diff options
author | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
commit | 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch) | |
tree | 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/1systems/shoney | |
parent | cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff) |
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/1systems/shoney')
-rw-r--r-- | makefu/1systems/shoney/config.nix | 62 | ||||
-rw-r--r-- | makefu/1systems/shoney/source.nix | 3 |
2 files changed, 0 insertions, 65 deletions
diff --git a/makefu/1systems/shoney/config.nix b/makefu/1systems/shoney/config.nix deleted file mode 100644 index 27d389b85..000000000 --- a/makefu/1systems/shoney/config.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, pkgs, ... }: -let - tinc-siem-ip = "10.8.10.1"; - - ip = "64.137.234.215"; - alt-ip = "64.137.234.210"; # honeydrive honeyd - extra-ip1 = "64.137.234.114"; # floating tinc.siem - extra-ip2 = "64.137.234.232"; # honeydrive - gw = "64.137.234.1"; -in { - imports = [ - <stockholm/makefu> - <stockholm/makefu/2configs/save-diskspace.nix> - <stockholm/makefu/2configs/hw/CAC.nix> - <stockholm/makefu/2configs/fs/CAC-CentOS-7-64bit.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - ]; - - - krebs = { - enable = true; - build.host = config.krebs.hosts.shoney; - tinc_graphs = { - enable = true; - network = "siem"; - hostsPath = "/etc/tinc/siem/hosts"; - nginx = { - enable = true; - # TODO: remove hard-coded hostname - anonymous-domain = "localhost.localdomain"; - anonymous.extraConfig = "return 403;"; - complete = { - serverAliases = [ "graph.siem" ]; - extraConfig = '' - if ( $server_addr = "${ip}" ) { - return 403; - } - ''; - }; - }; - }; - }; - makefu.forward-journal = { - enable = true; - src = "10.8.10.1"; - dst = "10.8.10.6"; - }; - networking = { - interfaces.enp2s1.ipv4.addresses = [ - { address = ip; prefixLength = 24; } - # { address = alt-ip; prefixLength = 24; } - ]; - - defaultGateway = gw; - nameservers = [ "8.8.8.8" ]; - firewall = { - trustedInterfaces = [ "tinc.siem" ]; - allowedUDPPorts = [ 655 1655 ]; - allowedTCPPorts = [ 655 1655 ]; - }; - }; -} diff --git a/makefu/1systems/shoney/source.nix b/makefu/1systems/shoney/source.nix deleted file mode 100644 index 3616716f9..000000000 --- a/makefu/1systems/shoney/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - name="shoney"; -} |