summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix10
-rw-r--r--lass/1systems/prism.nix12
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/2configs/websites/domsen.nix7
-rw-r--r--lass/5pkgs/default.nix1
-rw-r--r--lass/5pkgs/pop/default.nix10
-rw-r--r--makefu/1systems/darth.nix19
-rw-r--r--makefu/1systems/omo.nix6
-rw-r--r--makefu/1systems/shoney.nix14
-rw-r--r--makefu/1systems/vbob.nix20
-rw-r--r--makefu/2configs/binary-cache/lass.nix12
-rw-r--r--makefu/2configs/binary-cache/nixos.nix12
-rw-r--r--makefu/2configs/default.nix10
-rw-r--r--makefu/2configs/temp-share-samba.nix5
-rw-r--r--makefu/2configs/virtualization-virtualbox.nix11
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/forward-journal.nix50
-rw-r--r--makefu/5pkgs/awesomecfg/kiosk.lua6
-rw-r--r--makefu/5pkgs/default.nix2
-rw-r--r--makefu/5pkgs/git-xlsx-textconv/default.nix30
-rw-r--r--makefu/5pkgs/mergerfs/default.nix26
21 files changed, 235 insertions, 30 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e5cb0e7f6..d5537cf56 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -66,6 +66,16 @@ with config.krebs.lib;
};
};
};
+ honeydrive = { # vm on darth
+ nets = {
+ internet = { # via shoney
+ ip4.addr = "64.137.234.232";
+ aliases = [
+ "honeydrive.i"
+ ];
+ };
+ };
+ };
tsp = {
cores = 1;
nets = {
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 270bb6fc2..77d72a5ac 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -223,6 +223,18 @@ in {
mk_sql_pair
];
}
+ {
+ users.users.tv = {
+ uid = genid "tv";
+ home = "/home/tv";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index b8c50f1aa..81abff3ed 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -113,6 +113,7 @@ with config.krebs.lib;
#neat utils
krebspaste
pciutils
+ pop
psmisc
q
rs
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 8a2161e45..07df2e8de 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -78,6 +78,12 @@ in {
])
];
+ krebs.nginx.servers."ubikmedia.de".locations = [
+ (lib.nameValuePair "/piwik" ''
+ try_files $uri $uri/ /index.php?$args;
+ '')
+ ];
+
lass.mysqlBackup.config.all.databases = [
"ubikmedia_de"
"o_ubikmedia_de"
@@ -121,6 +127,7 @@ in {
options = ''
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
sendmail_path = "${sendmail} -t -i"
+ always_populate_raw_post_data = -1
'';
} ''
cat ${pkgs.php}/etc/php-recommended.ini > $out
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index c48188f9d..0beda7481 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -13,6 +13,7 @@
};
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {};
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {};
+ pop = pkgs.callPackage ./pop/default.nix {};
q = pkgs.callPackage ./q {};
rs = pkgs.callPackage ./rs/default.nix {};
untilport = pkgs.callPackage ./untilport/default.nix {};
diff --git a/lass/5pkgs/pop/default.nix b/lass/5pkgs/pop/default.nix
new file mode 100644
index 000000000..cec22e3b1
--- /dev/null
+++ b/lass/5pkgs/pop/default.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+pkgs.writeScriptBin "pop" ''
+ #! ${pkgs.bash}/bin/bash
+
+ file=$1
+
+ head -1 $file
+ sed -i 1d $file
+''
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index 5f1d6e121..87029a693 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -16,16 +16,32 @@ in {
../2configs/smart-monitor.nix
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
+
+ ../2configs/temp-share-samba.nix
];
+ services.samba.shares = {
+ isos = {
+ path = "/data/isos/";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
services.tinc.networks.siem = {
name = "sdarth";
extraConfig = "ConnectTo = sjump";
};
+
+ makefu.forward-journal = {
+ enable = true;
+ src = "10.8.10.2";
+ dst = "10.8.10.6";
+ };
+
#networking.firewall.enable = false;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
-
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking = {
@@ -33,6 +49,7 @@ in {
firewall = {
allowPing = true;
logRefusedConnections = false;
+ trustedInterfaces = [ "eno1" ];
allowedUDPPorts = [ 80 655 1655 67 ];
allowedTCPPorts = [ 80 655 1655 ];
};
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e71055f54..8c24e0ff5 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -75,6 +75,7 @@ in {
# HDD Array stuff
+ environment.systemPackages = [ pkgs.mergerfs ];
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
makefu.snapraid = let
@@ -129,7 +130,10 @@ in {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
-
+ users.users.misa = {
+ uid = 9002;
+ name = "misa";
+ };
hardware.enableAllFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 1fe8871d2..3a3ac9c7c 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -3,8 +3,9 @@ let
tinc-siem-ip = "10.8.10.1";
ip = "64.137.234.215";
- alt-ip = "64.137.234.210";
- extra-ip = "64.137.234.114"; #currently unused
+ alt-ip = "64.137.234.210"; # honeydrive honeyd
+ extra-ip1 = "64.137.234.114"; # floating tinc.siem
+ extra-ip2 = "64.137.234.232"; # honeydrive
gw = "64.137.234.1";
in {
imports = [
@@ -15,7 +16,7 @@ in {
];
-
+ environment.systemPackages = [ pkgs.honeyd ];
services.tinc.networks.siem.name = "sjump";
krebs = {
@@ -37,10 +38,15 @@ in {
};
};
};
+ makefu.forward-journal = {
+ enable = true;
+ src = "10.8.10.1";
+ dst = "10.8.10.6";
+ };
networking = {
interfaces.enp2s1.ip4 = [
{ address = ip; prefixLength = 24; }
- { address = alt-ip; prefixLength = 24; }
+ # { address = alt-ip; prefixLength = 24; }
];
defaultGateway = gw;
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 8b71b1393..3fcb173ce 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -5,23 +5,23 @@
imports =
[ # Include the results of the hardware scan.
