summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/bepasty-server.nix50
-rw-r--r--krebs/3modules/lass/default.nix32
-rw-r--r--krebs/3modules/lass/ssh/icarus.rsa1
-rw-r--r--krebs/3modules/makefu/default.nix25
-rw-r--r--krebs/3modules/rtorrent.nix54
-rw-r--r--krebs/3modules/tinc_graphs.nix75
-rw-r--r--krebs/5pkgs/rutorrent/default.nix6
-rw-r--r--lass/1systems/helios.nix1
-rw-r--r--lass/1systems/icarus.nix59
-rw-r--r--lass/1systems/mors.nix18
-rw-r--r--lass/1systems/prism.nix1
-rw-r--r--lass/2configs/buildbot-standalone.nix2
-rw-r--r--lass/2configs/default.nix1
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--lass/2configs/power-action.nix4
-rw-r--r--lass/2configs/weechat.nix1
-rw-r--r--lass/2configs/zsh.nix1
-rw-r--r--makefu/1systems/fileleech.nix111
-rw-r--r--makefu/1systems/gum.nix10
-rw-r--r--makefu/1systems/omo.nix11
-rw-r--r--makefu/1systems/shoney.nix11
-rw-r--r--makefu/1systems/wry.nix29
-rw-r--r--makefu/2configs/bepasty-dual.nix39
-rw-r--r--makefu/2configs/default.nix2
-rw-r--r--makefu/2configs/deployment/mycube.connector.one.nix15
-rw-r--r--makefu/2configs/disable_v6.nix1
-rw-r--r--makefu/2configs/elchos/irc-token.nix62
-rw-r--r--makefu/2configs/elchos/log.nix56
-rw-r--r--makefu/2configs/elchos/search.nix143
-rw-r--r--makefu/2configs/elchos/stats.nix86
-rw-r--r--makefu/2configs/elchos/test/ftpservers.nix7
-rw-r--r--makefu/2configs/main-laptop.nix12
-rw-r--r--makefu/2configs/nginx/euer.blog.nix29
-rw-r--r--makefu/2configs/nginx/euer.test.nix14
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix84
-rw-r--r--makefu/2configs/nginx/icecult.nix20
-rw-r--r--makefu/2configs/nginx/public_html.nix17
-rw-r--r--makefu/2configs/nginx/update.connector.one.nix30
-rw-r--r--makefu/2configs/omo-share.nix38
-rw-r--r--makefu/2configs/torrent.nix7
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/server-config.nix10
-rw-r--r--makefu/6tests/data/secrets/auth.nix3
-rw-r--r--makefu/6tests/data/secrets/authfile1
44 files changed, 676 insertions, 506 deletions
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 50e04cf80..4e035e725 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -22,6 +22,16 @@ let
servers = mkOption {
type = with types; attrsOf optionSet;
+ example = ''
+ {
+ "paste.r" = {
+ defaultPermissions = "read,delete,create";
+ };
+ "paste.krebsco.de" = {
+ defaultPermissions = "read";
+ };
+ }
+ '';
options = singleton {
nginx = mkOption {
# TODO use the correct type
@@ -30,7 +40,6 @@ let
additional nginx configuration. see krebs.nginx for all options
'';
};
-
secretKey = mkOption {
type = types.str;
description = ''
@@ -39,6 +48,7 @@ let
default = "";
};
+
# we create a wsgi socket in $workDir/gunicorn-${name}.wsgi
workDir = mkOption {
type = types.str;
@@ -143,25 +153,25 @@ let
};
nginx-imp = {
- assertions = [{ assertion = config.krebs.nginx.enable;
- message = "krebs.nginx.enable must be true"; }];
-
- krebs.nginx.servers = mapAttrs' (name: server:
- nameValuePair("bepasty-server-${name}")
- (mkMerge [ server.nginx {
- extraConfig = ''
- client_max_body_size 32M;
- '';
- locations = [
- (nameValuePair "/" ''
- proxy_set_header Host $http_host;
- proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
- '')
- (nameValuePair "/static/" ''
- alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
- '')
- ];
- }])) cfg.servers ;
+ assertions = [{ assertion = config.services.nginx.enable;
+ message = "services.nginx.enable must be true"; }];
+
+ services.nginx.virtualHosts = mapAttrs ( name: server:
+ (mkMerge [
+ server.nginx
+ {
+ extraConfig = ''
+ client_max_body_size 32M;
+ '';
+ locations = {
+ "/".extraConfig = "proxy_set_header Host $http_host;";
+ "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock";
+ "/static/".extraConfig = ''
+ alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
+ '';
+ };
+ }])
+ ) cfg.servers ;
};
in
out
