summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jeschli/1systems/bln/config.nix19
-rw-r--r--jeschli/1systems/bln/hardware-configuration.nix2
-rw-r--r--jeschli/2configs/xserver/Xresources.nix4
-rw-r--r--jeschli/2configs/xserver/default.nix2
-rw-r--r--jeschli/2configs/zsh.nix4
-rw-r--r--krebs/0tests/data/secrets/grafana_security.nix (renamed from krebs/6tests/data/secrets/grafana_security.nix)0
-rw-r--r--krebs/0tests/data/secrets/hashedPasswords.nix (renamed from krebs/6tests/data/secrets/hashedPasswords.nix)0
-rw-r--r--krebs/0tests/data/secrets/retiolum.rsa_key.priv (renamed from krebs/6tests/data/secrets/retiolum.rsa_key.priv)0
-rw-r--r--krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix (renamed from krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix)0
-rw-r--r--krebs/0tests/data/secrets/ssh.id_ed25519 (renamed from krebs/6tests/data/secrets/ssh.id_ed25519)0
-rw-r--r--krebs/0tests/data/test-config.nix (renamed from krebs/6tests/data/test-config.nix)0
-rw-r--r--krebs/0tests/data/test-source.nix (renamed from krebs/6tests/data/test-source.nix)0
-rw-r--r--krebs/0tests/default.nix (renamed from krebs/6tests/default.nix)0
-rw-r--r--krebs/0tests/deploy.nix (renamed from krebs/6tests/deploy.nix)2
-rw-r--r--krebs/1systems/hope/config.nix41
-rw-r--r--krebs/1systems/hope/source.nix3
-rw-r--r--krebs/3modules/ci.nix2
-rw-r--r--krebs/3modules/krebs/default.nix32
-rw-r--r--krebs/3modules/lass/default.nix42
-rw-r--r--krebs/3modules/lass/pgp/blue.pgp51
-rw-r--r--krebs/3modules/lass/pgp/icarus.pgp51
-rw-r--r--krebs/3modules/lass/ssh/blue.rsa1
-rw-r--r--krebs/5pkgs/simple/kops.nix7
-rw-r--r--krebs/5pkgs/simple/krops.nix7
-rw-r--r--krebs/5pkgs/simple/thesauron/default.nix7
-rw-r--r--krebs/kops.nix4
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/blue/config.nix41
-rw-r--r--lass/1systems/blue/physical.nix8
-rw-r--r--lass/1systems/blue/source.nix4
-rw-r--r--lass/1systems/cabal/config.nix16
-rw-r--r--lass/1systems/cabal/physical.nix12
-rw-r--r--lass/1systems/daedalus/config.nix15
-rw-r--r--lass/1systems/daedalus/physical.nix20
-rw-r--r--lass/1systems/dishfire/config.nix34
-rw-r--r--lass/1systems/dishfire/physical.nix39
-rw-r--r--lass/1systems/helios/config.nix56
-rw-r--r--lass/1systems/helios/physical.nix64
-rw-r--r--lass/1systems/icarus/config.nix22
-rw-r--r--lass/1systems/icarus/physical.nix20
-rw-r--r--lass/1systems/littleT/config.nix15
-rw-r--r--lass/1systems/littleT/physical.nix7
-rw-r--r--lass/1systems/mors/config.nix44
-rw-r--r--lass/1systems/mors/physical.nix44
-rw-r--r--lass/1systems/prism/config.nix147
-rw-r--r--lass/1systems/prism/physical.nix85
-rw-r--r--lass/1systems/red/config.nix3
-rw-r--r--lass/1systems/red/physical.nix8
-rw-r--r--lass/1systems/shodan/config.nix42
-rw-r--r--lass/1systems/shodan/physical.nix47
-rw-r--r--lass/1systems/skynet/config.nix15
-rw-r--r--lass/1systems/skynet/physical.nix12
-rw-r--r--lass/1systems/uriel/config.nix55
-rw-r--r--lass/1systems/uriel/physical.nix59
-rw-r--r--lass/1systems/xerxes/config.nix24
-rw-r--r--lass/1systems/xerxes/physical.nix29
-rw-r--r--lass/2configs/AP.nix22
-rw-r--r--lass/2configs/IM.nix73
-rw-r--r--lass/2configs/backup.nix1
-rw-r--r--lass/2configs/baseX.nix11
-rw-r--r--lass/2configs/bitlbee.nix15
-rw-r--r--lass/2configs/blue-host.nix22
-rw-r--r--lass/2configs/blue.nix55
-rw-r--r--lass/2configs/container-networking.nix15
-rw-r--r--lass/2configs/default.nix6
-rw-r--r--lass/2configs/exim-smarthost.nix5
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/git.nix12
-rw-r--r--lass/2configs/libvirt.nix3
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix1
-rw-r--r--lass/2configs/steam.nix2
-rw-r--r--lass/2configs/websites/domsen.nix15
-rw-r--r--lass/2configs/websites/util.nix16
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/nichtparasoup.nix48
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix2
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix4
-rw-r--r--lass/5pkgs/nichtparasoup/default.nix15
-rw-r--r--lass/5pkgs/nichtparasoup/exception.patch13
-rw-r--r--lass/kops.nix2
-rw-r--r--lass/source.nix2
-rw-r--r--makefu/0tests/data/secrets/auth.nix (renamed from makefu/6tests/data/secrets/auth.nix)0
