cluster/{machines,certs}: add dcr03s16.hswaw.net
Also make dataplane-only nodes actually work:
- make kubeproxy use the same package as kubelet
- disable firewall
Change-Id: I7babbb749656e6f75151c8eda6e3f09f3c6bff5f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1686
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/cluster/certs/etcd-dcr03s16.hswaw.net.cert b/cluster/certs/etcd-dcr03s16.hswaw.net.cert
new file mode 100644
index 0000000..e9a5f87
--- /dev/null
+++ b/cluster/certs/etcd-dcr03s16.hswaw.net.cert
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBajCCARygAwIBAgIQSZ15lrMokBzfpGu/BnHYqTAFBgMrZXAwEjEQMA4GA1UE
+AxMHZXRjZCBjYTAgFw0yMzEwMDgxNjU2NThaGA85OTk5MTIzMTIzNTk1OVowJzEl
+MCMGA1UEAxMcbm9kZSBldGNkIHNlcnZlciBjZXJ0aWZpY2F0ZTAqMAUGAytlcAMh
+AHLcEPXp/lw1qUafi4BWnoqTeNew2KraeqrVO8IMA84ko3EwbzAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB8GA1UdIwQYMBaA
+FN3QbVhaf7wsFgqUvuNNZjZbKlvWMB0GA1UdEQQWMBSCEmRjcjAzczE2Lmhzd2F3
+Lm5ldDAFBgMrZXADQQComKcxHV8UJt90yGw+nGlKkJEygSUjKLUKjDD8xvAmgsA6
+KecCOJ/FOYchMSXD5FYE9b2Oxl7OLpyeXxLdevQH
+-----END CERTIFICATE-----
diff --git a/cluster/certs/etcdpeer-dcr03s16.hswaw.net.cert b/cluster/certs/etcdpeer-dcr03s16.hswaw.net.cert
new file mode 100644
index 0000000..f0b6589
--- /dev/null
+++ b/cluster/certs/etcdpeer-dcr03s16.hswaw.net.cert
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbTCCAR+gAwIBAgIQXBJp77soT0Nd1ajWYBld/DAFBgMrZXAwFzEVMBMGA1UE
+AxMMZXRjZCBwZWVyIGNhMCAXDTIzMTAwODE2NTY1OFoYDzk5OTkxMjMxMjM1OTU5
+WjAlMSMwIQYDVQQDExpub2RlIGV0Y2QgcGVlciBjZXJ0aWZpY2F0ZTAqMAUGAytl
+cAMhACxLMvGyhy/INdWNi4kFJjxgCiy5EtsggXBW4Xp8tnWio3EwbzAOBgNVHQ8B
+Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB8GA1UdIwQY
+MBaAFAvAwatZ4EdIvITkO10WOdubny75MB0GA1UdEQQWMBSCEmRjcjAzczE2Lmhz
+d2F3Lm5ldDAFBgMrZXADQQBNrYH8ZoOATZQmRJtKMuHYc6YO/d+ffBm/8W5LZma8
+Pots7CR2FsGYE5vf7fsOY4kDRps81tTPCfgGuBGeXoIH
+-----END CERTIFICATE-----
diff --git a/cluster/certs/kube-kubelet-dcr03s16.hswaw.net.cert b/cluster/certs/kube-kubelet-dcr03s16.hswaw.net.cert
new file mode 100644
index 0000000..4ac0a04
--- /dev/null
