diff options
31 files changed, 197 insertions, 60 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a46b8af15..37db5bfe7 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./github-hosts-sync.nix ./git.nix ./go.nix + ./hidden-ssh.nix ./htgen.nix ./iptables.nix ./kapacitor.nix diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix new file mode 100644 index 000000000..3930dbf42 --- /dev/null +++ b/krebs/3modules/hidden-ssh.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + cfg = config.krebs.hidden-ssh; + + out = { + options.krebs.hidden-ssh = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "hidden SSH announce"; + }; + + imp = let + torDirectory = "/var/lib/tor"; # from tor.nix + hiddenServiceDir = torDirectory + "/ssh-announce-service"; + in { + services.tor = { + enable = true; + extraConfig = '' + HiddenServiceDir ${hiddenServiceDir} + HiddenServicePort 22 127.0.0.1:22 + ''; + client.enable = true; + }; + systemd.services.hidden-ssh-announce = { + description = "irc announce hidden ssh"; + after = [ "tor.service" "network-online.target" ]; + wants = [ "tor.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + # ${pkgs.tor}/bin/torify + ExecStart = pkgs.writeDash "irc-announce-ssh" '' + set -efu + until test -e ${hiddenServiceDir}/hostname; do + echo "still waiting for ${hiddenServiceDir}/hostname" + sleep 1 + done + ${pkgs.irc-announce}/bin/irc-announce \ + irc.freenode.org 6667 ${config.krebs.build.host.name}-ssh \ + \#krebs-announce \ + "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" + ''; + PrivateTmp = "true"; + User = "tor"; + Type = "oneshot"; + }; + }; + }; +in +out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 56df451b7..cef6a4fd6 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -33,7 +33,7 @@ with import <stockholm/lib>; nets = { retiolum = { ip4.addr = "10.243.113.98"; - ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + # ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; aliases = [ "fileleech.r" ]; @@ -247,7 +247,6 @@ with import <stockholm/lib>; "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. nixos.unstable IN CNAME krebscode.github.io. - pigstarter IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} ''; @@ -301,7 +300,7 @@ with import <stockholm/lib>; ip6.addr = "42:6e1e:cc8a:7cef:827:f938:8c64:baad"; aliases = [ "wry.r" - "graphs.wry.r" + "graph.wry.r" "paste.wry.r" ]; tinc.pubkey = '' @@ -436,12 +435,13 @@ with import <stockholm/lib>; mattermost.euer IN A ${nets.internet.ip4.addr} git.euer IN A ${nets.internet.ip4.addr} gum IN A ${nets.internet.ip4.addr} + pigstarter IN A ${nets.internet.ip4.addr} cgit.euer IN A ${nets.internet.ip4.addr} o.euer IN A ${nets.internet.ip4.addr} dl.euer IN A ${nets.internet.ip4.addr} euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} - graphs IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} ''; }; nets = rec { @@ -461,7 +461,7 @@ with import <stockholm/lib>; "o.gum.r" "tracker.makefu.r" - "graphs.r" + "graph.r" "wiki.makefu.r" "wiki.gum.r" "blog.makefu.r" @@ -491,7 +491,7 @@ with import <stockholm/lib>; ip4.prefix = "10.8.10.0/24"; aliases = [ "shoney.siem" - "graphs.siem" + "graph.siem" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index f9eae8c92..1e7a9faae 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -32,9 +32,9 @@ let default = "http://xplanetclouds.com/free/local/clouds_2048.jpg"; }; - outFile = mkOption { + marker = mkOption { type = types.str; - default = "/tmp/wallpaper.png"; + default = "http://graphs.r/marker.json"; }; timerConfig = mkOption { @@ -43,7 +43,6 @@ let OnCalendar = "*:0/15"; }; }; - }; imp = { @@ -63,6 +62,7 @@ let imagemagick curl file + jq ]; environment = { @@ -70,7 +70,7 @@ let nightmap_url = cfg.nightmap; daymap_url = cfg.daymap; cloudmap_url = cfg.cloudmap; - out_file = cfg.outFile; + marker_url = cfg.marker; }; restartIfChanged = true; diff --git a/krebs/5pkgs/irc-announce/default.nix b/krebs/5pkgs/irc-announce/default.nix index e1f4919d5..6eb725b71 100644 --- a/krebs/5pkgs/irc-announce/default.nix +++ b/krebs/5pkgs/irc-announce/default.nix @@ -24,7 +24,7 @@ pkgs.writeDashBin "irc-announce" '' # echo2 and cat2 are used output to both, stdout and stderr # This is used to see what we send to the irc server. (debug output) echo2() { echo "$*"; echo "$*" >&2; } - cat2() { tee /dev/stderr; } + cat2() { awk '{print;print > "/dev/stderr"}'; } # privmsg_cat transforms stdin to a privmsg privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix index 8c6676d0e..31ad12780 100644 --- a/krebs/5pkgs/krebspaste/default.nix +++ b/krebs/5pkgs/krebspaste/default.nix @@ -2,5 +2,5 @@ # TODO use `execve` instead? writeDashBin "krebspaste" '' - exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" + exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g' '' diff --git a/krebs/5pkgs/realwallpaper/default.nix b/krebs/5pkgs/realwallpaper/default.nix index 4fea977ec..dec2dada4 100644 --- a/krebs/5pkgs/realwallpaper/default.nix +++ b/krebs/5pkgs/realwallpaper/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation { src = fetchgit { url = https://github.com/Lassulus/realwallpaper; - rev = "c2778c3c235fc32edc8115d533a0d0853ab101c5"; - sha256 = "0yhbjz19zk8sj5dsvccm6skkqq2vardn1yi70qmd5li7qvp17mvs"; + rev = "b8408cfb295b6ce5b965309b30358ca6c6409efd"; + sha256 = "0yyl8hhqshw9bx04xs8glvir3c0qzvfrwzmbvyg318mnz5xalcl0"; }; phases = [ @@ -15,10 +15,6 @@ stdenv.mkDerivation { ]; buildInputs = [ - xplanet - imagemagick - curl - file ]; installPhase = '' diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix index e5f1e40e8..20bbc53ba 100644 --- a/krebs/5pkgs/tinc_graphs/default.nix +++ b/krebs/5pkgs/tinc_graphs/default.nix @@ -2,14 +2,14 @@ python3Packages.buildPythonPackage rec { name = "tinc_graphs-${version}"; - version = "0.3.9"; + version = "0.3.10"; propagatedBuildInputs = with pkgs;[ python3Packages.pygeoip ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat ]; src = fetchurl { - url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz"; - sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx"; + url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz"; + sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc"; }; preFixup = with pkgs;'' wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 9dfbf7cb8..01d698c4c 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; krebs.enable = true; krebs.build.user = config.krebs.users.lass; krebs.build.host = config.krebs.hosts.iso; - krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix"; } { nixpkgs.config.allowUnfree = true; @@ -122,18 +121,12 @@ with import <stockholm/lib>; { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; } { krebs.iptables = { enable = true; tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ @@ -148,5 +141,8 @@ with import <stockholm/lib>; }; }; } + { + krebs.hidden-ssh.enable = true; + } ]; } diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c196b391a..c8d9465d5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ with import <stockholm/lib>; ../2configs/repo-sync.nix ../2configs/ircd.nix ../2configs/logf.nix + ../2configs/syncthing.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -77,10 +78,6 @@ with import <stockholm/lib>; services.redis.enable = true; } { - #ipfs-testing - services.ipfs.enable = true; - } - { environment.systemPackages = [ pkgs.krebszones ]; @@ -89,6 +86,12 @@ with import <stockholm/lib>; #ps vita stuff boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } + { + services.tor = { + enable = true; + client.enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index e5cbacfc8..41a909f16 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -46,6 +46,7 @@ in { ../2configs/monitoring/server.nix ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix + ../2configs/syncthing.nix { imports = [ ../2configs/bepasty.nix @@ -158,7 +159,7 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkmIvB8BekIE2W24+I0gnzkvkEoeulz/zQkDUVJK4oScbIvgTYmcHzQuHJyPueTm67bJCOcYaTwEDNhcR/ZvcyiCQ7Jwa5cLDTkCkcR9LQq8ry5jMNEanvTgrnBIEcwfS7jFpyFb/PRVG6hh2bPOfP+ksFplkq1BTzKt/UTaCBwVEZqi5XuFIlq/MqJg+FIjh+wyeNR5jHtqgAhVjR+YLVNXLgtVPE+dlSfbyRQHuA9FTkUj8BxxnTdwM5Sx33S61ddik1XvRn++IYqFl68fZhzyTME7t/Mvjdz8J7ew2bF2IbJrXt37yQCAOEEp9/RC5OloA7dd/5ZJjZxSzT2HnYROILsYr3S0WV4e+H2G66ZN0ftdUCYh1o5rtY7IrSes6yHsKYbpoij1IAkRkyt2XgEH5EZCk1Omx8AY3ekW1KFIEhz2DZEfnCEjPf4AGCYZ0uy4XEztxzTDkh25TVs/tym1+96qCJ1yAxwWZDbVhS/Z6aSBpsyeDRKcak8qoWVC2dEPdYuTUmwvmo3pmGn/a4UfOLNJTn0jSRjy3kSv1hYzosN4NSYZqEylFB0ABnlqoLpX3tmWtrkiKv19S+djVGxbaaYm3hjPJfds3qCWTJWPvxPPeCE8wGXVLYqOQxa5ZPYeoTwRof5YNSbj5RFYy9sDLTlHl+U4ASTHZM5S3akQ== JuiceSSH" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" ]; } { @@ -194,7 +195,7 @@ in { ../2configs/realwallpaper.nix ]; services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /tmp/wallpaper.png; + alias /var/realwallpaper/realwallpaper.png; ''; } { @@ -254,19 +255,20 @@ in { ]; } { - krebs.Reaktor.coders = let - lambdabot = (import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs"; - rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; - sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; - }) {}).lambdabot; - in { - nickname = "reaktor-lass"; + krebs.Reaktor.coders = { + nickname = "Reaktor|lass"; channels = [ "#coders" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; plugins = with pkgs.ReaktorPlugins; let + + lambdabot = (import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs"; + rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac"; + sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy"; + }) {}).lambdabot; + lambdabotflags = '' -XStandaloneDeriving -XGADTs -XFlexibleContexts \ -XFlexibleInstances -XMultiParamTypeClasses \ @@ -349,6 +351,18 @@ in { ]; }; } + { + krebs.Reaktor.prism = { + nickname = "Reaktor|lass"; + channels = [ "#retiolum" ]; + extraEnviron = { + REAKTOR_HOST = "ni.r"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69f8a681e..b53efa75d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -151,6 +151,10 @@ with import <stockholm/lib>; p7zip unzip unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') ]; programs.bash = { diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 24437d040..5309c9551 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "a563923"; + ref = "5acb454"; }; } diff --git a/lass/2configs/realwallpaper.nix b/lass/2configs/realwallpaper.nix index cf9795071..116d66276 100644 --- a/lass/2configs/realwallpaper.nix +++ b/lass/2configs/realwallpaper.nix @@ -10,11 +10,23 @@ in { krebs.realwallpaper.enable = true; services.nginx.virtualHosts.wallpaper = { + extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; serverAliases = [ hostname + "${hostname}.r" ]; - locations."/wallpaper.png".extraConfig = '' - root /tmp/; + locations."/realwallpaper.png".extraConfig = '' + root /var/realwallpaper/; + ''; + locations."/realwallpaper-sat.png".extraConfig = '' + root /var/realwallpaper/; + ''; + locations."/realwallpaper-sat-krebs.png".extraConfig = '' + root /var/realwallpaper/; ''; }; diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix new file mode 100644 index 000000000..cef43d1e6 --- /dev/null +++ b/lass/2configs/syncthing.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + services.syncthing = { + enable = true; + useInotify = true; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} + { predicate = "-p udp --dport 21027"; target = "ACCEPT";} + ]; +} diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix index 4f92c2b90..3aa5a54f8 100644 --- a/makefu/1systems/fileleech.nix +++ b/makefu/1systems/fileleech.nix @@ -32,7 +32,6 @@ in { ../2configs/elchos/log.nix ../2configs/elchos/search.nix ../2configs/elchos/stats.nix - ../2configs/stats-srv.nix ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -129,6 +128,7 @@ in { # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey + config.krebs.users.lass.