summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/helios.nix11
-rw-r--r--lass/1systems/mors.nix22
-rw-r--r--lass/1systems/prism.nix11
-rw-r--r--lass/1systems/uriel.nix9
-rw-r--r--lass/2configs/base.nix7
-rw-r--r--lass/2configs/browsers.nix13
-rw-r--r--lass/2configs/cbase.nix93
-rw-r--r--lass/2configs/retiolum.nix2
-rw-r--r--lass/2configs/weechat.nix13
-rw-r--r--lass/3modules/newsbot-js.nix2
10 files changed, 138 insertions, 45 deletions
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 0103b6ec0..2784375c2 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -19,12 +19,11 @@ with builtins;
# };
#}
{
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; }
- ];
- };
+ services.elasticsearch = {
+ enable = true;
+ plugins = [
+ pkgs.elasticsearchPlugins.elasticsearch_kopf
+ ];
};
}
];
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 9f492e2c6..b95e61a58 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -25,6 +25,7 @@
../2configs/teamviewer.nix
../2configs/libvirt.nix
../2configs/fetchWallpaper.nix
+ ../2configs/cbase.nix
#../2configs/buildbot-standalone.nix
{
#risk of rain port
@@ -141,7 +142,7 @@
services.elasticsearch = {
enable = true;
plugins = [
- pkgs.elasticsearchPlugins.elasticsearch_kopf
+ # pkgs.elasticsearchPlugins.elasticsearch_kopf
];
};
}
@@ -270,14 +271,14 @@
emulateWheel = true;
};
- services.xserver = {
- videoDriver = "intel";
- vaapiDrivers = [ pkgs.vaapiIntel ];
- deviceSection = ''
- Option "AccelMethod" "sna"
- BusID "PCI:0:2:0"
- '';
- };
+ #services.xserver = {
+ # videoDriver = "intel";
+ # vaapiDrivers = [ pkgs.vaapiIntel ];
+ # deviceSection = ''
+ # Option "AccelMethod" "sna"
+ # BusID "PCI:0:2:0"
+ # '';
+ #};
environment.systemPackages = with pkgs; [
cac-api
@@ -328,7 +329,4 @@
tapButtons = false;
twoFingerScroll = true;
};
-
- #for google hangout
- users.extraUsers.gm.extraGroups = [ "audio" "video" ];
}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 05b3470e5..864e59b21 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -83,10 +83,10 @@ in {
{
sound.enable = false;
}
- {
- #workaround for server dying after 6-7h
- boot.kernelPackages = pkgs.linuxPackages_4_2;
- }
+ #{
+ # #workaround for server dying after 6-7h
+ # boot.kernelPackages = pkgs.linuxPackages_4_2;
+ #}
{
nixpkgs.config.allowUnfree = true;
}
@@ -119,7 +119,8 @@ in {
}
{
users.users.chat.openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
+ "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH"
+ config.krebs.users.lass-uriel.pubkey
];
}
{
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 0758164f0..4e4eca21f 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -15,15 +15,6 @@ with builtins;
../2configs/bitlbee.nix
../2configs/weechat.nix
../2configs/skype.nix
- {
- users.extraUsers = {
- root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/uriel.ssh.pub
- ];
- };
- };
- }
];
krebs.build.host = config.krebs.hosts.uriel;
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index d2c96fdaa..51a6d9da8 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -54,8 +54,8 @@ with config.krebs.lib;
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
nixpkgs = {
- url = https://github.com/Lassulus/nixpkgs;
- rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "40c586b7ce2c559374df435f46d673baf711c543";
dev = "/home/lass/src/nixpkgs";
};
} // optionalAttrs config.krebs.build.host.secure {
@@ -104,6 +104,9 @@ with config.krebs.lib;
#stuff for dl
aria2
+
+ #neat utils
+ krebspaste
];
programs.bash = {
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index eb764068b..47a16d4cb 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
let
+ inherit (config.krebs.lib) genid;
+
mainUser = config.users.extraUsers.mainUser;
createChromiumUser = name: extraGroups: packages:
{
@@ -8,6 +10,7 @@ let
inherit name;
inherit extraGroups;
home = "/home/${name}";
+ uid = genid name;
useDefaultShell = true;
createHome = true;
};
@@ -28,6 +31,7 @@ let
inherit name;
inherit extraGroups;
home = "/home/${name}";
+ uid = genid name;
useDefaultShell = true;
createHome = true;
};
@@ -48,16 +52,17 @@ in {
environment.systemPackages = [
(pkgs.writeScriptBin "browser-select" ''
- BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
+ BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu)
