summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/blue/config.nix49
-rw-r--r--lass/1systems/blue/physical.nix8
-rw-r--r--lass/1systems/blue/source.nix4
-rw-r--r--lass/1systems/cabal/config.nix18
-rw-r--r--lass/1systems/cabal/physical.nix12
-rw-r--r--lass/1systems/daedalus/config.nix17
-rw-r--r--lass/1systems/daedalus/physical.nix20
-rw-r--r--lass/1systems/dishfire/config.nix34
-rw-r--r--lass/1systems/dishfire/physical.nix39
-rw-r--r--lass/1systems/echelon/config.nix50
-rw-r--r--lass/1systems/helios/config.nix94
-rw-r--r--lass/1systems/helios/physical.nix64
-rw-r--r--lass/1systems/icarus/config.nix24
-rw-r--r--lass/1systems/icarus/physical.nix20
-rw-r--r--lass/1systems/littleT/config.nix17
-rw-r--r--lass/1systems/littleT/physical.nix7
-rw-r--r--lass/1systems/mors/config.nix98
-rw-r--r--lass/1systems/mors/physical.nix44
-rw-r--r--lass/1systems/prism/config.nix255
-rw-r--r--lass/1systems/prism/physical.nix85
-rw-r--r--lass/1systems/red/config.nix28
-rw-r--r--lass/1systems/red/physical.nix8
-rw-r--r--lass/1systems/red/source.nix (renamed from lass/1systems/echelon/source.nix)3
-rw-r--r--lass/1systems/shodan/config.nix44
-rw-r--r--lass/1systems/shodan/physical.nix47
-rw-r--r--lass/1systems/skynet/config.nix16
-rw-r--r--lass/1systems/skynet/physical.nix12
-rw-r--r--lass/1systems/uriel/config.nix55
-rw-r--r--lass/1systems/uriel/physical.nix59
-rw-r--r--lass/1systems/xerxes/config.nix24
-rw-r--r--lass/1systems/xerxes/physical.nix29
-rw-r--r--lass/1systems/xerxes/source.nix6
-rw-r--r--lass/2configs/AP.nix83
-rw-r--r--lass/2configs/IM.nix73
-rw-r--r--lass/2configs/backup.nix21
-rw-r--r--lass/2configs/backups.nix173
-rw-r--r--lass/2configs/baseX.nix13
-rw-r--r--lass/2configs/bitcoin.nix10
-rw-r--r--lass/2configs/bitlbee.nix15
-rw-r--r--lass/2configs/blue-host.nix22
-rw-r--r--lass/2configs/blue.nix60
-rw-r--r--lass/2configs/container-networking.nix15
-rw-r--r--lass/2configs/dcso-dev.nix1
-rw-r--r--lass/2configs/default.nix10
-rw-r--r--lass/2configs/dns-stuff.nix16
-rw-r--r--lass/2configs/exim-smarthost.nix6
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/gc.nix2
-rw-r--r--lass/2configs/git.nix18
-rw-r--r--lass/2configs/go.nix19
-rw-r--r--lass/2configs/libvirt.nix3
-rw-r--r--lass/2configs/mail.nix5
-rw-r--r--lass/2configs/monitoring/client.nix26
-rw-r--r--lass/2configs/monitoring/monit-alarms.nix44
-rw-r--r--lass/2configs/monitoring/node-exporter.nix15
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix216
-rw-r--r--lass/2configs/monitoring/server.nix87
-rw-r--r--lass/2configs/reaktor-coders.nix15
-rw-r--r--lass/2configs/repo-sync.nix5
-rw-r--r--lass/2configs/steam.nix2
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/2configs/websites/domsen.nix14
-rw-r--r--lass/2configs/websites/lassulus.nix56
-rw-r--r--lass/2configs/websites/util.nix69
-rw-r--r--lass/2configs/zsh.nix4
-rw-r--r--lass/3modules/default.nix2
-rw-r--r--lass/3modules/nichtparasoup.nix48
-rw-r--r--lass/3modules/restic.nix119
-rw-r--r--lass/5pkgs/custom/xmonad-lass/default.nix2
-rw-r--r--lass/5pkgs/l-gen-secrets/default.nix (renamed from lass/5pkgs/generate-secrets/default.nix)4
-rw-r--r--lass/5pkgs/nichtparasoup/default.nix15
-rw-r--r--lass/5pkgs/nichtparasoup/exception.patch13
-rw-r--r--lass/krops.nix (renamed from lass/kops.nix)19
-rw-r--r--lass/source.nix2
74 files changed, 1537 insertions, 1097 deletions
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
new file mode 100644
index 000000000..a84bb37f6
--- /dev/null
+++ b/lass/1systems/blue/config.nix
@@ -0,0 +1,49 @@
+with import <stockholm/lib>;
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/lass>
+ <stockholm/lass/2configs>
+ <stockholm/lass/2configs/retiolum.nix>
+ <stockholm/lass/2configs/exim-retiolum.nix>
+
+ <stockholm/lass/2configs/blue.nix>
+ ];
+
+ krebs.build.host = config.krebs.hosts.blue;
+
+ environment.shellAliases = {
+ deploy = pkgs.writeDash "deploy" ''
+ set -eu
+ export SYSTEM="$1"
+ $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
+ '';
+ };
+
+ networking.nameservers = [ "1.1.1.1" ];
+
+ lass.restic = genAttrs [
+ "daedalus"
+ "icarus"
+ "littleT"
+ "prism"
+ "shodan"
+ "skynet"
+ ] (dest: {
+ dirs = [
+ "/home/"
+ "/var/lib"
+ ];
+ passwordFile = (toString <secrets>) + "/restic/${dest}";
+ repo = "sftp:backup@${dest}.r:/backups/blue";
+ extraArguments = [
+ "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
+ ];
+ timerConfig = {
+ OnCalendar = "00:05";
