summaryrefslogtreecommitdiffstats
path: root/makefu/1systems
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems')
-rw-r--r--makefu/1systems/cake/config.nix55
-rw-r--r--makefu/1systems/cake/source.nix4
-rw-r--r--makefu/1systems/gum/config.nix12
-rw-r--r--makefu/1systems/latte/config.nix54
-rw-r--r--makefu/1systems/latte/source.nix4
-rw-r--r--makefu/1systems/omo/config.nix2
-rw-r--r--makefu/1systems/pnp/config.nix5
-rw-r--r--makefu/1systems/wbob/config.nix106
-rw-r--r--makefu/1systems/x/config.nix1
9 files changed, 237 insertions, 6 deletions
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
new file mode 100644
index 000000000..c287c28df
--- /dev/null
+++ b/makefu/1systems/cake/config.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+{
+ imports = [
+ <stockholm/makefu>
+ <stockholm/makefu/2configs/tools/core.nix>
+# configure your hw:
+# <stockholm/makefu/2configs/save-diskspace.nix>
+ ];
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ krebs = {
+ enable = true;
+ tinc.retiolum.enable = true;
+ build.host = config.krebs.hosts.cake;
+ };
+ boot.loader.grub.enable = false;
+ boot.loader.generic-extlinux-compatible.enable = true;
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ];
+
+ programs.info.enable = false;
+ programs.man.enable = false;
+ services.nixosManual.enable = false;
+ boot.tmpOnTmpfs = lib.mkForce false;
+
+ hardware.enableRedistributableFirmware = true;
+ hardware.firmware = [
+ (pkgs.stdenv.mkDerivation {
+ name = "broadcom-rpi3-rest";
+ src = pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt";
+ sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7";
+ };
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/lib/firmware/brcm
+ cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt
+ '';
+ })
+ ];
+ networking.wireless.enable = true;
+
+# File systems configuration for using the installer's partition layout
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix
new file mode 100644
index 000000000..cd97a7c62
--- /dev/null
+++ b/makefu/1systems/cake/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/makefu/source.nix> {
+ name="cake";
+ full = true;
+}
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 2f288e708..e769b1e22 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -40,10 +40,11 @@ in {
# services
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/sabnzbd.nix>
- # <stockholm/makefu/2configs/torrent.nix>
+ <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
<stockholm/makefu/2configs/dnscrypt/server.nix>
+ <stockholm/makefu/2configs/remote-build/slave.nix>
## Web
<stockholm/makefu/2configs/nginx/share-download.nix>
@@ -74,10 +75,15 @@ in {
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/logging/client.nix>
+ # Temporary:
+ <stockholm/makefu/2configs/temp/rst-issue.nix>
+
];
makefu.dl-dir = "/var/download";
-
+ services.openssh.hostKeys = [
+ { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
+ { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;
@@ -143,6 +149,8 @@ in {
53589
# temp vnc
18001
+ # temp reverseshell
+ 31337
];
allowedUDPPorts = [
# tinc
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
new file mode 100644
index 000000000..3b06660c6
--- /dev/null
+++ b/makefu/1systems/latte/config.nix
@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+let
+
+ # external-ip = config.krebs.build.host.nets.internet.ip4.addr;
+ # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ # default-gw = "185.215.224.1";
+ # prefixLength = 24;
+ # external-mac = "46:5b:fc:f4:44:c9";
+ # ext-if = "et0";
+in {
+
+ imports = [
+ <stockholm/makefu>
+ # configure your hw:
+ <stockholm/makefu/2configs/hw/CAC.nix>
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+ <stockholm/makefu/2configs/save-diskspace.nix>
+
+ # Security
+ <stockholm/makefu/2configs/sshd-totp.nix>
+ <stockholm/makefu/2configs/stats/client.nix>
+
+ # Tools
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/vim.nix>
+ <stockholm/makefu/2configs/zsh-user.nix>
+ # Services
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+ <stockholm/makefu/2configs/torrent.nix>
+
+ ];
+ krebs = {
+ enable = true;
+ build.host = config.krebs.hosts.latte;
+ };
+ boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
+
+ boot.loader.grub.device = "/dev/vda";
+ boot.loader.grub.copyKernels = true;