+++ b/cluster/certs/kube-kubelet-dcr03s16.hswaw.net.cert
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBsDCCAWKgAwIBAgIQC1semc7QC4pfEZRe2ZZsyDAFBgMrZXAwHTEbMBkGA1UE
+AxMSa3ViZXJuZXRlcyBtYWluIENBMCAXDTIzMTAwODE2NTY1OFoYDzk5OTkxMjMx
+MjM1OTU5WjBAMRUwEwYDVQQKEwxzeXN0ZW06bm9kZXMxJzAlBgNVBAMTHnN5c3Rl
+bTpub2RlOmRjcjAzczE2Lmhzd2F3Lm5ldDAqMAUGAytlcAMhAAG2YeMr5lU+faLh
+GI8P6lmzaXapw1mBEv9ul5yVwb4Co4GSMIGPMA4GA1UdDwEB/wQEAwIFoDAdBgNV
+HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUycQ+wTWsc0lN
+e+5ixgJAxIOccw8wPQYDVR0RBDYwNIIec3lzdGVtOm5vZGU6ZGNyMDNzMTYuaHN3
+YXcubmV0ghJkY3IwM3MxNi5oc3dhdy5uZXQwBQYDK2VwA0EAIT047kXaVEDfo6Bh
+248bCBjx3hsSo/NmPSegrE+I4Z4CPQpvDO0hdEIYGRTjo262yTASRfH25DGFzmeQ
+UXxMDw==
+-----END CERTIFICATE-----
diff --git a/cluster/machines/dcr03s16.hswaw.net.nix b/cluster/machines/dcr03s16.hswaw.net.nix
new file mode 100644
index 0000000..5efdbb1
--- /dev/null
+++ b/cluster/machines/dcr03s16.hswaw.net.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+with builtins;
+
+rec {
+ networking.hostName = "dcr03s16";
+ # TODO: undefine fqdn and define domain after big nix change
+ hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
+ #networking.domain = "hswaw.net";
+ system.stateVersion = "22.05";
+ nix.maxJobs = 48;
+
+ boot.initrd.kernelModules = [ "dm-raid" ];
+
+ fileSystems."/".device = "/dev/vg-nixos-hscloud/nixos-root";
+ #services.lvm.enable = true;
+ fileSystems."/boot1" =
+ { device = "/dev/disk/by-partuuid/4aaabcc2-6efa-499d-890a-553228917416";
+ fsType = "vfat";
+ };
+ fileSystems."/boot2" =
+ { device = "/dev/disk/by-partuuid/cd6c0ffb-0119-4dce-a15a-ad5639eb5eb1";
+ fsType = "vfat";
+ };
+
+ boot.loader.systemd-boot.enable = false;
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.grub = {
+ enable = true;
+ version = 2;
+ efiSupport = true;
+ mirroredBoots = [
+ { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
+ { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
+ ];
+ };
+ environment.etc."lvm/lvm.conf".text = ''
+ devices/issue_discards = 1
+ '';
+
+
+ hscloud.base = {
+ mgmtIf = "enp5s0";
+ ipAddr = "185.236.240.45";
+ ipAddrBits = 28;
