summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-07-22 13:22:13 +0200
committertv <tv@krebsco.de>2016-07-22 13:22:13 +0200
commit45c62ec4d3ec61ba593657676f5a09d47622564e (patch)
tree7937fbefaddc5e0168e44ab1d6e355c42192d7e8 /makefu/1systems
parent8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d (diff)
parent0bd78c3b0de0fa79322e9031f45dcc62abd094d1 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/darth.nix2
-rw-r--r--makefu/1systems/filepimp.nix2
-rw-r--r--makefu/1systems/gum.nix4
-rw-r--r--makefu/1systems/omo.nix2
-rw-r--r--makefu/1systems/pnp.nix5
-rw-r--r--makefu/1systems/pornocauster.nix10
-rw-r--r--makefu/1systems/repunit.nix9
-rw-r--r--makefu/1systems/shoney.nix5
-rw-r--r--makefu/1systems/tsp.nix2
-rw-r--r--makefu/1systems/vbob.nix19
-rw-r--r--makefu/1systems/wbob.nix14
-rw-r--r--makefu/1systems/wry.nix3
12 files changed, 36 insertions, 41 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index 87029a693..c63dcb492 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -17,6 +17,7 @@ in {
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
+ ../2configs/tinc/retiolum.nix
../2configs/temp-share-samba.nix
];
services.samba.shares = {
@@ -39,7 +40,6 @@ in {
};
#networking.firewall.enable = false;
- krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index 593f77378..c6966c99c 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -22,8 +22,8 @@ in {
../.
../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix
+ ../2configs/tinc/retiolum.nix
];
- krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.filepimp;
# AMD N54L
boot = {
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 17b2b5093..a4e2d1760 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -19,6 +19,7 @@ in {
../2configs/deployment/mycube.connector.one.nix
../2configs/exim-retiolum.nix
+ ../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix
];
@@ -27,8 +28,7 @@ in {
###### stable
krebs.build.host = config.krebs.hosts.gum;
- krebs.retiolum = {
- enable = true;
+ krebs.tinc.retiolum = {
extraConfig = ''
ListenAddress = ${external-ip} 53
ListenAddress = ${external-ip} 655
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 8c24e0ff5..e11abd40d 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -47,12 +47,12 @@ in {
#../2configs/graphite-standalone.nix
#../2configs/share-user-sftp.nix
../2configs/omo-share.nix
+ ../2configs/tinc/retiolum.nix
## as long as pyload is not in nixpkgs:
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
];
- krebs.retiolum.enable = true;
networking.firewall.trustedInterfaces = [ primaryInterface ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 4b8d39c89..a460a87e7 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -15,11 +15,12 @@
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/fs/vm-single-partition.nix
+ ../2configs/tinc/retiolum.nix
+
# config.system.build.vm
- <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+ (toString <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>)
];
- krebs.retiolum.enable = true;
virtualisation.graphics = false;
# also export secrets, see Usage above
fileSystems = pkgs.lib.mkVMOverride {
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 2ab030916..b683e5630 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -38,8 +38,9 @@
#../2configs/wordpress.nix
../2configs/nginx/public_html.nix
+ ../2configs/tinc/retiolum.nix
# temporary modules
- # ../2configs/temp/share-samba.nix
+ ../2configs/temp/share-samba.nix
# ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
];
@@ -69,10 +70,9 @@
krebs.build.host = config.krebs.hosts.pornocauster;
krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
- krebs.retiolum = {
- enable = true;
- connectTo = [ "omo" "gum" "prism" ];
- };
+
+ krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
+
networking.extraHosts = ''
192.168.1.11 omo.local
'';
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index bf6ff9fb6..7102b8f81 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -10,6 +10,7 @@
../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/git/cgit-retiolum.nix
+ ../2configs/tinc/retiolum.nix
];
krebs.build.host = config.krebs.hosts.repunit;
@@ -31,14 +32,6 @@
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "gum"
- "pigstarter"
- "fastpoke"
- ];
- };
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 3a3ac9c7c..7081f6a95 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -13,15 +13,12 @@ in {
../2configs/save-diskspace.nix
../2configs/hw/CAC.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
+ ../2configs/tinc/retiolum.nix
];
- environment.systemPackages = [ pkgs.honeyd ];
- services.tinc.networks.siem.name = "sjump";
-
krebs = {
enable = true;
- retiolum.enable = true;
build.host = config.krebs.hosts.shoney;
nginx.enable = true;
tinc_graphs = {
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 302ba6f99..9809abf4c 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -17,9 +17,9 @@
../2configs/zsh-user.nix
../2configs/exim-retiolum.nix
+ ../2configs/tinc/retiolum.nix
];
# not working in vm
- krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.tsp;
networking.firewall.allowedTCPPorts = [
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 3fcb173ce..27a216316 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -8,9 +8,10 @@
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
../2configs/main-laptop.nix #< base-gui
- # (toString <secrets>)/extra-hosts.nix
+ # <secrets/extra-hosts.nix>
# environment
+ ../2configs/tinc/retiolum.nix
];
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
@@ -28,8 +29,15 @@
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
+
+ environment.shellAliases = {
+ forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
+ };
+ # TODO: for forticleintsslpn
+ # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd
+ # ln -s /r/current-system/sw/bin/tail /usr/bin/tail
environment.systemPackages = with pkgs;[
- fortclientsslvpn
+ fortclientsslvpn ppp xclip
get
logstash
docker
@@ -45,13 +53,6 @@
8010
];
- krebs.retiolum = {
- enable = true;
- connectTo = [
- "omo"
- "gum"
- ];
- };
virtualisation.docker.enable = false;
fileSystems."/media/share" = {
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index 45b935af0..e8e0b091f 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -1,5 +1,7 @@
{ config, pkgs, ... }:
-{
+let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
+in {
+
makefu.awesome = {
modkey = "Mod1";
#TODO: integrate kiosk config into full config by templating the autostart
@@ -9,19 +11,19 @@
[ # Include the results of the hardware scan.
../.
../2configs/main-laptop.nix
+ ../2configs/virtualization.nix
+ ../2configs/tinc/retiolum.nix
];
krebs = {
enable = true;
- retiolum.enable = true;
build.host = config.krebs.hosts.wbob;
};
networking.firewall.allowedUDPPorts = [ 1655 ];
- networking.firewall.allowedTCPPorts = [ 1655 ];
+ networking.firewall.allowedTCPPorts = [ 1655 49152 ];
services.tinc.networks.siem = {
name = "display";
extraConfig = ''
ConnectTo = sjump
- Port = 1655
'';
};
@@ -35,12 +37,12 @@
# nuc hardware
- boot.loader.grub.device = "/dev/sda";
+ boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
- device = "/dev/sda1";
+ device = rootdisk + "-part1";
fsType = "ext4";
};
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 5788cb654..3764ab4b5 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -25,8 +25,9 @@ in {
# collectd
../2configs/collectd/collectd-base.nix
+
+ ../2configs/tinc/retiolum.nix
];
- krebs.retiolum.enable = true;
krebs.build.host = config.krebs.hosts.wry;