summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-06-06 14:35:58 +0200
committermakefu <github@syntax-fehler.de>2017-06-06 14:35:58 +0200
commit427e09fdf39ab1b3e5b8ddf483d0798d5c1941e7 (patch)
tree5f653a53e6d7bf254274a65c3f397081ac7e140a
parent777adbb420c8b046b0c222d7f0b8480c32f9a8c0 (diff)
parent6d96297a9d6bcddc8b545585d9e4180e493b899f (diff)
Merge branch 'master' of prism:stockholm
-rw-r--r--krebs/3modules/lass/default.nix30
-rw-r--r--krebs/3modules/lass/ssh/helios.rsa1
-rw-r--r--krebs/3modules/tv/default.nix3
-rw-r--r--lass/1systems/dishfire.nix1
-rw-r--r--lass/1systems/helios.nix130
-rw-r--r--lass/2configs/backups.nix24
-rw-r--r--lass/2configs/buildbot-standalone.nix2
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/logf.nix1
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--tv/1systems/nomic.nix2
-rw-r--r--tv/1systems/wu.nix2
-rw-r--r--tv/1systems/xu.nix15
-rw-r--r--tv/1systems/zu.nix2
-rw-r--r--tv/2configs/gitconfig.nix19
-rw-r--r--tv/2configs/gitrepos.nix (renamed from tv/2configs/git.nix)0
17 files changed, 39 insertions, 197 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0e1cbd876..05b7b5078 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -224,32 +224,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
- helios = {
- cores = 2;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.3";
- ip6.addr = "42:0:0:0:0:0:0:7105";
- aliases = [
- "helios.r"
- "cgit.helios.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y
- Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq
- 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I
- oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB
- hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP
- Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- secure = true;
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7";
- };
shodan = {
cores = 2;
nets = {
@@ -339,10 +313,6 @@ with import <stockholm/lib>;
mail = "lass@uriel.r";
pubkey = builtins.readFile ./ssh/uriel.rsa;
};
- lass-helios = {
- mail = "lass@helios.r";
- pubkey = builtins.readFile ./ssh/helios.rsa;
- };
lass-shodan = {
mail = "lass@shodan.r";
pubkey = builtins.readFile ./ssh/shodan.rsa;
diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa
deleted file mode 100644
index c2a54b621..000000000
--- a/krebs/3modules/lass/ssh/helios.rsa
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 0db686005..6e5f522dc 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -77,9 +77,7 @@ with import <stockholm/lib>;
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
- krebsco.de. 60 IN MX 5 mx23
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
- mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
nets = {
@@ -212,6 +210,7 @@ with import <stockholm/lib>;
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ krebsco.de. 60 IN MX 5 ni
'';
};
nets = {
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index 9c77f909d..e12367aca 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -70,7 +70,6 @@
relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
- config.krebs.hosts.helios
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
deleted file mode 100644
index 99760dfdb..000000000
--- a/lass/1systems/helios.nix
+++ /dev/null
@@ -1,130 +0,0 @@
-{ config, pkgs, ... }:
-
-with builtins;
-with import <stockholm/lib>;
-
-{
- imports = [
- ../.
- ../2configs/retiolum.nix
- ../2configs/exim-retiolum.nix
- ../2configs/browsers.nix
- ../2configs/programs.nix
- ../2configs/git.nix
- ../2configs/pass.nix
- ../2configs/fetchWallpaper.nix
- ../2configs/backups.nix
-
- #{
- # # conflicting stuff with gnome setup
- # # TODO: fix this
- # imports = [
- # ../2configs/baseX.nix
- # ];
- #}
- {
- # gnome3 for suja
- time.timeZone = "Europe/Berlin";
- services.xserver.enable = true;
- services.xserver.desktopManager.xfce.enable = true;
- networking.wireless.enable = true;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- };
- users.users.ferret = {
- uid = genid "ferret";
- home = "/home/ferret";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- ];
- hashedPassword = "$6$SaneLuyep90p8BPn$0IDbvLgNbRGZL96obWavanTmY6IkBG84vs2b/2oqlpbmTZH3retOYbQKF1uVqu6dD0ZGF4eBq9tqPbwUjRyY00";
- };
- environment.systemPackages = with pkgs; [
- firefox
- chromium
- maven
- arandr
- libreoffice
- mpv
- ];
- }
- #{
- # users.extraUsers = {
- # root = {
- # openssh.authorizedKeys.keys = map readFile [
- # ../../krebs/Zpubkeys/uriel.ssh.pub
- # ];
- # };
- # };
- #}
- #{
- # services.elasticsearch = {
- # enable = true;
- # };
- #}
- {
- krebs.power-action.battery = "BAT1";
- }
- ];
-
- krebs.build.host = config.krebs.hosts.helios;
-
-
- hardware.enableAllFirmware = true;
- nixpkgs.config.allowUnfree = true;
-
- boot = {
- loader.grub.enable = true;
- loader.grub.version = 2;
- loader.grub.device = "/dev/sda";
-
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
- initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
- #kernelModules = [ "kvm-intel" "msr" ];
- kernelModules = [ "msr" ];
- };
- fileSystems = {
- "/" = {
- device = "/dev/pool/nix";
- fsType = "ext4";
- };
-
- "/boot" = {
- device = "/dev/sda1";
- };
-
- "/home" = {
- device = "/dev/pool/home";
- fsType = "ext4";
- };
-
