summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-01-02 20:58:59 +0100
committertv <tv@krebsco.de>2018-01-02 20:58:59 +0100
commit493984d97e6deaee3d7b358724e83c59bccb212d (patch)
tree691e019ae0b55d48a9681d9c26ae65e6c83d1d0f /makefu/1systems
parent84fdbeba2ceee152a128f5e9013043c172c07ecf (diff)
parente48b4eb4606f6d0ec0b930016a53e7e7cfcbfb64 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/fileleech/config.nix75
-rw-r--r--makefu/1systems/gum/config.nix27
-rw-r--r--makefu/1systems/omo/config.nix1
-rw-r--r--makefu/1systems/vbob/config.nix64
-rw-r--r--makefu/1systems/vbob/source.nix2
-rw-r--r--makefu/1systems/wbob/config.nix3
-rw-r--r--makefu/1systems/x/config.nix1
-rw-r--r--makefu/1systems/x/source.nix2
8 files changed, 105 insertions, 70 deletions
diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix
index b5ec370a5..e36afecd5 100644
--- a/makefu/1systems/fileleech/config.nix
+++ b/makefu/1systems/fileleech/config.nix
@@ -6,18 +6,18 @@ let
rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
rootPartition = rootDisk + "-part3";
- dataDisks = let
- idpart = dev: byid dev + "-part1";
- in [
- { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
- { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
- { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
- { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
- { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
- { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
- { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
- { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
- ];
+ dataDisks = let
+ idpart = dev: byid dev + "-part1";
+ in [
+ { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
+ { name = "crypt1"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GGWG8F";}
+ { name = "crypt2"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GH5NAF";}
+ { name = "crypt3"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GJWGDF";}
+ { name = "crypt4"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXHF";}
+ { name = "crypt5"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GKKXVF";}
+ { name = "crypt6"; device = idpart "scsi-1ATA_HUA722020ALA330_YAJJ8WRV";}
+ { name = "crypt7"; device = idpart "scsi-1ATA_HUA722020ALA330_YBKTUS4F";} # parity
+ ];
disks = [ { name = "luksroot"; device = rootPartition; } ] ++ dataDisks;
in {
@@ -25,13 +25,13 @@ in {
<stockholm/makefu>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/disable_v6.nix>
- # <stockholm/makefu/2configs/torrent.nix>
+ <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/fs/sda-crypto-root.nix>
#<stockholm/makefu/2configs/elchos/irc-token.nix>
- <stockholm/makefu/2configs/elchos/log.nix>
- <stockholm/makefu/2configs/elchos/search.nix>
- <stockholm/makefu/2configs/elchos/stats.nix>
+ # <stockholm/makefu/2configs/elchos/log.nix>
+ # <stockholm/makefu/2configs/elchos/search.nix>
+ # <stockholm/makefu/2configs/elchos/stats.nix>
];
systemd.services.grafana.serviceConfig.LimitNOFILE=10032;
@@ -42,8 +42,8 @@ in {
enable = true;
build.host = config.krebs.hosts.fileleech;
};
- # git clone https://github.com/makefu/docker-pyload
- # docker build .
+ # git clone https://github.com/makefu/docker-pyload
+ # docker build .
