disassembler
diff --git a/‎flake.lock
Lines changed: 18591 additions & 3843 deletions b/‎flake.lock
Lines changed: 18591 additions & 3843 deletions
diff --git a/‎flake.nix
Lines changed: 3 additions & 1 deletion b/‎flake.nix
Lines changed: 3 additions & 1 deletion
diff --git a/‎modules/services/omadad/default.nix
Lines changed: 5 additions & 2 deletions b/‎modules/services/omadad/default.nix
Lines changed: 5 additions & 2 deletions
diff --git a/‎nixos/configurations.nix
Lines changed: 9 additions & 1 deletion b/‎nixos/configurations.nix
Lines changed: 9 additions & 1 deletion
diff --git a/‎nixos/deploy.nix
Lines changed: 4 additions & 4 deletions b/‎nixos/deploy.nix
Lines changed: 4 additions & 4 deletions
diff --git a/‎nixos/irkutsk/configuration.nix
Lines changed: 1 addition & 1 deletion b/‎nixos/irkutsk/configuration.nix
Lines changed: 1 addition & 1 deletion
diff --git a/‎nixos/optina/configuration.nix
Lines changed: 22 additions & 11 deletions b/‎nixos/optina/configuration.nix
Lines changed: 22 additions & 11 deletions
diff --git a/‎nixos/optina/minecraft-bedrock.nix
Lines changed: 3 additions & 3 deletions b/‎nixos/optina/minecraft-bedrock.nix
Lines changed: 3 additions & 3 deletions
diff --git a/‎nixos/portal/configuration.nix
Lines changed: 64 additions & 34 deletions b/‎nixos/portal/configuration.nix
Lines changed: 64 additions & 34 deletions
diff --git a/‎nixos/prod01/configuration.nix
Lines changed: 14 additions & 0 deletions b/‎nixos/prod01/configuration.nix
Lines changed: 14 additions & 0 deletions
diff --git a/‎nixos/prod01/modules/knot/disasm.us.zone
Lines changed: 29 additions & 27 deletions b/‎nixos/prod01/modules/knot/disasm.us.zone
Lines changed: 29 additions & 27 deletions
@@ -8,7 +8,9 @@
     nixpkgsLegacy.url = "github:NixOS/nixpkgs/nixos-23.11";
     #nixpkgs-2111.follows = "cardano-node/haskellNix/nixpkgs-2111";
     #nixpkgs-2105.follows = "cardano-node/haskellNix/nixpkgs-2105";
-    cardano-node.url = "github:input-output-hk/cardano-node/8.12.2";
+    cardano-node.url = "github:intersectmbo/cardano-node/10.1.1-pre";
+    credential-manager.url = "github:intersectmbo/credential-manager/0.1.0.0";
+    hydra-doom.url = "github:cardano-scaling/hydra-doom";
     #cardano-node.inputs.nixpkgs.follows = "haskellNix/nixpkgs-2105";
     #cardano-addresses.url = "github:input-output-hk/cardano-addresses";
     #haskellNix.url = "github:input-output-hk/haskell.nix/14f740c7c8f535581c30b1697018e389680e24cb";
 
@@ -63,7 +63,9 @@ in {
 
     package = mkOption {
       type = types.package;
-      default = pkgs.callPackage ./package.nix {};
+      default = pkgs.callPackage ./package.nix {
+        mongodb = cfg.mongodb;
+      };
       description = ''
         Omada package
       '';
@@ -91,8 +93,9 @@ in {
 
     systemd.services.omadad = {
       description = "Wifi access point controller";
-      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ];
       after = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
       path = [ pkgs.bash cfg.mongodb pkgs.nettools pkgs.curl pkgs.procps ];
 
       serviceConfig = let
 
@@ -4,6 +4,7 @@
 , inputs
 , nixos-hardware
 , cardano-node
+, credential-manager
 , nix
   #, cardano-db-sync
 , ...
@@ -70,7 +71,7 @@ in
       cardano-node.nixosModules.cardano-node
       ./sarov/configuration.nix
     ];
-    specialArgs = { inherit inputs cardano-node; };
+    specialArgs = { inherit inputs cardano-node credential-manager; };
   };
   valaam = nixosSystem {
     system = "x86_64-linux";
@@ -102,6 +103,13 @@ in
     ];
     specialArgs = { inherit inputs; };
   };
+  #installeriso = nixosSystem {
+  #  system = "x86_64-linux";
+  #  modules = [
+  #    ./installeriso/configuration.nix
+  #  ];
+  #  specialArgs = { inherit inputs; };
+  #};
   airgap = nixosSystem {
     system = "x86_64-linux";
     modules = baseModules ++ [
 