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 5af1e37cd..2d1819dee 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -202,6 +202,7 @@ with import <stockholm/lib>;
"mors.retiolum"
"mors.r"
"cgit.mors.retiolum"
+ "cgit.mors.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -273,6 +274,33 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C";
};
+ icarus = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.133.114";
+ ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1214";
+ aliases = [
+ "icarus.retiolum"
+ "icarus.r"
+ "cgit.icarus.retiolum"
+ "cgit.icarus.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAydCY+IWzF8DocCNzPiUM+xccbiDTWS/+r2le812+O4r+sUojXuzr
+ Q4CeN+pi2SZHEOiRm3jO8sOkGlv4I1WGs/nOu5Beb4/8wFH6wbm4cqXTqH/qFwCK
+ 7+9Bke8TUaoDj9E4ol9eyOx6u8Cto3ZRAUi6m1ilrfs1szFGS5ZX7mxI73uhki6t
+ k6Zb5sa9G8WLcLPIN7tk3Nd0kofd/smwxSN0mXoTgbAf1DZ3Fnkgox/M5VnwpPW7
+ zLzbWNFyLIgDGbQ5vZBlJW7c4O0KrMlftvEQ80GeZXaKNt6UK7LSAQ4Njn+8sXTt
+ gl0Dx29bSPU3L8udj0Vu6ul7CiQ5bZzUCQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
+ };
};
users = {
@@ -294,6 +322,10 @@ with import <stockholm/lib>;
pubkey = builtins.readFile ./ssh/shodan.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
};
+ lass-icarus = {
+ mail = "lass@icarus.retiolum";
+ pubkey = builtins.readFile ./ssh/icarus.rsa;
+ };
fritz = {
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
};
diff --git a/krebs/3modules/lass/ssh/icarus.rsa b/krebs/3modules/lass/ssh/icarus.rsa
new file mode 100644
index 000000000..da99fcfdf
--- /dev/null
+++ b/krebs/3modules/lass/ssh/icarus.rsa
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz97C5WVGXgKZ3I7FMvL4TyUv+0rsrSOGI7jj5uQaaHx0SSR0V4tnZtv2hXYrfnkaPHwu2PYUeeUdMBHfbZS6l2dmaXRI9f2WG7182G3IUskMktpi84DMyh0kwK2pWmHoS+Kwo//q+lu4WXIRy4X5wVMVpPT1Oc7boDtqJt4rK8uZkuVmVzGi+5SFaBxspCsdZsX/uDWOeC4/U2l+2Pd4YYl8UdmgN3bJceKTwqKIcbK7AL91My0jrnRSU6XLuED0hcVKzjkjc6bcj1R+Mlch9cflsMQV8TfT6p7VGGvUOtVwhG1+CjraHfilzFn76wINClsQXF/ncKrGabTEWO3zTi12ukAzL2/B0IB0q61tror9uYqeI74WgLjwhnuF98hUL7hnqgV3KB1ytpt6yzXqf1Uz784z9dh0n9r0fLTkeTDbJ4uOz1XzpmAMRwuo0o7/Op7rRBLHohu2Tp6AV8sISKJN5hDGe0wD6861pH9ZrRBiUux6uylzfWp2qrZmERnk0brBl+oDQNhKs3Z0CZmLG4DZWMc5pxpQ5751/8bb6nEorg2ulDZ/h+G3myC+9Zbc/owb/HHOGOBMEpyYYYMvYAfchu50e4xtHd+wMqzFxzjfcM7u6dTdyDEXi6+TFXKBEZyvaAhW2J27HKj4iK6Td2GyK59myPG6OtCnIbw9BPw== lass@icarus
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index ff187b878..c85bf1ccd 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -26,6 +26,31 @@ with import <stockholm/lib>;
};
};
};
+ fileleech = rec {
+ cores = 4;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.113.98";
+ ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
+ aliases = [
+ "fileleech.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
+ 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
+ YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
+ nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
+ e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
+ UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
pnp = {
cores = 1;
nets = {
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index bcc52fb6e..0c478aded 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -73,22 +73,23 @@ let
# authentication also applies to rtorrent.rutorrent
enable = mkEnableOption "rtorrent nginx web RPC";
- listenAddress = mkOption {
- type = types.str;
+ port = mkOption {
+ type = types.nullOr types.int;
description =''
- nginx listen address for rtorrent web
+ nginx listen port for rtorrent
'';
- default = "localhost:8006";
+ default = 8006;
};
- enableAuth = mkEnableOption "rutorrent authentication";
- authfile = mkOption {
- type = types.path;
+ basicAuth = mkOption {
+ type = types.attrsOf types.str ;
description = ''
- basic authentication file to be used.
- Use `${pkgs.apacheHttpd}/bin/htpasswd -c <file> <username>` to create the file.
- Only in use if authentication is enabled.
+ basic authentication to be used. If unset, no authentication will be
+ enabled.
