix
@ -0,0 +1,28 @@
+{
+  description = "Niten's toy server.";
+  # ssh-fingerprints = [
+  #   "4 1 9cc052ed00cbfd82c60530ebb3a35c25c0aeace9"
+  #   "4 2 5938044054e9fa6cf3ad8176ef8e81b86eede598c19388220d4b07587f6f1c3c"
+  #   "1 1 eebe1d4a24e0e2dbc46a7cb1107333c06e60d89e"
+  #   "1 2 a96609da442372bd73044d823b4b56bbaa597725c846b4326be76c323bb47ab3"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  profile = "server";
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGuClWAtkOMBOVFAFFdWosCT8NvuJBps46P4RV+Qqz4b";
+  # build-pubkeys = [
+  #   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMPjwpcktL0Rhjc/D3ZmzwkSRqSJX5TGjMXVstpg8nNqQQrj9DxPq7gV4a+1LxMtQGPUv4gYx7De1a5LMVk8u6qJJnaLlt3TB1e1SUCBxxeh5sWIY5BMx8Q0/aRTkyTchyczX6FX0LXM7FP6yvxZVZSn2WHRp7REr8G1PUAwuIGy2a4bKOUSh5Uj4riXFXnROW2mp1vUfe5oH4X5HP3ACCXWRVUFdqDt1ldcrqqi+7/8x2G1eOHJcQ7B5FdL3uuq0nBrUzFQTt6KCHy0C2Jc3DFwOS1+ZdGKZpao+/arh/fH+LQfMUePx/AQOkYrJwvuRwbxg8XmlZ89u2gyDuqapzjBmsu+wyd5pF2QglyTRZW9Ijy1NTuzduPm6wgqN0Q09evFJvM9ZjShcIY3xTcCGDxpwTeYgMVXMF79sV9u+JwCSBpaIyteIJ7M/J/NWmaKoUF6Ia9mNts889Ba9TKzQFek19KYetOB2hfXV+7bvXrH+OBppzpdrztJFavBceQTs="
+  # ];
+  tmp-on-tmpfs = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "988f39a3b6ab454e9d7dad65bfe36bbe";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgAzn6gyG1ze7L1WLU84poPGcoUntqfvgn+/s3bxhR2";
+    key-path = "/state/master-key/key";
+  };
+  # initrd-ip = "10.0.5.11";
+}
--- a/hosts/procul.nix
+++ b/hosts/procul.nix
@ -0,0 +1,26 @@
+{
+  description = "informis.land server.";
+  docker-server = true;
+  rp = "viator";
+  admin-email = "viator@fudo.org";
+  domain = "informis.land";
+  site = "joes-datacenter-0";
+  profile = "server";
+  tmp-on-tmpfs = false;
+  enable-gui = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "41119f30fdf742dd82d20d94b7a2aa25";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqUnzf8bfPyoJX6XjFqD6v5MZQnV8STP0152VS3uwM7";
+    key-path = "/state/master-key/ed25519_key";
+  };
+  initrd-network = {
+    ip = "172.86.179.18";
+    interface = "enp0s25";
+    keypair = {
+      public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgvl/pxPGN5XuUFsEywHV/PJMI+wPHA6NKTtE8SZC04";
+      private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+    };
+  };
+}
--- a/hosts/pselby-work.nix
+++ b/hosts/pselby-work.nix
@ -0,0 +1,8 @@
+{
+  description = "Google Lenovo work laptop.";
+  site = "seattle";
+  profile = "laptop";
+  domain = "sea.fudo.org";
+  arch = "x86_64-linux";
+  nixos-system = false;
+}
--- a/hosts/socrates.nix
+++ b/hosts/socrates.nix
@ -0,0 +1,32 @@
+{
+  description = "sea.fudo.org deploy server.";
+  # ssh-fingerprints = [
+  #   "1 1 4055c1d922ec858e703856dd76237f09219261e5"
+  #   "1 2 0f7bfa92fa0435785782b68ca4c9b71786d67df60804ea4b4c42ebb37d061659"
+  #   "4 1 5dc2b674554df5e042171b4045fcfe31f03ad01a"
+  #   "4 2 9bcf664a191e31bf53aa4728828480babdab5377da39a002324303c719b16a55"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  profile = "server";
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4TqqumZwSDLkg8cTpR734zM+nuqEp1ufaQPoFdqCab";
+  tmp-on-tmpfs = false;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "edc4baa9cc1c401dba1bf870725b4bf0";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmJJFbAV8P1V1LSZr56GJ5ul3LBgdapbh+MK3ixTsxf";
+    key-path = "/state/master-key/key";
+  };
+  initrd-network = {