@@ -16,11 +16,11 @@ in
   sshUser = "root";
   nodes = {
     optina = mkNode "optina" "10.40.33.20" true;
-    portal = mkNode "portal" "10.40.33.1" true;
-    #portal = mkNode "portal" "prophet.samleathers.com" true;
-    sarov  = mkNode "sarov" "10.40.33.159" true;
+    portal = mkNode "portal" "portal.lan.disasm.us" true;
+    #portal = mkNode "portal" "174.59.122.137" true;
+    sarov  = mkNode "sarov" "10.40.33.124" true;
     valaam = mkNode "valaam" "10.40.33.21" true;
-    prod01 = mkNode "prod01" "45.76.4.212" false;
+    prod01 = mkNode "prod01" "prod01.samleathers.com" false;
     prod03 = mkNode "prod03" "45.63.23.13" false;
   };
 }
@@ -329,7 +329,7 @@ in
 
 
   services = {
-    tailscale.enable = true;
+    tailscale.enable = false;
     lorri.enable = true;
     trezord.enable = true;
     resolved.enable = false;
 
@@ -1,9 +1,17 @@
-{ lib, config, pkgs, pkgsLegacy, ... }:
+{ lib, config, pkgs, inputs, ... }:
 
 
 with lib;
 
 let
+  legacyPkgs = import inputs.nixpkgsLegacy {
+    system = "x86_64-linux";
+    config = {
+      allowUnfree = true;
+      # required for mongodb 3.4
+      permittedInsecurePackages = [ "openssl-1.0.2u" ];
+    };
+  };
   shared = import ../../shared.nix;
   netboot_root = pkgs.runCommand "nginxroot" { } ''
     mkdir -pv $out
@@ -107,6 +115,7 @@ in
     hostName = "optina";
     domain = "lan.disasm.us";
     hostId = "1768b40b";
+    tempAddresses = "disabled";
     interfaces.enp2s0.ipv4.addresses = [{ address = "10.40.33.20"; prefixLength = 24; }];
     defaultGateway = "10.40.33.1";
     nameservers = [ "10.40.33.1" "8.8.8.8" ];
@@ -354,16 +363,18 @@ in
       };
     };
     # TODO: run omadad and unifi in a controller with an older nixpkgs
-    #omadad = {
-    #  enable = true;
-    #  httpPort = 8089;
-    #  httpsPort = 10443;
-    #};
-    #unifi = {
-    #  enable = true;
-    #  unifiPackage = pkgs.unifi6;
-    #  openFirewall = true;
-    #};
+    omadad = {
+      enable = true;
+      httpPort = 8089;
+      httpsPort = 10443;
+      mongodb = legacyPkgs.mongodb;
+    };
+    unifi = {
+      enable = true;
+      unifiPackage = legacyPkgs.unifi6;
+      mongodbPackage = legacyPkgs.mongodb-4_4;
+      openFirewall = true;
+    };
     #telegraf = {
     #  enable = true;
     #  extraConfig = {
 
@@ -1,16 +1,16 @@
 { stdenv, fetchurl, patchelf, openssl, unzip, lib, zlib, curl }:
 
 let
-  version = "1.21.3.01";
-  sha256 = "sha256-6xznfVO4g+ICgVixwM7RrrmoVMlFnbIFwWDt1kYfvnM=";
+  version = "1.21.51.01";
+  sha256 = "sha256-7VBhpK5+Q9WFml6dKyVT/QgUssR5wzyugELJry4IU2M=";
   rpath = lib.makeLibraryPath [ zlib openssl stdenv.cc.cc curl ];
 in
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";
   pname = "minecraft-bedrock-server";
   inherit version;
   src = fetchurl {
-    url = "https://minecraft.azureedge.net/bin-linux/bedrock-server-${version}.zip";
+    url = "https://util.samleathers.com/bedrock-server-${version}.zip";
     inherit sha256;
   };
   postPatch = ''
 
