From fcaafb347e6ab77c48aedf8a59a2d8f32f2262f4 Mon Sep 17 00:00:00 2001 From: niten Date: Mon, 22 Nov 2021 06:40:37 -0800 Subject: [PATCH] Initial checkin --- domains/eur.fudo.org.nix | 14 +++ domains/fudo.org.nix | 16 +++ domains/informis.land.nix | 13 +++ domains/rus.selby.ca.nix | 19 +++ domains/sea.fudo.org.nix | 14 +++ entities.nix | 10 ++ flake.lock | 53 +++++++++ flake.nix | 20 ++++ hosts/atom.nix | 11 ++ hosts/cashew.nix | 16 +++ hosts/clunk.nix | 19 +++ hosts/downstairs-desktop.nix | 21 ++++ hosts/france.nix | 24 ++++ hosts/lambda.nix | 26 +++++ hosts/legatus.nix | 25 ++++ hosts/limina.nix | 32 +++++ hosts/mail-container.nix | 11 ++ hosts/nostromo.nix | 48 ++++++++ hosts/nutboy3.nix | 24 ++++ hosts/plato.nix | 28 +++++ hosts/procul.nix | 26 +++++ hosts/pselby-work.nix | 8 ++ hosts/socrates.nix | 32 +++++ hosts/spark.nix | 33 ++++++ hosts/system3.nix | 26 +++++ hosts/upstairs-desktop.nix | 18 +++ hosts/zbox.nix | 26 +++++ module.nix | 7 ++ sites/sites.nix | 103 ++++++++++++++++ zones/eur.fudo.org.nix | 7 ++ zones/fudo.org.nix | 180 ++++++++++++++++++++++++++++ zones/informis.land.nix | 47 ++++++++ zones/rus.selby.ca.nix | 95 +++++++++++++++ zones/sea.fudo.org.nix | 220 +++++++++++++++++++++++++++++++++++ 34 files changed, 1272 insertions(+) create mode 100644 domains/eur.fudo.org.nix create mode 100644 domains/fudo.org.nix create mode 100644 domains/informis.land.nix create mode 100644 domains/rus.selby.ca.nix create mode 100644 domains/sea.fudo.org.nix create mode 100644 entities.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/atom.nix create mode 100644 hosts/cashew.nix create mode 100644 hosts/clunk.nix create mode 100644 hosts/downstairs-desktop.nix create mode 100644 hosts/france.nix create mode 100644 hosts/lambda.nix create mode 100644 hosts/legatus.nix create mode 100644 hosts/limina.nix create mode 100644 hosts/mail-container.nix create mode 100644 hosts/nostromo.nix create mode 100644 hosts/nutboy3.nix create mode 100644 hosts/plato.nix create mode 100644 hosts/procul.nix create mode 100644 hosts/pselby-work.nix create mode 100644 hosts/socrates.nix create mode 100644 hosts/spark.nix create mode 100644 hosts/system3.nix create mode 100644 hosts/upstairs-desktop.nix create mode 100644 hosts/zbox.nix create mode 100644 module.nix create mode 100644 sites/sites.nix create mode 100644 zones/eur.fudo.org.nix create mode 100644 zones/fudo.org.nix create mode 100644 zones/informis.land.nix create mode 100644 zones/rus.selby.ca.nix create mode 100644 zones/sea.fudo.org.nix diff --git a/domains/eur.fudo.org.nix b/domains/eur.fudo.org.nix new file mode 100644 index 0000000..3c2eceb --- /dev/null +++ b/domains/eur.fudo.org.nix @@ -0,0 +1,14 @@ +{ + local-networks = [ + "208.81.1.128/28" + "208.81.3.112/28" + "91.229.23.204/31" + ]; + + local-users = [ "niten" "reaper" ]; + local-groups = [ "admin" ]; + local-admins = [ "niten" "reaper" ]; + admin-email = "niten@fudo.org"; + gssapi-realm = "FUDO.ORG"; + primary-nameserver = "legatus"; +} diff --git a/domains/fudo.org.nix b/domains/fudo.org.nix new file mode 100644 index 0000000..feacd55 --- /dev/null +++ b/domains/fudo.org.nix @@ -0,0 +1,16 @@ +{ + local-networks = [ + "208.81.1.128/28" + "208.81.3.112/28" + "91.229.23.204/31" + ]; + + local-users = [ "niten" "reaper" ]; + local-groups = [ "fudo" "selby" "admin" ]; + local-admins = [ "niten" "reaper" ]; + admin-email = "admin@fudo.org"; + gssapi-realm = "FUDO.ORG"; + kerberos-master = "nutboy3"; + primary-mailserver = "france"; + zone = "fudo.org"; +} diff --git a/domains/informis.land.nix b/domains/informis.land.nix new file mode 100644 index 0000000..2983673 --- /dev/null +++ b/domains/informis.land.nix @@ -0,0 +1,13 @@ +{ + local-networks = [ + "172.86.179.17/29" + ]; + + local-users = [ "niten" "viator" ]; + local-groups = [ "admin" "informis" ]; + local-admins = [ "niten" ]; + admin-email = "viator@informis.land"; + gssapi-realm = "INFORMIS.LAND"; + kerberos-master = "procul"; + primary-nameserver = "procul"; +} diff --git a/domains/rus.selby.ca.nix b/domains/rus.selby.ca.nix new file mode 100644 index 0000000..42babcd --- /dev/null +++ b/domains/rus.selby.ca.nix @@ -0,0 +1,19 @@ +{ + local-networks = [ "10.0.0.0/16" ]; + local-users = [ + "niten" + "ken" + "helen" + "xiaoxuan" + "laura" + "vee" + "kris" + "jeramy" + "jess" + "andrew" + ]; + local-groups = [ "fudo" "selby" "admin" ]; + local-admins = [ "niten" ]; + admin-email = "niten@fudo.org"; + gssapi-realm = "RUS.SELBY.CA"; +} diff --git a/domains/sea.fudo.org.nix b/domains/sea.fudo.org.nix new file mode 100644 index 0000000..c6e4e35 --- /dev/null +++ b/domains/sea.fudo.org.nix @@ -0,0 +1,14 @@ +{ + local-networks = [ + "10.0.0.0/16" + "208.81.1.128/28" + "208.81.3.112/28" + + ]; + + local-users = [ "niten" "reaper" "xiaoxuan" "ken" ]; + local-groups = [ "fudo" "selby" "admin" ]; + local-admins = [ "niten" ]; + admin-email = "niten@fudo.org"; + gssapi-realm = "FUDO.ORG"; +} diff --git a/entities.nix b/entities.nix new file mode 100644 index 0000000..25d23a6 --- /dev/null +++ b/entities.nix @@ -0,0 +1,10 @@ +{ fudo-lib, ... }: + +let + import-by-basename = fudo-lib.fs.import-by-basename; +in { + domains = import-by-basename ./domains; + hosts = import-by-basename ./hosts; + sites = import-by-basename ./sites; + zones = import-by-basename ./zones; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d4d3dd0 --- /dev/null +++ b/flake.lock @@ -0,0 +1,53 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fudo-helpers": { + "locked": { + "narHash": "sha256-8MjlZPjPVY1776qollku7+AHsVue/lNVtGPi8ZanO2w=", + "path": "/state/fudo-helpers", + "type": "path" + }, + "original": { + "path": "/state/fudo-helpers", + "type": "path" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1637590722, + "narHash": "sha256-qijxxjkTJzh5C5zisPPA3xRQa8K//h8svYT9TIiOQX0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2de4d2ce892111cf4178329492d35d034485985c", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "fudo-helpers": "fudo-helpers", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..02a927f --- /dev/null +++ b/flake.nix @@ -0,0 +1,20 @@ +{ + description = "Fudo Entities"; + + inputs = { + fudo-helpers.url = "path:/state/fudo-helpers"; + flake-utils.url = "github:numtide/flake-utils"; + }; + + outputs = { self, nixpkgs, fudo-helpers, flake-utils, ... }: { + nixosModule = { + imports = [ + ./module.nix + ]; + }; + + entities = let + fudo-lib = fudo-helpers.lib { pkgs = nixpkgs; }; + in import ./entities.nix { inherit fudo-lib; }; + }; +} diff --git a/hosts/atom.nix b/hosts/atom.nix new file mode 100644 index 0000000..c59dbca --- /dev/null +++ b/hosts/atom.nix @@ -0,0 +1,11 @@ +{ + description = "Niten's toy laptop."; + enable-gui = false; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "mobile.fudo.org"; + site = "mobile"; + profile = "laptop"; + arch = "x86_64-linux"; + nixos-system = true; +} diff --git a/hosts/cashew.nix b/hosts/cashew.nix new file mode 100644 index 0000000..fa78817 --- /dev/null +++ b/hosts/cashew.nix @@ -0,0 +1,16 @@ +{ + description = "fudo.org primary dns server."; + rp = "reaper"; + admin-email = "reaper@fudo.org"; + domain = "fudo.org"; + site = "nuttyclub-vm"; + profile = "container"; + enable-gui = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "e5f456e3183a4dc186181a70bc3af2d1"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5/2uOE13eKUnXboxPYoZxZkS6sw5m0emR684HFr34l"; + key-path = "/state/master-key/ed25519_key"; + }; +} diff --git a/hosts/clunk.nix b/hosts/clunk.nix new file mode 100644 index 0000000..ed46b77 --- /dev/null +++ b/hosts/clunk.nix @@ -0,0 +1,19 @@ +{ + description = "rus.selby.ca gateway box."; + docker-server = true; + # ssh-fingerprints = [ + # "1 1 0e23d2156b1f9fca8552a0105c125aed76e51728" + # "1 2 6d8dfc355102c9870945c6d79c1d19934d29e8b63303260101df51716963b7f5" + # "4 1 c31a6ecaa02210e3ad72a835a072a05f043c2ef4" + # "4 2 296ce1b91ac942a8b91e5c6316ea520d0cec14ac819a04bb262af6d4bdced696" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "rus.selby.ca"; + site = "russell"; + profile = "server"; + # ssh-pubkeys = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB07Jf/NB4OlFSEI/eLJlNLA2sM9cHw1hX43r43nQ7a5"; + arch = "x86_64-linux"; + nixos-system = true; +} diff --git a/hosts/downstairs-desktop.nix b/hosts/downstairs-desktop.nix new file mode 100644 index 0000000..e202199 --- /dev/null +++ b/hosts/downstairs-desktop.nix @@ -0,0 +1,21 @@ +{ + description = "Downstairs desktop in Russell."; + ssh-fingerprints = [ + "1 1 ce704716ec0c3e330a243648531a10a2c78dd1ff" + "1 2 6042bbc9b16122a4b63b1cfb84e179ae65911361e9d88ee3f0cd6659428ba27e" + "3 1 de6dda3f72ee7043c804a7ad382033f3565b3b84" + "3 2 cb611dd503fa15e913a101be15295f9084fa585b3225b6c1084521bff9b2140b" + "4 1 a9a139b92851b3d9df2742a13bfea59c3e6e842e" + "4 2 2260bfab177ab1ffb6a855b02b5a1aa719d765610e6a7bc79b09c340ce7c1236" + ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "rus.selby.ca"; + site = "russell"; + profile = "desktop"; + # ssh-pubkeys = [ + # "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPqyDT/JqTxWZbpOXzy1Sxba2z2hNzt2BqjLspPvJLVc9zks1GMlnKAY5Nb7y7oi+CzeZMU+KAa069wZ/mYvpas=" + # ]; + arch = "x86_64-linux"; + nixos-system = false; +} diff --git a/hosts/france.nix b/hosts/france.nix new file mode 100644 index 0000000..d9ce538 --- /dev/null +++ b/hosts/france.nix @@ -0,0 +1,24 @@ +{ + description = "Primary fudo.org server."; + docker-server = true; + rp = "admin"; + admin-email = "admin@fudo.org"; + domain = "fudo.org"; + site = "portage"; + profile = "server"; + arch = "x86_64-linux"; + machine-id = "d33245603a854e48ba90002639e063f8"; + nixos-system = true; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQyRAJQpFaBanQKdu3SWCu0mjqSdF7WC1WNdKdQ1edQ"; + key-path = "/state/master-key/ed25519-key"; + }; + initrd-network = { + ip = "208.81.3.117"; + interface = "enp4s0f0"; + keypair = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAooY0j3xhs3PS5vFDXya1ljjo7fFXT98HDICVa3yBl"; + private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + }; + }; +} diff --git a/hosts/lambda.nix b/hosts/lambda.nix new file mode 100644 index 0000000..265afea --- /dev/null +++ b/hosts/lambda.nix @@ -0,0 +1,26 @@ +{ + description = "sea.fudo.org experiment server."; + docker-server = true; + # ssh-fingerprints = [ + # "1 1 01c67478e2cc7a386a2468adb9d4627a53d69af5" + # "1 2 750bc70f88a6c774077f20603a143b9f07436d9d074af78875850ae4df8971eb" + # "4 1 fdb3da40dc48540a3f5644e360db9225a584f64e" + # "4 2 310115023c1f98ae88ac94eb38dd529352f3036048d72c87e87c0ab53f186438" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "sea.fudo.org"; + site = "seattle"; + profile = "server"; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB5JY6jnHCRLxjqWKYkK8Xpmfyq2nA+0noPazYGd9a+"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBr+kFxYjFp/BoaKT2SPV7aVTEspY/7bQ5RycElczGg"; + key-path = "/state/master-key/key"; + }; + enable-gui = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "c031cda2e88a4cedb3b22f41f9042646"; + # initrd-ip = "10.0.5.11"; +} diff --git a/hosts/legatus.nix b/hosts/legatus.nix new file mode 100644 index 0000000..5e1e277 --- /dev/null +++ b/hosts/legatus.nix @@ -0,0 +1,25 @@ +{ + description = "eur.fudo.org server."; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "eur.fudo.org"; + site = "worldstream"; + profile = "server"; + tmp-on-tmpfs = false; + enable-gui = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "749bbf411088411b8784b76bb44bd617"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsTkxsVViISxZYtqwNs6DEK2XgyBUPhqio4XPQbMKNo"; + key-path = "/state/master-key/ed25519_key"; + }; + # initrd-network = { + # ip = "172.86.179.18"; + # interface = "enp0s25"; + # keypair = { + # public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgvl/pxPGN5XuUFsEywHV/PJMI+wPHA6NKTtE8SZC04"; + # private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + # }; + # }; +} diff --git a/hosts/limina.nix b/hosts/limina.nix new file mode 100644 index 0000000..d768ed6 --- /dev/null +++ b/hosts/limina.nix @@ -0,0 +1,32 @@ +{ + description = "Seattle Gateway Server."; + # ssh-fingerprints = [ + # "1 1 36cbb85f83e84a4052777cf9b3cfb0f7947f3e4e" + # "1 2 041c59238f599f7a3a4ec39151f5bc79fdcf917ec7ef2c400ed19a8d148fbeeb" + # "4 1 07318d35f52203d337d4f457acc6d00ebf0e1aad" + # "4 2 c58ef49cb6e150995ae0bd5dd502a0fc18289caf1438fb0bc9821455c8d1f41f" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "sea.fudo.org"; + site = "seattle"; + profile = "server"; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqymGZ5dI6ChI1Qx1QfjBo/h0+xFwpRx/wQSDxWQprI"; + tmp-on-tmpfs = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "0a1d961dbcc04037ab7938f15801c765"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA44EqP6HHjIPBFuxKvi2oZc1sNU+N4pNMtlS89KWuDm"; + key-path = "/state/master-key/key"; + }; + initrd-network = { + ip = "10.0.5.1"; + interface = "enp2s0"; + keypair = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIcnHmIo08UgpNwBLe0RKYipxtznWlxLlKNgzBP/lot"; + private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + }; + }; +} diff --git a/hosts/mail-container.nix b/hosts/mail-container.nix new file mode 100644 index 0000000..a6f0ffe --- /dev/null +++ b/hosts/mail-container.nix @@ -0,0 +1,11 @@ +{ + description = "Fudo mailserver container"; + rp = "admin"; + admin-email = "admin@fudo.org"; + domain = "fudo.org"; + site = "portage"; + profile = "container"; + arch = "x86_64-linux"; + machine-id = "5a907f8cf2644b0ba5a786fd45b758b3"; + nixos-system = false; +} diff --git a/hosts/nostromo.nix b/hosts/nostromo.nix new file mode 100644 index 0000000..29b23c3 --- /dev/null +++ b/hosts/nostromo.nix @@ -0,0 +1,48 @@ +{ + description = "sea.fudo.org primary server."; + docker-server = true; + # ssh-fingerprints = [ + # "1 1 075ee0ae86debffa6fd61436984b39e4699c93c6" + # "1 2 17a555b21fe08841c8dfb0d598dc2da117b94bf5a94cbf2c6b391eafd3e2c15e" + # "4 1 ce86eabbe6f015e6422d0f5ef9ae32cc7beb1f42" + # "4 2 44a5741825d43e571f6f9eb91e8c102eea75a4632dd8a9c80668e091a5fdf7f5" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "sea.fudo.org"; + site = "seattle"; + profile = "server"; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHT8Uf6m8ZrSn4nmPyIO+JWLbgXJGX4jJTk0wfqDzzjb"; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "709076ea18254f8f9097c4e54dde5ab3"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODtNR4b43ZJgyGo9Hc+CmC4+bzgxbsVYI9fhDqjyRSo"; + key-path = "/state/master-key/key"; + }; + # initrd-ip = "10.0.5.10"; + encrypted-filesystems.sea-store = { + encrypted-device = "/dev/nostromo-store/locked"; + key-path = "/run/keys/sea-store"; + filesystem-type = "btrfs"; + options = [ "noatime" "nodiratime" "compress=zstd" "noexec" ]; + mountpoints = { + "/export/documents" = { + options = [ "subvol=@documents" ]; + group = "sea-documents"; + users = [ "niten" ]; + }; + "/export/downloads" = { + options = [ "subvol=@downloads" ]; + group = "sea-downloads"; + users = [ "niten" ]; + }; + "/export/projects" = { + options = [ "subvol=@projects" ]; + group = "sea-projects"; + users = [ "niten" ]; + }; + }; + }; +} diff --git a/hosts/nutboy3.nix b/hosts/nutboy3.nix new file mode 100644 index 0000000..fe55cd8 --- /dev/null +++ b/hosts/nutboy3.nix @@ -0,0 +1,24 @@ +{ + description = "fudo.org server."; + rp = "reaper"; + admin-email = "reaper@fudo.org"; + domain = "fudo.org"; + site = "nuttyclub"; + profile = "server"; + enable-gui = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "d608fb62dc1e493a9a0ebf173ab255b2"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+ERn09oMqk3jpgXVFWMGv7uYz0fRLVtz5BHZtOXfA0"; + key-path = "/state/master-key/ed25519_key"; + }; + initrd-network = { + ip = "199.87.154.175"; + interface = "eno1"; + keypair = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPj/4DezCd6uA2IeSr4Y3hxy3gNhT/GJwA40LHlns5w"; + private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + }; + }; +} diff --git a/hosts/plato.nix b/hosts/plato.nix new file mode 100644 index 0000000..e6c0ded --- /dev/null +++ b/hosts/plato.nix @@ -0,0 +1,28 @@ +{ + description = "Niten's toy server."; + # ssh-fingerprints = [ + # "4 1 9cc052ed00cbfd82c60530ebb3a35c25c0aeace9" + # "4 2 5938044054e9fa6cf3ad8176ef8e81b86eede598c19388220d4b07587f6f1c3c" + # "1 1 eebe1d4a24e0e2dbc46a7cb1107333c06e60d89e" + # "1 2 a96609da442372bd73044d823b4b56bbaa597725c846b4326be76c323bb47ab3" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "sea.fudo.org"; + site = "seattle"; + profile = "server"; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGuClWAtkOMBOVFAFFdWosCT8NvuJBps46P4RV+Qqz4b"; + # build-pubkeys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMPjwpcktL0Rhjc/D3ZmzwkSRqSJX5TGjMXVstpg8nNqQQrj9DxPq7gV4a+1LxMtQGPUv4gYx7De1a5LMVk8u6qJJnaLlt3TB1e1SUCBxxeh5sWIY5BMx8Q0/aRTkyTchyczX6FX0LXM7FP6yvxZVZSn2WHRp7REr8G1PUAwuIGy2a4bKOUSh5Uj4riXFXnROW2mp1vUfe5oH4X5HP3ACCXWRVUFdqDt1ldcrqqi+7/8x2G1eOHJcQ7B5FdL3uuq0nBrUzFQTt6KCHy0C2Jc3DFwOS1+ZdGKZpao+/arh/fH+LQfMUePx/AQOkYrJwvuRwbxg8XmlZ89u2gyDuqapzjBmsu+wyd5pF2QglyTRZW9Ijy1NTuzduPm6wgqN0Q09evFJvM9ZjShcIY3xTcCGDxpwTeYgMVXMF79sV9u+JwCSBpaIyteIJ7M/J/NWmaKoUF6Ia9mNts889Ba9TKzQFek19KYetOB2hfXV+7bvXrH+OBppzpdrztJFavBceQTs=" + # ]; + tmp-on-tmpfs = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "988f39a3b6ab454e9d7dad65bfe36bbe"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgAzn6gyG1ze7L1WLU84poPGcoUntqfvgn+/s3bxhR2"; + key-path = "/state/master-key/key"; + }; + # initrd-ip = "10.0.5.11"; +} diff --git a/hosts/procul.nix b/hosts/procul.nix new file mode 100644 index 0000000..6cb3d10 --- /dev/null +++ b/hosts/procul.nix @@ -0,0 +1,26 @@ +{ + description = "informis.land server."; + docker-server = true; + rp = "viator"; + admin-email = "viator@fudo.org"; + domain = "informis.land"; + site = "joes-datacenter-0"; + profile = "server"; + tmp-on-tmpfs = false; + enable-gui = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "41119f30fdf742dd82d20d94b7a2aa25"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqUnzf8bfPyoJX6XjFqD6v5MZQnV8STP0152VS3uwM7"; + key-path = "/state/master-key/ed25519_key"; + }; + initrd-network = { + ip = "172.86.179.18"; + interface = "enp0s25"; + keypair = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgvl/pxPGN5XuUFsEywHV/PJMI+wPHA6NKTtE8SZC04"; + private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + }; + }; +} diff --git a/hosts/pselby-work.nix b/hosts/pselby-work.nix new file mode 100644 index 0000000..4632b83 --- /dev/null +++ b/hosts/pselby-work.nix @@ -0,0 +1,8 @@ +{ + description = "Google Lenovo work laptop."; + site = "seattle"; + profile = "laptop"; + domain = "sea.fudo.org"; + arch = "x86_64-linux"; + nixos-system = false; +} diff --git a/hosts/socrates.nix b/hosts/socrates.nix new file mode 100644 index 0000000..ba412c6 --- /dev/null +++ b/hosts/socrates.nix @@ -0,0 +1,32 @@ +{ + description = "sea.fudo.org deploy server."; + # ssh-fingerprints = [ + # "1 1 4055c1d922ec858e703856dd76237f09219261e5" + # "1 2 