diff options
author | tv <tv@krebsco.de> | 2017-12-14 10:17:40 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-12-14 10:17:40 +0100 |
commit | b5f1febe68529f7b6ebf5e1db524ba7b6ea161f9 (patch) | |
tree | 9f05e213af4917b608cd850bdd0cfabf06d157ae /makefu/2configs | |
parent | bd63530db16dd3f90af51750d25d07cca1526aaa (diff) | |
parent | 04f7ae22d6d0720d06f78c712eb9cd245cefce82 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r-- | makefu/2configs/deployment/bgt/hidden_service.nix | 48 | ||||
-rw-r--r-- | makefu/2configs/deployment/bureautomation/default.nix | 41 | ||||
-rw-r--r-- | makefu/2configs/deployment/led-fader.nix | 28 | ||||
-rw-r--r-- | makefu/2configs/deployment/scrape/default.nix | 6 | ||||
-rw-r--r-- | makefu/2configs/deployment/scrape/selenium.nix | 65 | ||||
-rw-r--r-- | makefu/2configs/share/omo.nix | 14 | ||||
-rw-r--r-- | makefu/2configs/share/wbob.nix | 38 | ||||
-rw-r--r-- | makefu/2configs/stats/telegraf/airsensor.nix | 19 | ||||
-rw-r--r-- | makefu/2configs/stats/telegraf/default.nix | 3 | ||||
-rw-r--r-- | makefu/2configs/tools/dev.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/tools/extra-gui.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/tools/games.nix | 1 | ||||
-rw-r--r-- | makefu/2configs/zsh-user.nix | 15 |
13 files changed, 248 insertions, 33 deletions
diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/deployment/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/deployment/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString <secrets>) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/deployment/bureautomation/default.nix new file mode 100644 index 000000000..3897537ea --- /dev/null +++ b/makefu/2configs/deployment/bureautomation/default.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 3001; + runit = pkgs.writeDash "runit" '' + set -xeuf + PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + name=''${1?must provide name as first arg} + state=''${2?must provide state as second arg} + # val=''${3?must provide val as third arg} + + # we ignore non-alerting events + test $state = alerting || exit 0 + + echo $name - $state + curl 'http://bauarbeiterlampe/ay?o=1' + sleep 5 + curl 'http://bauarbeiterlampe/ay?o=1' + ''; +in { + services.logstash = { + package = pkgs.logstash5; + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + ''; + outputConfig = '' + stdout { codec => json } + exec { command => "${runit} '%{ruleName}' '%{state}'" } + ''; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + }; +} diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 4c17a1d50..292b6679d 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -1,27 +1,25 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, buildPythonPackage, ... }: -with import <stockholm/lib>; let mq = "192.168.8.11"; - pkg = pkgs.stdenv.mkDerivation { + pkg = pkgs.python3Packages.buildPythonPackage { name = "ampel-master"; + src = pkgs.fetchgit { url = "http://cgit.euer.krebsco.de/ampel"; - rev = "07a6791de368e16cc0864d2676fd255eba522cee"; - sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; + rev = "531741b"; + sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c"; }; - buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + propagatedBuildInputs = with pkgs.python3Packages; [ docopt paho-mqtt - ])) + requests + pytz + influxdb + httplib2 + google_api_python_client ]; - installPhase = '' - install -m755 -D fade.py $out/bin/fade.py - install -m755 -D ampel.py $out/bin/ampel - install -m755 -D times.json $out/share/times.json - ''; }; in { systemd.services.led-fader = { @@ -34,7 +32,9 @@ in { serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; - ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; + ExecStart = "${pkg}/bin/ampel 4"; + Restart = "always"; + RestartSec = 10; PrivateTmp = true; }; }; diff --git a/makefu/2configs/deployment/scrape/default.nix b/makefu/2configs/deployment/scrape/default.nix new file mode 100644 index 000000000..c7a5b5c14 --- /dev/null +++ b/makefu/2configs/deployment/scrape/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./elkstack.nix + ./selenium.nix + ]; +} diff --git a/makefu/2configs/deployment/scrape/selenium.nix b/makefu/2configs/deployment/scrape/selenium.nix new file mode 100644 index 000000000..d700259ba --- /dev/null +++ b/makefu/2configs/deployment/scrape/selenium.nix @@ -0,0 +1,65 @@ +{config, pkgs, lib, ...