@@ -229,13 +229,13 @@ in
             # allow traffic with existing state
             ip46tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
             # Allow forwarding the following ports from Internet via IPv6 only
-            ${forwardPortToHost 3001 "enp1s0" "tcp" "2601:98a:4102:ef0:8c6d:c3ff:fe13:5d63"}
+            ${forwardPortToHost 3001 "enp1s0" "tcp" "2601:98a:4100:1700:1046:d1ff:feea:9276"}
             # block forwarding from external interface
             ip6tables -A FORWARD -i enp1s0 -j DROP
             ''
           ];
           allowedTCPPorts = [ 32400 5222 5060 53 3001 ];
-          allowedUDPPorts = [ 51820 1194 1195 5060 5222 53 config.services.toxvpn.port 19132 5353 ];
+          allowedUDPPorts = [ 51820 1194 1195 5060 5222 53 19132 5353 ];
         };
         wireguard.interfaces = {
           wg0 = {
@@ -272,39 +272,69 @@ in
                 publicKey = "eR6I+LI/BayJ90Kjt0wJyfJUsoSmayD+cb6Kb7qdCV4=";
                 allowedIPs = [ "10.37.4.0/24" "10.37.6.1/32" "fd00::37/128" ];
               }
+              #{
+              #  # buffalo run
+              #  publicKey = "b1SJJq77euLkBM/femF+jJ5HbR/dc3cEQEejYZMtFCA=";
+              #  allowedIPs = [ "10.40.9.5/32" ];
+              #}
               {
-            # buffalo run
-            publicKey = "b1SJJq77euLkBM/femF+jJ5HbR/dc3cEQEejYZMtFCA=";
-            allowedIPs = [ "10.40.9.5/32" ];
-          }
-          {
-            # greenacres
-            publicKey = "NhywNZQlIJitXta1V+HCLSiOTYlgxWOQGvxh2Tvinmk=";
-            allowedIPs = [ "10.36.3.0/24" "fd00::36/128" "192.168.254.0/24" ];
-          }
-          {
-            # bower-office
-            publicKey = "rsRvtd4mm4hucE5W1QqCjWJwmSlhWnSWaIWts/Z8/xY=";
-            allowedIPs = [ "10.38.0.1/32" "192.168.0.0/24" ];
-            endpoint = "73.230.94.119:51820";
-          }
-          {
-            # bower-home
-            publicKey = "3sHFhvDxx6nVX/DBroIGTdHfehl9I/OOB4Fo5v7Vvxc=";
-            allowedIPs = [ "10.38.0.2/32" "192.168.1.0/24" "192.168.10.0/24" ];
-            endpoint = "98.235.35.253:51820";
-          }
-          {
-            # clever
-            publicKey = "oycbQ1DhtRh0hhD5gpyiKTUh0USkAwbjMer6/h/aHg8=";
-            allowedIPs = [ "10.40.9.3/32" "fd00::3/128" ];
-            endpoint = "nas.earthtools.ca:51821";
-          }
-          {
-            # johnalotoski
-            publicKey = "MRowDI1eC9B5Hx/zgPk5yyq2eWSq6kYFW5Sjm7w52AY=";
-            allowedIPs = [ "10.40.9.4/32" "fd00::4/128" ];
-          }
+                # greenacres
+                publicKey = "NhywNZQlIJitXta1V+HCLSiOTYlgxWOQGvxh2Tvinmk=";
+                allowedIPs = [ "10.36.3.0/24" "fd00::36/128" "192.168.254.0/24" ];
+              }
+              {
+                # bower-office
+                publicKey = "rsRvtd4mm4hucE5W1QqCjWJwmSlhWnSWaIWts/Z8/xY=";
+                allowedIPs = [ "10.38.0.1/32" "192.168.0.0/24" ];
+                endpoint = "174.175.23.241:51820";
+              }
+              {
+                # bower-home
+                publicKey = "3sHFhvDxx6nVX/DBroIGTdHfehl9I/OOB4Fo5v7Vvxc=";
+                allowedIPs = [ "10.38.0.2/32" "192.168.1.0/24" "192.168.10.0/24" ];
+                endpoint = "98.235.35.253:51820";
+              }
+              {
+                # clever
+                publicKey = "oycbQ1DhtRh0hhD5gpyiKTUh0USkAwbjMer6/h/aHg8=";
+                allowedIPs = [ "10.40.9.3/32" "fd00::3/128" ];
+                endpoint = "nas.earthtools.ca:51821";
+              }
+              {
+                # johnalotoski
+                publicKey = "MRowDI1eC9B5Hx/zgPk5yyq2eWSq6kYFW5Sjm7w52AY=";
+                allowedIPs = [ "10.40.9.4/32" "fd00::4/128" ];
+              }
+              {
+                # installer
+                publicKey = "FDES05UMXVPKusZaMjP0vbVlyM5UASZtE560RjVIo3E=";
+                allowedIPs = [ "10.40.9.5/32" "fd00::5/128" ];
+              }
+              {
+                # hydra-arcade-1
+                publicKey = "aq7dxIkmWEQXr3eB7uzZOBEZ0WT6kgEW9BsqqH2eBDE=";
+                allowedIPs = [ "10.40.9.6/32" "fd00::6/128" ];
+              }
+              {
+                # hydra-arcade-2
+                publicKey = "Q+Sx+o4ckWuO/CQ9IVCIIfBytXZkgDUIkSS50eUmCWU=";
+                allowedIPs = [ "10.40.9.7/32" "fd00::7/128" ];
+              }
+              {
+                # hydra-arcade-qemu
+                publicKey = "A0LYo/Pjx99kUTA9jBzSzfi8qRELOfM+0N0JD1HhcBY=";
+                allowedIPs = [ "10.40.9.8/32" "fd00::8/128" ];
+              }
+              {
+                # hydra-doom-mini
+                publicKey = "hP0Z/mlzGoiZ3XgavKGL40wypHKcRVDR1Hkx2Cz28Sg=";
+                allowedIPs = [ "10.40.9.9/32" "fd00::9/128" ];
+              }
+              {
+                # carlos
+                publicKey = "/9YVN8nraowBRjhe6ysajY5bp4fUVqJE622OpLpl4Hs=";
+                allowedIPs = [ "10.40.9.100/32" "fd00::100/128" ];
+              }
         ];
 