../.
- <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+ (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
../2configs/main-laptop.nix #< base-gui
+ # (toString <secrets>)/extra-hosts.nix
# environment
];
- nixpkgs.config.allowUnfree = true;
+ # workaround for https://github.com/NixOS/nixpkgs/issues/16641
+ services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
+ nixpkgs.config.allowUnfree = true;
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
fsType = "ext4";
};
- fileSystems."/var/lib/docker" = {
- device ="/dev/disk/by-label/nix-docker";
- fsType = "ext4";
- };
- #makefu.buildbot.master.enable = true;
+
# allow vbob to deploy self
users.extraUsers = {
root = {
@@ -52,11 +52,7 @@
"gum"
];
};
-
- networking.extraHosts = ''
- 172.17.20.190 gitlab
- 172.17.62.27 svbittool01 tool
- '';
+ virtualisation.docker.enable = false;
fileSystems."/media/share" = {
fsType = "vboxsf";
diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix
new file mode 100644
index 000000000..4813eeb0f
--- /dev/null
+++ b/makefu/2configs/binary-cache/lass.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = [
+ "http://cache.prism.r"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ ];
+ };
+}
diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix
new file mode 100644
index 000000000..2ff5e1307
--- /dev/null
+++ b/makefu/2configs/binary-cache/nixos.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = [
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+ ];
+ };
+}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 58a537a2b..f3bf0c46e 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -2,8 +2,6 @@
with config.krebs.lib;
{
- system.stateVersion = "15.09";
-
imports = [
{
users.extraUsers =
@@ -11,6 +9,8 @@ with config.krebs.lib;
(import <secrets/hashedPasswords.nix>);
}
./vim.nix
+ ./binary-cache/nixos.nix
+ ./binary-cache/lass.nix
];
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
@@ -18,13 +18,14 @@ with config.krebs.lib;
enable = true;
dns.providers.siem = "hosts";
+ dns.providers.lan = "hosts";
search-domain = "retiolum";
build = {
user = config.krebs.users.makefu;
source = let inherit (config.krebs.build) host user; in {
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "63b9785"; # stable @ 2016-06-01
+ rev = "0546a4a"; # stable @ 2016-06-11
};
secrets.file =
if getEnv "dummy_secrets" == "true"
@@ -64,9 +65,6 @@ with config.krebs.lib;
programs.ssh = {
startAgent = false;
- extraConfig = ''
- UseRoaming no
- '';
};
services.openssh.enable = true;
nix.useChroot = true;
diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix
index 5f21e3bf7..0907c2dbf 100644
--- a/makefu/2configs/temp-share-samba.nix
+++ b/makefu/2configs/temp-share-samba.nix
@@ -1,9 +1,12 @@
{config, ... }:{
+ networking.firewall.allowedUDPPorts = [ 137 138 ];
+ networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
- home = "/var/empty";
+ home = "/home/share";
+ createHome = true;
};
services.samba = {
enable = true;
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
index aaabcd50e..2b4e24774 100644
--- a/makefu/2configs/virtualization-virtualbox.nix
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -2,8 +2,8 @@
let
mainUser = config.krebs.build.user;
- version = "5.0.6";
- rev = "103037";
+ version = "5.0.20";
+ rev = "106931";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
@@ -14,5 +14,10 @@ in {
nixpkgs.config.virtualbox.enableExtensionPack = true;
users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
- environment.systemPackages = [ vboxguestpkg ];
+ nixpkgs.config.packageOverrides = super: {
+ boot.kernelPackages = super.boot.kernelPackages.virtualbox.override {
+ buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
+ ++ [ vboxguestpkg ];
+ };
+ };
}
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 853bdca04..febebaa18 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -6,6 +6,7 @@ _:
./umts.nix
./taskserver.nix
./awesome-extra.nix
+ ./forward-journal.nix
];
}
diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix
new file mode 100644
index 000000000..26de3ffdd
--- /dev/null
+++ b/makefu/3modules/forward-journal.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.forward-journal;
+
+ out = {
+ options.makefu.forward-journal = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "forward journal via syslog";