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P docker-pyload
virtualisation.docker.enable = true; # for pyload
@@ -60,7 +60,7 @@ in {
];
services.nginx.virtualHosts._download = {
default = true;
- root = "/media/cryptX";
+ root = config.makefu.dl-dir;
extraConfig = ''
autoindex on;
'';
@@ -80,10 +80,11 @@ in {
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+ # TODO use users.motd and pam.services.sshd.showMotd
services.openssh.extraConfig = let banner = pkgs.writeText "openssh-banner" ''
Services:
- ssh://download@fileleech - ssh via filebitch.shack
- ftp://download@fileleech - access to /media/cryptX
+ ssh://download@fileleech - ssh via filebitch
+ ftp://download@fileleech - access to ${config.makefu.dl-dir}
http://fileleech:8112 - rutorrent
http://fileleech:8113 - pyload
https://fileleech:9090 - sabnzb
@@ -104,13 +105,13 @@ in {
cryptMount = name:
{ "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
in cryptMount "crypt0"
- // cryptMount "crypt1"
- // cryptMount "crypt2"
- // cryptMount "crypt3"
- // cryptMount "crypt4"
- // cryptMount "crypt5"
- // cryptMount "crypt6"
- // cryptMount "crypt7"
+ // cryptMount "crypt1"
+ // cryptMount "crypt2"
+ // cryptMount "crypt3"
+ // cryptMount "crypt4"
+ // cryptMount "crypt5"
+ // cryptMount "crypt6"
+ // cryptMount "crypt7"
# this entry sometimes creates issues
// { "/media/cryptX" = {
@@ -121,10 +122,10 @@ in {
}
;
+ makefu.dl-dir = "/media/cryptX";
users.users.download = {
useDefaultShell = true;
# name = "download";
- home = "/media/cryptX/";
# createHome = true;
openssh.authorizedKeys.keys = [
config.krebs.users.makefu.pubkey
@@ -132,7 +133,7 @@ in {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo2z8zsI+YF3ho0hvYzzCZi05mNyjk4iFK08+nNFCdXSG07jmRROWzTcC2ysTKZ56XD2al2abLxy4FZfmDcu9b2zJoPnIiXv/Jw0TKeZ71OyN3bILtv+6Xj1FTJ+kAUMXBfEew7UCgZZ8u8RQsFmlhqB9XqCBXmzP7I2EM1wWSzwEAgG/k6C+Ir054JjAj+fLr/wBduD1GAe8bXXF3Ojiky8OMs2oJaoGV96mrVAtVN+ftfWSvHCK31Y/KgCoPDE4LdoTir1IRfx2pZUMPkyzRW/etXT0PKD96I+/3d1xNPzNNjFpd6GqADC3xnfY3WslNgjL7gqwsC9SlEyuT1Xkd lotho@mercurius"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClaVl9Fwp4wdGLeTZdfy5MpJf+hM6fpL1k6UmtYXWgVYU7tgmStdlpLlbyMQspoFRtT7/76n4kPwCmM0c82xNXaJJMuWa98pwMp+bAwSSdOGAP/vjfzL/TUAX+Xtrw6ehF7r1O+zqw/E/bWt6UezKj08wDLWjByzdDQwslJV6lrGek4mmYRdgmHHeZ1oG89ePEZJZOM6jcZqv0AfIj0NID3ir9Z0kz9uSSXb1279Qt4953mfjs5xwhtc1B7vrxJ3qtTZUsBoAkUkLeulUEIjkfn60wvDGu/66GP5ZClXyk2gck/ZNmtFYrQoqx9EtF1KK02cC17A0nfRySQy5BnfWn root@filebitch"
];
};
@@ -142,15 +143,19 @@ in {
parity = toMapper 7;
};
networking.nameservers = [ "8.8.8.8" ];
- #networking.interfaces.enp6s0f0.ip4 = [{
- # address = "151.217.173.20";
- # prefixLength = 22;
- #}];
- #networking.defaultGateway = "151.217.172.1";
+ # SPF
+ networking.defaultGateway = "151.217.176.1";
+ networking.interfaces.enp6s0f0.ip4 = [{
+ address = "151.217.178.63";
+ prefixLength = 22;
+ }];
+
+ # Gigabit
networking.interfaces.enp8s0f1.ip4 = [{
address = "192.168.126.1";
prefixLength = 24;
}];
+
#interfaces.enp6s0f1.ip4 = [{
# address = external-ip;
# prefixLength = 22;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index b66ef1ab8..1fe0b62f9 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -48,9 +48,15 @@ in {
<stockholm/makefu/2configs/share/gum.nix>
# <stockholm/makefu/2configs/sabnzbd.nix>
<stockholm/makefu/2configs/torrent.nix>
- <stockholm/makefu/2configs/iodined.nix>
+ <stockholm/makefu/2configs/mosh.nix>
+
+ # network
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
+ <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/iodined.nix>
+
+ # buildbot
<stockholm/makefu/2configs/remote-build/slave.nix>
## Web
@@ -103,15 +109,16 @@ in {
#}
{ # wireguard server
networking.firewall.allowedUDPPorts = [ 51820 ];
- #networking.wireguard.interfaces.wg0 = {
- # ips = [ "10.244.0.1/24" ];
- # privateKeyFile = (toString <secrets>) + "/wireguard.key";
- # allowedIPsAsRoutes = true;
- # peers = [{
- # allowedIPs = [ "0.0.0.0/0" "::/0" ];
- # publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- # }];
- #};
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.0.1/24" ];
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ allowedIPsAsRoutes = true;
+ peers = [{
+ # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+ allowedIPs = [ "10.244.0.2/32" ];
+ publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+ }];
+ };
}
];
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 4af87dc10..aaecebadc 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -47,6 +47,7 @@ in {
<stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/smart-monitor.nix>
<stockholm/makefu/2configs/mail-client.nix>
+ <stockholm/makefu/2configs/mosh.nix>
# <stockholm/makefu/2configs/disable_v6.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index f71634501..f318c0e61 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -3,37 +3,57 @@
krebs.build.host = config.krebs.hosts.vbob;
makefu.awesome.modkey = "Mod1";
imports =
- [ # Include the results of the hardware scan.
+ [
<stockholm/makefu>
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
- (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
+ {
+ imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
+ boot.loader.grub.device = "/dev/vda";
+ }
+ # {
+ # imports = [
+ # <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+ # ];
+ # virtualbox.baseImageSize = 35 * 1024;
+ # fileSystems."/media/share" = {
+ # fsType = "vboxsf";
+ # device = "share";
+ # options = [ "rw" "uid=9001" "gid=9001" ];
+ # };
+ # }
+
+ # {
+ # imports = [
+ # <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+ # ];
+ # fileSystems."/nix" = {
+ # device ="/dev/disk/by-label/nixstore";
+ # fsType = "ext4";
+ # };
+ # }
+
+
# base gui
- <stockholm/makefu/2configs/main-laptop.nix>
+ # <stockholm/makefu/2configs/main-laptop.nix>
+ # <stockholm/makefu/2configs/tools/core-gui.nix>
+
+ <stockholm/makefu/2configs/zsh-user.nix>
# security
<stockholm/makefu/2configs/sshd-totp.nix>
# Tools
<stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/dev.nix>
- <stockholm/makefu/2configs/tools/extra-gui.nix>
- <stockholm/makefu/2configs/tools/sec.nix>
+ # <stockholm/makefu/2configs/tools/extra-gui.nix>
+ # <stockholm/makefu/2configs/tools/sec.nix>
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
- <stockholm/makefu/2configs/audio/realtime-audio.nix>
-
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
nixpkgs.config.allowUnfree = true;
- fileSystems."/nix" = {
- device ="/dev/disk/by-label/nixstore";
- fsType = "ext4";
- };
# allow vbob to deploy self
users.extraUsers = {
@@ -45,9 +65,13 @@
environment.shellAliases = {
forti = "cat ~/vpn/pw.txt | xclip; sudo forticlientsslvpn";
};
- # TODO: for forticleintsslpn
- # ln -s /r/current-system/sw/bin/pppd /usr/sbin/pppd
- # ln -s /r/current-system/sw/bin/tail /usr/bin/tail
+
+ system.activationScripts.prepare-fortclientvpnssl = ''
+ # TODO: for forticlientsslpn
+ mkdir -p /usr/{s,}bin
+ ln -fs ${pkgs.ppp}/bin/pppd /usr/sbin/pppd
+ ln -fs ${pkgs.coreutils}/bin/tail /usr/bin/tail
+ '';
environment.systemPackages = with pkgs;[
fortclientsslvpn ppp xclip
get
@@ -55,7 +79,6 @@
# docker
#devpi-web
#devpi-client
- debmirror
ansible
];
# virtualisation.docker.enable = true;
@@ -67,10 +90,5 @@
8010
];
- fileSystems."/media/share" = {
- fsType = "vboxsf";
- device = "share";
- options = [ "rw" "uid=9001" "gid=9001" ];
- };
}
diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix
index 5b726e40b..5419215e2 100644
--- a/makefu/1systems/vbob/source.nix
+++ b/makefu/1systems/vbob/source.nix
@@ -1,4 +1,4 @@
import <stockholm/makefu/source.nix> {
name="vbob";
- musnix = true;
+ # musnix = true;
}
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index c30ee4c58..f44211b93 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -32,10 +32,13 @@ in {
<stockholm/makefu/2configs/remote-build/slave.nix>
<stockholm/makefu/2configs/share/wbob.nix>
+ # Sensors
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
+ # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+
<stockholm/makefu/2configs/deployment/bureautomation>
(let
collectd-port = 25826;
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 1dd1a070f..3686acb6e 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -60,7 +60,6 @@ with import <stockholm/lib>;
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>
<stockholm/makefu/2configs/hw/rtl8812au.nix>
- <stockholm/makefu/2configs/hw/exfat-nofuse.nix>
<stockholm/makefu/2configs/hw/wwan.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/rad1o.nix>
diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix
index 6dc17b656..6278877c3 100644
--- a/makefu/1systems/x/source.nix
+++ b/makefu/1systems/x/source.nix
@@ -1,5 +1,7 @@
import <stockholm/makefu/source.nix> {
name="x";
full = true;
+ python = true;
+ hw = true;
# torrent = true;
}