+    ip = "10.0.5.10";
+    interface = "enp1s0";
+    keypair = {
+      public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLsxECiR4kqvUutMFkOTkIC8nsKK++aQ7HYiWjLdKdb";
+      private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+    };
+  };
+}
--- a/hosts/spark.nix
+++ b/hosts/spark.nix
@ -0,0 +1,33 @@
+{
+  description = "Niten's backup desktop.";
+  # ssh-fingerprints = [
+  #   "1 1 d26812dee9b26a19a52c38d2b346442979093142"
+  #   "1 2 981db46fdd0ad1639651c700a527602425237c1d4999265372ed92e093a965b3"
+  #   "4 1 67fa0a36e51fd4a5ed2b71ff9817cb9a372d0a63"
+  #   "4 2 c17d46061d722e1e6c878341b8e3c0bf87ea6e0e1426c54a989107dfb604d81b"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  enable-gui = true;
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO67/CNhiG9UynaflmZUUK7f3O/GwFpnXri/PxpgHcPa";
+  profile = "desktop";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  android-dev = true;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "63dbd567d55a468482aa15d8aa9097f6";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGs8MfR3d6f1Llqk5dn/ypODUT1Oi4SQGof/YvOPNf14";
+    key-path = "/state/master-key/key";
+  };
+  initrd-network = {
+    ip = "10.0.5.108";
+    interface = "enp3s0";
+    keypair = {
+      public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABpau0W1FAOnwHysFm/9uQ0XqMrB2GoCIfin5uLBEs8";
+      private-key-file = "/state/ssh/initrd/ssh_ed25519_key";
+    };
+  };
+}
--- a/hosts/system3.nix
+++ b/hosts/system3.nix
@ -0,0 +1,26 @@
+{
+  description = "Niten's gaming desktop.";
+  # ssh-fingerprints = [
+  #   "1 1 c1bec5217880c0567f23414663d59804cf5c0fe4"
+  #   "1 2 bb4e479f14591dc230141e0d87b1a0fd1bdee52ad369a83188714100476c26f6"
+  #   "4 1 c1c2c74c3e2bb214f59b51a6a02452fe2e1658ea"
+  #   "4 2 897793ada12accb15231732a4c6e4ea34f1cd88d13ee9f3fc0b74a40d588b36c"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  enable-gui = true;
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEb/+VMOdBavfZxZOto/qa7Xy0T1nJdd7X52nPJdfB1k";
+  profile = "desktop";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  android-dev = true;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "39ebe622cf40413b950d832105e0bb2e";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaF5T7Pb613C31BJVj74WYx4Pytj/lmH+PqjkqoNNkQ";
+    key-path = "/state/master-key/key";
+  };
+  # initrd-ip = "10.0.5.111";
+}
--- a/hosts/upstairs-desktop.nix
+++ b/hosts/upstairs-desktop.nix
@ -0,0 +1,18 @@
+{
+  description = "Upstairs desktop in Russell.";
+  ssh-fingerprints = [
+    "1 1 f927527d712391b57aef6d2e7c3f225a86b62bf4"
+    "1 2 17aece61156ba14c439aeae2e7b0f86daf97eea904241c35980f974ca1744c3d"
+    "3 1 70f5f613e66e53a74534d33cd7ebf248cfdc3024"
+    "3 2 774f1f00614751e51faa0add55183973893313d3a236d269adc3ab3c1f67c952"
+    "4 1 e81e07d1ae7526c457a46ab1f18af3c016b4f48e"
+    "4 2 e5af579cfb7f68b22492f5286b5249c5de74debf2a6cac78c070790f424566aa"
+  ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  site = "russell";
+  domain = "rus.selby.ca";
+  profile = "desktop";
+  arch = "x86_64-linux";
+  nixos-system = false;
+}
--- a/hosts/zbox.nix
+++ b/hosts/zbox.nix
@ -0,0 +1,26 @@
+{
+  description = "Niten's primary desktop.";
+  # ssh-fingerprints = [
+  #   "1 1 3aff8c913615c81512be3a42fc83daeb90d94a3d"
+  #   "1 2 39c7500f08022963f3f2db4f3ebb7aad08c92d0cc937984ba86c4eba204ed493"
+  #   "4 1 862842d99f5afb33db4f073d2f3d1154c6417110"
+  #   "4 2 373536d3d59f2354b1bfc25c02120c86e9b3af574b6c1984210d9e9c1d5244e3"
+  # ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  enable-gui = true;
+  # ssh-pubkey =
+  #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKVhHfRf2086SAqOmu2dNbsJI9UUAQWop+1lrcJlNgl8";
+  profile = "desktop";
+  domain = "sea.fudo.org";
+  site = "seattle";
+  android-dev = true;
+  arch = "x86_64-linux";
+  nixos-system = true;
+  machine-id = "e5f456e3183a4dc186181a70bc3af2d1";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsn68vDKV4jnBuICSDX/2Gpnshbrz0r9t4lXIke1vqh";
+    key-path = "/state/master-key/key";
+  };
+  # initrd-ip = "10.0.5.110";
+}
--- a/module.nix
+++ b/module.nix
@ -0,0 +1,7 @@
+{ pkgs, ... }:
+
+{
+  config.fudo = import ./entities.nix {
+    fudo-lib = pkgs.lib;
+  };
+}
--- a/sites/sites.nix
+++ b/sites/sites.nix
@ -0,0 +1,103 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config.fudo.sites = {
+    seattle = {
+      gateway-v4 = "10.0.0.1";
+      nameservers = [ "10.0.0.1" ];
+      network = "10.0.0.0/16";
+      dynamic-network = "10.0.100.0/24";
+      timezone = "America/Los_Angeles";
+      deploy-pubkeys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
+      ];
+      # build-servers = {
+      #   nostromo = {
+      #     max-jobs = 4;
+      #     speed-factor = 2;
+      #   };
+      #   lambda = {
+      #     max-jobs = 4;
+      #     speed-factor = 2;
+      #   };
+      # };
+      enable-distributed-builds = false;
+      mail-server = "mail.fudo.org";
+    };
+
+    portage = {
+      gateway-v4 = "208.81.3.113";
+      network = "208.81.3.112/28";
+      nameservers = [ "208.81.7.14" "1.1.1.1" ];
+      timezone = "America/Winnipeg";
+      deploy-pubkeys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
+      ];
+      mail-server = "mail.fudo.org";
+    };
+
+    nuttyclub = {
+      gateway-v4 = "199.87.154.174";
+      network = "199.87.154.174/31";
+      nameservers = [ "1.1.1.1" ];
+      timezone = "America/Winnipeg";
+      deploy-pubkeys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
+      ];
+      mail-server = "mail.fudo.org";
+    };
+
+    nuttyclub-vm = {
+      gateway-v4 = "208.81.4.81";
+      network = "208.81.4.80/29";
+      nameservers = [ "1.1.1.1" ];
+      timezone = "America/Winnipeg";
+      deploy-pubkeys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
+      ];
+      mail-server = "mail.fudo.org";
+    };
+
+    russell = {
+      gateway-v4 = "10.0.0.1";
+      nameservers = [ "10.0.0.1" ];
+      network = "10.0.0.0/16";
+      dynamic-network = "10.0.1.0/24";
+      timezone = "America/Winnipeg";
+      mail-server = "mail.fudo.org";
+    };
+
+    joes-datacenter-0 = {
+      gateway-v4 = "172.86.179.17";
+      network = "172.86.179.17/29";
+      nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ];
+      timezone = "America/Winnipeg";
+      deploy-pubkeys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
+      ];
+      mail-server = "mail.informis.land";
+    };
+
+    worldstream = {
+      gateway-v4 = "91.229.23.1";
+      network = "91.229.23.0/24";
+      nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ];
+      timezone = "Europe/Amsterdam";
+      deploy-pubkeys = [
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
+      ];
+      mail-server = "mail.fudo.org";
+    };
+
+    mobile = {
+      nameservers = [ "1.1.1.1" ];
+      timezone = "America/Los_Angeles";
+    };
+  };
+}
--- a/zones/eur.fudo.org.nix
+++ b/zones/eur.fudo.org.nix
@ -0,0 +1,7 @@
+{
+  mx = [ "mail.fudo.org" ];
+
+  hosts = {
+    legatus.ipv4-address = "91.229.23.204";
+  };
+}
--- a/zones/fudo.org.nix
+++ b/zones/fudo.org.nix
@ -0,0 +1,180 @@
+{
+  aliases = {
+    pop = "mail.fudo.org.";
+    smtp = "mail.fudo.org.";
+    imap = "mail.fudo.org.";
+    webmail = "france.fudo.org.";
+
+    archiva = "france.fudo.org.";
+    auth = "france.fudo.org.";
+    backplane = "france.fudo.org.";
+    chat = "france.fudo.org.";
+    de = "germany.fudo.org.";
+    fr = "france.fudo.org.";
+    git = "france.fudo.org.";
+    metrics = "france.fudo.org.";
+    minecraft = "france.fudo.org.";
+    monitor = "france.fudo.org.";
+    user = "paris.fudo.org.";
+    u = "user.fudo.org.";
+    w = "www.fudo.org.";
+    ww = "www.fudo.org.";
+    www = "hanover.fudo.org.";
+    wiki = "hanover.fudo.org.";
+  };
+
+  verbatim-dns-records = [
+    ''@ IN TXT "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"''
+    ''@ IN SPF "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"''
+  ];
+
+  srv-records = {
+    tcp = {
+      domain = [
+        {
+          host = "ns1.fudo.org";
+          port = 53;
+        }
+        {
+          host = "ns2.fudo.org";
+          port = 53;
+        }
+        {
+          host = "ns3.fudo.org";
+          port = 53;
+        }
+        {
+          host = "ns4.fudo.org";
+          port = 53;
+        }
+      ];
+      ssh = [{
+        host = "france.fudo.org";
+        port = 22;
+      }];
+      smtp = [{
+        host = "mail.fudo.org";
+        port = 25;
+      }];
+      submission = [{
+        host = "mail.fudo.org";
+        port = 587;
+      }];
+      kerberos = [{
+        host = "france.fudo.org";
+        port = 88;
+      }];
+      imaps = [{
+        host = "mail.fudo.org";
+        port = 993;
+      }];
+      ldap = [{
+        host = "france.fudo.org";
+        port = 389;
+      }];
+      ldaps = [{
+        host = "france.fudo.org";
+        port = 636;
+      }];
+      pop3s = [{
+        host = "mail.fudo.org";
+        port = 995;
+      }];
+      http = [{
+        host = "wiki.fudo.org";
+        port = 80;
+      }];
+      https = [{
+        host = "wiki.fudo.org";
+        port = 80;
+      }];
+      xmpp-server = [{
+        host = "fudo.im";
+        port = 5269;
+      }];
+      xmpp-client = [{
+        host = "fudo.im";
+        port = 5222;
+      }];
+    };
+    udp = {
+      domain = [
+        {
+          host = "ns1.fudo.org";
+          port = 53;
+        }
+        {
+          host = "ns2.fudo.org";
+          port = 53;
+        }
+        {
+          host = "ns3.fudo.org";
+          port = 53;
+        }
+        {
+          host = "ns4.fudo.org";
+          port = 53;
+        }
+      ];
+      kerberos = [{
+        host = "france.fudo.org";
+        port = 88;
+      }];
+      kerberos-master = [{
+        host = "france.fudo.org";
+        port = 88;
+      }];
+      kpasswd = [{
+        host = "france.fudo.org";
+        port = 464;
+      }];
+      xmpp-server = [{
+        host = "fudo.im";
+        port = 5269;
+      }];
+    };
+  };
