diff options
-rw-r--r-- | krebs/3modules/lass/default.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 5 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 1 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 5 | ||||
-rw-r--r-- | lass/2configs/base.nix | 8 | ||||
-rw-r--r-- | lass/2configs/downloading.nix | 12 | ||||
-rw-r--r-- | lass/2configs/ts3.nix | 19 | ||||
-rw-r--r-- | tv/1systems/mkdir.nix | 14 | ||||
-rw-r--r-- | tv/1systems/nomic.nix | 14 | ||||
-rw-r--r-- | tv/1systems/rmdir.nix | 14 | ||||
-rw-r--r-- | tv/1systems/wu.nix | 25 | ||||
-rw-r--r-- | tv/1systems/xu.nix | 24 | ||||
-rw-r--r-- | tv/2configs/default.nix | 19 | ||||
-rw-r--r-- | tv/2configs/xserver/default.nix | 6 |
14 files changed, 67 insertions, 103 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0be166255..2ad4353bd 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -96,8 +96,8 @@ in { ''; }; }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF"; + ssh.privkey.path = <secrets/ssh.id_rsa>; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; fastpoke = { dc = "lass"; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 6c943de8f..6fd1c4224 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -159,7 +159,7 @@ with lib; }; secure = true; ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; ok = { nets = { @@ -277,7 +277,8 @@ with lib; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw"; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; }; users = addNames rec { diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index b0b8ff573..7db3f8333 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -156,6 +156,7 @@ get genid teamspeak_client + hashPassword ]; #TODO: fix this shit diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 570cdfb7c..87334c3c2 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -8,6 +8,8 @@ in { imports = [ ../2configs/base.nix ../2configs/downloading.nix + ../2configs/git.nix + ../2configs/ts3.nix { users.extraGroups = { # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories @@ -82,6 +84,9 @@ in { #workaround for server dying after 6-7h boot.kernelPackages = pkgs.linuxPackages_4_2; } + { + nixpkgs.config.allowUnfree = true; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 057af7bc4..11bc4f089 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -15,8 +15,8 @@ with lib; { users.extraUsers = { root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; mainUser = { @@ -28,8 +28,8 @@ with lib; useDefaultShell = true; extraGroups = [ ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; }; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 553a3a557..e80b74007 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,7 +1,10 @@ { config, lib, pkgs, ... }: with lib; -{ + +let + rpc-password = import <secrets/transmission-pw.nix>; +in { imports = [ ../3modules/folderPerms.nix ]; @@ -15,8 +18,8 @@ with lib; extraGroups = [ "download" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/lass.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey ]; }; @@ -46,8 +49,7 @@ with lib; rpc-authentication-required = true; rpc-whitelist-enabled = false; rpc-username = "download"; - #add rpc-password in secrets - rpc-password = "test123"; + inherit rpc-password; peer-port = 51413; }; }; diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix new file mode 100644 index 000000000..5b92d0919 --- /dev/null +++ b/lass/2configs/ts3.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + services.teamspeak3 = { + enable = true; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + #voice port + { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; } + { predicate = "-p udp --dport 9987"; target = "ACCEPT"; } + ##file transfer port + #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; } + ##query port + #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; } + #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; } + ]; +} diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 55d83f8f3..6ae4f80e8 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -17,23 +17,9 @@ in { krebs.build.host = config.krebs.hosts.mkdir; - krebs.build.user = config.krebs.users.tv; krebs.build.target = "root@${primary-addr4}"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/mkdir"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index c2bb4dc78..0c6c935a3 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -4,23 +4,9 @@ with lib; { krebs.build.host = config.krebs.hosts.nomic; - krebs.build.user = config.krebs.users.tv; krebs.build.target = "root@nomic.gg23"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/nomic"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/AO753.nix #../2configs/consul-server.nix diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index 53f14d7df..1f1d975c9 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -17,23 +17,9 @@ in { krebs.build.host = config.krebs.hosts.rmdir; - krebs.build.user = config.krebs.users.tv; krebs.build.target = "root@rmdir.internet"; - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/rmdir"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; - imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 33292c608..ee529f3dc 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -4,24 +4,6 @@ with lib; { krebs.build.host = config.krebs.hosts.wu; - krebs.build.user = config.krebs.users.tv; - - krebs.build.target = "root@wu"; - - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - target-path = "/var/src/nixpkgs"; - }; - dir.secrets = { - path = "/home/tv/secrets/wu"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - target-path = "/var/src/stockholm"; - }; - }; imports = [ ../2configs/hw/w110er.nix @@ -62,31 +44,24 @@ with lib; bind # dig cac dic - ff file get - gitAndTools.qgit gnupg21 haskellPackages.hledger htop jq manpages mkpasswd - mpv netcat nix-repl nmap nq p7zip - pavucontrol posix_man_pages - pssh push qrencode - sxiv texLive tmux - zathura #ack #apache-httpd diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 607f89aea..32688aaed 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -4,22 +4,6 @@ with lib; { krebs.build.host = config.krebs.hosts.xu; - krebs.build.user = config.krebs.users.tv; - - krebs.build.target = "root@xu"; - - krebs.build.source = { - git.nixpkgs = { - url = https://github.com/NixOS/nixpkgs; - rev = "c44a593aa43bba6a0708f6f36065a514a5110613"; - }; - dir.secrets = { - path = "/home/tv/secrets/xu"; - }; - dir.stockholm = { - path = "/home/tv/stockholm"; - }; - }; imports = [ ../2configs/hw/x220.nix @@ -60,29 +44,23 @@ with lib; bind # dig #cac dic - ff file - gitAndTools.qgit #xserver gnupg21 haskellPackages.hledger htop jq manpages mkpasswd - mpv #xserver netcat nix-repl nmap nq p7zip - pavucontrol #xserver + pass posix_man_pages - #pssh qrencode - sxiv #xserver texLive tmux - zathura #xserver #ack #apache-httpd diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index d3f4eed0d..d31862b60 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -5,6 +5,25 @@ with lib; { krebs.enable = true; + krebs.build = { + user = config.krebs.users.tv; + target = mkDefault "root@${config.krebs.build.host.name}"; + source = { + git.nixpkgs = { + url = mkDefault https://github.com/NixOS/nixpkgs; + rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613"; + target-path = mkDefault "/var/src/nixpkgs"; + }; + dir.secrets = { + path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}"; + }; + dir.stockholm = { + path = mkDefault "/home/tv/stockholm"; + target-path = mkDefault "/var/src/stockholm"; + }; + }; + }; + networking.hostName = config.krebs.build.host.name; imports = [ diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index df00203be..7a48db6b8 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -34,7 +34,13 @@ let }; environment.systemPackages = [ + pkgs.ff + pkgs.gitAndTools.qgit + pkgs.mpv + pkgs.pavucontrol pkgs.slock + pkgs.sxiv + pkgs.zathura ]; security.setuidPrograms = [ |