- "/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
- "/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
- };
-
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0"
- #'';
-
- services.xserver.synaptics = {
- enable = true;
- twoFingerScroll = true;
- accelFactor = "0.035";
- additionalOptions = ''
- Option "FingerHigh" "60"
- Option "FingerLow" "60"
- '';
- };
-}
diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix
index 22b48f6e8..b20e15dd9 100644
--- a/lass/2configs/backups.nix
+++ b/lass/2configs/backups.nix
@@ -107,29 +107,5 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; };
startAt = "05:00";
};
- dishfire-http-helios = {
- method = "pull";
- src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; };
- dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; };
- startAt = "12:00";
- };
- dishfire-sql-helios = {
- method = "pull";
- src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; };
- dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; };
- startAt = "12:15";
- };
- prism-sql-helios = {
- method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; };
- dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; };
- startAt = "12:30";
- };
- prism-http-helios = {
- method = "pull";
- src = { host = config.krebs.hosts.prism; path = "/srv/http"; };
- dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; };
- startAt = "12:45";
- };
};
}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 62b823c3f..227152482 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -113,7 +113,7 @@ in {
]
)
- for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+ for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index eb9575018..d32262810 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -15,7 +15,6 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-shodan.pubkey
- lass-helios.pubkey
lass-icarus.pubkey
makefu.pubkey
];
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 3353cdac0..b8d00e7d4 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -16,7 +16,6 @@ with import <stockholm/lib>;
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
- config.krebs.hosts.helios
];
internet-aliases = with config.krebs.users; [
{ from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822
diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix
index 3c4948db1..03414a745 100644
--- a/lass/2configs/logf.nix
+++ b/lass/2configs/logf.nix
@@ -8,7 +8,6 @@ let
shodan = "51";
icarus = "53";
echelon = "197";
- helios = "199";
cloudkrebs = "119";
};
in {
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index a3916a2ea..60c942367 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
- ref = "f8dfdd7";
+ ref = "8804775";
};
}
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index 5469fffd5..9b9502254 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -9,7 +9,7 @@ with import <stockholm/lib>;
../.
../2configs/hw/x220.nix
../2configs/exim-retiolum.nix
- ../2configs/git.nix
+ ../2configs/gitrepos.nix
../2configs/im.nix
../2configs/mail-client.nix
../2configs/nginx/public_html.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 328e71fdc..60f9fa100 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -9,7 +9,7 @@ with import <stockholm/lib>;
../.
../2configs/hw/w110er.nix
../2configs/exim-retiolum.nix
- ../2configs/git.nix
+ ../2configs/gitrepos.nix
../2configs/im.nix
../2configs/mail-client.nix
../2configs/man.nix
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 60d1af23e..bfd59531a 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -9,7 +9,8 @@ with import <stockholm/lib>;
../.
../2configs/hw/x220.nix
../2configs/exim-retiolum.nix
- ../2configs/git.nix
+ ../2configs/gitconfig.nix
+ ../2configs/gitrepos.nix
../2configs/mail-client.nix
../2configs/man.nix
../2configs/nginx/public_html.nix
@@ -46,6 +47,18 @@ with import <stockholm/lib>;
texlive.combined.scheme-full
tmux
+ (pkgs.writeDashBin "krebszones" ''
+ set -efu
+ export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
+ case $* in
+ import)
+ set -- import /etc/zones/krebsco.de krebsco.de
+ echo "+ krebszones $*" >&2
+ ;;
+ esac
+ exec ${pkgs.krebszones}/bin/ovh-zone "$@"
+ '')
+
#ack
#apache-httpd
#ascii
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix
index b1b2d58ce..5552ef065 100644
--- a/tv/1systems/zu.nix
+++ b/tv/1systems/zu.nix
@@ -15,7 +15,7 @@ with import <stockholm/lib>;
../.
../2configs/hw/x220.nix
../2configs/exim-retiolum.nix
- ../2configs/git.nix
+ ../2configs/gitrepos.nix
../2configs/mail-client.nix
../2configs/man.nix
../2configs/nginx/public_html.nix
diff --git a/tv/2configs/gitconfig.nix b/tv/2configs/gitconfig.nix
new file mode 100644
index 000000000..771a4b2a4
--- /dev/null
+++ b/tv/2configs/gitconfig.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+{
+ environment.etc.gitconfig.text = ''
+ [alias]
+ patch = !${pkgs.git}/bin/git --no-pager diff --no-color
+ [diff-so-fancy]
+ markEmptyLines = false
+ stripLeadingSymbols = false
+ [pager]
+ diff = ${pkgs.gitAndTools.diff-so-fancy}/bin/diff-so-fancy \
+ | ${pkgs.less}/bin/less -FRX
+ [user]
+ email = tv@krebsco.de
+ name = tv
+ '';
+}
diff --git a/tv/2configs/git.nix b/tv/2configs/gitrepos.nix
index 13b12986c..13b12986c 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/gitrepos.nix