summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.rsync-filter1
-rw-r--r--krebs/3modules/lass/default.nix35
-rw-r--r--krebs/3modules/tv/default.nix23
-rw-r--r--krebs/5pkgs/simple/populate/default.nix4
-rw-r--r--lass/1systems/cloudkrebs/config.nix34
-rw-r--r--lass/1systems/cloudkrebs/source.nix3
-rw-r--r--lass/1systems/iso.nix1
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/1systems/prism/config.nix16
-rw-r--r--lass/1systems/skynet/config.nix2
-rw-r--r--lass/2configs/exim-smarthost.nix1
-rw-r--r--lass/2configs/ircd.nix1
-rw-r--r--lass/2configs/mail.nix2
-rw-r--r--lass/2configs/newsbot-js.nix26
-rw-r--r--lass/source.nix4
-rw-r--r--shell.nix15
16 files changed, 56 insertions, 113 deletions
diff --git a/.rsync-filter b/.rsync-filter
index d7657cd00..364a79864 100644
--- a/.rsync-filter
+++ b/.rsync-filter
@@ -1,2 +1,3 @@
- /.git
- /.graveyard
+P /.version-suffix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 4e50ef577..7aeeb1f21 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -43,7 +43,7 @@ with import <stockholm/lib>;
cores = 2;
nets = rec {
internet = {
- ip4.addr = "104.233.79.118";
+ ip4.addr = "45.62.226.163";
aliases = [
"echelon.i"
];
@@ -128,39 +128,6 @@ with import <stockholm/lib>;
};
managed = false;
};
- cloudkrebs = {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "104.167.113.104";
- aliases = [
- "cloudkrebs.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.206.102";
- ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f762";
- aliases = [
- "cloudkrebs.r"
- "cgit.cloudkrebs.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAttUygCu7G6lIA9y+9rfTpLKIy2UgNDglUVoKZYLs8JPjtAtQVbtA
- OcWwwPc8ijLQvwJWa8e/shqSzSIrtOe+HJbRGdXLdBLtOuLKpz+ZFHcS+95RS5aF
- QTehg+QY7pvhbrrwKX936tkMR568suTQG6C8qNC/5jWYO/wIxFMhnQ2iRRKQOq1v
- 3aGGPC16KeXKVioY9KoV98S3n1rZW1JK07CIsZU4qb5txtLlW6FplJ7UmhVku1WC
- sgOOj9yi6Zk1t8R2Pwv9gxa3Hc270voj5U+I2hgLV/LjheE8yhQgYHEA4vXerPdO
- TGSATlSmMtE2NYGrKsLM7pKn286aSpXinwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7oYx7Lbkc0wPYNp92LQF93DCtxsGzOkVD91FJQzVZl";
- };
uriel = {
cores = 1;
nets = {
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 81db2d411..68cba633b 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -113,14 +113,6 @@ with import <stockholm/lib>;
};
kaepsele = {
nets = {
- internet = {
- ip4.addr = "92.222.10.169";
- aliases = [
- "kaepsele.i"
- "kaepsele.internet"
- # TODO "kaepsele.org"
- ];
- };
retiolum = {
ip4.addr = "10.243.166.2";
ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
@@ -129,17 +121,18 @@ with import <stockholm/lib>;
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/
- Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo
- rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y
- y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu
- yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5
- FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB
+ MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
+ QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
+ 6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
+ JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
+ ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
+ ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
- ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
};
mu = {
cores = 2;
diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix
index 48afee037..1ed268cf0 100644
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@@ -13,12 +13,12 @@ in
stdenv.mkDerivation rec {
name = "populate";
- version = "1.2.2";
+ version = "1.2.3";
src = fetchgit {
url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}";
- sha256 = "041rpyhss6kby3jm14k7lhvagmg7hwvwxli06b00p76s110is40w";
+ sha256 = "14p9v28d5vcr5384qgycmgjh1angi2zx7qvi51651i7nd9qkjzmi";
};
phases = [
diff --git a/lass/1systems/cloudkrebs/config.nix b/lass/1systems/cloudkrebs/config.nix
deleted file mode 100644
index aa9a1f1ab..000000000
--- a/lass/1systems/cloudkrebs/config.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
- ip = config.krebs.build.host.nets.internet.ip4.addr;
-in {
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/realwallpaper.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- {
- networking.interfaces.enp2s1.ip4 = [
- {
- address = ip;
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = getDefaultGateway ip;
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- }
- {
- sound.enable = false;
- }
- ];
-
- krebs.build.host = config.krebs.hosts.cloudkrebs;
-}
diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix
deleted file mode 100644
index 99e71e755..000000000