+
+ Refer to `services.nginx.virtualHosts.<name>.basicAuth`
'';
+ default = {};
};
};
@@ -104,7 +105,6 @@ let
default = pkgs.rutorrent;
};
-
webdir = mkOption {
type = types.path;
description = ''
@@ -286,36 +286,28 @@ let
};
rpcweb-imp = {
- krebs.nginx.enable = mkDefault true;
- krebs.nginx.servers.rtorrent = {
- listen = [ webcfg.listenAddress ];
- server-names = [ "default" ];
- extraConfig = ''
- ${optionalString webcfg.enableAuth ''
- auth_basic "rtorrent";
- auth_basic_user_file ${webcfg.authfile};
- ''}
- ${optionalString rucfg.enable ''
- root ${webdir};
- ''}
- '';
- locations = [
- (nameValuePair "/RPC2" ''
+ services.nginx.enable = mkDefault true;
+ services.nginx.virtualHosts.rtorrent = {
+ default = mkDefault true;
+ inherit (webcfg) basicAuth port;
+ root = optionalString rucfg.enable webdir;
+
+ locations = {
+ "/RPC2".extraConfig = ''
include ${pkgs.nginx}/conf/scgi_params;
scgi_param SCRIPT_NAME /RPC2;
scgi_pass unix:${cfg.xmlrpc-socket};
- '')
- ] ++ (optional rucfg.enable
- (nameValuePair "~ \.php$" ''
+ '';
+ } // (optionalAttrs rucfg.enable {
+ "~ \.php$".extraConfig = ''
client_max_body_size 200M;
- root ${webdir};
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm-socket};
try_files $uri =404;
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
- '')
+ ''; }
);
};
};
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 26a51de00..197835e73 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -35,35 +35,28 @@ let
nginx = {
enable = mkEnableOption "enable tinc_graphs to be served with nginx";
- anonymous = {
- server-names = mkOption {
- type = with types; listOf str;
- description = "hostnames which serve anonymous graphs";
- default = [ "graphs.${config.krebs.build.host.name}" ];
- };
-
- listen = mkOption {
- # use the type of the nginx listen option
- type = with types; listOf str;
- description = "listen address for anonymous graphs";
- default = [ "80" ];
- };
-
+ anonymous = mkOption {
+ type = types.attrsOf types.unspecified;
+ description = ''
+ nginx virtualHost options to be merged into the anonymous graphs
+ vhost entry.
+ '';
+ };
+ anonymous-domain = mkOption {
+ type = types.str;
+ description = ''
+ external domainname to be used for anonymous graphs
+ it will be used if you want to enable ACME
+ '';
+ default = "graphs.krebsco.de";
};
- complete = {
- server-names = mkOption {
- type = with types; listOf str;
- description = "hostname which serves complete graphs";
- default = [ "graphs.${config.krebs.build.host.name}" ];
- };
-
- listen = mkOption {
- type = with types; listOf str;
- description = "listen address for complete graphs";
- default = [ "127.0.0.1:80" ];
- };
-
+ complete = mkOption {
+ type = types.attrsOf types.unspecified;
+ description = ''
+ nginx virtualHost options to be merged into the complete graphs
+ vhost entry.
+ '';
};
};
@@ -134,24 +127,20 @@ let
uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
- krebs.nginx = mkIf cfg.nginx.enable {
+ services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true;
- servers = {
+ virtualHosts = {
tinc_graphs_complete = mkMerge [ cfg.nginx.complete {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${internal_dir};
- '')
- ];
- }] ;
- tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
- locations = [
- (nameValuePair "/" ''
- autoindex on;
- root ${external_dir};
- '')
- ];
+ locations = {
+ "/".extraConfig = "autoindex on;";
+ "/".root = internal_dir;
+ };
+ }];
+ "${cfg.nginx.anonymous-domain}" = mkMerge [ cfg.nginx.anonymous {
+ locations = {
+ "/".extraConfig = "autoindex on;";
+ "/".root = external_dir;
+ };
}];
};
};
diff --git a/krebs/5pkgs/rutorrent/default.nix b/krebs/5pkgs/rutorrent/default.nix
index 5a2259552..1084e7ce7 100644
--- a/krebs/5pkgs/rutorrent/default.nix
+++ b/krebs/5pkgs/rutorrent/default.nix
@@ -1,11 +1,11 @@
{ pkgs, ... }:
pkgs.stdenv.mkDerivation {
- name = "rutorrent-src-3.7";
+ name = "rutorrent-src_2016-12-09";
src = pkgs.fetchFromGitHub {
owner = "Novik";
repo = "rutorrent";
- rev = "b727523a153454d4976f04b0c47336ae57cc50d5";
- sha256 = "0s5wa0jnck781amln9c2p4pc0i5mq3j5693ra151lnwhz63aii4a";
+ rev = "580bba8c538b55c1f75f3ad65310ff4ff2a153f7";
+ sha256 = "1d9lgrzipy58dnx88z393p152kx6lki0x4aw40k8w9awsci4cx7p";
};
phases = [ "installPhase" ];
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 4472816e3..298c9083d 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -30,6 +30,7 @@ with import <stockholm/lib>;
networking.wireless.enable = true;
hardware.pulseaudio = {
enable = true;
+ systemWide = true;
};
users.users.ferret = {
uid = genid "ferret";
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
new file mode 100644
index 000000000..9a6654648
--- /dev/null
+++ b/lass/1systems/icarus.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ imports = [
+ ../.