+ gw = "185.236.240.33";
+ };
+
+ hscloud.kube = {
+ control.enable = false;
+ data.enable = true;
+ data.podNet = "10.10.21.0/24";
+ };
+}
+
diff --git a/cluster/machines/modules/kube-dataplane.nix b/cluster/machines/modules/kube-dataplane.nix
index 45efcd2..693d633 100644
--- a/cluster/machines/modules/kube-dataplane.nix
+++ b/cluster/machines/modules/kube-dataplane.nix
@@ -46,6 +46,8 @@
${n.config.hscloud.base.mgmtIf} ${n.config.hscloud.base.fqdn}
'')
controlNodes));
+
+ networking.firewall.enable = false;
# this seems to depend on flannel
# TODO(q3k): file issue
diff --git a/cluster/machines/modules/vendor/proxy.nix b/cluster/machines/modules/vendor/proxy.nix
index 84eabec..a1b1a35 100644
--- a/cluster/machines/modules/vendor/proxy.nix
+++ b/cluster/machines/modules/vendor/proxy.nix
@@ -1,6 +1,9 @@
# Vendored from nixpkgs git 44ad80ab1036c5cc83ada4bfa451dac9939f2a10
# Copyright (c) 2003-2023 Eelco Dolstra and the Nixpkgs/NixOS contributors
# SPDX-License-Identifier: MIT
+#
+# Same as upstream proxy.nix module from nixpkgs, but with one change:
+# - use the package from top.kubelet.package instead of top.package
{ config, lib, pkgs, ... }:
@@ -66,7 +69,8 @@
path = with pkgs; [ iptables conntrack_tools ];
serviceConfig = {
Slice = "kubernetes.slice";
- ExecStart = ''${top.package}/bin/kube-proxy \
+ # hscloud change: use kubelet pkg
+ ExecStart = ''${top.kubelet.package}/bin/kube-proxy \
--bind-address=${cfg.bindAddress} \
${optionalString (top.clusterCidr!=null)
"--cluster-cidr=${top.clusterCidr}"} \
diff --git a/cluster/secrets/cipher/etcd-dcr03s16.hswaw.net.key b/cluster/secrets/cipher/etcd-dcr03s16.hswaw.net.key
new file mode 100644
index 0000000..fb12b47
--- /dev/null
+++ b/cluster/secrets/cipher/etcd-dcr03s16.hswaw.net.key
@@ -0,0 +1,42 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAwnp2so5B9vbT2Cqxvn7YUby2YkuidWZkVkhvTAd2P7ET
+EaZEi8SjhGO8yy5zC54ZG1Vaxo5jpwMl6fZUC55JuTL1O32Wydk+bCnmHQLIPc2J
+czQ+TaUrxVq80gUkOcGUib8ZV7rEyCIGCAHX+5tAxs8G1uSn10yG1QfNjjwNeQ7e
+TR7KpaDjndwXeEWgLPuRLWOGS/7k8olvCsPLKykV6KA6Mxe8l/+BV3LvsSBVGDL9
