summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-03-05 00:28:32 +0100
committertv <tv@krebsco.de>2017-03-05 00:28:32 +0100
commit4499cc406560963d65b016075ba2df6451c834cd (patch)
treeffea19187190a105e7b0caf617a0215c02c281da /lass/1systems
parentd7761aed6559adba3cfa61d822165c42c90fc276 (diff)
parent39fd77b84c7c14d6460722721726b378bdab7acd (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/mors.nix59
-rw-r--r--lass/1systems/prism.nix25
-rw-r--r--lass/1systems/shodan.nix23
3 files changed, 48 insertions, 59 deletions
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index a5eaaed9d..bffb08ad3 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -76,56 +76,15 @@ with import <stockholm/lib>;
{
services.redis.enable = true;
}
- #{
- # #gitit magic
- # imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
- # services.gitit = {
- # enable = true;
- # haskellPackages = pkgs.haskell.packages.ghc7103;
- # };
- #}
- #{
- # lass.icinga2 = {
- # enable = true;
- # configFiles = [
- # ''
- # template Service "generic-service" {
- # max_check_attempts = 3
- # check_interval = 5m
- # retry_interval = 1m
- # enable_perfdata = true
- # }
- # apply Service "ping4" {
- # }
- # ''
- # ];
- # };
- # services.mysql = {
- # enable = true;
- # package = pkgs.mariadb;
- # rootPassword = "<secrets>/mysql_rootPassword";
- # };
- # lass.icingaweb2 = {
- # enable = true;
- # initialRootPasswordHash = "$1$HpWDCehI$ITbAoyfOB6HEN1ftooxZq0";
- # resources = {
- # icinga2db = {
- # type = "mysql";
- # host = "localhost";
- # user = "icingaweb2";
- # db = "icinga";
- # passfile = <secrets/icinga2-pw>;
- # };
- # icingaweb2db = {
- # type = "mysql";
- # host = "localhost";
- # user = "icingaweb2";
- # db = "icingaweb2";
- # passfile = <secrets/icinga2-pw>;
- # };
- # };
- # };
- #}
+ {
+ #ipfs-testing
+ services.ipfs.enable = true;
+ }
+ {
+ environment.systemPackages = [
+ pkgs.krebszones
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.mors;
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index c0c22a0de..b55732f65 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -44,6 +44,7 @@ in {
../2configs/hfos.nix
../2configs/makefu-sip.nix
../2configs/monitoring/server.nix
+ ../2configs/monitoring/monit-alarms.nix
{
imports = [
../2configs/bepasty.nix
@@ -164,7 +165,6 @@ in {
}
{
imports = [
- ../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix
../2configs/websites/lassulus.nix
];
@@ -215,7 +215,8 @@ in {
}
{
krebs.repo-sync.timerConfig = {
- OnUnitInactiveSec = "5min";
+ OnBootSec = "5min";
+ OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min";
};
}
@@ -247,7 +248,13 @@ in {
];
}
{
- krebs.Reaktor.coders = {
+ krebs.Reaktor.coders = let
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+ in {
nickname = "reaktor-lass";
channels = [ "#coders" ];
extraEnviron = {
@@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
@@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
@@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
@@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
@@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
@@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix
index 232e91d90..dca616936 100644
--- a/lass/1systems/shodan.nix
+++ b/lass/1systems/shodan.nix
@@ -42,6 +42,29 @@ with import <stockholm/lib>;
pkgs.python27Packages.python
];
}
+ {
+ krebs.monit = let
+ echoToIrc = msg:
+ pkgs.writeDash "echo_irc" ''
+ set -euf
+ export LOGNAME=prism-alarm
+ ${pkgs.irc-announce}/bin/irc-announce \
+ ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null
+ '';
+ in {
+ enable = true;
+ http.enable = true;
+ alarms = {
+ hfos = {
+ test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'";
+ alarm = echoToIrc "test hfos failed";
+ };
+ };
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.shodan;