+ ../2configs/retiolum.nix
+ ../2configs/hw/tp-x220.nix
+ ../2configs/baseX.nix
+ ../2configs/git.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/browsers.nix
+ ../2configs/programs.nix
+ ../2configs/fetchWallpaper.nix
+ ../2configs/backups.nix
+ #{
+ # users.extraUsers = {
+ # root = {
+ # openssh.authorizedKeys.keys = map readFile [
+ # ../../krebs/Zpubkeys/uriel.ssh.pub
+ # ];
+ # };
+ # };
+ #}
+ ];
+
+ krebs.build.host = config.krebs.hosts.icarus;
+
+ boot = {
+ loader.grub.enable = true;
+ loader.grub.version = 2;
+ loader.grub.device = "/dev/sda";
+
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
+ initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
+ #kernelModules = [ "kvm-intel" "msr" ];
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/pool/nix";
+ fsType = "btrfs";
+ };
+
+ "/boot" = {
+ device = "/dev/sda1";
+ };
+ "/tmp" = {
+ device = "tmpfs";
+ fsType = "tmpfs";
+ options = ["nosuid" "nodev" "noatime"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 594f342db..4553cc15b 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -68,11 +68,19 @@ with import <stockholm/lib>;
{
krebs.nginx = {
enable = true;
- servers.default.locations = [
- (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '')
- ];
+ servers.default = {
+ server-names = [
+ "localhost"
+ "${config.krebs.build.host.name}"
+ "${config.krebs.build.host.name}.r"
+ "${config.krebs.build.host.name}.retiolum"
+ ];
+ locations = [
+ (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '')
+ ];
+ };
};
}
{
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 269f94526..6c11a2f62 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -230,6 +230,7 @@ in {
}
{
virtualisation.libvirtd.enable = true;
+ users.users.mainUser.extraGroups = [ "libvirtd" ];
}
];
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 72cd66420..7057d0c3d 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -102,7 +102,7 @@ in {
]
)
- for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
+ for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 21a2ec038..900dd36b3 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -32,6 +32,7 @@ with import <stockholm/lib>;
createHome = true;
useDefaultShell = true;
extraGroups = [
+ "audio"
"fuse"
];
openssh.authorizedKeys.keys = [
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 57950e1b7..ded0922b8 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -75,7 +75,7 @@ let
with git // config.krebs.users;
repo:
singleton {
- user = [ lass lass-uriel ];
+ user = [ lass lass-shodan ];
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
} ++
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
index c83dc80dc..f22bf451a 100644
--- a/lass/2configs/power-action.nix
+++ b/lass/2configs/power-action.nix
@@ -14,8 +14,8 @@ in {
krebs.power-action = {
enable = true;
plans.low-battery = {
- upperLimit = 30;
- lowerLimit = 25;
+ upperLimit = 10;
+ lowerLimit = 15;
charging = false;
action = pkgs.writeDash "warn-low-battery" ''
${speak "power level low"}
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index ae07b9a2e..1e5f2d177 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -16,6 +16,7 @@ in {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
+ config.krebs.users.lass-icarus.pubkey
];
};
diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix
index aa159be07..442a1d4d9 100644
--- a/lass/2configs/zsh.nix
+++ b/lass/2configs/zsh.nix
@@ -118,4 +118,5 @@
fi
'';
};
+ users.users.${config.krebs.build.user.name}.shell = "/run/current-system/sw/bin/zsh";
}
diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix
new file mode 100644
index 000000000..1eac141dc
--- /dev/null
+++ b/makefu/1systems/fileleech.nix
@@ -0,0 +1,111 @@
+{ config, pkgs, lib, ... }:
+let
+ toMapper = id: "/media/crypt${builtins.toString id}";
+ byid = dev: "/dev/disk/by-id/" + dev;
+ keyFile = byid "usb-Intuix_DiskOnKey_09A07360336198F8-0:0";
+ rootDisk = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
+ rootPartition = rootDisk + "-part3";
+
+ dataDisks = let
+ idpart = dev: byid dev + "-part1";
+ in [
+ { name = "crypt0"; device = idpart "scsi-1ATA_HUA722020ALA330_B9GDLJEF";}
+ { name