summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/Commit_Messages_Guideline.md53
-rw-r--r--doc/makefu/logbook/install_fileleech.md17
-rw-r--r--doc/makefu/logbook/transfer_gum.md16
-rw-r--r--krebs/4lib/infest/prepare.sh14
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--makefu/1systems/x.nix50
-rw-r--r--makefu/2configs/deployment/dirctator.nix6
-rw-r--r--makefu/2configs/deployment/led-fader.nix1
-rw-r--r--makefu/2configs/docker.nix4
-rw-r--r--makefu/2configs/hw/exfat-nofuse.nix4
-rw-r--r--makefu/2configs/hw/stk1160.nix3
-rw-r--r--makefu/2configs/hw/wwan.nix (renamed from makefu/2configs/wwan.nix)0
-rw-r--r--makefu/2configs/lancache.nix79
-rw-r--r--makefu/2configs/task-client.nix14
-rw-r--r--makefu/2configs/tools/dev.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix5
-rw-r--r--makefu/5pkgs/arduino-user-env/default.nix35
17 files changed, 259 insertions, 46 deletions
diff --git a/doc/Commit_Messages_Guideline.md b/doc/Commit_Messages_Guideline.md
new file mode 100644
index 000000000..e704ee575
--- /dev/null
+++ b/doc/Commit_Messages_Guideline.md
@@ -0,0 +1,53 @@
+# Commit Messages Guideline
+
+Commits SHOULD have the following format:
+
+```
+<namespace?> <component>: <change>
+
+<rationale>
+
+(<reference-name>: <reference-id>)?
+```
+
+## `<namespace>`
+Defines where the change took place. This can be omitted if the
+namespace is `krebs`. Namespaces may be shortened to one to four characters (
+lassulus -> lass, makefu -> make, tv -> tv, shared -> sha)
+
+## `<component>`
+Name of the component which was touched. `component` is
+rather fuzzy and may mean different things, just choose what would fit best.
+
+Here are a numbers of samples for defining the component:
+
+* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum.r: change ip`
+* Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO`
+* Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `<rationale>`
+* Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type`
+* Change host `gum` in `makefu/1systems/gum`: `ma gum.r: add taskserver`
+* Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy`
+
+## `<rationale>`
+Describe some trivia why the commit was done:
+```
+whatsupnix: init
+
+Import from https://github.com/NixOS/nix/issues/443#issuecomment-296752535
+```
+
+## `<reference>`
+Defines external resouces related to the commit:
+```
+Closes: #123533
+CVE: CVE-2016-00001
+URL: https://example.com/CVE-2016-00001
+```
+
+## Remarks
+As a general rule of thumb you can check out: https://www.slideshare.net/TarinGamberini/commit-messages-goodpractices
+Of course the pattern not always fits perfectly (for example for refactoring),
+just apply some common sense and define a useful commit message,
+like `refactor krebs.setuid`.