+ fileSystems."/" = {
+ device = "/dev/vda1";
+ fsType = "ext4";
+ };
+ networking = {
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ 655 ];
+ };
+ # network interface receives dhcp address
+ nameservers = [ "8.8.8.8" ];
+ };
+}
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
new file mode 100644
index 000000000..d9600909a
--- /dev/null
+++ b/makefu/1systems/latte/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/makefu/source.nix> {
+ name = "latte";
+ torrent = true;
+}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 32cd3f900..a22ff10bd 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -65,6 +65,8 @@ in {
# services
<stockholm/makefu/2configs/syncthing.nix>
<stockholm/makefu/2configs/mqtt.nix>
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+
# security
<stockholm/makefu/2configs/sshd-totp.nix>
diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix
index 5fbaaabc7..6c9fc0606 100644
--- a/makefu/1systems/pnp/config.nix
+++ b/makefu/1systems/pnp/config.nix
@@ -34,10 +34,11 @@
krebs.Reaktor.debug = {
debug = true;
extraEnviron = {
- REAKTOR_HOST = "ni.r";
+ # TODO: remove hard-coded server
+ REAKTOR_HOST = "irc.r";
};
plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ];
- channels = [ "#retiolum" ];
+ channels = [ "#xxx" ];
};
krebs.build.host = config.krebs.hosts.pnp;
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index b776b49d6..3a53b70cb 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -25,7 +25,9 @@ in {
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
# <stockholm/makefu/2configs/vncserver.nix>
<stockholm/makefu/2configs/temp/rst-issue.nix>
- ];
+ # Services
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+ ];
krebs = {
enable = true;
@@ -33,10 +35,48 @@ in {
};
swapDevices = [ { device = "/var/swap"; } ];
+ services.collectd.extraConfig = lib.mkAfter ''
+ #LoadPlugin ping
+ # does not work because it requires privileges
+ #<Plugin "ping">
+ # Host "google.de"
+ # Host "heise.de"
+ #</Plugin>
+
+ LoadPlugin curl
+ <Plugin curl>
+ TotalTime true
+ NamelookupTime true
+ ConnectTime true
+
+ <Page "google">
+ MeasureResponseTime true
+ MeasureResponseCode true
+ URL "https://google.de"
+ </Page>
+
+ <Page "webde">
+ MeasureResponseTime true
+ MeasureResponseCode true
+ URL "http://web.de"
+ </Page>
+
+ </Plugin>
+ #LoadPlugin netlink
+ #<Plugin "netlink">
+ # Interface "enp0s25"
+ # Interface "wlp2s0"
+ # IgnoreSelected false
+ #</Plugin>
+ '';
networking.firewall.allowedUDPPorts = [ 655 ];
- networking.firewall.allowedTCPPorts = [ 655 49152 ];
+ networking.firewall.allowedTCPPorts = [
+ 655
+ 8081 #smokeping
+ 49152
+ ];
networking.firewall.trustedInterfaces = [ "enp0s25" ];
#services.tinc.networks.siem = {
# name = "display";
@@ -90,4 +130,66 @@ in {
serverAddress = "x.r";
};
};
+ security.wrappers.fping = {
+ source = "${pkgs.fping}/bin/fping";
+ setuid = true;
+ };
+ services.smokeping = {
+ enable = true;
+ targetConfig = ''
+ probe = FPing
+ menu = Top
+ title = Network Latency Grapher
+ remark = Welcome to this SmokePing website.
+
+ + network
+ menu = Net latency
+ title = Network latency (ICMP pings)
+
+ ++ google
+ probe = FPing
+ host = google.de
+ ++ webde
+ probe = FPing
+ host = web.de
+
+ + services
+ menu = Service latency
+ title = Service latency (DNS, HTTP)
+
+ ++ HTTP
+ menu = HTTP latency
+ title = Service latency (HTTP)
+
+ +++ webdeping
+ probe = EchoPingHttp
+ host = web.de
+
+ +++ googwebping
+ probe = EchoPingHttp
+ host = google.de
+
+ #+++ webwww
+ #probe = Curl
+ #host = web.de
+
+ #+++ googwebwww
+ #probe = Curl
+ #host = google.de
+ '';
+ probeConfig = ''
+ + FPing
+ binary = /run/wrappers/bin/fping
+ + EchoPingHttp
+ pings = 5
+ url = /
+
+ #+ Curl
+ ## probe-specific variables
+ #binary = ${pkgs.curl}/bin/curl
+ #step = 60
+ ## a default for this target-specific variable
+ #urlformat = http://%host%/
+ '';
+ };
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 892eb1095..f7db75564 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -57,6 +57,7 @@ with import <stockholm/lib>;
<stockholm/makefu/2configs/tor.nix>
<stockholm/makefu/2configs/vpn/vpngate.nix>
# <stockholm/makefu/2configs/buildbot-standalone.nix>
+ # <stockholm/makefu/2configs/remote-build/master.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix>