diff options
Diffstat (limited to 'makefu/1systems')
-rw-r--r-- | makefu/1systems/cake/config.nix | 55 | ||||
-rw-r--r-- | makefu/1systems/cake/source.nix | 4 | ||||
-rw-r--r-- | makefu/1systems/gum/config.nix | 12 | ||||
-rw-r--r-- | makefu/1systems/latte/config.nix | 54 | ||||
-rw-r--r-- | makefu/1systems/latte/source.nix | 4 | ||||
-rw-r--r-- | makefu/1systems/omo/config.nix | 2 | ||||
-rw-r--r-- | makefu/1systems/pnp/config.nix | 5 | ||||
-rw-r--r-- | makefu/1systems/wbob/config.nix | 106 | ||||
-rw-r--r-- | makefu/1systems/x/config.nix | 1 |
9 files changed, 237 insertions, 6 deletions
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix new file mode 100644 index 000000000..c287c28df --- /dev/null +++ b/makefu/1systems/cake/config.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/makefu> + <stockholm/makefu/2configs/tools/core.nix> +# configure your hw: +# <stockholm/makefu/2configs/save-diskspace.nix> + ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.cake; + }; + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" ]; + + programs.info.enable = false; + programs.man.enable = false; + services.nixosManual.enable = false; + boot.tmpOnTmpfs = lib.mkForce false; + + hardware.enableRedistributableFirmware = true; + hardware.firmware = [ + (pkgs.stdenv.mkDerivation { + name = "broadcom-rpi3-rest"; + src = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt"; + sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7"; + }; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/lib/firmware/brcm + cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt + ''; + }) + ]; + networking.wireless.enable = true; + +# File systems configuration for using the installer's partition layout + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; +} diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix new file mode 100644 index 000000000..cd97a7c62 --- /dev/null +++ b/makefu/1systems/cake/source.nix @@ -0,0 +1,4 @@ +import <stockholm/makefu/source.nix> { + name="cake"; + full = true; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 2f288e708..e769b1e22 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,10 +40,11 @@ in { # services <stockholm/makefu/2configs/share/gum.nix> <stockholm/makefu/2configs/sabnzbd.nix> - # <stockholm/makefu/2configs/torrent.nix> + <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/remote-build/slave.nix> ## Web <stockholm/makefu/2configs/nginx/share-download.nix> @@ -74,10 +75,15 @@ in { <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> + # Temporary: + <stockholm/makefu/2configs/temp/rst-issue.nix> + ]; makefu.dl-dir = "/var/download"; - + services.openssh.hostKeys = [ + { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; } + { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ]; ###### stable services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; @@ -143,6 +149,8 @@ in { 53589 # temp vnc 18001 + # temp reverseshell + 31337 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix new file mode 100644 index 000000000..3b06660c6 --- /dev/null +++ b/makefu/1systems/latte/config.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: +let + + # external-ip = config.krebs.build.host.nets.internet.ip4.addr; + # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + # default-gw = "185.215.224.1"; + # prefixLength = 24; + # external-mac = "46:5b:fc:f4:44:c9"; + # ext-if = "et0"; +in { + + imports = [ + <stockholm/makefu> + # configure your hw: + <stockholm/makefu/2configs/hw/CAC.nix> + <stockholm/makefu/2configs/tinc/retiolum.nix> + <stockholm/makefu/2configs/save-diskspace.nix> + + # Security + <stockholm/makefu/2configs/sshd-totp.nix> + <stockholm/makefu/2configs/stats/client.nix> + + # Tools + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/vim.nix> + <stockholm/makefu/2configs/zsh-user.nix> + # Services + <stockholm/makefu/2configs/remote-build/slave.nix> + <stockholm/makefu/2configs/torrent.nix> + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.latte; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.copyKernels = true; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + # network interface receives dhcp address + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix new file mode 100644 index 000000000..d9600909a --- /dev/null +++ b/makefu/1systems/latte/source.nix @@ -0,0 +1,4 @@ +import <stockholm/makefu/source.nix> { + name = "latte"; + torrent = true; +} diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 32cd3f900..a22ff10bd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -65,6 +65,8 @@ in { # services <stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/mqtt.nix> + <stockholm/makefu/2configs/remote-build/slave.nix> + # security <stockholm/makefu/2configs/sshd-totp.nix> diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 5fbaaabc7..6c9fc0606 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -34,10 +34,11 @@ krebs.Reaktor.debug = { debug = true; extraEnviron = { - REAKTOR_HOST = "ni.r"; + # TODO: remove hard-coded server + REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; - channels = [ "#retiolum" ]; + channels = [ "#xxx" ]; }; krebs.build.host = config.krebs.hosts.pnp; diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b776b49d6..3a53b70cb 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -25,7 +25,9 @@ in { # <stockholm/makefu/2configs/audio/realtime-audio.nix> # <stockholm/makefu/2configs/vncserver.nix> <stockholm/makefu/2configs/temp/rst-issue.nix> - ]; + # Services + <stockholm/makefu/2configs/remote-build/slave.nix> + ]; krebs = { enable = true; @@ -33,10 +35,48 @@ in { }; swapDevices = [ { device = "/var/swap"; } ]; + services.collectd.extraConfig = lib.mkAfter '' + #LoadPlugin ping + # does not work because it requires privileges + #<Plugin "ping"> + # Host "google.de" + # Host "heise.de" + #</Plugin> + + LoadPlugin curl + <Plugin curl> + TotalTime true + NamelookupTime true + ConnectTime true + + <Page "google"> + MeasureResponseTime true + MeasureResponseCode true + URL "https://google.de" + </Page> + + <Page "webde"> + MeasureResponseTime true + MeasureResponseCode true + URL "http://web.de" + </Page> + + </Plugin> + #LoadPlugin netlink + #<Plugin "netlink"> + # Interface "enp0s25" + # Interface "wlp2s0" + # IgnoreSelected false + #</Plugin> + ''; networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.allowedTCPPorts = [ + 655 + 8081 #smokeping + 49152 + ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; @@ -90,4 +130,66 @@ in { serverAddress = "x.r"; }; }; + security.wrappers.fping = { + source = "${pkgs.fping}/bin/fping"; + setuid = true; + }; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = Top + title = Network Latency Grapher + remark = Welcome to this SmokePing website. + + + network + menu = Net latency + title = Network latency (ICMP pings) + + ++ google + probe = FPing + host = google.de + ++ webde + probe = FPing + host = web.de + + + services + menu = Service latency + title = Service latency (DNS, HTTP) + + ++ HTTP + menu = HTTP latency + title = Service latency (HTTP) + + +++ webdeping + probe = EchoPingHttp + host = web.de + + +++ googwebping + probe = EchoPingHttp + host = google.de + + #+++ webwww + #probe = Curl + #host = web.de + + #+++ googwebwww + #probe = Curl + #host = google.de + ''; + probeConfig = '' + + FPing + binary = /run/wrappers/bin/fping + + EchoPingHttp + pings = 5 + url = / + + #+ Curl + ## probe-specific variables + #binary = ${pkgs.curl}/bin/curl + #step = 60 + ## a default for this target-specific variable + #urlformat = http://%host%/ + ''; + }; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 892eb1095..f7db75564 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -57,6 +57,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/tor.nix> <stockholm/makefu/2configs/vpn/vpngate.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> + # <stockholm/makefu/2configs/remote-build/master.nix> # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> |