6 files changed, 173 insertions, 3 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 934bfa685..e1357ff01 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -44,6 +44,7 @@ in {
       <stockholm/makefu/2configs/iodined.nix>
       <stockholm/makefu/2configs/vpn/openvpn-server.nix>
       <stockholm/makefu/2configs/dnscrypt/server.nix>
+      <stockholm/makefu/2configs/remote-build/slave.nix>
 
       ## Web
       <stockholm/makefu/2configs/nginx/share-download.nix>
@@ -74,6 +75,9 @@ in {
       <stockholm/makefu/2configs/stats/client.nix>
       # <stockholm/makefu/2configs/logging/client.nix>
 
+      # Temporary:
+      <stockholm/makefu/2configs/temp/rst-issue.nix>
+
   ];
   makefu.dl-dir = "/var/download";
 
@@ -143,6 +147,8 @@ in {
           53589
           # temp vnc
           18001
+          # temp reverseshell
+          31337
         ];
         allowedUDPPorts = [
           # tinc
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
new file mode 100644
index 000000000..d532f216f
--- /dev/null
+++ b/makefu/1systems/latte/config.nix
@@ -0,0 +1,53 @@
+{ config, pkgs, ... }:
+let
+
+  # external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+  # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+  # default-gw = "185.215.224.1";
+  # prefixLength = 24;
+  # external-mac = "46:5b:fc:f4:44:c9";
+  # ext-if = "et0";
+in {
+
+  imports = [
+    <stockholm/makefu>
+    # configure your hw:
+    <stockholm/makefu/2configs/hw/CAC.nix>
+    <stockholm/makefu/2configs/tinc/retiolum.nix>
+    <stockholm/makefu/2configs/save-diskspace.nix>
+
+    # Security
+    <stockholm/makefu/2configs/sshd-totp.nix>
+    <stockholm/makefu/2configs/stats/client.nix>
+
+    # Tools
+    <stockholm/makefu/2configs/tools/core.nix>
+    <stockholm/makefu/2configs/vim.nix>
+    <stockholm/makefu/2configs/zsh-user.nix>
+    # Services
+    <stockholm/makefu/2configs/remote-build/slave.nix>
+
+  ];
+  krebs = {
+    enable = true;
+    build.host = config.krebs.hosts.latte;
+  };
+  boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
+
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.copyKernels = true;
+  fileSystems."/" = {
+    device = "/dev/vda1";
+    fsType = "ext4";
+  };
+  networking = {
+    firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedTCPPorts = [ ];
+      allowedUDPPorts = [ 655 ];
+    };
+    # network interface receives dhcp address
+    nameservers = [ "8.8.8.8" ];
+  };
+}
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
new file mode 100644
index 000000000..d997fb3f0
--- /dev/null
+++ b/makefu/1systems/latte/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/makefu/source.nix> {
+  name="latte";
+}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 4c93a7a3e..a22ff10bd 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -60,10 +60,13 @@ in {
       <stockholm/makefu/2configs/stats/nodisk-client.nix>
       # logs to influx
       <stockholm/makefu/2configs/stats/external/aralast.nix>
+      <stockholm/makefu/2configs/stats/telegraf>
 
       # services
       <stockholm/makefu/2configs/syncthing.nix>
       <stockholm/makefu/2configs/mqtt.nix>
+      <stockholm/makefu/2configs/remote-build/slave.nix>
+
 
       # security
       <stockholm/makefu/2configs/sshd-totp.nix>
@@ -77,6 +80,9 @@ in {
 
       ## as long as pyload is not in nixpkgs:
       # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
+
+      # Temporary:
+      <stockholm/makefu/2configs/temp/rst-issue.nix>
     ];
   makefu.full-populate = true;
   makefu.server.primary-itf = primaryInterface;
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index b776b49d6..3a53b70cb 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -25,7 +25,9 @@ in {
       # <stockholm/makefu/2configs/audio/realtime-audio.nix>
       # <stockholm/makefu/2configs/vncserver.nix>
       <stockholm/makefu/2configs/temp/rst-issue.nix>
-    ];
+      # Services
+      <stockholm/makefu/2configs/remote-build/slave.nix>
+  ];
 
   krebs = {
       enable = true;
@@ -33,10 +35,48 @@ in {
   };
 
   swapDevices = [ { device = "/var/swap"; } ];
+  services.collectd.extraConfig = lib.mkAfter ''
 
+    #LoadPlugin ping
+    # does not work because it requires privileges
+    #<Plugin "ping">
+    #  Host "google.de"
+    #  Host "heise.de"
+    #</Plugin>
+
+    LoadPlugin curl
+    <Plugin curl>
+      TotalTime true
+      NamelookupTime true
+      ConnectTime true
+
+      <Page "google">
+        MeasureResponseTime true
+        MeasureResponseCode true
+        URL "https://google.de"
+      </Page>
+
+      <Page "webde">
+        MeasureResponseTime true
+        MeasureResponseCode true
+        URL "http://web.de"
+      </Page>
+
+    </Plugin>
+    #LoadPlugin netlink
+    #<Plugin "netlink">
+    #  Interface "enp0s25"
+    #  Interface "wlp2s0"
+    #  IgnoreSelected false
+    #</Plugin>
+  '';
 
   networking.firewall.allowedUDPPorts = [ 655 ];
-  networking.firewall.allowedTCPPorts = [ 655 49152 ];
+  networking.firewall.allowedTCPPorts = [
+    655
+    8081 #smokeping
+    49152
+  ];
   networking.firewall.trustedInterfaces = [ "enp0s25" ];
   #services.tinc.networks.siem = {
   #  name = "display";
@@ -90,4 +130,66 @@ in {
       serverAddress = "x.r";
     };
   };
+  security.wrappers.fping = {
+    source = "${pkgs.fping}/bin/fping";
+    setuid = true;
+  };
+  services.smokeping = {
+    enable = true;
+    targetConfig = ''
+      probe = FPing
+      menu = Top
+      title = Network Latency Grapher
+      remark = Welcome to this SmokePing website.
+
+      + network
+      menu = Net latency
+      title = Network latency (ICMP pings)
+
+      ++ google
+      probe = FPing
+      host = google.de
+      ++ webde
+      probe = FPing
+      host = web.de
+
+      + services
+      menu = Service latency
+      title = Service latency (DNS, HTTP)
+
+      ++ HTTP
+      menu = HTTP latency
+      title = Service latency (HTTP)
+
+      +++ webdeping
+      probe = EchoPingHttp
+      host = web.de
+
+      +++ googwebping
+      probe = EchoPingHttp
+      host = google.de
+
+      #+++ webwww
+      #probe = Curl
+      #host = web.de
+
+      #+++ googwebwww
+      #probe = Curl
+      #host = google.de
+    '';
+    probeConfig = ''
+       + FPing
+       binary = /run/wrappers/bin/fping
+       + EchoPingHttp
+       pings = 5
+       url = /
+
+       #+ Curl
+       ## probe-specific variables
+       #binary = ${pkgs.curl}/bin/curl
+       #step = 60
+       ## a default for this target-specific variable
+       #urlformat = http://%host%/
+    '';
+  };
 }
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index faa29f3db..443f912d8 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -56,8 +56,8 @@ with import <stockholm/lib>;
       <stockholm/makefu/2configs/git/brain-retiolum.nix>
       <stockholm/makefu/2configs/tor.nix>
       <stockholm/makefu/2configs/vpn/vpngate.nix>
-      <stockholm/makefu/2configs/steam.nix>
       # <stockholm/makefu/2configs/buildbot-standalone.nix>
+      <stockholm/makefu/2configs/remote-build/master.nix>
 
       # Hardware
       <stockholm/makefu/2configs/hw/tp-x230.nix>