0f7bfa92fa0435785782b68ca4c9b71786d67df60804ea4b4c42ebb37d061659" + # "4 1 5dc2b674554df5e042171b4045fcfe31f03ad01a" + # "4 2 9bcf664a191e31bf53aa4728828480babdab5377da39a002324303c719b16a55" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "sea.fudo.org"; + site = "seattle"; + profile = "server"; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4TqqumZwSDLkg8cTpR734zM+nuqEp1ufaQPoFdqCab"; + tmp-on-tmpfs = false; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "edc4baa9cc1c401dba1bf870725b4bf0"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmJJFbAV8P1V1LSZr56GJ5ul3LBgdapbh+MK3ixTsxf"; + key-path = "/state/master-key/key"; + }; + initrd-network = { + ip = "10.0.5.10"; + interface = "enp1s0"; + keypair = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLsxECiR4kqvUutMFkOTkIC8nsKK++aQ7HYiWjLdKdb"; + private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + }; + }; +} diff --git a/hosts/spark.nix b/hosts/spark.nix new file mode 100644 index 0000000..9070213 --- /dev/null +++ b/hosts/spark.nix @@ -0,0 +1,33 @@ +{ + description = "Niten's backup desktop."; + # ssh-fingerprints = [ + # "1 1 d26812dee9b26a19a52c38d2b346442979093142" + # "1 2 981db46fdd0ad1639651c700a527602425237c1d4999265372ed92e093a965b3" + # "4 1 67fa0a36e51fd4a5ed2b71ff9817cb9a372d0a63" + # "4 2 c17d46061d722e1e6c878341b8e3c0bf87ea6e0e1426c54a989107dfb604d81b" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = true; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO67/CNhiG9UynaflmZUUK7f3O/GwFpnXri/PxpgHcPa"; + profile = "desktop"; + domain = "sea.fudo.org"; + site = "seattle"; + android-dev = true; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "63dbd567d55a468482aa15d8aa9097f6"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGs8MfR3d6f1Llqk5dn/ypODUT1Oi4SQGof/YvOPNf14"; + key-path = "/state/master-key/key"; + }; + initrd-network = { + ip = "10.0.5.108"; + interface = "enp3s0"; + keypair = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABpau0W1FAOnwHysFm/9uQ0XqMrB2GoCIfin5uLBEs8"; + private-key-file = "/state/ssh/initrd/ssh_ed25519_key"; + }; + }; +} diff --git a/hosts/system3.nix b/hosts/system3.nix new file mode 100644 index 0000000..f11363d --- /dev/null +++ b/hosts/system3.nix @@ -0,0 +1,26 @@ +{ + description = "Niten's gaming desktop."; + # ssh-fingerprints = [ + # "1 1 c1bec5217880c0567f23414663d59804cf5c0fe4" + # "1 2 bb4e479f14591dc230141e0d87b1a0fd1bdee52ad369a83188714100476c26f6" + # "4 1 c1c2c74c3e2bb214f59b51a6a02452fe2e1658ea" + # "4 2 897793ada12accb15231732a4c6e4ea34f1cd88d13ee9f3fc0b74a40d588b36c" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = true; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEb/+VMOdBavfZxZOto/qa7Xy0T1nJdd7X52nPJdfB1k"; + profile = "desktop"; + domain = "sea.fudo.org"; + site = "seattle"; + android-dev = true; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "39ebe622cf40413b950d832105e0bb2e"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaF5T7Pb613C31BJVj74WYx4Pytj/lmH+PqjkqoNNkQ"; + key-path = "/state/master-key/key"; + }; + # initrd-ip = "10.0.5.111"; +} diff --git a/hosts/upstairs-desktop.nix b/hosts/upstairs-desktop.nix new file mode 100644 index 0000000..71acb9b --- /dev/null +++ b/hosts/upstairs-desktop.nix @@ -0,0 +1,18 @@ +{ + description = "Upstairs desktop in Russell."; + ssh-fingerprints = [ + "1 1 f927527d712391b57aef6d2e7c3f225a86b62bf4" + "1 2 17aece61156ba14c439aeae2e7b0f86daf97eea904241c35980f974ca1744c3d" + "3 1 70f5f613e66e53a74534d33cd7ebf248cfdc3024" + "3 2 774f1f00614751e51faa0add55183973893313d3a236d269adc3ab3c1f67c952" + "4 1 e81e07d1ae7526c457a46ab1f18af3c016b4f48e" + "4 2 e5af579cfb7f68b22492f5286b5249c5de74debf2a6cac78c070790f424566aa" + ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + site = "russell"; + domain = "rus.selby.ca"; + profile = "desktop"; + arch = "x86_64-linux"; + nixos-system = false; +} diff --git a/hosts/zbox.nix b/hosts/zbox.nix new file mode 100644 index 0000000..e0066e5 --- /dev/null +++ b/hosts/zbox.nix @@ -0,0 +1,26 @@ +{ + description = "Niten's primary desktop."; + # ssh-fingerprints = [ + # "1 1 3aff8c913615c81512be3a42fc83daeb90d94a3d" + # "1 2 39c7500f08022963f3f2db4f3ebb7aad08c92d0cc937984ba86c4eba204ed493" + # "4 1 862842d99f5afb33db4f073d2f3d1154c6417110" + # "4 2 373536d3d59f2354b1bfc25c02120c86e9b3af574b6c1984210d9e9c1d5244e3" + # ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + enable-gui = true; + # ssh-pubkey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKVhHfRf2086SAqOmu2dNbsJI9UUAQWop+1lrcJlNgl8"; + profile = "desktop"; + domain = "sea.fudo.org"; + site = "seattle"; + android-dev = true; + arch = "x86_64-linux"; + nixos-system = true; + machine-id = "e5f456e3183a4dc186181a70bc3af2d1"; + master-key = { + public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsn68vDKV4jnBuICSDX/2Gpnshbrz0r9t4lXIke1vqh"; + key-path = "/state/master-key/key"; + }; + # initrd-ip = "10.0.5.110"; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..4717c15 --- /dev/null +++ b/module.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + config.fudo = import ./entities.nix { + fudo-lib = pkgs.lib; + }; +} diff --git a/sites/sites.nix b/sites/sites.nix new file mode 100644 index 0000000..7af42cf --- /dev/null +++ b/sites/sites.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ... }: + +{ + config.fudo.sites = { + seattle = { + gateway-v4 = "10.0.0.1"; + nameservers = [ "10.0.0.1" ]; + network = "10.0.0.0/16"; + dynamic-network = "10.0.100.0/24"; + timezone = "America/Los_Angeles"; + deploy-pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + ]; + # build-servers = { + # nostromo = { + # max-jobs = 4; + # speed-factor = 2; + # }; + # lambda = { + # max-jobs = 4; + # speed-factor = 2; + # }; + # }; + enable-distributed-builds = false; + mail-server = "mail.fudo.org"; + }; + + portage = { + gateway-v4 = "208.81.3.113"; + network = "208.81.3.112/28"; + nameservers = [ "208.81.7.14" "1.1.1.1" ]; + timezone = "America/Winnipeg"; + deploy-pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + ]; + mail-server = "mail.fudo.org"; + }; + + nuttyclub = { + gateway-v4 = "199.87.154.174"; + network = "199.87.154.174/31"; + nameservers = [ "1.1.1.1" ]; + timezone = "America/Winnipeg"; + deploy-pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + ]; + mail-server = "mail.fudo.org"; + }; + + nuttyclub-vm = { + gateway-v4 = "208.81.4.81"; + network = "208.81.4.80/29"; + nameservers = [ "1.1.1.1" ]; + timezone = "America/Winnipeg"; + deploy-pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + ]; + mail-server = "mail.fudo.org"; + }; + + russell = { + gateway-v4 = "10.0.0.1"; + nameservers = [ "10.0.0.1" ]; + network = "10.0.0.0/16"; + dynamic-network = "10.0.1.0/24"; + timezone = "America/Winnipeg"; + mail-server = "mail.fudo.org"; + }; + + joes-datacenter-0 = { + gateway-v4 = "172.86.179.17"; + network = "172.86.179.17/29"; + nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ]; + timezone = "America/Winnipeg"; + deploy-pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + ]; + mail-server = "mail.informis.land"; + }; + + worldstream = { + gateway-v4 = "91.229.23.1"; + network = "91.229.23.0/24"; + nameservers = [ "1.1.1.1" "2606:4700:4700::1111" ]; + timezone = "Europe/Amsterdam"; + deploy-pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0=" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0=" + ]; + mail-server = "mail.fudo.org"; + }; + + mobile = { + nameservers = [ "1.1.1.1" ]; + timezone = "America/Los_Angeles"; + }; + }; +} diff --git a/zones/eur.fudo.org.nix b/zones/eur.fudo.org.nix new file mode 100644 index 0000000..0981ce8 --- /dev/null +++ b/zones/eur.fudo.org.nix @@ -0,0 +1,7 @@ +{ + mx = [ "mail.fudo.org" ]; + + hosts = { + legatus.ipv4-address = "91.229.23.204"; + }; +} diff --git a/zones/fudo.org.nix b/zones/fudo.org.nix new file mode 100644 index 0000000..5423b43 --- /dev/null +++ b/zones/fudo.org.nix @@ -0,0 +1,180 @@ +{ + aliases = { + pop = "mail.fudo.org."; + smtp = "mail.fudo.org."; + imap = "mail.fudo.org."; + webmail = "france.fudo.org."; + + archiva = "france.fudo.org."; + auth = "france.fudo.org."; + backplane = "france.fudo.org."; + chat = "france.fudo.org."; + de = "germany.fudo.org."; + fr = "france.fudo.org."; + git = "france.fudo.org."; + metrics = "france.fudo.org."; + minecraft = "france.fudo.org."; + monitor = "france.fudo.org."; + user = "paris.fudo.org."; + u = "user.fudo.org."; + w = "www.fudo.org."; + ww = "www.fudo.org."; + www = "hanover.fudo.org."; + wiki = "hanover.fudo.org."; + }; + + verbatim-dns-records = [ + ''@ IN TXT "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"'' + ''@ IN SPF "v=spf1 mx ip4:208.81.3.112/28 ip6:2605:e200:d200::1/48 -all"'' + ]; + + srv-records = { + tcp = { + domain = [ + { + host = "ns1.fudo.org"; + port = 53; + } + { + host = "ns2.fudo.org"; + port = 53; + } + { + host = "ns3.fudo.org"; + port = 53; + } + { + host = "ns4.fudo.org"; + port = 53; + } + ]; + ssh = [{ + host = "france.fudo.org"; + port = 22; + }]; + smtp = [{ + host = "mail.fudo.org"; + port = 25; + }]; + submission = [{ + host = "mail.fudo.org"; + port = 587; + }]; + kerberos = [{ + host = "france.fudo.org"; + port = 88; + }]; + imaps = [{ + host = "mail.fudo.org"; + port = 993; + }]; + ldap = [{ + host = "france.fudo.org"; + port = 389; + }]; + ldaps = [{ + host = "france.fudo.org"; + port = 636; + }]; + pop3s = [{ + host = "mail.fudo.org"; + port = 995; + }]; + http = [{ + host = "wiki.fudo.org"; + port = 