--- a/lass/1systems/cloudkrebs/source.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import <stockholm/lass/source.nix> {
- name = "cloudkrebs";
-}
diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix
index 0b048a2b1..be064bed2 100644
--- a/lass/1systems/iso.nix
+++ b/lass/1systems/iso.nix
@@ -37,6 +37,7 @@ with import <stockholm/lib>;
};
};
boot.kernelParams = [ "copytoram" ];
+ networking.hostName = "lass-iso";
}
{
krebs.enable = true;
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 2cb6a7519..5bc52d633 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -139,7 +139,6 @@ with import <stockholm/lib>;
urban
mk_sql_pair
remmina
- thunderbird
iodine
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 5d05ae399..744bae551 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -298,6 +298,22 @@ in {
localAddress = "10.233.2.2";
};
}
+ {
+ #kaepsele
+ containers.kaepsele = {
+ config = { ... }: {
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
+ lass.pubkey
+ tv.pubkey
+ ];
+ };
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.3";
+ localAddress = "10.233.2.4";
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index a48df02b9..b707f4388 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -42,7 +42,7 @@ with import <stockholm/lib>;
}
];
- krebs.build.host = config.krebs.hosts.daedalus;
+ krebs.build.host = config.krebs.hosts.skynet;
#fileSystems = {
# "/bku" = {
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 728e265f6..611e1b9da 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -40,6 +40,7 @@ with import <stockholm/lib>;
{ from = "patreon@lassul.us"; to = lass.mail; }
{ from = "steam@lassul.us"; to = lass.mail; }
{ from = "securityfocus@lassul.us"; to = lass.mail; }
+ { from = "radio@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix
index b72e2b087..ee4c0216c 100644
--- a/lass/2configs/ircd.nix
+++ b/lass/2configs/ircd.nix
@@ -13,7 +13,6 @@
sid = "1as";
description = "miep!";
network_name = "irc.retiolum";
- network_desc = "Retiolum IRC Network";
hub = yes;
vhost = "0.0.0.0";
diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix
index ee0c3f938..9f9bb24fa 100644
--- a/lass/2configs/mail.nix
+++ b/lass/2configs/mail.nix
@@ -72,13 +72,13 @@ let
''} %r |"
virtual-mailboxes \
+ "Unread" "notmuch://?query=tag:unread"\
"INBOX" "notmuch://?query=tag:inbox \
and NOT tag:killed \
and NOT to:shackspace \
and NOT to:c-base \
and NOT from:security-alert@hpe.com \
and NOT to:nix-devel"\
- "Unread" "notmuch://?query=tag:unread"\
"shack" "notmuch://?query=to:shackspace"\
"c-base" "notmuch://?query=to:c-base"\
"security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\
diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix
index 070795d14..5e028a3fb 100644
--- a/lass/2configs/newsbot-js.nix
+++ b/lass/2configs/newsbot-js.nix
@@ -15,7 +15,6 @@ let
bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag
bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news
bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial
- c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news
carta|http://feeds2.feedburner.com/carta-standard-rss|#news
catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news
@@ -27,9 +26,11 @@ let
ccc|http://www.ccc.de/rss/updates.rdf|#news
chan_b|https://boards.4chan.org/b/index.rss|#brainfuck
chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck
+ chan_g|https://boards.4chan.org/g/index.rss|#news
chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck
- coinspotting|http://coinspotting.com/rss|#news #financial
- cryptocoinsnews|http://www.cryptocoinsnews.com/feed/|#news #financial
+ chan_sci|https://boards.4chan.org/sci/index.rss|#news
+ chan_x|https://boards.4chan.org/x/index.rss|#news
+ c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news
cryptogon|http://www.cryptogon.com/?feed=rss2|#news
csm|http://rss.csmonitor.com/feeds/csm|#news
csm_world|http://rss.csmonitor.com/feeds/world|#news
@@ -63,6 +64,7 @@ let
greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news
guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news
gulli|http://ticker.gulli.com/rss/|#news
+ hackernews|https://news.ycombinator.com/rss|#news
handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial
heise|https://www.heise.de/newsticker/heise-atom.xml|#news
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
@@ -98,12 +100,16 @@ let
presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#news #bullerei
presseportal|http://www.presseportal.de/rss/presseportal.rss2|#news
prisonplanet|http://prisonplanet.com/feed.rss|#news
- proofmarket|https://proofmarket.org/feed_problem|#news
rawstory|http://www.rawstory.com/rs/feed/|#news
reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck
reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news
reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial
+ reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
+ reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
+ reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news
+ reddit_sci|http://www.reddit.com/r/science/.rss|#news
+ reddit_tech|http://www.reddit.com/r/technology/.rss|#news
reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp
reddit_world|http://www.reddit.com/r/worldnews/.rss|#news
r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news
@@ -114,7 +120,7 @@ let
sciencemag|http://news.sciencemag.org/rss/current.xml|#news
scmp|http://www.scmp.com/rss/91/feed|#news
sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#news
- shackspace|http://shackspace.de/?feed=rss2|#news
+ shackspace|http://blog.shackspace.de/?feed=rss2|#news
shz_news|http://www.shz.de/nachrichten/newsticker/rss|#news
sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#news
sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#news
@@ -159,16 +165,6 @@ let
wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news
xkcd|https://xkcd.com/rss.xml|#news
zdnet|http://www.zdnet.com/news/rss.xml|#news
-
- chan_g|https://boards.4chan.org/g/index.rss|#news
- chan_x|https://boards.4chan.org/x/index.rss|#news
- chan_sci|https://boards.4chan.org/sci/index.rss|#news
- reddit_consp|http://reddit.com/r/conspiracy/.rss|#news
- reddit_sci|http://www.reddit.com/r/science/.rss|#news
- reddit_tech|http://www.reddit.com/r/technology/.rss|#news
- reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
- reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
- hackernews|https://news.ycombinator.com/rss|#news
'';
in {
environment.systemPackages = [
diff --git a/lass/source.nix b/lass/source.nix
index 7d60730f1..8430ecb16 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -13,12 +13,12 @@ in
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
- url = https://cgit.lassul.us/nixpkgs;
+ url = http://cgit.lassul.us/nixpkgs;
# nixos-17.03
# + copytoram:
# 87a4615 & 334ac4f
# + acme permissions for groups
# fd7a8f1
- ref = "d9c85b3";
+ ref = "60dc02d";
};
}
diff --git a/shell.nix b/shell.nix
index bc14fe7d8..a4ccc3187 100644
--- a/shell.nix
+++ b/shell.nix
@@ -9,6 +9,7 @@ let
# usage: deploy
# [--force-populate]
# [--quiet]
+ # [--source=PATH]
# --system=SYSTEM
# [--target=TARGET]
# [--user=USER]
@@ -20,6 +21,7 @@ let
\test -n "''${quiet-}" || quiet=false
\test -n "''${target-}" || target=$system
\test -n "''${user-}" || user=$LOGNAME
+ \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
. ${init.env}
. ${init.proxy}
@@ -29,6 +31,7 @@ let
# usage: install
# [--force-populate]
# [--quiet]
+ # [--source=PATH]
# --system=SYSTEM
# --target=TARGET
# [--user=USER]
@@ -39,6 +42,7 @@ let
. ${init.args}
\test -n "''${quiet-}" || quiet=false
\test -n "''${user-}" || user=$LOGNAME
+ \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
. ${init.env}
if \test "''${using_proxy-}" != true; then
@@ -76,6 +80,7 @@ let
# usage: test
# [--force-populate]
# [--quiet]
+ # [--source=PATH]
# --system=SYSTEM
# --target=TARGET
# [--user=USER]
@@ -88,6 +93,7 @@ let
. ${init.args}
\test -n "''${quiet-}" || quiet=false
\test -n "''${user-}" || user=$LOGNAME
+ \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix
. ${init.env}
. ${init.proxy}
@@ -160,14 +166,16 @@ let
init.args = pkgs.writeText "init.args" /* sh */ ''
args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \
-o Qs:t:u: \
- -l force-populate,quiet,system:,target:,user: \
+ -l force-populate,quiet,source:,system:,target:,user: \
-- "$@")
if \test $? != 0; then exit 1; fi
eval set -- "$args"
force_populate=false
+ source_file=
while :; do case $1 in
- --force-populate) force_populate=true; shift;;
+ --force-populate) force_populate=true; shift;;
-Q|--quiet) quiet=true; shift;;
+ --source) source_file=$2; shift 2;;
-s|--system) system=$2; shift 2;;
-t|--target) target=$2; shift 2;;
-u|--user) user=$2; shift 2;;
@@ -196,7 +204,6 @@ let
init.proxy = pkgs.writeText "init.proxy" /* sh */ ''
if \test "''${using_proxy-}" != true; then
- source_file=$user/1systems/$system/source.nix
source=$(get-source "$source_file")
qualified_target=$target_user@$target_host:$target_port$target_path
if \test "$force_populate" = true; then
@@ -269,7 +276,7 @@ in pkgs.stdenv.mkDerivation {
name = "stockholm";
shellHook = /* sh */ ''
export OLD_PATH="$PATH"
- export NIX_PATH=stockholm=$PWD:nixpkgs=${toString <nixpkgs>}
+ export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>}
if test -e /nix/var/nix/daemon-socket/socket; then
export NIX_REMOTE=daemon
fi