summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/default.nix4
-rw-r--r--krebs/3modules/lass/default.nix35
-rw-r--r--krebs/3modules/makefu/default.nix34
-rw-r--r--krebs/3modules/tinc_graphs.nix7
-rw-r--r--krebs/3modules/urlwatch.nix9
-rw-r--r--krebs/4lib/infest/prepare.sh25
-rw-r--r--krebs/5pkgs/bepasty-client-cli/default.nix22
-rw-r--r--krebs/5pkgs/collectd-connect-time/default.nix15
-rw-r--r--krebs/5pkgs/krebspaste/default.nix7
-rw-r--r--krebs/5pkgs/tinc_graphs/default.nix26
-rw-r--r--krebs/5pkgs/translate-shell/default.nix43
-rw-r--r--krebs/Zhosts/gum1
-rw-r--r--krebs/Zhosts/prism12
13 files changed, 231 insertions, 9 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 438836f52..b4e7f9254 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -108,8 +108,8 @@ let
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
- stripEmptyLines = s: concatStringsSep "\n"
- (remove "\n" (remove "" (splitString "\n" s)));
+ stripEmptyLines = s: (concatStringsSep "\n"
+ (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([cfg.zone-head-config] ++ combined-hosts);
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 498282b03..2ad4353bd 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -33,7 +33,7 @@ let
in {
hosts = addNames {
echelon = {
- cores = 4;
+ cores = 2;
dc = "lass"; #dc = "cac";
nets = rec {
internet = {
@@ -66,6 +66,39 @@ in {
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK";
};
+ prism = {
+ cores = 4;
+ dc = "lass"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["213.239.205.240"];
+ aliases = [
+ "prism.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.0.103"];
+ addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"];
+ aliases = [
+ "prism.retiolum"
+ "cgit.prism.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
+ kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
+ JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
+ AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
+ jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
+ anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_rsa>;
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q==";
+ };
fastpoke = {
dc = "lass";
nets = rec {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d328033cc..652527da2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -164,6 +164,8 @@ with lib;
dc = "makefu"; #dc = "cac";
extraZones = {
"krebsco.de" = ''
+ euer IN A ${head nets.internet.addrs4}
+ wiki.euer IN A ${head nets.internet.addrs4}
wry IN A ${head nets.internet.addrs4}
io IN NS wry.krebsco.de.
graphs IN A ${head nets.internet.addrs4}
@@ -185,9 +187,14 @@ with lib;
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
aliases = [
"graphs.wry.retiolum"
+ "graphs.retiolum"
"paste.wry.retiolum"
"paste.retiolum"
"wry.retiolum"
+ "wiki.makefu.retiolum"
+ "wiki.wry.retiolum"
+ "blog.makefu.retiolum"
+ "blog.wry.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -207,14 +214,37 @@ with lib;
};
};
};
+ filepimp = rec {
+ cores = 1;
+ dc = "makefu"; #nas
+
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.153.102"];
+ addrs6 = ["42:4b0b:d990:55ba:8da8:630f:dc0e:aae0"];
+ aliases = [
+ "filepimp.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
+ BTDDcD424EkNOF6g/3tIRWqvVGZ1u12WQ9A/R+2F7i1SsaE4nTxdNlQ5rjy80gO3
+ i1ZubMkTGwd1OYjJytYdcMTwM9V9/8QYFiiWqh77Xxu/FhY6PcQqwHxM7SMyZCJ7
+ 09gtZuR16ngKnKfo2tw6C3hHQtWCfORVbWQq5cmGzCb4sdIKow5BxUC855MulNsS
+ u5l+G8wX+UbDI85VSDAtOP4QaSFzLL+U0aaDAmq0NO1QiODJoCo0iPhULZQTFZUa
+ OMDYHHfqzluEI7n8ENI4WwchDXH+MstsgwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
- omo IN A ${head nets.internet.addrs4}
- euer IN A ${head nets.internet.addrs4}
+ share.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
'';
};
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index a6c628353..e415d20ab 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -95,8 +95,12 @@ let
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
#!/bin/sh
+ mkdir -p "${internal_dir}" "${external_dir}"
if ! test -e "${cfg.workingDir}/internal/index.html"; then
- cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}"
+ cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
+ fi
+ if ! test -e "${cfg.workingDir}/external/index.html"; then
+ cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
@@ -118,7 +122,6 @@ let
users.extraUsers.tinc_graphs = {
uid = 3925439960; #genid tinc_graphs
home = "/var/spool/tinc_graphs";
- createHome = true;
};
krebs.nginx.servers = mkIf cfg.nginx.enable {
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 80d9f5e93..206bc5697 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -56,6 +56,13 @@ let
https://nixos.org/channels/nixos-unstable/git-revision
];
};
+ verbose = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ verbose output of urlwatch
+ '';
+ };
};
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
@@ -106,7 +113,7 @@ let
cd /tmp
- urlwatch -e --urls="$urlsFile" > changes 2>&1 || :
+ urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || :
if test -s changes; then
date=$(date -R)
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 94c9b0fb5..182a068ef 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -11,12 +11,28 @@ prepare() {(
;;
centos)
case $VERSION_ID in
+ 6)
+ prepare_centos "$@"
+ exit
+ ;;
7)
prepare_centos "$@"
exit
;;
esac
;;
+ debian)
+ case $VERSION_ID in
+ 7)
+ prepare_debian "$@"
+ exit
+ ;;
+ 8)
+ prepare_debian "$@"
+ exit
+ ;;
+ esac
+ ;;
esac
elif test -e /etc/centos-release; then
case $(cat /etc/centos-release) in
@@ -31,6 +47,7 @@ prepare() {(
)}
prepare_arch() {
+ pacman -Sy
type bzip2 2>/dev/null || pacman -S --noconfirm bzip2
type git 2>/dev/null || pacman -S --noconfirm git
type rsync 2>/dev/null || pacman -S --noconfirm rsync
@@ -44,6 +61,14 @@ prepare_centos() {
prepare_common
}
+prepare_debian() {
+ apt-get update
+ type bzip2 2>/dev/null || apt-get install bzip2
+ type git 2>/dev/null || apt-get install git
+ type rsync 2>/dev/null || apt-get install rsync
+ prepare_common
+}
+
prepare_common() {
if ! getent group nixbld >/dev/null; then
diff --git a/krebs/5pkgs/bepasty-client-cli/default.nix b/krebs/5pkgs/bepasty-client-cli/default.nix
new file mode 100644
index 000000000..990f99af6
--- /dev/null
+++ b/krebs/5pkgs/bepasty-client-cli/default.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs, pythonPackages, fetchurl, ... }:
+
+with pythonPackages; buildPythonPackage rec {
+ name = "bepasty-client-cli-${version}";
+ version = "0.3.0";
+ propagatedBuildInputs = [
+ python_magic
+ click
+ requests2
+ ];
+
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/b/bepasty-client-cli/bepasty-client-cli-${version}.tar.gz";
+ sha256 = "002kcplyfnmr5pn2ywdfilss0rmbm8wcdzz8hzp03ksy2zr4sdbw";
+ };
+
+ meta = {
+ homepage = https://github.com/bepasty/bepasty-client-cli;
+ description = "CLI client for bepasty-server";
+ license = lib.licenses.bsd2;
+ };
+}
diff --git a/krebs/5pkgs/collectd-connect-time/default.nix b/krebs/5pkgs/collectd-connect-time/default.nix
new file mode 100644
index 000000000..525388029
--- /dev/null
+++ b/krebs/5pkgs/collectd-connect-time/default.nix
@@ -0,0 +1,15 @@
+{lib, pkgs, pythonPackages, fetchurl, ... }:
+
+pythonPackages.buildPythonPackage rec {
+ name = "collectd-connect-time-${version}";
+ version = "0.3.0";
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz";
+ sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95";
+ };
+ meta = {
+ homepage = https://pypi.python.org/pypi/collectd-connect-time/;
+ description = "TCP Connection time plugin for collectd";
+ license = lib.licenses.wtfpl;
+ };
+}
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
new file mode 100644
index 000000000..fb318af83
--- /dev/null
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -0,0 +1,7 @@
+{ writeScriptBin, pkgs }:
+
+# TODO: use `wrapProgram --add-flags` instead?
+writeScriptBin "krebspaste" ''
+ #! /bin/sh
+ exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+''
diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix
new file mode 100644
index 000000000..e5f1e40e8
--- /dev/null
+++ b/krebs/5pkgs/tinc_graphs/default.nix
@@ -0,0 +1,26 @@
+{stdenv,fetchurl,pkgs,python3Packages, ... }:
+
+python3Packages.buildPythonPackage rec {
+ name = "tinc_graphs-${version}";
+ version = "0.3.9";
+ propagatedBuildInputs = with pkgs;[
+ python3Packages.pygeoip
+ ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
+ ];
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz";
+ sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx";
+ };
+ preFixup = with pkgs;''
+ wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
+ wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin"
+ wrapProgram $out/bin/tinc-stats2json --prefix PATH : "${tinc}/bin"
+ '';
+
+ meta = {
+ homepage = http://krebsco.de/;
+ description = "Create Graphs from Tinc Stats";
+ license = stdenv.lib.licenses.wtfpl;
+ };
+}
+
diff --git a/krebs/5pkgs/translate-shell/default.nix b/krebs/5pkgs/translate-shell/default.nix
new file mode 100644
index 000000000..00ab226e5
--- /dev/null
+++ b/krebs/5pkgs/translate-shell/default.nix
@@ -0,0 +1,43 @@
+{stdenv, fetchurl,pkgs,... }:
+let
+ s =
+ rec {
+ baseName="translate-shell";
+ version="0.9.0.9";
+ name="${baseName}-${version}";
+ url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz;
+ sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34";
+ };
+ searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [
+ fribidi
+ gawk
+ bash
+ curl
+ less
+ ];
+ buildInputs = [
+ pkgs.makeWrapper
+ ];
+in
+stdenv.mkDerivation {
+ inherit (s) name version;
+ inherit buildInputs;
+ src = fetchurl {
+ inherit (s) url sha256;
+ };
+ # TODO: maybe mplayer
+ installPhase = ''
+ mkdir -p $out/bin
+ make PREFIX=$out install
+ wrapProgram $out/bin/trans --suffix PATH : "${searchpath}"
+ '';
+
+ meta = {
+ inherit (s) version;
+ description = ''translate using google api'';
+ license = stdenv.lib.licenses.free;
+ maintainers = [stdenv.lib.maintainers.makefu];
+ platforms = stdenv.lib.platforms.linux ;
+ };
+}
+
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index f1eaa4eab..d43bb0d08 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -2,7 +2,6 @@ Address= 195.154.108.70
Address= 195.154.108.70 53
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
-Aliases = paste
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvgvzx3rT/3zLuCkzXk1ZkYBkG4lltxrLOLNivohw2XAzrYDIw/ZY
diff --git a/krebs/Zhosts/prism b/krebs/Zhosts/prism
new file mode 100644
index 000000000..4c875631f
--- /dev/null
+++ b/krebs/Zhosts/prism
@@ -0,0 +1,12 @@
+Address = 213.239.205.240
+Subnet = 10.243.0.103
+Subnet = 42:0000:0000:0000:0000:0000:0000:15ab
+
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl
+kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl
+JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I
+AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5
+jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j
+anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB
+-----END RSA PUBLIC KEY-----