diff options
author | lassulus <lassulus@lassul.us> | 2017-07-12 19:11:29 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2017-07-12 19:11:29 +0200 |
commit | b19ebc2abd8f383d477d35040e833cd9c05319ab (patch) | |
tree | 778a882e0faebc82360c06165b4b00726468b8aa /lass/1systems/shodan/config.nix | |
parent | 5efedd139a20d71268af2afd069dbd595414650f (diff) | |
parent | cd47613a4d8daf185f4ac0f8ef43af11985a2f65 (diff) |
Merge branch 'staging/source'
Diffstat (limited to 'lass/1systems/shodan/config.nix')
-rw-r--r-- | lass/1systems/shodan/config.nix | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix new file mode 100644 index 000000000..a68471aa0 --- /dev/null +++ b/lass/1systems/shodan/config.nix @@ -0,0 +1,108 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/wine.nix> + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.shodan; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "btrfs"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; +} |