+y/OpKbvw0pgsWmE2owq9NIgnZ15K0G1hnI3nykHafOp73UH+IPjD+ypZDQZja3Q1
+0ApJUWHNlaiqg6iWehnBQOgb8v0abN9/NYtM+jyw7oUBDANcG2tp6fXqvgEH/RO+
+CMLPj+WerFNz5Ne1O5IPylHfS7Nn5pV6WY3lUILNJUunO2hW9Onv6t5d5ZxbLzZ6
+j0UCMkIDE/hL3Ky8tI975yaMr8JxmKh9MN7PvW7tPrtVNxVY9H2dtNPpzu5rIt/X
+jBdTzWWPoEZpF1kb+fU3zssUzmAOkpGaT+hKgXO/Kpkh8STNXCwraz87GW/gAPCt
+HwEmBC3kAIrN6uCTvtTW4hZIDq6IMxWjT0PoxMZCktBZ2ZrOZY5ouBGLdtMTYLpr
+Cjhp9hHhFm9j/geogX6txkuoIyjNHRkCcwfiXZA3P1n2Jt55v2N0Uv5Z/Vo076/z
+YhdhWBmqvc9/6PbeSyKFAgwDodoT8VqRl4UBD/4snTtCL572ARGWsRMg8lePEYjc
+Do4p5Sg9TScMaelyGd9SDkqQ/SgtjqXXq9Gi+qCybsgVFSHy2e2J7BgGIzRofmno
+0AKOxLRohPsmUBrBXqLoxZzQkq9t3pa1LmFMwyHqf3IWf4Zja7zo0FE5wqzIk+Ek
+k/KCxfAQ4BiJpJFw08+HWSoXtafrpTV6OEyS4CSPKHpVWx3/Nn2CA+gUehLhHDwh
+WbD47bpcGxvygJ3Yxgx3FVk7++Y2LbBkGhFJ61WO03mcp3N1kaDWeVdQAdyRrTnJ
+W1LeyMuC2G1wn0KJpsoncF7ssDx3ZikuTOwInPzBNJQM/gqGc20bIB2wW/YJcGAF
+cOirPJLuf2pXIk+UWQQaK6LvG6gQ5IYA2/9IR9hp2Khg4HTUaHgRZAncNt2PAr3c
+9eGNosUTF7zkuI9RZAh8rJV6nIrPy0d/cDk27sWPVDiESQTjEa3HUGwrV4vTkCs+
+PgFTzZ5X4vvYC8JjL5jVGZk4DTy/3XnYAqqlgj7nl70ggb/m1ZNC/2HdQb7LOC7C
+ZE9CJMx/qXtVk2XYYsjBZ2mEGMmn3Gp3TfDyXrEZlXCm9vFUNMHKD1rnFZBbwfqF
+vjedbGU0hrLcqfuR2MOaDPQvSD6RYY9HvB3MZPurI9X+C1ZIj/5ishWQt5Q2MrAa
+8Joat9RndU9tgwobuIUCDAPiA8lOXOuz7wEP/jD/DUxBk+oJ89s4mZ3Yrr8xf32k
+RPWqgo/x5GJqLs+hUHbMUdtFvSo6ZKd7a+D1pnwfDffdVgzAkZB5oQwBaDJ2beNh
+2b1/w3a9VlzqDc14HAjD8zwCgtw7OLh8aiJRZ5DR+BzN8lSdH9fJ4mmKtoEXjTk/
+qzlPmFuk9eSLALEajKKRXEWCrOyVIVGzb+qHSF5Ma8pcWQVHtlqYsnUYMDEFDTg9
+g1p2+8Jq2aLbj8AJn0IyzTb0/RxyiFqzsT3/QBNgCm+TRpjg/NmzCLWqvSBl2mpk
+3PDQH6zMkbhQ1cHbW3G6RRYUg6NHAyaIQ0h9KU+G7QA9t8gw+u5g4ux/tOMs5l2S
+nhameHESYkR3WoIcv3CJTNiHpaKxmHUmzET32Be/9IucEQfUBtUq8i5vA+3lBmWQ
+2xe0RWFShm0Zyo5N39+4rxihEGEPv9tfl//k6vb+23X2nyqNtmmCgz0SQYwN++f4
+rDu9CKXy4c7WhOVOen3zCopBoDnEqxvxMWF2tYIDbZLIEGcn4nFQQmNRR0TpBnsr
+e4DHtQ4/IjdoLGc+b10NxcUMguAWVWIneciGoLZzpYZ4Uu1u5udbdIM7exapXui4
+ty2YpM/quz96c0wDPGdsrJ1j7R5DGvxZZ1XvOgcAtCOTDYpkoWfAeDM696ZIiYSW
+DFclsdNU0TsZsA7o0rUBqgj62Al61oR8WrVj/6zt1CLxbuyJnapFlU8wTmTiRLHi
+0NAXzjGxl0TR+C2qEx1oO6ENo3eU9JUFhXZX4tqvRJXhp9v5tKkKiGiJMDF1JyRe
+I4xCs1SejwisLC212ifSMP8sGjv2AEdCASokrVeZAJv8v37nHFWMzggdIj+YpmSu