-rw-r--r--makefu/0tests/data/secrets/bepasty-secret.nix (renamed from makefu/6tests/data/secrets/bepasty-secret.nix)0
-rw-r--r--makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname (renamed from makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname)0
-rw-r--r--makefu/0tests/data/secrets/daemon-pw (renamed from makefu/6tests/data/secrets/daemon-pw)0
-rw-r--r--makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix (renamed from makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix)0
-rw-r--r--makefu/0tests/data/secrets/extra-hosts.nix (renamed from makefu/6tests/data/secrets/extra-hosts.nix)0
-rw-r--r--makefu/0tests/data/secrets/grafana_security.nix (renamed from makefu/6tests/data/secrets/grafana_security.nix)0
-rw-r--r--makefu/0tests/data/secrets/hashedPasswords.nix (renamed from makefu/6tests/data/secrets/hashedPasswords.nix)0
-rw-r--r--makefu/0tests/data/secrets/iodinepw.nix (renamed from makefu/6tests/data/secrets/iodinepw.nix)0
-rw-r--r--makefu/0tests/data/secrets/kibana-auth.nix (renamed from makefu/6tests/data/secrets/kibana-auth.nix)0
-rw-r--r--makefu/0tests/data/secrets/nsupdate-data.nix (renamed from makefu/6tests/data/secrets/nsupdate-data.nix)0
-rw-r--r--makefu/0tests/data/secrets/nsupdate-search.nix (renamed from makefu/6tests/data/secrets/nsupdate-search.nix)0
-rw-r--r--makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv (renamed from makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv)0
-rw-r--r--makefu/0tests/data/secrets/retiolum.rsa_key.priv (renamed from makefu/6tests/data/secrets/retiolum.rsa_key.priv)0
-rw-r--r--makefu/0tests/data/secrets/retiolum.rsa_key.pub (renamed from makefu/6tests/data/secrets/retiolum.rsa_key.pub)0
-rw-r--r--makefu/0tests/data/secrets/sambacred (renamed from makefu/6tests/data/secrets/sambacred)0
-rw-r--r--makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix (renamed from makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix)0
-rw-r--r--makefu/0tests/data/secrets/ssh.id_ed25519 (renamed from makefu/6tests/data/secrets/ssh.id_ed25519)0
-rw-r--r--makefu/0tests/data/secrets/ssh.makefu.id_rsa (renamed from makefu/6tests/data/secrets/ssh.makefu.id_rsa)0
-rw-r--r--makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub (renamed from makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub)0
-rw-r--r--makefu/0tests/data/secrets/ssh_host_ed25519_key (renamed from makefu/6tests/data/secrets/ssh_host_ed25519_key)0
-rw-r--r--makefu/0tests/data/secrets/ssh_host_rsa_key (renamed from makefu/6tests/data/secrets/ssh_host_rsa_key)0
-rw-r--r--makefu/0tests/data/secrets/tinc.krebsco.de.crt (renamed from makefu/6tests/data/secrets/tinc.krebsco.de.crt)0
-rw-r--r--makefu/0tests/data/secrets/tinc.krebsco.de.key (renamed from makefu/6tests/data/secrets/tinc.krebsco.de.key)0
-rw-r--r--makefu/0tests/data/secrets/tw-pass.ini (renamed from makefu/6tests/data/secrets/tw-pass.ini)0
-rw-r--r--makefu/0tests/data/secrets/wildcard.krebsco.de.crt (renamed from makefu/6tests/data/secrets/wildcard.krebsco.de.crt)0
-rw-r--r--makefu/0tests/data/secrets/wildcard.krebsco.de.key (renamed from makefu/6tests/data/secrets/wildcard.krebsco.de.key)0
-rw-r--r--makefu/source.nix4
-rw-r--r--nin/0tests/dummysecrets/hashedPasswords.nix (renamed from nin/6tests/dummysecrets/hashedPasswords.nix)0
-rw-r--r--nin/0tests/dummysecrets/ssh.id_ed25519 (renamed from nin/6tests/dummysecrets/ssh.id_ed25519)0
-rw-r--r--nin/source.nix2
-rw-r--r--tv/2configs/gitrepos.nix2
-rw-r--r--tv/source.nix3
114 files changed, 993 insertions, 650 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 531f753c5..c5f8101ea 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -93,7 +93,6 @@
services.printing.drivers = [ pkgs.postscript-lexmark ];
# Enable the X11 windowing system.
-# services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
# services.xserver.windowManager.xmonad.enable = true;
@@ -104,7 +103,7 @@
users.extraUsers.jeschli = {
isNormalUser = true;
- extraGroups = ["docker" "vboxusers"];
+ extraGroups = ["docker" "vboxusers" "audio"];
uid = 1000;
};
@@ -124,15 +123,17 @@
# DCSO Certificates
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; })
+
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; })
+ (pkgs.fetchurl { url = "http://pki.dcso.