+
+
diff --git a/doc/makefu/logbook/install_fileleech.md b/doc/makefu/logbook/install_fileleech.md
new file mode 100644
index 000000000..15f8c1bca
--- /dev/null
+++ b/doc/makefu/logbook/install_fileleech.md
@@ -0,0 +1,17 @@
+# install fileleech
+
+```
+builder$ python3 host.py --create-ssh-keys --create-passwords fileleech
+iso$ fdisk /dev/sda # 3 partitions, grub,boot,crypt
+iso$ cryptsetup luksFormat /dev/sda3 --cipher aes-xts-plain64 -s 512 -h sha512
+iso$ cryptsetup luksAddKey /dev/sda3 hddkey
+iso$ cryptsetup luksOpen --keyfile-size=4096 -d /dev/disk/by-id/usb-Intuix_DiskOnKey_09A07360336198F8-0:0 /dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3 luksroot
+iso$ mkfs.ext4 -Lnixboot /dev/sda2
+iso$ mkfs.ext4 -Lroot /dev/mapper/luksroot
+iso$ echo 1 > /proc/sys/net/ipv6/conf/enp8s0f0/disable_ipv6
+iso$ mount /dev/mapper/luksroot /mnt
+iso$ mkdir /mnt/boot
+iso$ mount /dev/sda2 /mnt/boot
+iso$ mkdir -p /mnt/var/src
+iso$ touch /mnt/var/src/.populate
+```
diff --git a/doc/makefu/logbook/transfer_gum.md b/doc/makefu/logbook/transfer_gum.md
new file mode 100644
index 000000000..5f9c88256
--- /dev/null
+++ b/doc/makefu/logbook/transfer_gum.md
@@ -0,0 +1,16 @@
+# transfer gum to new hosts
+
+```
+builder$ vim krebs/3modules/makefu/default.nix
+## update ip
+builder$ vim makefu/1systems/gum.nix
+## update hardware config
+
+old-gum$ rsync --progress -lprtvzF . <newip>:/mnt/
+
+new-gum$ touch /mnt/var/src/.populate
+new-gum$ gdisk /dev/sda r;g;w # gpt to mbr
+
+builder$ make -C ~/stockholm system=gum target=vcygfnhdxyxr47zu.onion install
+
+```
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 50d521e17..8e921ce06 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -36,14 +36,7 @@ prepare() {(
;;
esac
;;
- nixos)
- case $(cat /proc/cmdline) in
- *' root=LABEL=NIXOS_ISO '*)
- prepare_nixos_iso "$@"
- exit
- esac
- ;;
- stockholm)
+ nixos|stockholm)
case $(cat /proc/cmdline) in
*' root=LABEL=NIXOS_ISO '*)
prepare_nixos_iso "$@"
@@ -102,7 +95,8 @@ prepare_nixos_iso() {
mkdir -p bin
rm -f bin/nixos-install
cp "$(type -p nixos-install)" bin/nixos-install
- sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
+ sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
+
}
get_nixos_install() {
@@ -217,7 +211,7 @@ prepare_common() {(
mkdir -p bin
rm -f bin/nixos-install
cp "$(type -p nixos-install)" bin/nixos-install
- sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
+ sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
if ! grep -q '^PATH.*#krebs' .bashrc; then
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 2adba34bb..1c68d58d5 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
- ref = "4847963";
+ ref = "0a4db15";
};
}
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index ee3a7bb1b..b37c32944 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -13,59 +13,49 @@ with import <stockholm/lib>;
../2configs/tools/all.nix
../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
+ ../2configs/avahi.nix
- # testing
- # ../2configs/openvpn/vpngate.nix
- #../2configs/temp/share-samba.nix
- # ../2configs/mediawiki.nix
- # ../2configs/wordpress.nix
- # ../2configs/nginx/public_html.nix
- # ../2configs/nginx/icecult.nix
-
- # ../2configs/elchos/irc-token.nix
- # ../2configs/elchos/log.nix
-
- #../2configs/elchos/search.nix
- #../2configs/elchos/stats.nix
- #../2configs/elchos/test/ftpservers.nix
-
- # ../2configs/tinc/siem.nix
- #../2configs/torrent.nix
- # temporary modules
-
- # ../2configs/torrent.nix
- #../2configs/temp/elkstack.nix
- # ../2configs/temp/sabnzbd.nix
+ # Debugging
+ # ../2configs/disable_v6.nix
+ # Testing
+ # ../2configs/deployment/dirctator.nix
+ # ../2configs/vncserver.nix
+ # ../2configs/deployment/led-fader
+ # ../2configs/deployment/hound
# development
../2configs/sources
# Krebs
- # ../2configs/disable_v6.nix
../2configs/tinc/retiolum.nix
# applications
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
../2configs/printer.nix
+ ../2configs/task-client.nix
+
+ # Virtualization
../2configs/virtualization.nix
+ ../2configs/docker.nix
../2configs/virtualization-virtualbox.nix
- ../2configs/wwan.nix
- ../2configs/rad1o.nix
- # services
+ # Services
../2configs/git/brain-retiolum.nix
../2configs/tor.nix
../2configs/steam.nix
# ../2configs/buildbot-standalone.nix
- # hardware specifics are in here
+ # Hardware
../2configs/hw/tp-x230.nix
../2configs/hw/rtl8812au.nix
- ../2configs/hw/stk1160.nix
+ ../2configs/hw/exfat-nofuse.nix
+ ../2configs/hw/wwan.nix
+ # ../2configs/hw/stk1160.nix
+ # ../2configs/rad1o.nix
- # mount points
+ # Filesystem
../2configs/fs/sda-crypto-root-home.nix
];
@@ -76,10 +66,8 @@ with import <stockholm/lib>;
nixpkgs.config.allowUnfree = true;
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
environment.systemPackages = [ pkgs.passwdqc-utils ];
- virtualisation.docker.enable = true;
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix
index b8e61955d..4f2f8818d 100644
--- a/makefu/2configs/deployment/dirctator.nix
+++ b/makefu/2configs/deployment/dirctator.nix
@@ -25,6 +25,10 @@ in {
stdout { codec => rubydebug }
exec { command => "${runit} '%{message}" }
'';
- plugins = [ ];
+ extraSettings = ''
+ path.plugins: [ "${pkgs.logstash-output-exec}" ]
+ '';
+ ## NameError: `@path.plugins' is not allowable as an instance variable name
+ # plugins = [ pkgs.logstash-output-exec ];
};
}
diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix
index 50023693d..678370c69 100644
--- a/makefu/2configs/deployment/led-fader.nix
+++ b/makefu/2configs/deployment/led-fader.nix
@@ -31,6 +31,7 @@ in {
};
# after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
wantedBy = [ "multi-user.target" ];
+ after = [ "network-online.target" ];
serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
diff --git a/makefu/2configs/docker.nix b/makefu/2configs/docker.nix
new file mode 100644
index 000000000..98fd980cc
--- /dev/null
+++ b/makefu/2configs/docker.nix
@@ -0,0 +1,4 @@
+{...}:
+{
+ virtualisation.docker.enable = true;
+}
diff --git a/makefu/2configs/hw/exfat-nofuse.nix b/makefu/2configs/hw/exfat-nofuse.nix
new file mode 100644
index 000000000..ca3485e9f
--- /dev/null
+++ b/makefu/2configs/hw/exfat-nofuse.nix
@@ -0,0 +1,4 @@
+{ config, ... }:
+{
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+}
diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix
index b4d033d76..e73741e26 100644
--- a/makefu/2configs/hw/stk1160.nix
+++ b/makefu/2configs/hw/stk1160.nix
@@ -1,9 +1,8 @@
{ pkgs, ... }:
{
# TODO: un-pin linuxPackages somehow
- boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages_4_9;
nixpkgs.config.packageOverrides = pkgs: {
- linux_4_9 = pkgs.linux_4_9.override {
+ linux_latest = pkgs.linux_latest.override {
extraConfig = ''
MEDIA_ANALOG_TV_SUPPORT y
VIDEO_STK1160_COMMON m
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/hw/wwan.nix
index 0eb0c97d7..0eb0c97d7 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/hw/wwan.nix
diff --git a/makefu/2configs/lancache.nix b/makefu/2configs/lancache.nix
new file mode 100644
index 000000000..8ec401361
--- /dev/null
+++ b/makefu/2configs/lancache.nix
@@ -0,0 +1,79 @@
+{ pkgs, lib, config, ... }:
+with import <stockholm/lib>;
+let
+ # see https://github.com/zeropingheroes/lancache for full docs
+ cachedir = "/var/lancache/cache";
+ logdir = "/var/lancache/log";