+rk78yTNioNOBmu3wiA3FFCrRP7Jsu9yykxMnfTriIK6T6QmmGBbraYNSCPpe8msc
+8Mwl
+=yIcF
+-----END PGP MESSAGE-----
diff --git a/cluster/secrets/cipher/etcdpeer-dcr03s16.hswaw.net.key b/cluster/secrets/cipher/etcdpeer-dcr03s16.hswaw.net.key
new file mode 100644
index 0000000..0638ac1
--- /dev/null
+++ b/cluster/secrets/cipher/etcdpeer-dcr03s16.hswaw.net.key
@@ -0,0 +1,42 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgArX4pJM+/iiLZSq10cGOp+o98LOO+1/oidpYynlvOU5ec
+pvDpU0EW0FVQaFuXZowgmeETZzGH4ukYS6maTYA5Qv0W/Q8Fj9Vr6t5apJ/6otHB
+7HBjNsPwFh0A+uRXNyMndTtyKHOZQ6CEkk1Nmr/EmSA5zSQNAOZ3Cq0B9mYxQpWr
+rFVo55bR1NtXshC5PTs0xpmXotK826THILh27VzKwarjPam5W7oSnaoQzPJugpMv
+Ffnm4lb21Zpa26q8obTrBoynUVWtQxVmbeOxfvs3JppAavm2oNuP4ioMLNA7sxje
+u3WNFHtFV/JUrMFk2IOZrq5tYD8V40sldZ1Gt8VoEYUBDANcG2tp6fXqvgEIALAe
+wcdSD+mFE+p1fxGk2oOqTHuiZvZEXW7sJTWFuB9RTj4omUdQmeEt10zDgsg6+COQ
+2k0bwPYAi9vx4FSAwbLGE5/wSlGIlOdZeLD/mcZVqqE8U7Aa4/Q3okNTeDELRGaX
+70L/eVsBPjMQoZchCRB/UNKzHbZ6gj2bJh2MxqjfP7aR9qVEPIVs8ZOgGsaqgM/Y
+TquFMgzbMqdokxE2q/8DkjOZTvdfbNSE/Ck077Mpy8WstyB72Gx/nuax6QGqplR0
+kRX+ZiDYmJsZ3AK0NvBLrI1VyZfFTbAJtULHNqtyanxMXx0gRwHe2SDIy0c9Ez6E
+MZcwgK22TRhCw5WkoSSFAgwDodoT8VqRl4UBD/9HBgbfn1Sd4hp9jOfyZxBw2O+D
+oh3q082TDj2q2wLAE3e+TBlt4JIRqqfsVblLjK1uoAur9eLxO8LsjaKWjdKT5+c1
+0UczMYL/+6OG2+9Y2fjJIr2vEzBU1F6askKMxZ34rXSOFZdZCXfWMd2JVWv2d9BS
+aqh+ecADt+Cu3brsWCmKSkfWh64A80SA2THUYkOc7p/pjM1g3MFnxrozE0XDHxGA
+rEQdev9PcwE6W+hVvm0ijY7DOB2xFzkx3CLsGT+E3c966m9HLl6ux9qKyJL3XWcp
+R0XsLnk5XqVOWi2tC1SZXZkPp39oEf6Vk5jw7ZJ9BP//f4/0+v61vCHe0DsKSPcC
+JZu1bk5eIzaRY4eT2+6OYe86Q1ymySwil0F4ih62jENxNy1KhOSHnij6NRLztQZ8
++9hxYyh9m5Nl85ijltjY2d93XPWcmJJVV/jzce8+522n+iuMYKRMevi9oMJD+3qG
+mh1gsriPwOBUK+enzWI35UiYrbM6RPT5iJI5G7875garA+1IE9HV+/lkTtKmxdO7
+AfT8mtOuObiQ7RjujogAUbeAeEeYGWvvVxbe3bW8vuCSTl59uYZBQLFCUNd5zOQb
+SL1ENDFZ1QgimacdPSn185aOUbn6BqoP6JybKjIOMJD0Z2TBcdllSeFk5HFY2WXH
+xUcN91lefmu33xUTyoUCDAPiA8lOXOuz7wEP/RafqH+fWm5cfVsGdlSrOlZawXYB
+cK2ZLqcGrz9UTZuh/WlzRdEKignpey8P+OPQYcBjmsGfm6candZQWzDlnwFQTZ89
+aJkpelprsQBUOyNCQa0Pkfg1Hc/6NjyHywIlA7eny3H3pEoqCY9pQroPsqFmlh+Y
+Mx5Pwnwpif3cuFdjQE9psul9G6DQBpwx/sqUpeX+L4JFRG8/1PqC56uBQICE/H7T
+HykAj1xS7m2TLNNvtq8Vb1p6sFL06CSkYDJtINhCL6D1/cl7wxhIBaMJVEMj1V1A
+a9VJIjdzGdgtDPLt3qoYoTpMbhJaQuRidIPUw99aTJv235yB8c+9fT/EsMgh8aSI
+spm0PTiYBrn+Inu4lMv5ZrvrB+8+FiRf97VEGwqyNeXs3o+GSqRknZmrnWpznuDe
+zD36/Rrjnpw+xq8pNaaJarqSmO1jfN4jc4r0O1469rV40Y6tNPync6ExCP5s3VJ3
+fbNeJbj1x4n7fBglCD7MwglNeNAYkmnygQxoPe1XESEU5ohQGw9zLK+qZO4G0Y6M
+EGSLmkjBN5HXFpuoiT9lQqblAA3MQVivgwihALw0KsKrPR03NF+7NxzF4eUm9XDj
+tJQrQu4wNQPeA3qaZB/hEoaZmSd5NqTA8wMXG/4pew/d4Dyalscwb6fp0xY9etKf
+skcitBIP8B81WXQz0rkB02LCu2fioIPQn8p4EmgaKt2Jh9IixlAcTkN3PkDLhrNv
+RlgHLAOYoDHIo1b6IvZUWy/e2NZwBKKQmuYj1saKxvqgc9Anw4e1lRn3fhsA8Y94
+Dr8UsvFeBxJesKDPsWJS7H2tDF9y0tQ8Ve3BIXRLGAXQUOGD3OQxav5h7On5Bw6L
+FcWdlgT2OyPfg1AC6t75MPWPlTtFSCLI2zhIY6jn5ylNl72EaK+D1nm7LxVF7j/z
+CiCQu4H9RQ==
+=pscQ
+-----END PGP MESSAGE-----
diff --git a/cluster/secrets/cipher/kube-kubelet-dcr03s16.hswaw.net.key b/cluster/secrets/cipher/kube-kubelet-dcr03s16.hswaw.net.key
new file mode 100644
index 0000000..5cc0478
--- /dev/null
+++ b/cluster/secrets/cipher/kube-kubelet-dcr03s16.hswaw.net.key
@@ -0,0 +1,42 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgArIG8ypW0Ppmen1mGG8x3pkSn/FUyi0WXmQusHUdozSs9
+F50KAhGKywVFEHZcs1LeCFtbaySXD6VX5kNNXotEUGztu1UrRZskQmmAPREMQqSA
+72Ocln0mzHxmAIVbhLIrXxsinqu9osNq4WupBx4oVQqn6I0XrOsCwLwliuIVbvyF
+vfchon86uMhITcCCowygUv0+nN/AeInu+B0RqZEJNFJ8ck2F0nZQUgrW54wWe0h/
++fViOCzTkaRcXGtJjtwvy4ECKjfusRW9LQb12hvmvh9JWkhKsjC8bMc356RjNi3b
+k5E5B6LCdtIqfqZQViYOzh1PU96n0ot7U1BXwyAyIoUBDANcG2tp6fXqvgEIAJuM
+bGWgVJtefVMQY3d3h/jjouzcb369IycIdho+O6Y1WLAXw2IviB1vbxzbfUJV3dCW
+jXUywUEIxZYJqrD0M0uxFesqjLCEM2jfnTxcxFJSE73Fq34/+oCJU1X9LNiRt1gQ
+x+xn76Fvx4IJkbICLvVzB/or8ZrOqF7SRGBColgZCd7wLI2nckBg3PCg+qfw5E1V
+S+ToFEsnMAySswT5tO563sx878bwMYa6UB9Sy6HoKTRBjiAHhjkGEygjLg7ulSO1
+jW4XyCxqKKBCuzZk5EdrJn31XYyGRXswRvTzJ312ll5Zm+Lgnjbz3e4acZ1YXrQu
+Ihkd7jUOXWS2BP5tSlWFAgwDodoT8VqRl4UBD/wL3zppzrSXCb67TKvoGWEq3Rce
+jSW2D0LHSkRs7AvZZjZQG+0B/eMf0lyl4MLOup047xzMXR+YtL3G9JsfyrS8VrwC
+svluvGvPXZpTPsM6v9c0pKAVoeQ3faGDklrsOhJWCJnBvrUWwfcDf4YQzphgDCgI
+hkCsUwUJMCzq7wy7yCpYLTUf1uVyA5MDPnE6uMgZ/NNlVdvWqWov3FANFqfv9dj9