       };
 
@@ -66,6 +66,11 @@ in
         serverAliases = [ "www.nixedge.com" ];
         root = pkgs.nixedge_site;
       };
+      "resume.disasm.us" = {
+        enableACME = true;
+        forceSSL = true;
+        root = ./resume;
+      };
       "rats.fail" =
         let
           metadata = ''
@@ -121,6 +126,15 @@ in
         serverAliases = [ "www.centrallakerealty.com" ];
         globalRedirect = "www.facebook.com/MarieLeathersRealtor?mibextid=2JQ9oc";
       };
+      "doom.disasm.us" = {
+        enableACME = true;
+        forceSSL = true;
+        root = inputs.hydra-doom.packages."x86_64-linux".hydra-doom-static-remote;
+        extraConfig = ''
+          disable_symlinks off;
+          try_files $uri $uri /index.html;
+        '';
+      };
     };
   };
   services.mysql = {
 
@@ -1,4 +1,4 @@
-@ 3600 IN SOA disasm.us. root.disasm.us. 2023091101 7200 3600 86400 3600
+@ 3600 IN SOA disasm.us. root.disasm.us. 2024092403 7200 3600 86400 3600
 
 $TTL 600
 
@@ -13,41 +13,41 @@ _acme-challenge.lan IN NS ns1.disasm.us
 @ IN CAA 0 issue "letsencrypt.org"
 @ IN CAA 0 iodef "mailto:[email protected]"
 
-@	300	IN	A	45.76.4.212
+@ 300 IN  A 45.76.4.212
 
 ; Google records
-@	300	IN	MX	1 aspmx.l.google.com.
-@	300	IN	MX	3 alt1.aspmx.l.google.com.
-@	300	IN	MX	3 alt2.aspmx.l.google.com.
-@	300	IN	MX	5 aspmx2.googlemail.com.
-@	300	IN	MX	5 aspmx3.googlemail.com.
-@	300	IN	MX	5 aspmx4.googlemail.com.
-@	300	IN	MX	5 aspmx5.googlemail.com.
-@	10800	IN	TXT	"google-site-verification=7qHsbQ1rdlFiMWL080OeAv7uGddX_-8E-Qc-WiUU_L8"
-calendar	300	IN	CNAME	ghs.google.com.
-docs	300	IN	CNAME	ghs.google.com.
-in	300	IN	TXT	"v=spf1" "include:_spf.google.com" "~all"
-mail	300	IN	CNAME	ghs.google.com.
-sites	300	IN	CNAME	ghs.google.com.
-start	300	IN	CNAME	ghs.google.com.
+@ 300 IN  MX  1 aspmx.l.google.com.
+@ 300 IN  MX  3 alt1.aspmx.l.google.com.
+@ 300 IN  MX  3 alt2.aspmx.l.google.com.
+@ 300 IN  MX  5 aspmx2.googlemail.com.
+@ 300 IN  MX  5 aspmx3.googlemail.com.
+@ 300 IN  MX  5 aspmx4.googlemail.com.
+@ 300 IN  MX  5 aspmx5.googlemail.com.
+@ 10800 IN  TXT "google-site-verification=7qHsbQ1rdlFiMWL080OeAv7uGddX_-8E-Qc-WiUU_L8"
+calendar  300 IN  CNAME ghs.google.com.
+docs  300 IN  CNAME ghs.google.com.
+in  300 IN  TXT "v=spf1" "include:_spf.google.com" "~all"
+mail  300 IN  CNAME ghs.google.com.
+sites 300 IN  CNAME ghs.google.com.
+start 300 IN  CNAME ghs.google.com.
 
-localhost	300	IN	A	127.0.0.1
-ns1	300	IN	A	45.76.4.212
-ns2	300	IN	A	45.76.4.212
-www	300	IN	A	45.76.4.212
-resume	300	IN	CNAME	www
+localhost 300 IN  A 127.0.0.1
+ns1 300 IN  A 45.76.4.212
+ns2 300 IN  A 45.76.4.212
+www 300 IN  A 45.76.4.212
+resume  300 IN  CNAME www
 
 ; lan
 optina.lan 300 IN A 10.40.33.20
-optina.lan 300 IN AAAA 2601:98a:4102:ef0:d63d:7eff:fe4d:c47f
+optina.lan 300 IN AAAA 2601:98a:4100:1700:76d4:35ff:fe9b:8462
 valaam.lan 300 IN A 10.40.33.21
-valaam.lan 300 IN AAAA 2601:98a:4102:ef0:1c99:304c:7769:9426
-relay.valaam.lan 300 IN AAAA 2601:98a:4102:ef0:8c6d:c3ff:fe13:5d63
-pool.valaam.lan 300 IN AAAA 2601:98a:4102:ef0:463:25ff:fe4c:d1e3
+valaam.lan 300 IN AAAA 2601:98a:4100:1700:2c0:8ff:fe9d:ba42
+relay.valaam.lan 300 IN AAAA 2601:98a:4100:1700:1046:d1ff:feea:9276
+pool.valaam.lan 300 IN AAAA 2601:98a:4100:1700:3858:abff:febd:83d1
 atari.lan 300 IN A 10.40.33.22
-atari.lan 300 IN AAAA 2601:98a:4102:ef0:9608:53ff:fe84:9b9d
+atari.lan 300 IN AAAA 2601:98a:4100:1700:9608:53ff:fe84:9b9d
 portal.lan 300 IN A 10.40.33.1
-portal.lan 300 IN AAAA 2601:98a:4102:ef0::1
+portal.lan 300 IN AAAA 2601:98a:4100:1700::1
 vw.lan 300 IN CNAME optina.lan
 omada.lan 300 IN CNAME optina.lan
 hass.lan 300 IN CNAME optina.lan
@@ -62,3 +62,5 @@ relay01.lan 300 IN A 147.28.149.209
 relay02.lan 300 IN A 147.28.183.225
 
 sanchonet 300 IN CNAME input-output-hk.github.io.
+
+doom 300 IN CNAME disasm.us.