diff options
Diffstat (limited to 'makefu/2configs')
| -rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/hw/stk1160.nix | 3 | ||||
| -rw-r--r-- | makefu/2configs/printer.nix | 25 | ||||
| -rw-r--r-- | makefu/2configs/stats/nodisk-client.nix | 60 | ||||
| -rw-r--r-- | makefu/2configs/stats/server.nix | 2 | ||||
| -rw-r--r-- | makefu/2configs/tools/all.nix | 1 | ||||
| -rw-r--r-- | makefu/2configs/tools/android-pentest.nix | 14 | ||||
| -rw-r--r-- | makefu/2configs/vpn/openvpn-server.nix | 111 | ||||
| -rw-r--r-- | makefu/2configs/vpn/vpngate.nix (renamed from makefu/2configs/openvpn/vpngate.nix) | 0 |
9 files changed, 212 insertions, 7 deletions
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 96b6c303d..b89bfadfd 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -12,6 +12,9 @@ let stockholm = { cgit.desc = "Make all the systems into 1systems!"; }; + stockholm-issues = { + cgit.desc = "Issue tracker"; + }; tinc_graphs = { cgit.desc = "Tinc Advanced Graph Generation"; }; diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index e73741e26..b3a9e1a5a 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,8 +1,9 @@ { pkgs, ... }: { # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_latest = pkgs.linux_latest.override { + linux_4_9 = pkgs.linux_4_9.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 509ed512d..0865a0841 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -1,15 +1,30 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: -{ +let + mainUser = config.krebs.build.user.name; +in { services.printing = { enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo + pkgs.cups-dymo # dymo labelwriter + pkgs.foo2zjs # magicolor 1690mf ]; }; # scanners are printers just in reverse anyway - hardware.sane.enable = true; - hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + services.saned.enable = true; + users.users."${mainUser}".extraGroups = [ "scanner" ]; + + hardware.sane = { + enable = true; + extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + + # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 + + # requires 'sane-extra', scan via: + extraConfig."magicolor" = '' + net 10.42.20.30 0x2098 + ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + }; } diff --git a/makefu/2configs/stats/nodisk-client.nix b/makefu/2configs/stats/nodisk-client.nix new file mode 100644 index 000000000..fc8a268ce --- /dev/null +++ b/makefu/2configs/stats/nodisk-client.nix @@ -0,0 +1,60 @@ +{pkgs, config, ...}: +{ + # disk module wakes up parked disks + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + Interval 30.0 + + LoadPlugin interface + <Plugin "interface"> + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + </Plugin> + + # LoadPlugin df + #<Plugin "df"> + # MountPoint "/nix/store" + # # MountPoint "/run*" + # # MountPoint "/sys*" + # # MountPoint "/dev" + # # MountPoint "/dev/shm" + # # MountPoint "/tmp" + # FSType "tmpfs" + # FSType "binfmt_misc" + # FSType "debugfs" + # FSType "mqueue" + # FSType "hugetlbfs" + # FSType "systemd-1" + # FSType "cgroup" + # FSType "securityfs" + # FSType "ramfs" + # FSType "proc" + # FSType "devpts" + # FSType "devtmpfs" + # MountPoint "/var/lib/docker/devicemapper" + # IgnoreSelected true + #</Plugin> + + LoadPlugin cpu + <Plugin cpu> + ReportByCpu true + ReportByState true + ValuesPercentage true + </Plugin> + + LoadPlugin network + <Plugin "network"> + Server "${config.makefu.stats-server}" "25826" + </Plugin> + ''; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 602fcc6d0..8f9935658 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -29,7 +29,7 @@ in { enabled = true; typesdb = "${pkgs.collectd}/share/collectd/types.db"; database = db; - port = collectd-port; + bind-address = ":${toString collectd-port}"; }]; }; krebs.kapacitor = diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index e64e216e0..31c959d47 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -1,5 +1,6 @@ { imports = [ + ./android-pentest.nix ./core.nix ./core-gui.nix ./dev.nix diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix new file mode 100644 index 000000000..3f65424cc --- /dev/null +++ b/makefu/2configs/tools/android-pentest.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + users.users.makefu.packages = with pkgs; [ + mitmproxy + nmap + msf + drozer + dex2jar + apktool + jd-gui + android-studio + ]; +} diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix new file mode 100644 index 000000000..1e7edbf78 --- /dev/null +++ b/makefu/2configs/vpn/openvpn-server.nix @@ -0,0 +1,111 @@ +{ config, pkgs, ... }: +let + out-itf = config.makefu.server.primary-itf; + # generate via openvpn --genkey --secret static.key + client-key = (toString <secrets>) + "/openvpn-laptop.key"; + # domain = "vpn.euer.krebsco.de"; + domain = "gum.krebsco.de"; + dev = "tun0"; + port = 1194; + tcp-port = 3306; +in { + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + networking.nat = { + enable = true; + externalInterface = out-itf; + internalInterfaces = [ dev ]; + }; + networking.firewall.trustedInterfaces = [ dev ]; + networking.firewall.allowedUDPPorts = [ port ]; + environment.systemPackages = [ pkgs.openvpn ]; + services.openvpn.servers.smartphone.config = '' + #user nobody + #group nobody + + dev ${dev} + proto udp + ifconfig 10.8.0.1 10.8.0.2 + secret ${client-key} + port ${toString port} + cipher AES-256-CBC + comp-lzo + + keepalive 10 60 + ping-timer-rem + persist-tun + persist-key + ''; + + environment.etc."openvpn/smartphone-client.ovpn" = { + text = '' + client + dev tun + remote "${domain}" + ifconfig 10.8.0.1 10.8.0.2 + port ${toString port} + + cipher AES-256-CBC + comp-lzo + keepalive 10 60 + resolv-retry infinite + nobind + persist-key + persist-tun + + secret [inline] + + ''; + mode = "700"; + }; + system.activationScripts.openvpn-addkey = '' + f="/etc/openvpn/smartphone-client.ovpn" + if ! grep -q '<secret>' $f; then + echo "appending secret key" + echo "<secret>" >> $f + cat ${client-key} >> $f + echo "</secret>" >> $f + fi + ''; + #smartphone-tcp.config = '' + # user nobody + # group nobody + + # dev ${dev} + # proto tcp + # ifconfig 10.8.0.1 10.8.0.3 + # secret ${client-key} + # port tcp-port + # comp-lzo + + # keepalive 10 60 + # ping-timer-rem + # persist-tun + # persist-key + #''; + # TODO: forward via 443 + # stream { + # + # map $ssl_preread_server_name $name { + # vpn1.app.com vpn1_backend; + # vpn2.app.com vpn2_backend; + # https.app.com https_backend; + # } + # + # upstream vpn1_backend { + # server 10.0.0.3:443; + # } + # + # upstream vpn2_backend { + # server 10.0.0.4:443; + # } + # + # upstream https_backend { + # server 10.0.0.5:443; + # + # server { + # listen 10.0.0.1:443; + # proxy_pass $name; + # ssl_preread on; + # } + # } +} diff --git a/makefu/2configs/openvpn/vpngate.nix b/makefu/2configs/vpn/vpngate.nix index bf3101b19..bf3101b19 100644 --- a/makefu/2configs/openvpn/vpngate.nix +++ b/makefu/2configs/vpn/vpngate.nix |