$BROWSER $@
'')
];
imports = [
- ( createFirefoxUser "ff" [ "audio" ] [ ] )
+ ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] )
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
- ( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
- ( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
+ ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] )
+ ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] )
];
diff --git a/lass/2configs/cbase.nix b/lass/2configs/cbase.nix
new file mode 100644
index 000000000..9d13bc30d
--- /dev/null
+++ b/lass/2configs/cbase.nix
@@ -0,0 +1,93 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (config.krebs.lib) genid;
+
+in {
+
+ users.extraUsers = {
+ cbasevpn = rec {
+ name = "cbasevpn";
+ uid = genid "cbasevpn";
+ description = "user for running c-base openvpn";
+ home = "/home/${name}";
+ };
+ };
+
+ users.extraGroups.cbasevpn.gid = genid "cbasevpn";
+
+ services.openvpn.servers = {
+ c-base = {
+ config = ''
+ client
+ dev tap
+ proto tcp
+ remote vpn.ext.c-base.org 1194
+ resolv-retry infinite
+ nobind
+ user cbasevpn
+ group cbasevpn
+ persist-key
+ persist-tun
+
+ auth-nocache
+ #auth-user-pass
+ auth-user-pass ${toString <secrets/cbase.txt>}
+
+ comp-lzo
+ verb 3
+
+ #script-security 2
+ #up /etc/openvpn/update-resolv-conf
+ #down /etc/openvpn/update-resolv-conf
+
+ <ca>
+ -----BEGIN CERTIFICATE-----
+ MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV
+ BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj
+ LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ
+ ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1
+ MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu
+ MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf
+ MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF
+ AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7
+ IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co
+ uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA
+ AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB
+ pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw
+ CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ
+ BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA
+ Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
+ BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5
+ ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK
+ wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o=
+ -----END CERTIFICATE-----
+ </ca>
+ key-direction 1
+ <tls-auth>
+ #
+ # 2048 bit OpenVPN static key
+ #
+ -----BEGIN OpenVPN Static key V1-----
+ 5d49aa8c9cec18de7ab6e0b5cd09a368
+ d3f1b8b77e055e448804fa0e14f487cb
+ 491681742f96b54a23fb8639aa9ed14e
+ c40b86a5546b888c4f3873f23c956e87
+ 169076ec869127ffc85353fd5928871c
+ da19776b79f723abb366fae6cdfe4ad6
+ 7ef667b7d05a7b78dfd5ea1d2da276dc
+ 5f6c82313fe9c1178c7256b8d1d081b0
+ 4c80bc8f21add61fbc52c158579edc1d
+ bbde230afb9d0e531624ce289a17098a
+ 3261f9144a9a2a6f0da4250c9eed4086
+ 187ec6fa757a454de743a349e32af193
+ e9f8b49b010014bdfb3240d992f2f234
+ 581d0ce05d4e07a2b588ad9b0555b704
+ 9d5edc28efde59226ec8942feed690a1
+ 2acd0c8bc9424d6074d0d495391023b6
+ -----END OpenVPN Static key V1-----
+ </tls-auth>
+ '';
+ };
+ };
+}
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index f8a63706e..1646cdea9 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -16,8 +16,6 @@
enable = true;
connectTo = [
"prism"
- "cloudkrebs"
- "echelon"
"pigstarter"
"gum"
"flap"
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index 6a257f0bb..98f5df42a 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -1,14 +1,17 @@
{ config, lib, pkgs, ... }:
-{
- krebs.per-user.chat.packages = [
- pkgs.weechat
- pkgs.tmux
+let
+ inherit (config.krebs.lib) genid;
+in {
+ krebs.per-user.chat.packages = with pkgs; [
+ mosh
+ tmux
+ weechat
];
users.extraUsers.chat = {
home = "/home/chat";
- uid = lib.genid "chat";
+ uid = genid "chat";
useDefaultShell = true;
createHome = true;
openssh.authorizedKeys.keys = [
diff --git a/lass/3modules/newsbot-js.nix b/lass/3modules/newsbot-js.nix
index 5e340b26f..0772971da 100644
--- a/lass/3modules/newsbot-js.nix
+++ b/lass/3modules/newsbot-js.nix
@@ -4,6 +4,8 @@ with builtins;
with lib;
let
+ inherit (config.krebs.lib) genid;
+
cfg = config.lass.newsbot-js;
out = {