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index c39997ebf..3186f8887 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -35,10 +35,12 @@ in { ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix + # ../2configs/ipfs.nix + ../2configs/syncthing.nix # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix - ../2configs/logging/central-logging-client.nix + # ../2configs/logging/central-logging-client.nix ]; services.smartd.devices = [ { device = "/dev/sda";} ]; @@ -79,7 +81,6 @@ in { ]; services.bitlbee.enable = true; systemd.services.bitlbee.environment.BITLBEE_DEBUG="1"; - # systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c # Hardware boot.loader.grub.device = "/dev/sda"; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 99303b604..ff34ee843 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -53,9 +53,10 @@ in { ../2configs/omo-share.nix ../2configs/tinc/retiolum.nix ../2configs/logging/central-stats-server.nix - ../2configs/logging/central-logging-server.nix + # ../2configs/logging/central-logging-server.nix ../2configs/logging/central-stats-client.nix - ../2configs/logging/central-logging-client.nix + ../2configs/syncthing.nix + # ../2configs/logging/central-logging-client.nix # ../2configs/torrent.nix diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 96aeb2856..9f04e97eb 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -31,7 +31,7 @@ in { anonymous-domain = "localhost.localdomain"; anonymous.extraConfig = "return 403;"; complete = { - serverAliases = [ "graphs.siem" ]; + serverAliases = [ "graph.siem" ]; extraConfig = '' if ( $server_addr = "${ip}" ) { return 403; diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 9cedc04a8..51c9543ef 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -2,6 +2,7 @@ # # { config, pkgs, ... }: +with import <stockholm/lib>; { imports = @@ -78,7 +79,7 @@ }; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; + environment.systemPackages = [ pkgs.passwdqc-utils ]; virtualisation.docker.enable = true; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index ba4c551b3..1a19ab36b 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -16,7 +16,10 @@ let mainUser = config.krebs.build.user.name; in { - imports = [ ]; + imports = [ + ./urxvtd.nix + ]; + services.xserver = { enable = true; layout = "us"; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cd9b4c056..0865c3a31 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,7 +11,7 @@ with import <stockholm/lib>; ./vim.nix ./binary-cache/nixos.nix ]; - + programs.command-not-found.enable = false; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 + ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index 35a724f6a..b33ddece0 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -23,8 +23,8 @@ in { } ''; serverAliases = [ - "graphs.r" "graphs.retiolum" - "graphs.${hn}" "graphs.${hn}.retiolum" + "graph.r" + "graph.${hn}" "graph.${hn}.r" ]; }; anonymous = { diff --git a/makefu/2configs/ipfs.nix b/makefu/2configs/ipfs.nix new file mode 100644 index 000000000..cc07e063d --- /dev/null +++ b/makefu/2configs/ipfs.nix @@ -0,0 +1,5 @@ +{...}: +{ + services.ipfs.enable = true; + networking.firewall.allowedTCPPorts = [ 4001 ]; +} diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix new file mode 100644 index 000000000..6b758ea2d --- /dev/null +++ b/makefu/2configs/syncthing.nix @@ -0,0 +1,11 @@ +{...}: + +with import <stockholm/lib>; { + services.syncthing = { + enable = true; + openDefaultPorts = true; + useInotify = true; + group = "download"; + }; + users.extraGroups.download.gid = genid "download"; +} diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 6d62e92c0..0538647ae 100644 --- a/makefu/2configs/tools/core-gui.n |