+Ls8FG/zMsv2VaPHzY2rrs9dTNbgZFf/yFzLHvIrg0Aw6jIyvWT9OiRaDd7w7Sbw5
+76BnObQk6Zn0jD5RPPE1YGaTjQ0yCHdYTE2WHX7qSfXTgX0cqF+lk6x2fCTIzAwH
+Vw0e9Ohqlsg3qBj/FrI5nzv62G+ovIIQiJfTKCa+ochwnoX8jlH3qXGM20RMaVPl
+enT7UP4YD+uWWZflFGe4aLnmHX/1ob9ZSUJckvST/XOMrcDwprxmFb7022BYbNXY
+pFX6gyurMRXw3dk7akuh0UP7O6vQm6aybu6dqWsZa2vTwwdNKIbpzAuzeHo08HfI
+BYfXWz5sWb8Tx/PthSmK2b1yMaoiebcWWa/MWtAA6qW7t6Sxqd5RG1Gmtr3Sk0yN
+w5ta4yh5KbD5umnlECGw5VoDWKg9bIdweoyJjoJQDnbWm/8GyD2fSR9dYgmffH5F
+B4Z88n6AGlcldf9GXIUCDAPiA8lOXOuz7wEP+wb2fMaTuhwvvpVRrovy/z6biUdU
+asiv5+LOYEJ8DYWe/TZip1Yia/BtKc6ng8KE5U3LfZL9TkdyAtol6/V2JuR1hIgW
+Ed4VRSghuqwF8QqE9opyq2CaVlx7dYs9r+pHVOduRX5rOF2rG298LkGLhXh1TU6b
+vBoyhQpG7vzzjmq8Ttkm8omo+joHTdbhbKa1Zhknzc8vVY/Thg8iH8Beq+CZzIa8
+v+xppgHnyRptTCY19LmlX0LKx73yvOkBRpnkAqanVsUvmAYVZNtR2LxAc9NaJ6Fe
+z5MXwumauahe0k2CfrgPz+WKyzDnfScK2EZ8PucTCSP/tpsQ46geWGLBW92eRE0P
+oK/D/qYYg5fXyeubO/KMJtKBQDOlTEupLrRwdEXWmyzpNoIWMdBGzBAn74sjZeDZ
+Q0Z51XuKJ1KdqE6DZHjSydBfIej4dT0KkallVV56cC7We4W9FzY7sdvYHmxLlhvi
+gFcZfbHHsF3/FJIiyzR8mbYsXdAnm7nxYjxH9xx41cScDcwbf1vOcS3ppqHExaqR
+gr8y8cQ13N9L/eUOYq9gf8xzWcO1vmIxwpmpppAru5+UcrkpjQY26QaneIYPVWgo
+BO0/k8z0hXN+8kkCVvNlrZala5WHRaIDJACZv5pJCfqGRQcHq8s4PE5eQmOvwb7Z
+w1/1FsmnTwcnlIaa0roBlLT/fhQ3eTCyDqe2ER8xykajYUOBjKJj7t7/tmgMwRBZ
+M93+nSk+773g2DJh2OgeuPOAETSSSWc02SbjO6dZ/SSbpsnheLy7buFeIVEd0ksX
+CB1fQ9TubDHc+ZLwzAsi2NMUwmGHOjSpC37sujh7sJ3odkfhH27zL1SJlg6JiPhj
+FNCQU1gy7sJNXl2BFfF1HmfvD9uK4PxBNPNeKVTxHXWDF55XgQYv/aBZ+AbFkZwm
+olvnPJU+v+U=
+=4cDy
+-----END PGP MESSAGE-----
diff --git a/ops/machines.nix b/ops/machines.nix
index 51a1f0d..ba63487 100644
--- a/ops/machines.nix
+++ b/ops/machines.nix
@@ -121,6 +121,7 @@
"bc01n05.hswaw.net" = mkClusterMachineNew self ../cluster/machines/bc01n05.hswaw.net.nix;
"dcr01s22.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s22.hswaw.net.nix;
"dcr01s24.hswaw.net" = mkClusterMachine self ../cluster/machines/dcr01s24.hswaw.net.nix;
+ "dcr03s16.hswaw.net" = mkClusterMachineNew self ../cluster/machines/dcr03s16.hswaw.net.nix;
"edge01.waw.bgp.wtf" = mkMachine self nixpkgsBgpwtf [
../bgpwtf/machines/edge01.waw.bgp.wtf.nix