}: +with <stockholm/lib>; +let + selenium-pw = <secrets/selenium-vncpasswd>; +in { + services.jenkinsSlave.enable = true; + users.users.selenium = { + uid = genid "selenium"; + extraGroups = [ "plugdev" ]; + }; + + fonts.enableFontDir = true; + + # networking.firewall.allowedTCPPorts = [ 5910 ]; + + systemd.services.selenium-X11 = + { + description = "X11 vnc for selenium"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.xorg.xorgserver pkgs.tightvnc pkgs.dwm ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + set -ex + [ -e /tmp/.X10-lock ] && ( set +e ; chmod u+w /tmp/.X10-lock ; rm /tmp/.X10-lock ) + [ -e /tmp/.X11-unix/X10 ] && ( set +e ; chmod u+w /tmp/.X11-unix/X10 ; rm /tmp/.X11-unix/X10 ) + mkdir -p ~/.vnc + cp -f ${selenium-pw} ~/.vnc/passwd + chmod go-rwx ~/.vnc/passwd + echo > ~/.vnc/xstartup + chmod u+x ~/.vnc/xstartup + vncserver $DISPLAY -geometry 1280x1024 -depth 24 -name jenkins -ac + dwm + ''; + preStop = '' + vncserver -kill $DISPLAY + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + systemd.services.selenium-server = + { + description = "selenium-server"; + wantedBy = [ "multi-user.target" ]; + requires = [ "selenium-X11.service" ]; + path = [ pkgs.chromium + pkgs.firefoxWrapper ]; + environment = + { + DISPLAY = ":10"; + }; + script = '' + ${pkgs.selenium-server-standalone}/bin/selenium-server -Dwebdriver.enable.native.events=1 + ''; + serviceConfig = { + User = "selenium"; + }; + }; + + +} diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 7d7a4ec57..e4fef7c3c 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -30,20 +30,14 @@ in { browseable = "yes"; "guest ok" = "yes"; }; - usenet = { - path = "/media/crypt0/usenet/dst"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - pyload = { - path = "/media/crypt0/pyload"; + crypt0 = { + path = "/media/crypt0"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; - crypt0 = { - path = "/media/crypt0"; + crypX-games = { + path = "/media/cryptX/games"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix new file mode 100644 index 000000000..7d3fc38fe --- /dev/null +++ b/makefu/2configs/share/wbob.nix @@ -0,0 +1,38 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/data/incoming"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + data = { + path = "/data/"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/stats/telegraf/airsensor.nix b/makefu/2configs/stats/telegraf/airsensor.nix new file mode 100644 index 000000000..09d23e7d4 --- /dev/null +++ b/makefu/2configs/stats/telegraf/airsensor.nix @@ -0,0 +1,19 @@ +{ pkgs, ...}: + +{ + services.udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input" + ''; + users.users.telegraf.extraGroups = [ "input" ]; + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; + timeout = "10s"; + data_format = "value"; + data_type = "integer"; + name_override = "airquality"; + interval = "10s"; + tags.unit="VOC"; + } + ]; +} diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix index 4da6561d6..049a9c037 100644 --- a/makefu/2configs/stats/telegraf/default.nix +++ b/makefu/2configs/stats/telegraf/default.nix @@ -2,9 +2,6 @@ let url = "http://localhost:8086"; in { - imports = [ - ./europastats.nix - ]; services.telegraf = { enable = true; extraConfig = { diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 46872279a..26e9808b2 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -13,10 +13,12 @@ esptool cac-api cac-panel + krebszones ovh-zone whatsupnix brain gen-oath-safe cdrtools + stockholm ]; } diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index bcc068d82..e25290297 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -14,5 +14,6 @@ saleae-logic arduino-user-env gitAndTools.gitFull + signal-desktop ]; } diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 8da615963..40ea4523d 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -7,5 +7,6 @@ users.users.makefu.packages = with pkgs; [ games-user-env wine + pkg2zip ]; } diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index f280fc852..6be078f6a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -8,11 +8,12 @@ in users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; programs.zsh= { enable = true; - enableCompletion = false ; #manually at the end + enableCompletion = true ; #manually at the end interactiveShellInit = '' HISTSIZE=900001 HISTFILESIZE=$HISTSIZE SAVEHIST=$HISTSIZE + HISTFILE=$HOME/.zsh_history setopt HIST_IGNORE_ALL_DUPS setopt HIST_IGNORE_SPACE @@ -65,13 +66,15 @@ in zle -N fzf-file-widget bindkey '^T' fzf-file-widget - # Auto-Completion - for p in ''${(z)NIX_PROFILES}; do - fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions) - done - autoload -U compinit && compinit compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + + # ctrl-x ctrl-e + autoload -U edit-command-line + zle -N edit-command-line + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line + ''; promptInit = '' |