+
+ lancache= pkgs.stdenv.mkDerivation rec {
+ name = "lancache-2017-06-26";
+ src = pkgs.fetchFromGitHub {
+ # origin: https://github.com/multiplay/lancache
+ # forked: https://github.com/zeropingheroes/lancache
+ repo = "lancache";
+ owner = "zeropingheroes";
+ rev = "143f7bb";
+ sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6";
+ };
+ phases = [ "unpackPhase" "installPhase" ];
+ # here we can chance to edit `includes/proxy-cache-paths.conf`
+ installPhase = ''
+ mkdir -p $out
+ cp -r * $out/
+ sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \
+ -e 's/^\(error_log\).*/\1 stderr;\ndaemon off;/' $out/nginx.conf
+ '';
+ };
+ cfg = {
+ group = "nginx-lancache";
+ user = "nginx-lancache";
+ stateDir = "/var/lancache";
+ package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{
+ configureFlags = old.configureFlags ++ [
+ "--with-http_slice_module"
+ "--with-stream"
+ "--with-pcre"
+ ];
+ });
+ };
+in {
+ systemd.services.nginx-lancache = {
+ description = "Nginx lancache Server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+
+ preStart = ''
+ PATH_CACHE="/var/lancache/cache"
+ PATH_LOGS="/var/lancache/logs"
+ WWW_USER="${cfg.user}"
+ WWW_GROUP="${cfg.group}"
+
+ mkdir -p $PATH_CACHE
+ cd $PATH_CACHE
+ mkdir -p installers tmp
+ mkdir -p $PATH_LOGS
+
+ chown -R $WWW_USER:$WWW_USER $PATH_CACHE
+ chown -R $WWW_USER:$WWW_USER $PATH_LOGS
+ '';
+ serviceConfig = {
+ ExecStart = "${cfg.package}/bin/nginx -c ${lancache}/nginx.conf -p ${lancache}";
+ ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+ Restart = "always";
+ RestartSec = "10s";
+ StartLimitInterval = "1min";
+ };
+ };
+ users.extraUsers = (singleton
+ { name = cfg.user;
+ group = cfg.group;
+ uid = genid cfg.group;
+ });
+
+ users.extraGroups = (singleton
+ { name = "${cfg.group}";
+ gid = genid cfg.group;
+ });
+
+}
diff --git a/makefu/2configs/task-client.nix b/makefu/2configs/task-client.nix
new file mode 100644
index 000000000..330616f4a
--- /dev/null
+++ b/makefu/2configs/task-client.nix
@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+ krebs.per-user.makefu.packages = [
+ pkgs.taskwarrior
+ ];
+
+ environment.shellAliases = {
+ tshack = "task project:shack";
+ twork = "task project:soc";
+ tpki = "task project:pki";
+ tkrebs = "task project:krebs";
+ t = "task project: ";
+ };
+}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 4fe7f8bf4..e40f5b36f 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -12,5 +12,7 @@
cac-api
cac-panel
ovh-zone
+ whatsupnix
+ brain
];
}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index 56cdccd1f..1e68e935c 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -2,13 +2,16 @@
{
krebs.per-user.makefu.packages = with pkgs;[
+ # media
gimp
inkscape
libreoffice
- saleae-logic
skype
synergy
tdesktop
virtmanager
+ # Dev
+ saleae-logic
+ arduino-user-env
];
}
diff --git a/makefu/5pkgs/arduino-user-env/default.nix b/makefu/5pkgs/arduino-user-env/default.nix
new file mode 100644
index 000000000..7339c50a2
--- /dev/null
+++ b/makefu/5pkgs/arduino-user-env/default.nix
@@ -0,0 +1,35 @@
+{ lib, pkgs, ... }: let
+
+#TODO: make sure env exists prior to running
+env_nix = pkgs.writeText "env.nix" ''
+ { pkgs ? import <nixpkgs> {} }:
+
+ (pkgs.buildFHSUserEnv {
+ name = "arduino-user-env";
+ targetPkgs = pkgs: with pkgs; [
+ coreutils
+ ];
+ multiPkgs = pkgs: with pkgs; [
+ arduino
+ alsaLib
+ zlib
+ xorg.libXxf86vm
+ curl
+ openal
+ openssl_1_0_2
+ xorg.libXext
+ xorg.libX11
+ xorg.libXrandr
+ xorg.libXcursor
+ xorg.libXinerama
+ xorg.libXi
+ mesa_glu
+ ];
+ runScript = "zsh";
+ }).env
+'';
+
+
+in pkgs.writeDashBin "arduino-user-env" ''
+ nix-shell ${env_nix}
+''