summaryrefslogtreecommitdiffstats
path: root/lass/1systems/shodan/config.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2017-07-12 19:11:29 +0200
committerlassulus <lassulus@lassul.us>2017-07-12 19:11:29 +0200
commitb19ebc2abd8f383d477d35040e833cd9c05319ab (patch)
tree778a882e0faebc82360c06165b4b00726468b8aa /lass/1systems/shodan/config.nix
parent5efedd139a20d71268af2afd069dbd595414650f (diff)
parentcd47613a4d8daf185f4ac0f8ef43af11985a2f65 (diff)
Merge branch 'staging/source'
Diffstat (limited to 'lass/1systems/shodan/config.nix')
-rw-r--r--lass/1systems/shodan/config.nix108
1 files changed, 108 insertions, 0 deletions
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
new file mode 100644
index 000000000..a68471aa0
--- /dev/null
+++ b/lass/1systems/shodan/config.nix
@@ -0,0 +1,108 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/hw/tp-x220.nix>
+ <stockholm/lass/2configs/baseX.nix>
+ <stockholm/lass/2configs/git.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+ <stockholm/lass/2configs/browsers.nix>
+ <stockholm/lass/2configs/programs.nix>
+ <stockholm/lass/2configs/fetchWallpaper.nix>
+ <stockholm/lass/2configs/backups.nix>
+ <stockholm/lass/2configs/wine.nix>
+ #{
+ # users.extraUsers = {
+ # root = {
+ # openssh.authorizedKeys.keys = map readFile [
+ # ../../krebs/Zpubkeys/uriel.ssh.pub
+ # ];
+ # };
+ # };
+ #}
+ {
+ users.users.sokratess = {
+ uid = genid "sokratess";
+ home = "/home/sokratess";
+ group = "users";
+ createHome = true;
+ extraGroups = [
+ "audio"
+ "networkmanager"
+ ];
+ useDefaultShell = true;
+ password = "aidsballs";
+ };
+ krebs.per-user.sokratess.packages = [
+ pkgs.firefox
+ pkgs.python27Packages.virtualenv
+ pkgs.python27Packages.ipython
+ pkgs.python27Packages.python
+ ];
+ }
+ {
+ krebs.monit = let
+ echoToIrc = msg:
+ pkgs.writeDash "echo_irc" ''
+ set -euf
+ export LOGNAME=prism-alarm
+ ${pkgs.irc-announce}/bin/irc-announce \
+ ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
+ '';
+ in {
+ enable = true;
+ http.enable = true;
+ alarms = {
+ hfos = {
+ test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
+ alarm = echoToIrc "test hfos failed";
+ };
+ };
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
+ ];
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.shodan;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "btrfs";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ "/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "btrfs";
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
+}