+
+  hosts = {
+    cashew = { ipv4-address = "208.81.4.82"; };
+    cisco = { ipv4-address = "198.163.150.211"; };
+    cisco-int = { ipv4-address = "10.73.77.10"; };
+    cupid = { ipv4-address = "208.38.36.100"; };
+    docker = { ipv4-address = "208.81.3.126"; };
+    france = { ipv4-address = "208.81.3.117"; };
+    frankfurt = {
+      ipv4-address = "208.81.3.120";
+      ipv6-address = "2605:e200:d200:1:5054:ff:fe8c:9738";
+    };
+    germany = {
+      ipv4-address = "208.81.3.116";
+      ipv6-address = "2605:e200:d200:1:78d9:d8ff:fe0f:dd88";
+    };
+    hanover = {
+      ipv4-address = "208.81.1.130";
+      ipv6-address = "2605:e200:d100:1:5054:ff:fe61:ac8b";
+    };
+    localhost = { ipv4-address = "127.0.0.1"; };
+    lsbb-gba = { ipv4-address = "199.101.56.34"; };
+    lsbb-abg = { ipv4-address = "199.101.56.38"; };
+    lsbb-hwd = { ipv4-address = "199.101.56.106"; };
+    lsbb-hcl = { ipv4-address = "199.101.56.110"; };
+    nutboy3 = { ipv4-address = "199.87.154.175"; };
+    procul = { ipv4-address = "172.86.179.18"; };
+    prunel = { ipv4-address = "208.81.3.123"; };
+    mbix = { ipv4-address = "208.81.7.146"; };
+    ns3-fudo = { ipv4-address = "208.75.74.205"; };
+    ns3-dair = { ipv4-address = "208.75.74.205"; };
+    ns4-fudo = { ipv4-address = "208.75.75.157"; };
+    ns4-dair = { ipv4-address = "208.75.75.157"; };
+    paris = {
+      ipv4-address = "208.81.3.125";
+      ipv6-address = "2605:e200:d200:1:5054:ff:fe67:d0c1";
+    };
+    probe = { ipv4-address = "208.81.3.119"; };
+    tours = {
+      ipv4-address = "208.81.3.121";
+      ipv6-address = "2605:e200:d200:1:5054:ff:fe95:34e5";
+    };
+  };
+}
--- a/zones/informis.land.nix
+++ b/zones/informis.land.nix
@ -0,0 +1,47 @@
+{
+  mx = [ "smtp.informis.land" ];
+
+  aliases = {
+    smtp   = "procul.informis.land.";
+    imap   = "procul.informis.land.";
+    gemini = "procul.informis.land.";
+    git    = "procul.informis.land.";
+  };
+
+  srv-records = {
+    tcp = {
+      ssh = [{
+        host = "procul.informis.land";
+        port = 22;
+      }];
+      submission = [{
+        host = "procul.informis.land";
+        port = 587;
+      }];
+      imaps = [{
+        host = "procul.informis.land";
+        port = 993;
+        priority = 0;
+      }];
+      pop3s = [{
+        host = "procul.informis.land";
+        port = 995;
+        priority = 10;
+      }];
+      http = [{
+        host = "procul.informis.land";
+        port = 80;
+      }];
+      https = [{
+        host = "procul.informis.land";
+        port = 443;
+      }];
+    };
+  };
+  
+  hosts = {
+    procul = {
+      ipv4-address = "172.86.179.18";
+    };
+  };
+}
--- a/zones/rus.selby.ca.nix
+++ b/zones/rus.selby.ca.nix
@ -0,0 +1,95 @@
+{ config, lib, ... }:
+
+with lib;
+let local-domain = "rus.selby.ca";
+in {
+  default-host = "10.0.0.1";
+
+  mx = [ "mail.fudo.org" ];
+
+  gssapi-realm = toUpper local-domain;
+
+  hosts = {
+    clunk = {
+      ipv4-address = "10.0.0.1";
+      mac-address = "02:44:d1:eb:c3:6b";
+    };
+
+    dns-proxy = {
+      ipv4-address = "10.0.0.2";
+      # This is just an alias for clunk's primary interface
+    };
+
+    google-wifi = {
+      ipv4-address = "10.0.0.11";
+      mac-address = "70:3a:cb:c0:3b:09";
+    };
+
+    plato = {
+      ipv4-address = "10.0.0.102";
+      mac-address = "00:e3:5c:68:79:a2";
+    };
+
+    pselby-work = {
+      ipv4-address = "10.0.0.151";
+      mac-address = "00:50:b6:aa:bd:b3";
+    };
+
+    downstairs-desktop = {
+      ipv4-address = "10.0.0.100";
+      mac-address = "90:b1:1c:8e:29:cf";
+    };
+
+    upstairs-desktop = {
+      ipv4-address = "10.0.0.101";
+      mac-address = "80:e8:2c:22:65:c2";
+    };
+  };
+
+  aliases = {
+    dns-hole = "clunk";
+    gateway = "clunk";
+    upstairs = "upstairs-desktop";
+    downstairs = "downstairs-desktop";
+  };
+
+  srv-records = {
+    tcp = {
+      domain = [{
+        port = 53;
+        host = "clunk.${local-domain}";
+      }];
+      kerberos = [{
+        port = 88;
+        host = "clunk.${local-domain}";
+      }];
+      kerberos-adm = [{
+        port = 749;
+        host = "clunk.${local-domain}";
+      }];
+      ssh = [{
+        port = 22;
+        host = "clunk.${local-domain}";
+      }];
+    };
+
+    udp = {
+      domain = [{
+        port = 53;
+        host = "clunk.${local-domain}";
+      }];
+      kerberos = [{
+        port = 88;
+        host = "clunk.${local-domain}";
+      }];
+      kerboros-master = [{
+        port = 88;
+        host = "clunk.${local-domain}";
+      }];
+      kpasswd = [{
+        port = 464;
+        host = "clunk.${local-domain}";
+      }];
+    };
+  };
+}
--- a/zones/sea.fudo.org.nix
+++ b/zones/sea.fudo.org.nix
@ -0,0 +1,220 @@
+let local-domain = "sea.fudo.org";
+in {
+  aliases = {
+    deploy = "socrates";
+    dns-hole = "limina";
+    gateway = "limina";
+    hole = "limina";
+    ipfs = "nostromo";
+    # kadmin = "nostromo";
+    # kdc = "nostromo";
+    music = "doraemon";
+    panopticon = "lambda";
+    panopticon-od = "lambda";
+    photo = "doraemon";
+    pihole = "limina";
+    sea-store = "nostromo";
+  };
+
+  srv-records = {
+    tcp = {
+      domain = [{
+        port = 53;
+        host = "limina.sea.fudo.org";
+      }];
+      kerberos = [{
+        port = 88;
+        host = "france.fudo.org";
+      }];
+      kerberos-adm = [{
+        port = 88;
+        host = "france.fudo.org";
+      }];
+      ssh = [{
+        port = 22;
+        host = "limina.sea.fudo.org";
+      }];
+      ldap = [{
+        port = 389;
+        host = "france.fudo.org";
+      }];
+    };
+
+    udp = {
+      domain = [{
+        port = 53;
+        host = "limina.sea.fudo.org";
+      }];
+      kerberos = [{
+        port = 88;
+        host = "france.fudo.org";
+      }];
+      kerboros-master = [{
+        port = 88;
+        host = "france.fudo.org";
+      }];
+      kpasswd = [{
+        port = 464;
+        host = "france.fudo.org";
+      }];
+    };
+  };
+
+  hosts = {
+    limina = {
+      ipv4-address = "10.0.0.1";
+      mac-address = "02:fd:79:94:a2:a8";
+    };
+    switch-master = {
+      ipv4-address = "10.0.0.5";
+      mac-address = "00:14:1C:B6:BB:40";
+    };
+    google-wifi = {
+      ipv4-address = "10.0.0.7";
+      mac-address = "7C:D9:5C:9F:6F:E9";
+    };
+    nostromo = {
+      ipv4-address = "10.0.0.10";
+      mac-address = "02:14:25:55:ee:5a";
+    };
+    lambda = {
+      ipv4-address = "10.0.0.11";
+      mac-address = "02:f5:fe:8c:22:fe";
+    };
+    socrates = {
+      ipv4-address = "10.0.0.20";
+      mac-address = "02:f2:30:b8:71:42";
+    };
+    plato = { ipv4-address = "10.0.0.21"; };
+    cam-entrance = {
+      ipv4-address = "10.0.0.31";
+      mac-address = "9c:8e:cd:0e:99:7b";
+    };
+    cam-driveway = {
+      ipv4-address = "10.0.0.32";
+      mac-address = "9c:8e:cd:0d:3b:09";
+    };
+    cam-deck = {
+      ipv4-address = "10.0.0.33";
+      mac-address = "9c:8e:cd:0e:98:c8";
+    };
+    cargo = {
+      ipv4-address = "10.0.0.50";
+      mac-address = "00:11:32:75:d8:b7";
+    };
+    whitedwarf = {
+      ipv4-address = "10.0.0.51";
+      mac-address = "00:11:32:12:14:1d";
+    };
+    doraemon = {
+      ipv4-address = "10.0.0.52";
+      mac-address = "00:11:32:0a:06:c5";
+    };
+    android = {
+      ipv4-address = "10.0.0.81";
+      mac-address = "00:16:3e:43:39:fc";
+    };
+    retro-wired = {
+      ipv4-address = "10.0.0.82";
+      mac-address = "dc:a6:32:6b:57:43";
+    };
+    retro = {
+      ipv4-address = "10.0.0.83";
+      mac-address = "dc:a6:32:6b:57:45";
+    };
+    monolith = {
+      ipv4-address = "10.0.0.100";
+      mac-address = "6c:62:6d:c8:b0:d8";
+    };
+    taipan = {
+      ipv4-address = "10.0.0.107";
+      mac-address = "52:54:00:34:c4:78";
+    };
+    spark = {
+      ipv4-address = "10.0.0.108";
+      mac-address = "02:9c:b7:b6:ad:c4";
+    };
+    hyperion = {
+      ipv4-address = "10.0.0.109";
+      mac-address = "52:54:00:33:46:de";
+    };
+    zbox = {
+      ipv4-address = "10.0.0.110";
+      mac-address = "02:DD:80:52:83:9B";
+    };
+    system3 = {
+      ipv4-address = "10.0.0.111";
+      mac-address = "02:0d:df:2d:46:90";
+    };
+    ubiquiti-wifi = {
+      ipv4-address = "10.0.0.126";
+      mac-address = "04:18:d6:20:48:fb";
+    };
+    generator-wireless = {
+      ipv4-address = "10.0.0.130";
+      mac-address = "B8:27:EB:A6:32:26";
+    };
+    brother-wireless = {
+      ipv4-address = "10.0.0.160";
+      mac-address = "c0:38:96:64:49:65";
+    };
+    nest = {
+      ipv4-address = "10.0.0.176";
+      mac-address = "18:b4:30:16:7c:5a";
+    };
+    xixi-phone = {
+      ipv4-address = "10.0.0.193";
+      mac-address = "48:43:7c:75:89:42";
+    };
+    ipad = {
+      ipv4-address = "10.0.0.202";
+      mac-address = "9c:35:eb:48:6e:71";
+    };
+    cam-front = {
+      ipv4-address = "10.0.0.203";
+      mac-address = "c4:d6:55:3e:b4:c3";
+    };
+    family-tv = {
+      ipv4-address = "10.0.0.205";
+      mac-address = "84:a4:66:3a:b1:f8";
+    };
+    babycam = {
+      ipv4-address = "10.0.0.206";
+      mac-address = "08:ea:40:59:5f:9e";
+    };
+    workphone = {
+      ipv4-address = "10.0.0.211";
+      mac-address = "a8:8e:24:5c:12:67";
+    };
+    chromecast-2 = {
+      ipv4-address = "10.0.0.215";
+      mac-address = "a4:77:33:59:a2:ba";
+    };
+    front-light = {
+      ipv4-address = "10.0.0.221";
+      mac-address = "94:10:3e:48:94:ed";
+    };
+
+    # Ceph network
+    srv-1 = {
+      ipv4-address = "10.0.10.1";
+      mac-address = "02:65:d7:00:7d:1b";
+    };
+    node-1 = {
+      ipv4-address = "10.0.10.101";
+      mac-address = "00:1e:06:36:81:cf";
+    };
+    node-2 = {
+      ipv4-address = "10.0.10.102";
+      mac-address = "00:1e:06:36:ec:3e";
+    };
+    node-3 = {
+      ipv4-address = "10.0.10.103";
+      mac-address = "00:1e:06:36:ec:4b";
+    };
+    node-4 = {
+      ipv4-address = "10.0.10.104";
+      mac-address = "00:1e:06:36:dd:8c";
+    };
+  };
+}