+ src = mkOption {
+ type = types.str;
+ description = "syslog host identifier";
+ default = config.networking.hostName;
+ };
+ dst = mkOption {
+ type = types.str;
+ description = "syslog host identifier";
+ default = "";
+ };
+ proto = mkOption {
+ type = types.str;
+ default = "udp";
+ };
+ port = mkOption {
+ type = types.int;
+ description = "destination port";
+ default = 514;
+ };
+
+ };
+
+ imp = {
+ services.syslog-ng = {
+ enable = true;
+ extraConfig = ''
+ template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); };
+ source s_all { system(); internal(); };
+ destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); };
+ log { source(s_all); destination(d_loghost); };
+ '';
+ };
+ };
+
+in
+out
+
diff --git a/makefu/5pkgs/awesomecfg/kiosk.lua b/makefu/5pkgs/awesomecfg/kiosk.lua
index 81ec99225..ec255a8af 100644
--- a/makefu/5pkgs/awesomecfg/kiosk.lua
+++ b/makefu/5pkgs/awesomecfg/kiosk.lua
@@ -521,13 +521,15 @@ awful.rules.rules = {
}
-- awful.util.spawn_with_shell("chromium --new-window --kiosk https://www.checkpoint.com/ThreatPortal/livemap.html")
-awful.util.spawn_with_shell("chromium --new-window --kiosk http://wolf:3000/dashboard/db/soc-critical-values")
+--awful.util.spawn_with_shell("chromium --new-window --kiosk http://wolf:3000/dashboard/db/soc-critical-values")
-- awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://wolf:3000/dashboard/db/aralast")
--awful.util.spawn_with_shell("chromium --new-window --kiosk http://gast.aramark.de/thales-deutschland/menu/pdf/woche_de.php")
-awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://map.norsecorp.com")
+--awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://map.norsecorp.com")
--awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://threatmap.fortiguard.com")
+awful.util.spawn_with_shell("chromium --new-window --kiosk 'https://ossim.siem/ossim/#dashboard/overview/overview'")
+awful.util.spawn_with_shell("chromium --new-window --kiosk 'https://ossim.siem/ossim/#analysis/alarms/alarms'")
-- }}}
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index f6a6b674b..f94136c0b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -10,6 +10,8 @@ in
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
awesomecfg = callPackage ./awesomecfg {};
bintray-upload = callPackage ./bintray-upload {};
+ git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
+ mergerfs = callPackage ./mergerfs {};
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
diff --git a/makefu/5pkgs/git-xlsx-textconv/default.nix b/makefu/5pkgs/git-xlsx-textconv/default.nix
new file mode 100644
index 000000000..1f631f020
--- /dev/null
+++ b/makefu/5pkgs/git-xlsx-textconv/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, lib, goPackages, fetchFromGitHub }:
+let
+ go-xlsx = goPackages.buildGoPackage rec {
+ name = "go-xlsx-${version}";
+ version = "46e6e472d";
+
+ goPackagePath = "github.com/tealeg/xlsx";
+ src = fetchFromGitHub {
+ rev = version;
+ owner = "tealeg";
+ repo = "xlsx";
+ sha256 = "1vls05asms7azhyszbqpgdby9l45jpgisbzzmbrzi30n6cvs89zg";
+ };
+};
+in
+(goPackages.buildGoPackage rec {
+ name = "git-xlsx-textconv-${version}";
+ version = "70685e7f8";
+
+
+ goPackagePath = "github.com/tokuhirom/git-xlsx-textconv";
+
+ src = fetchFromGitHub {
+ rev = version;
+ owner = "tokuhirom";
+ repo = "git-xlsx-textconv";
+ sha256 = "055f3caj1y8v7sc2pz9q0dfyi2ij77d499pby4sjfvm5kjy9msdi";
+ };
+ propagatedBuildInputs = [ go-xlsx ];
+}).bin
diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix
new file mode 100644
index 000000000..64e8fc671
--- /dev/null
+++ b/makefu/5pkgs/mergerfs/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
+
+stdenv.mkDerivation rec {
+ name = "mergerfs-${version}";
+ version = "2.14.0";
+
+ # not using fetchFromGitHub because of changelog being built with git log
+ src = fetchgit {
+ url = "https://github.com/trapexit/mergerfs";
+ rev = "refs/tags/${version}";
+ sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm";
+ deepClone = true;
+ };
+
+ buildInputs = [ fuse pkgconfig which attr pandoc git ];
+
+ makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
+
+
+ meta = {
+ homepage = https://github.com/trapexit/mergerfs;
+ description = "a FUSE based union filesystem";
+ license = stdenv.lib.licenses.isc;
+ maintainers = [ stdenv.lib.maintainers.makefu ];
+ };
+}