+ RandomizedDelaySec = "5h";
+ };
+ });
+ time.timeZone = "Europe/Berlin";
+ users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ];
+}
diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix
new file mode 100644
index 000000000..7499ff723
--- /dev/null
+++ b/lass/1systems/blue/physical.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ./config.nix
+ ];
+ boot.isContainer = true;
+ networking.useDHCP = false;
+ environment.variables.NIX_REMOTE = "daemon";
+}
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
new file mode 100644
index 000000000..d8b979812
--- /dev/null
+++ b/lass/1systems/blue/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/lass/source.nix> {
+ name = "blue";
+ secure = true;
+}
diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix
index 7eba86c52..64c179e67 100644
--- a/lass/1systems/cabal/config.nix
+++ b/lass/1systems/cabal/config.nix
@@ -3,8 +3,6 @@
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
<stockholm/lass/2configs/mouse.nix>
<stockholm/lass/2configs/retiolum.nix>
@@ -13,23 +11,11 @@
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
- <stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/bitcoin.nix>
+ <stockholm/lass/2configs/AP.nix>
+ <stockholm/lass/2configs/blue-host.nix>
];
krebs.build.host = config.krebs.hosts.cabal;
-
- #fileSystems = {
- # "/bku" = {
- # device = "/dev/mapper/pool-bku";
- # fsType = "btrfs";
- # options = ["defaults" "noatime" "ssd" "compress=lzo"];
- # };
- #};
-
- #services.udev.extraRules = ''
- # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0"
- # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- #'';
}
diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix
new file mode 100644
index 000000000..3cc4af03b
--- /dev/null
+++ b/lass/1systems/cabal/physical.nix
@@ -0,0 +1,12 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/stock-x220.nix>
+ ];
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 609fae3c8..eafc0d06c 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -4,13 +4,11 @@ with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/coreboot.nix>
<stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/backups.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
+ <stockholm/lass/2configs/backup.nix>
{
# bubsy config
users.users.bubsy = {
@@ -94,17 +92,4 @@ with import <stockholm/lib>;
'';
krebs.build.host = config.krebs.hosts.daedalus;
-
- fileSystems = {
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
- };
- };
-
- services.udev.extraRules = ''
- SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
- SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
- '';
}
diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix
new file mode 100644
index 000000000..33a0cb473
--- /dev/null
+++ b/lass/1systems/daedalus/physical.nix
@@ -0,0 +1,20 @@
+{
+ imports = [
+ ./config.nix
+ <stockholm/lass/2configs/hw/x220.nix>
+ <stockholm/lass/2configs/boot/coreboot.nix>
+ ];
+
+ fileSystems = {
+ "/bku" = {
+ device = "/dev/mapper/pool-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0"
+ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0"
+ '';
+}
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 7993c763e..3d5f32180 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -4,42 +4,8 @@
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/lass/2configs/git.nix>
{
- boot.loader.grub = {
- device = "/dev/vda";
- splashImage = null;
- };
-
- boot.initrd.availableKernelModules = [
- "ata_piix"
- "ehci_pci"
- "uhci_hcd"
- "virtio_pci"
- "virtio_blk"
- ];
-
- fileSystems."/" = {
- device = "/dev/mapper/pool-nix";
- fsType = "ext4";
- };
-
- fileSystems."/srv/http" = {
- device = "/dev/pool/srv_http";
- fsType = "ext4";
- };
-
- fileSystems."/boot" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
- fileSystems."/bku" = {
- device = "/dev/pool/bku";
- fsType = "ext4";
- };
- }
- {
networking.dhcpcd.allowInterfaces = [
"enp*"
"eth*"
diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix
new file mode 100644
index 000000000..64e3904e0
--- /dev/null
+++ b/lass/1systems/dishfire/physical.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ ./config.nix
+ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+ ];
+
+ boot.loader.grub = {
+ device = "/dev/vda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "ehci_pci"
+ "uhci_hcd"
+ "virtio_pci"
+ "virtio_blk"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/mapper/pool-nix";
