summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/lass/default.nix4
-rw-r--r--krebs/3modules/tv/default.nix5
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/prism.nix5
-rw-r--r--lass/2configs/base.nix8
-rw-r--r--lass/2configs/downloading.nix12
-rw-r--r--lass/2configs/ts3.nix19
-rw-r--r--tv/1systems/mkdir.nix14
-rw-r--r--tv/1systems/nomic.nix14
-rw-r--r--tv/1systems/rmdir.nix14
-rw-r--r--tv/1systems/wu.nix25
-rw-r--r--tv/1systems/xu.nix24
-rw-r--r--tv/2configs/default.nix19
-rw-r--r--tv/2configs/xserver/default.nix6
14 files changed, 67 insertions, 103 deletions
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 0be166255..2ad4353bd 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -96,8 +96,8 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF";
+ ssh.privkey.path = <secrets/ssh.id_rsa>;
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
};
fastpoke = {
dc = "lass";
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 6c943de8f..6fd1c4224 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -159,7 +159,7 @@ with lib;
};
secure = true;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx";
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
ok = {
nets = {
@@ -277,7 +277,8 @@ with lib;
};
};
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
};
users = addNames rec {
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index b0b8ff573..7db3f8333 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -156,6 +156,7 @@
get
genid
teamspeak_client
+ hashPassword
];
#TODO: fix this shit
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 570cdfb7c..87334c3c2 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -8,6 +8,8 @@ in {
imports = [
../2configs/base.nix
../2configs/downloading.nix
+ ../2configs/git.nix
+ ../2configs/ts3.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -82,6 +84,9 @@ in {
#workaround for server dying after 6-7h
boot.kernelPackages = pkgs.linuxPackages_4_2;
}
+ {
+ nixpkgs.config.allowUnfree = true;
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 057af7bc4..11bc4f089 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -15,8 +15,8 @@ with lib;
{
users.extraUsers = {
root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
mainUser = {
@@ -28,8 +28,8 @@ with lib;
useDefaultShell = true;
extraGroups = [
];
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
};
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 553a3a557..e80b74007 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
-{
+
+let
+ rpc-password = import <secrets/transmission-pw.nix>;
+in {
imports = [
../3modules/folderPerms.nix
];
@@ -15,8 +18,8 @@ with lib;
extraGroups = [
"download"
];
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
@@ -46,8 +49,7 @@ with lib;
rpc-authentication-required = true;
rpc-whitelist-enabled = false;
rpc-username = "download";
- #add rpc-password in secrets
- rpc-password = "test123";
+ inherit rpc-password;
peer-port = 51413;
};
};
diff --git a/lass/2configs/ts3.nix b/lass/2configs/ts3.nix
new file mode 100644
index 000000000..5b92d0919
--- /dev/null
+++ b/lass/2configs/ts3.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+ services.teamspeak3 = {
+ enable = true;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ #voice port
+ { predicate = "-p tcp --dport 9987"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 9987"; target = "ACCEPT"; }
+ ##file transfer port
+ #{ predicate = "-p tcp --dport 30033"; target = "ACCEPT"; }
+ #{ predicate = "-p udp --dport 30033"; target = "ACCEPT"; }
+ ##query port
+ #{ predicate = "-p tcp --dport 10011"; target = "ACCEPT"; }
+ #{ predicate = "-p udp --dport 10011"; target = "ACCEPT"; }
+ ];
+}
diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix
index 55d83f8f3..6ae4f80e8 100644
--- a/tv/1systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -17,23 +17,9 @@ in
{
krebs.build.host = config.krebs.hosts.mkdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@${primary-addr4}";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/mkdir";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index c2bb4dc78..0c6c935a3 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -4,23 +4,9 @@ with lib;
{
krebs.build.host = config.krebs.hosts.nomic;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@nomic.gg23";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/nomic";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/AO753.nix
#../2configs/consul-server.nix
diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix
index 53f14d7df..1f1d975c9 100644
--- a/tv/1systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -17,23 +17,9 @@ in
{
krebs.build.host = config.krebs.hosts.rmdir;
- krebs.build.user = config.krebs.users.tv;
krebs.build.target = "root@rmdir.internet";
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/rmdir";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
-
imports = [
../2configs/hw/CAC-Developer-1.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 33292c608..ee529f3dc 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -4,24 +4,6 @@ with lib;
{
krebs.build.host = config.krebs.hosts.wu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@wu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- target-path = "/var/src/nixpkgs";
- };
- dir.secrets = {
- path = "/home/tv/secrets/wu";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- target-path = "/var/src/stockholm";
- };
- };
imports = [
../2configs/hw/w110er.nix
@@ -62,31 +44,24 @@ with lib;
bind # dig
cac
dic
- ff
file
get
- gitAndTools.qgit
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol
posix_man_pages
- pssh
push
qrencode
- sxiv
texLive
tmux
- zathura
#ack
#apache-httpd
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 607f89aea..32688aaed 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -4,22 +4,6 @@ with lib;
{
krebs.build.host = config.krebs.hosts.xu;
- krebs.build.user = config.krebs.users.tv;
-
- krebs.build.target = "root@xu";
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "c44a593aa43bba6a0708f6f36065a514a5110613";
- };
- dir.secrets = {
- path = "/home/tv/secrets/xu";
- };
- dir.stockholm = {
- path = "/home/tv/stockholm";
- };
- };
imports = [
../2configs/hw/x220.nix
@@ -60,29 +44,23 @@ with lib;
bind # dig
#cac
dic
- ff
file
- gitAndTools.qgit #xserver
gnupg21
haskellPackages.hledger
htop
jq
manpages
mkpasswd
- mpv #xserver
netcat
nix-repl
nmap
nq
p7zip
- pavucontrol #xserver
+ pass
posix_man_pages
- #pssh
qrencode
- sxiv #xserver
texLive
tmux
- zathura #xserver
#ack
#apache-httpd
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d3f4eed0d..d31862b60 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -5,6 +5,25 @@ with lib;
{
krebs.enable = true;
+ krebs.build = {
+ user = config.krebs.users.tv;
+ target = mkDefault "root@${config.krebs.build.host.name}";
+ source = {
+ git.nixpkgs = {
+ url = mkDefault https://github.com/NixOS/nixpkgs;
+ rev = mkDefault "c44a593aa43bba6a0708f6f36065a514a5110613";
+ target-path = mkDefault "/var/src/nixpkgs";
+ };
+ dir.secrets = {
+ path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
+ };
+ dir.stockholm = {
+ path = mkDefault "/home/tv/stockholm";
+ target-path = mkDefault "/var/src/stockholm";
+ };
+ };
+ };
+
networking.hostName = config.krebs.build.host.name;
imports = [
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index df00203be..7a48db6b8 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -34,7 +34,13 @@ let
};
environment.systemPackages = [
+ pkgs.ff
+ pkgs.gitAndTools.qgit
+ pkgs.mpv
+ pkgs.pavucontrol
pkgs.slock
+ pkgs.sxiv
+ pkgs.zathura
];
security.setuidPrograms = [