summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/bepasty.nix40
-rw-r--r--lass/2configs/buildbot-standalone.nix17
-rw-r--r--lass/2configs/default.nix2
-rw-r--r--lass/2configs/downloading.nix1
-rw-r--r--lass/2configs/fetchWallpaper.nix1
-rw-r--r--lass/2configs/git.nix2
-rw-r--r--lass/2configs/hw/tp-x220.nix7
-rw-r--r--lass/2configs/monitoring/client.nix94
-rw-r--r--lass/2configs/monitoring/server.nix66
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/repo-sync.nix4
-rw-r--r--lass/2configs/tests/dummy-secrets/bepasty-secret.nix1
-rw-r--r--lass/2configs/websites/domsen.nix1
13 files changed, 228 insertions, 10 deletions
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
new file mode 100644
index 000000000..a3c6d0f28
--- /dev/null
+++ b/lass/2configs/bepasty.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+# secrets used:
+# wildcard.krebsco.de.crt
+# wildcard.krebsco.de.key
+# bepasty-secret.nix <- contains single string
+
+with import <stockholm/lib>;
+let
+ secKey = import <secrets/bepasty-secret.nix>;
+ ext-dom = "paste.lassul.us" ;
+in {
+
+ services.nginx.enable = mkDefault true;
+ krebs.bepasty = {
+ enable = true;
+ serveNginx= true;
+
+ servers = {
+ "paste.r" = {
+ nginx = {
+ serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+ };
+ defaultPermissions = "admin,list,create,read,delete";
+ secretKey = secKey;
+ };
+
+ "${ext-dom}" = {
+ nginx = {
+ enableSSL = true;
+ forceSSL = true;
+ enableACME = true;
+ };
+ defaultPermissions = "read";
+ secretKey = secKey;
+ };
+ };
+ };
+}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 7057d0c3d..c9e2928b3 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -58,6 +58,11 @@ in {
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
+ env_nin = {
+ "LOGNAME": "nin",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
env_shared = {
"LOGNAME": "shared",
"NIX_REMOTE": "daemon",
@@ -126,6 +131,18 @@ in {
]
)
+ for i in [ "hiawatha", "onondaga" ]:
+ addShell(f,name="build-{}".format(i),env=env_nin,
+ command=nixshell + \
+ ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
+ make \
+ test \
+ target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
+ method=build \
+ system={}".format(i)
+ ]
+ )
+
bu.append(
util.BuilderConfig(
name="build-hosts",
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 911b7738a..d1810c00c 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -9,6 +9,7 @@ with import <stockholm/lib>;
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
+ ../2configs/monitoring/client.nix
./backups.nix
{
users.extraUsers =
@@ -98,7 +99,6 @@ with import <stockholm/lib>;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
- MANPAGER=most
'';
nixpkgs.config.allowUnfree = true;
diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix
index 27b6d22d5..eb9575018 100644
--- a/lass/2configs/downloading.nix
+++ b/lass/2configs/downloading.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
lass.pubkey
lass-shodan.pubkey
lass-helios.pubkey
+ lass-icarus.pubkey
makefu.pubkey
];
};
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index cf084ea8f..29f321994 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -7,6 +7,7 @@ in {
enable = true;
unitConfig.ConditionPathExists = "!/var/run/ppp0.pid";
url = "prism/wallpaper.png";
+ maxTime = 10;
};
systemd.services.fetchWallpaper = {
after = [ "xmonad.service" ];
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index d7ec39f2d..bdd65ce09 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -57,7 +57,7 @@ let
server = "ni.r";
verbose = config.krebs.build.host.name == "prism";
# TODO define branches in some kind of option per repo
- branches = [ "master" "newest" "nin" ];
+ branches = [ "master" "newest" ];
};
};
};
diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix
index ec36fa96a..d551cd44e 100644
--- a/lass/2configs/hw/tp-x220.nix
+++ b/lass/2configs/hw/tp-x220.nix
@@ -47,12 +47,5 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- services.xserver = {
- videoDriver = "intel";
- deviceSection = ''
- Option "AccelMethod" "sna"
- '';
- };
-
security.rngd.enable = true;
}
diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix
new file mode 100644
index 000000000..e879d6960
--- /dev/null
+++ b/lass/2configs/monitoring/client.nix
@@ -0,0 +1,94 @@
+{pkgs, config, ...}:
+with import <stockholm/lib>;
+{
+ lass.telegraf = {
+ enable = true;
+ interval = "1s";
+
+
+ outputs = ''
+ [outputs.influxdb]
+ urls = ["http://prism:8086"]
+ database = "telegraf_db"
+ user_agent = "telegraf"
+ '';
+ inputs = [
+ ''
+ [cpu]
+ percpu = false
+ totalcpu = true
+ drop = ["cpu_time"]
+ ''
+ ''
+ [[inputs.mem]]
+ ''
+ ''
+ [[inputs.ping]]
+ urls = ["8.8.8.8"]
+ ''
+ ''
+ [[inputs.net]]
+ ''
+ ''
+ [[inputs.dns_query]]
+ servers = ["8.8.8.8"]
+ ''
+ ];
+ };
+ systemd.services.telegraf.path = with pkgs; [
+ iputils
+ lm_sensors
+ ];
+
+ services.collectd = {
+ enable = true;
+ autoLoadPlugin = true;
+ extraConfig = ''
+ Hostname ${config.krebs.build.host.name}
+ LoadPlugin load
+ LoadPlugin disk
+ LoadPlugin memory
+ Interval 30.0
+
+ LoadPlugin interface
+ <Plugin "interface">
+ Interface "*Link"
+ Interface "lo"
+ Interface "vboxnet*"
+ Interface "virbr*"
+ IgnoreSelected true
+ </Plugin>
+
+ LoadPlugin df
+ <Plugin "df">
+ MountPoint "/nix/store"
+ FSType "tmpfs"
+ FSType "binfmt_misc"
+ FSType "debugfs"
+ FSType "mqueue"
+ FSType "hugetlbfs"
+ FSType "systemd-1"
+ FSType "cgroup"
+ FSType "securityfs"
+ FSType "ramfs"
+ FSType "proc"
+ FSType "devpts"
+ FSType "devtmpfs"
+ MountPoint "/var/lib/docker/devicemapper"
+ IgnoreSelected true
+ </Plugin>
+
+ LoadPlugin cpu
+ <Plugin cpu>
+ ReportByCpu true
+ ReportByState true
+ ValuesPercentage true
+ </Plugin>
+
+ LoadPlugin network
+ <Plugin "network">
+ Server "prism" "25826"
+ </Plugin>
+ '';
+ };
+}
diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix
new file mode 100644
index 000000000..2e1c15ca1
--- /dev/null
+++ b/lass/2configs/monitoring/server.nix
@@ -0,0 +1,66 @@
+{pkgs, config, ...}:
+with import <stockholm/lib>;
+{
+ services.influxdb = {
+ enable = true;
+ };
+
+ services.influxdb.extraConfig = {
+ meta.hostname = config.krebs.build.host.name;
+ # meta.logging-enabled = true;
+ http.bind-address = ":8086";
+ admin.bind-address = ":8083";
+ monitoring = {
+ enabled = false;
+ # write-interval = "24h";
+ };
+ collectd = [{
+ enabled = true;
+ typesdb = "${pkgs.collectd}/share/collectd/types.db";
+ database = "collectd_db";
+ port = 25826;
+ }];
+ };
+
+ lass.kapacitor =
+ let
+ echoToIrc = pkgs.writeDash "echo_irc" ''
+ set -euf
+ data="$(${pkgs.jq}/bin/jq -r .message)"
+ export LOGNAME=prism-alarm
+ ${pkgs.irc-announce}/bin/irc-announce \
+ irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
+ '';
+ in {
+ enable = true;
+ alarms = {
+ test2 = ''
+ batch
+ |query(${"'''"}
+ SELECT mean("usage_user") AS mean
+ FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
+ ${"'''"})
+ .every(3m)
+ .period(1m)
+ .groupBy('host')
+ |alert()
+ .crit(lambda: "mean" > 90)
+ // Whenever we get an alert write it to a file.
+ .log('/tmp/alerts.log')
+ .exec('${echoToIrc}')
+ '';
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
+ { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
+ { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
+ ];
+ services.grafana = {
+ enable = true;
+ addr = "0.0.0.0";
+ auth.anonymous.enable = true;
+ security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ };
+}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 27b7c2439..4a1b0379b 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "39098270855c171f0824c09d071b606ae991ff87";
+ ref = "5fff5a902594b34471b613eb2babcec923e1e1f1";
};
}
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 765769936..b1a26b171 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -44,6 +44,10 @@ let
origin.url = "http://cgit.ni.r/${name}";
mirror.url = "${mirror}${name}";
};
+ nin = {
+ origin.url = "http://cgit.onondaga.r/${name}";
+ mirror.url = "${mirror}${name}";
+ };
lassulus = {
origin.url = "http://cgit.prism/${name}";
mirror.url = "${mirror}${name}";
diff --git a/lass/2configs/tests/dummy-secrets/bepasty-secret.nix b/lass/2configs/tests/dummy-secrets/bepasty-secret.nix
new file mode 100644
index 000000000..6e08144d0
--- /dev/null
+++ b/lass/2configs/tests/dummy-secrets/bepasty-secret.nix
@@ -0,0 +1 @@
+"bla"
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index e79973a66..66fc681b1 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -66,6 +66,7 @@ in {
"karlaskop.ubikmedia.de"
"nb.ubikmedia.de"
"youthtube.ubikmedia.de"
+ "joemisch.com"
])
];
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 14:55:49 +0000