80; + }]; + https = [{ + host = "wiki.fudo.org"; + port = 80; + }]; + xmpp-server = [{ + host = "fudo.im"; + port = 5269; + }]; + xmpp-client = [{ + host = "fudo.im"; + port = 5222; + }]; + }; + udp = { + domain = [ + { + host = "ns1.fudo.org"; + port = 53; + } + { + host = "ns2.fudo.org"; + port = 53; + } + { + host = "ns3.fudo.org"; + port = 53; + } + { + host = "ns4.fudo.org"; + port = 53; + } + ]; + kerberos = [{ + host = "france.fudo.org"; + port = 88; + }]; + kerberos-master = [{ + host = "france.fudo.org"; + port = 88; + }]; + kpasswd = [{ + host = "france.fudo.org"; + port = 464; + }]; + xmpp-server = [{ + host = "fudo.im"; + port = 5269; + }]; + }; + }; + + hosts = { + cashew = { ipv4-address = "208.81.4.82"; }; + cisco = { ipv4-address = "198.163.150.211"; }; + cisco-int = { ipv4-address = "10.73.77.10"; }; + cupid = { ipv4-address = "208.38.36.100"; }; + docker = { ipv4-address = "208.81.3.126"; }; + france = { ipv4-address = "208.81.3.117"; }; + frankfurt = { + ipv4-address = "208.81.3.120"; + ipv6-address = "2605:e200:d200:1:5054:ff:fe8c:9738"; + }; + germany = { + ipv4-address = "208.81.3.116"; + ipv6-address = "2605:e200:d200:1:78d9:d8ff:fe0f:dd88"; + }; + hanover = { + ipv4-address = "208.81.1.130"; + ipv6-address = "2605:e200:d100:1:5054:ff:fe61:ac8b"; + }; + localhost = { ipv4-address = "127.0.0.1"; }; + lsbb-gba = { ipv4-address = "199.101.56.34"; }; + lsbb-abg = { ipv4-address = "199.101.56.38"; }; + lsbb-hwd = { ipv4-address = "199.101.56.106"; }; + lsbb-hcl = { ipv4-address = "199.101.56.110"; }; + nutboy3 = { ipv4-address = "199.87.154.175"; }; + procul = { ipv4-address = "172.86.179.18"; }; + prunel = { ipv4-address = "208.81.3.123"; }; + mbix = { ipv4-address = "208.81.7.146"; }; + ns3-fudo = { ipv4-address = "208.75.74.205"; }; + ns3-dair = { ipv4-address = "208.75.74.205"; }; + ns4-fudo = { ipv4-address = "208.75.75.157"; }; + ns4-dair = { ipv4-address = "208.75.75.157"; }; + paris = { + ipv4-address = "208.81.3.125"; + ipv6-address = "2605:e200:d200:1:5054:ff:fe67:d0c1"; + }; + probe = { ipv4-address = "208.81.3.119"; }; + tours = { + ipv4-address = "208.81.3.121"; + ipv6-address = "2605:e200:d200:1:5054:ff:fe95:34e5"; + }; + }; +} diff --git a/zones/informis.land.nix b/zones/informis.land.nix new file mode 100644 index 0000000..9279649 --- /dev/null +++ b/zones/informis.land.nix @@ -0,0 +1,47 @@ +{ + mx = [ "smtp.informis.land" ]; + + aliases = { + smtp = "procul.informis.land."; + imap = "procul.informis.land."; + gemini = "procul.informis.land."; + git = "procul.informis.land."; + }; + + srv-records = { + tcp = { + ssh = [{ + host = "procul.informis.land"; + port = 22; + }]; + submission = [{ + host = "procul.informis.land"; + port = 587; + }]; + imaps = [{ + host = "procul.informis.land"; + port = 993; + priority = 0; + }]; + pop3s = [{ + host = "procul.informis.land"; + port = 995; + priority = 10; + }]; + http = [{ + host = "procul.informis.land"; + port = 80; + }]; + https = [{ + host = "procul.informis.land"; + port = 443; + }]; + }; + }; + + hosts = { + procul = { + ipv4-address = "172.86.179.18"; + }; + }; +} diff --git a/zones/rus.selby.ca.nix b/zones/rus.selby.ca.nix new file mode 100644 index 0000000..3b31147 --- /dev/null +++ b/zones/rus.selby.ca.nix @@ -0,0 +1,95 @@ +{ config, lib, ... }: + +with lib; +let local-domain = "rus.selby.ca"; +in { + default-host = "10.0.0.1"; + + mx = [ "mail.fudo.org" ]; + + gssapi-realm = toUpper local-domain; + + hosts = { + clunk = { + ipv4-address = "10.0.0.1"; + mac-address = "02:44:d1:eb:c3:6b"; + }; + + dns-proxy = { + ipv4-address = "10.0.0.2"; + # This is just an alias for clunk's primary interface + }; + + google-wifi = { + ipv4-address = "10.0.0.11"; + mac-address = "70:3a:cb:c0:3b:09"; + }; + + plato = { + ipv4-address = "10.0.0.102"; + mac-address = "00:e3:5c:68:79:a2"; + }; + + pselby-work = { + ipv4-address = "10.0.0.151"; + mac-address = "00:50:b6:aa:bd:b3"; + }; + + downstairs-desktop = { + ipv4-address = "10.0.0.100"; + mac-address = "90:b1:1c:8e:29:cf"; + }; + + upstairs-desktop = { + ipv4-address = "10.0.0.101"; + mac-address = "80:e8:2c:22:65:c2"; + }; + }; + + aliases = { + dns-hole = "clunk"; + gateway = "clunk"; + upstairs = "upstairs-desktop"; + downstairs = "downstairs-desktop"; + }; + + srv-records = { + tcp = { + domain = [{ + port = 53; + host = "clunk.${local-domain}"; + }]; + kerberos = [{ + port = 88; + host = "clunk.${local-domain}"; + }]; + kerberos-adm = [{ + port = 749; + host = "clunk.${local-domain}"; + }]; + ssh = [{ + port = 22; + host = "clunk.${local-domain}"; + }]; + }; + + udp = { + domain = [{ + port = 53; + host = "clunk.${local-domain}"; + }]; + kerberos = [{ + port = 88; + host = "clunk.${local-domain}"; + }]; + kerboros-master = [{ + port = 88; + host = "clunk.${local-domain}"; + }]; + kpasswd = [{ + port = 464; + host = "clunk.${local-domain}"; + }]; + }; + }; +} diff --git a/zones/sea.fudo.org.nix b/zones/sea.fudo.org.nix new file mode 100644 index 0000000..632c7bd --- /dev/null +++ b/zones/sea.fudo.org.nix @@ -0,0 +1,220 @@ +let local-domain = "sea.fudo.org"; +in { + aliases = { + deploy = "socrates"; + dns-hole = "limina"; + gateway = "limina"; + hole = "limina"; + ipfs = "nostromo"; + # kadmin = "nostromo"; + # kdc = "nostromo"; + music = "doraemon"; + panopticon = "lambda"; + panopticon-od = "lambda"; + photo = "doraemon"; + pihole = "limina"; + sea-store = "nostromo"; + }; + + srv-records = { + tcp = { + domain = [{ + port = 53; + host = "limina.sea.fudo.org"; + }]; + kerberos = [{ + port = 88; + host = "france.fudo.org"; + }]; + kerberos-adm = [{ + port = 88; + host = "france.fudo.org"; + }]; + ssh = [{ + port = 22; + host = "limina.sea.fudo.org"; + }]; + ldap = [{ + port = 389; + host = "france.fudo.org"; + }]; + }; + + udp = { + domain = [{ + port = 53; + host = "limina.sea.fudo.org"; + }]; + kerberos = [{ + port = 88; + host = "france.fudo.org"; + }]; + kerboros-master = [{ + port = 88; + host = "france.fudo.org"; + }]; + kpasswd = [{ + port = 464; + host = "france.fudo.org"; + }]; + }; + }; + + hosts = { + limina = { + ipv4-address = "10.0.0.1"; + mac-address = "02:fd:79:94:a2:a8"; + }; + switch-master = { + ipv4-address = "10.0.0.5"; + mac-address = "00:14:1C:B6:BB:40"; + }; + google-wifi = { + ipv4-address = "10.0.0.7"; + mac-address = "7C:D9:5C:9F:6F:E9"; + }; + nostromo = { + ipv4-address = "10.0.0.10"; + mac-address = "02:14:25:55:ee:5a"; + }; + lambda = { + ipv4-address = "10.0.0.11"; + mac-address = "02:f5:fe:8c:22:fe"; + }; + socrates = { + ipv4-address = "10.0.0.20"; + mac-address = "02:f2:30:b8:71:42"; + }; + plato = { ipv4-address = "10.0.0.21"; }; + cam-entrance = { + ipv4-address = "10.0.0.31"; + mac-address = "9c:8e:cd:0e:99:7b"; + }; + cam-driveway = { + ipv4-address = "10.0.0.32"; + mac-address = "9c:8e:cd:0d:3b:09"; + }; + cam-deck = { + ipv4-address = "10.0.0.33"; + mac-address = "9c:8e:cd:0e:98:c8"; + }; + cargo = { + ipv4-address = "10.0.0.50"; + mac-address = "00:11:32:75:d8:b7"; + }; + whitedwarf = { + ipv4-address = "10.0.0.51"; + mac-address = "00:11:32:12:14:1d"; + }; + doraemon = { + ipv4-address = "10.0.0.52"; + mac-address = "00:11:32:0a:06:c5"; + }; + android = { + ipv4-address = "10.0.0.81"; + mac-address = "00:16:3e:43:39:fc"; + }; + retro-wired = { + ipv4-address = "10.0.0.82"; + mac-address = "dc:a6:32:6b:57:43"; + }; + retro = { + ipv4-address = "10.0.0.83"; + mac-address = "dc:a6:32:6b:57:45"; + }; + monolith = { + ipv4-address = "10.0.0.100"; + mac-address = "6c:62:6d:c8:b0:d8"; + }; + taipan = { + ipv4-address = "10.0.0.107"; + mac-address = "52:54:00:34:c4:78"; + }; + spark = { + ipv4-address = "10.0.0.108"; + mac-address = "02:9c:b7:b6:ad:c4"; + }; + hyperion = { + ipv4-address = "10.0.0.109"; + mac-address = "52:54:00:33:46:de"; + }; + zbox = { + ipv4-address = "10.0.0.110"; + mac-address = "02:DD:80:52:83:9B"; + }; + system3 = { + ipv4-address = "10.0.0.111"; + mac-address = "02:0d:df:2d:46:90"; + }; + ubiquiti-wifi = { + ipv4-address = "10.0.0.126"; + mac-address = "04:18:d6:20:48:fb"; + }; + generator-wireless = { + ipv4-address = "10.0.0.130"; + mac-address = "B8:27:EB:A6:32:26"; + }; + brother-wireless = { + ipv4-address = "10.0.0.160"; + mac-address = "c0:38:96:64:49:65"; + }; + nest = { + ipv4-address = "10.0.0.176"; + mac-address = "18:b4:30:16:7c:5a"; + }; + xixi-phone = { + ipv4-address = "10.0.0.193"; + mac-address = "48:43:7c:75:89:42"; + }; + ipad = { + ipv4-address = "10.0.0.202"; + mac-address = "9c:35:eb:48:6e:71"; + }; + cam-front = { + ipv4-address = "10.0.0.203"; + mac-address = "c4:d6:55:3e:b4:c3"; + }; + family-tv = { + ipv4-address = "10.0.0.205"; + mac-address = "84:a4:66:3a:b1:f8"; + }; + babycam = { + ipv4-address = "10.0.0.206"; + mac-address = "08:ea:40:59:5f:9e"; + }; + workphone = { + ipv4-address = "10.0.0.211"; + mac-address = "a8:8e:24:5c:12:67"; + }; + chromecast-2 = { + ipv4-address = "10.0.0.215"; + mac-address = "a4:77:33:59:a2:ba"; + }; + front-light = { + ipv4-address = "10.0.0.221"; + mac-address = "94:10:3e:48:94:ed"; + }; + + # Ceph network + srv-1 = { + ipv4-address = "10.0.10.1"; + mac-address = "02:65:d7:00:7d:1b"; + }; + node-1 = { + ipv4-address = "10.0.10.101"; + mac-address = "00:1e:06:36:81:cf"; + }; + node-2 = { + ipv4-address = "10.0.10.102"; + mac-address = "00:1e:06:36:ec:3e"; + }; + node-3 = { + ipv4-address = "10.0.10.103"; + mac-address = "00:1e:06:36:ec:4b"; + }; + node-4 = { + ipv4-address = "10.0.10.104"; + mac-address = "00:1e:06:36:dd:8c"; + }; + }; +}