+ fsType = "ext4";
+ };
+
+ fileSystems."/srv/http" = {
+ device = "/dev/pool/srv_http";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ fileSystems."/bku" = {
+ device = "/dev/pool/bku";
+ fsType = "ext4";
+ };
+}
diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix
deleted file mode 100644
index 6f96883bf..000000000
--- a/lass/1systems/echelon/config.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
- inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
- ip = config.krebs.build.host.nets.internet.ip4.addr;
-in {
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
- <stockholm/lass/2configs/exim-retiolum.nix>
- <stockholm/lass/2configs/privoxy-retiolum.nix>
- <stockholm/lass/2configs/git.nix>
- {
- networking.interfaces.enp2s1.ip4 = [
- {
- address = ip;
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = getDefaultGateway ip;
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- }
- {
- sound.enable = false;
- }
- {
- users.extraUsers = {
- satan = {
- name = "satan";
- uid = 1338;
- home = "/home/satan";
- group = "users";
- createHome = true;
- useDefaultShell = true;
- extraGroups = [
- ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com"
- ];
- };
- };
- }
- ];
-
- krebs.build.host = config.krebs.hosts.echelon;
-}
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index e64cfbe79..bd7f75c3e 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -12,47 +12,12 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/otp-ssh.nix>
# TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined
#<stockholm/lass/2configs/git.nix>
- <stockholm/lass/2configs/dcso-vpn.nix>
+ #<stockholm/lass/2configs/dcso-vpn.nix>
<stockholm/lass/2configs/virtualbox.nix>
<stockholm/lass/2configs/dcso-dev.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/rtl-sdr.nix>
- { # automatic hardware detection
- boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
-
- fileSystems."/" = {
- device = "/dev/pool/root";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/1F60-17C6";
- fsType = "vfat";
- };
-
- fileSystems."/home" = {
- device = "/dev/pool/home";
- fsType = "btrfs";
- };
-
- fileSystems."/tmp" = {
- device = "tmpfs";
- fsType = "tmpfs";
- options = ["nosuid" "nodev" "noatime"];
- };
-
- nix.maxJobs = lib.mkDefault 8;
- }
- { # crypto stuff
- boot.initrd.luks = {
- cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
- devices = [{
- name = "luksroot";
- device = "/dev/nvme0n1p3";
- }];
- };
- }
+ <stockholm/lass/2configs/backup.nix>
{
services.xserver.dpi = 200;
fonts.fontconfig.dpi = 200;
@@ -98,13 +63,6 @@ with import <stockholm/lib>;
}
];
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.wireless.enable = true;
- hardware.enableRedistributableFirmware = true;
-
environment.systemPackages = with pkgs; [
ag
vim
@@ -123,49 +81,17 @@ with import <stockholm/lib>;
services.tlp.enable = true;
- services.xserver.videoDrivers = [ "nvidia" ];
- services.xserver.xrandrHeads = [
- { output = "DP-2"; primary = true; }
- { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; }
- { output = "DP-0"; }
- ];
-
- services.xserver.displayManager.sessionCommands = ''
- ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal
- '';
-
networking.hostName = lib.mkForce "BLN02NB0162";
security.pki.certificateFiles = [
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
-
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
- (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
- (pkgs.writeText "minio.cert" ''
- -----BEGIN CERTIFICATE-----
- MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS
- MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1
- OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
- AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL
- 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV
- YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C
- ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM
- CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw
- hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk
- MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw
- I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB
- CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30
- hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox
- jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY
- EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM