15 files changed, 194 insertions, 30 deletions

diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index 5f1d6e121..87029a693 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -16,16 +16,32 @@ in {
       ../2configs/smart-monitor.nix
       ../2configs/exim-retiolum.nix
       ../2configs/virtualization.nix
+
+      ../2configs/temp-share-samba.nix
   ];
+  services.samba.shares = {
+      isos = {
+        path = "/data/isos/";
+        "read only" = "yes";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+  };
   services.tinc.networks.siem = {
     name = "sdarth";
     extraConfig = "ConnectTo = sjump";
   };
+
+  makefu.forward-journal = {
+    enable = true;
+    src = "10.8.10.2";
+    dst = "10.8.10.6";
+  };
+
   #networking.firewall.enable = false;
   krebs.retiolum.enable = true;
 
   boot.kernelModules = [ "coretemp" "f71882fg" ];
-
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
   networking = {
@@ -33,6 +49,7 @@ in {
     firewall = {
       allowPing = true;
       logRefusedConnections = false;
+      trustedInterfaces = [ "eno1" ];
       allowedUDPPorts = [ 80 655 1655 67 ];
       allowedTCPPorts = [ 80 655 1655 ];
     };
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index e71055f54..8c24e0ff5 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -75,6 +75,7 @@ in {
 
 
   # HDD Array stuff
+  environment.systemPackages = [ pkgs.mergerfs ];
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
 
   makefu.snapraid = let
@@ -129,7 +130,10 @@ in {
     kernelModules = [ "kvm-intel" ];
     extraModulePackages = [ ];
   };
-
+  users.users.misa = {
+    uid = 9002;
+    name = "misa";
+  };
   hardware.enableAllFirmware = true;
   hardware.cpu.intel.updateMicrocode = true;
 
diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix
index 1fe8871d2..3a3ac9c7c 100644
--- a/makefu/1systems/shoney.nix
+++ b/makefu/1systems/shoney.nix
@@ -3,8 +3,9 @@ let
   tinc-siem-ip = "10.8.10.1";
 
   ip     = "64.137.234.215";
-  alt-ip = "64.137.234.210";
-  extra-ip = "64.137.234.114"; #currently unused
+  alt-ip = "64.137.234.210";    # honeydrive honeyd
+  extra-ip1 = "64.137.234.114"; # floating tinc.siem
+  extra-ip2 = "64.137.234.232"; # honeydrive
   gw = "64.137.234.1";
 in {
   imports = [
@@ -15,7 +16,7 @@ in {
   ];
 
 
-
+  environment.systemPackages = [ pkgs.honeyd ];
   services.tinc.networks.siem.name = "sjump";
 
   krebs = {
@@ -37,10 +38,15 @@ in {
       };
     };
   };
+  makefu.forward-journal = {
+    enable = true;
+    src = "10.8.10.1";
+    dst = "10.8.10.6";
+  };
   networking =  {
     interfaces.enp2s1.ip4 = [
       { address = ip; prefixLength = 24; }
-      { address = alt-ip; prefixLength = 24; }
+      # { address = alt-ip; prefixLength = 24; }
     ];
 
     defaultGateway = gw;
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 8b71b1393..3fcb173ce 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -5,23 +5,23 @@
   imports =
     [ # Include the results of the hardware scan.
       ../.
-      <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>)
+      (toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
       ../2configs/main-laptop.nix #< base-gui
+      # (toString <secrets>)/extra-hosts.nix
 
       # environment
 
     ];
-  nixpkgs.config.allowUnfree = true;
+  # workaround for https://github.com/NixOS/nixpkgs/issues/16641
+  services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
 
+  nixpkgs.config.allowUnfree = true;
   fileSystems."/nix" = {
     device ="/dev/disk/by-label/nixstore";
     fsType = "ext4";
   };
-  fileSystems."/var/lib/docker" = {
-    device ="/dev/disk/by-label/nix-docker";
-    fsType = "ext4";
-  };
-  #makefu.buildbot.master.enable = true;
+
   # allow vbob to deploy self
   users.extraUsers = {
     root = {
@@ -52,11 +52,7 @@
       "gum"
     ];
   };
-
-  networking.extraHosts = ''
-    172.17.20.190  gitlab
-    172.17.62.27   svbittool01 tool
-  '';
+  virtualisation.docker.enable = false;
 
   fileSystems."/media/share" = {
     fsType = "vboxsf";
diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix
new file mode 100644
index 000000000..4813eeb0f
--- /dev/null
+++ b/makefu/2configs/binary-cache/lass.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+  nix = {
+    binaryCaches = [
+      "http://cache.prism.r"
+    ];
+    binaryCachePublicKeys = [
+      "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+    ];
+  };
+}
diff --git a/makefu/2configs/binary-cache/nixos.nix b/makefu/2configs/binary-cache/nixos.nix
new file mode 100644
index 000000000..2ff5e1307
--- /dev/null
+++ b/makefu/2configs/binary-cache/nixos.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+  nix = {
+    binaryCaches = [
+      "https://cache.nixos.org/"
+    ];
+    binaryCachePublicKeys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    ];
+  };
+}
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 58a537a2b..f3bf0c46e 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -2,8 +2,6 @@
 
 with config.krebs.lib;
 {
-  system.stateVersion = "15.09";
-
   imports = [
     {
       users.extraUsers =
@@ -11,6 +9,8 @@ with config.krebs.lib;
                  (import <secrets/hashedPasswords.nix>);
     }
     ./vim.nix
+    ./binary-cache/nixos.nix
+    ./binary-cache/lass.nix
   ];
 
   nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
@@ -18,13 +18,14 @@ with config.krebs.lib;
     enable = true;
 
     dns.providers.siem = "hosts";
+    dns.providers.lan  = "hosts";
     search-domain = "retiolum";
     build = {
       user = config.krebs.users.makefu;
       source = let inherit (config.krebs.build) host user; in {
         nixpkgs.git = {
           url = https://github.com/nixos/nixpkgs;
-          ref = "63b9785"; # stable @ 2016-06-01
+          rev = "0546a4a"; # stable @ 2016-06-11
         };
         secrets.file =
           if getEnv "dummy_secrets" == "true"
@@ -64,9 +65,6 @@ with config.krebs.lib;
 
   programs.ssh = {
     startAgent = false;
-    extraConfig = ''
-      UseRoaming no
-    '';
   };
   services.openssh.enable = true;
   nix.useChroot = true;
diff --git a/makefu/2configs/temp-share-samba.nix b/makefu/2configs/temp-share-samba.nix
index 5f21e3bf7..0907c2dbf 100644
--- a/makefu/2configs/temp-share-samba.nix
+++ b/makefu/2configs/temp-share-samba.nix
@@ -1,9 +1,12 @@
 {config, ... }:{
+  networking.firewall.allowedUDPPorts = [ 137 138 ];
+  networking.firewall.allowedTCPPorts = [ 139 445 ];
   users.users.smbguest = {
     name = "smbguest";
     uid = config.ids.uids.smbguest;
     description = "smb guest user";
-    home = "/var/empty";
+    home = "/home/share";
+    createHome = true;
   };
   services.samba = {
     enable = true;
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
index aaabcd50e..2b4e24774 100644
--- a/makefu/2configs/virtualization-virtualbox.nix
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -2,8 +2,8 @@
 
 let
   mainUser = config.krebs.build.user;
-  version = "5.0.6";
-  rev = "103037";
+  version = "5.0.20";
+  rev = "106931";
   vboxguestpkg = pkgs.fetchurl {
         url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
         sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
@@ -14,5 +14,10 @@ in {
   nixpkgs.config.virtualbox.enableExtensionPack = true;
 
   users.extraGroups.vboxusers.members = [ "${mainUser.name}" ];
-  environment.systemPackages = [ vboxguestpkg ];
+  nixpkgs.config.packageOverrides = super: {
+    boot.kernelPackages = super.boot.kernelPackages.virtualbox.override {
+      buildInputs = super.boot.kernelPackages.virtualBox.buildInputs
+        ++ [ vboxguestpkg ];
+    };
+  };
 }
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 853bdca04..febebaa18 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -6,6 +6,7 @@ _:
     ./umts.nix
     ./taskserver.nix
     ./awesome-extra.nix
+    ./forward-journal.nix
   ];
 }
 
diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix
new file mode 100644
index 000000000..26de3ffdd
--- /dev/null
+++ b/makefu/3modules/forward-journal.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+  cfg = config.makefu.forward-journal;
+
+  out = {
+    options.makefu.forward-journal = api;
+    config = lib.mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "forward journal via syslog";
+    src = mkOption {
+      type = types.str;
+      description = "syslog host identifier";
+      default = config.networking.hostName;
+    };
+    dst = mkOption {
+      type = types.str;
+      description = "syslog host identifier";
+      default = "";
+    };
+    proto = mkOption {
+      type = types.str;
+      default = "udp";
+    };
+    port = mkOption {
+      type = types.int;
+      description = "destination port";
+      default = 514;
+    };
+
+  };
+
+  imp = {
+    services.syslog-ng = {
+      enable = true;
+      extraConfig = ''
+        template t_remote { template("<$PRI>$DATE ${cfg.src} $PROGRAM[$PID]: $MSG\n"); };
+        source s_all { system(); internal(); };
+        destination d_loghost { udp("${cfg.dst}" port(${toString cfg.port}) template(t_remote)); };
+        log { source(s_all); destination(d_loghost); };
+      '';
+    };
+  };
+
+in
+out
+
diff --git a/makefu/5pkgs/awesomecfg/kiosk.lua b/makefu/5pkgs/awesomecfg/kiosk.lua
index 81ec99225..ec255a8af 100644
--- a/makefu/5pkgs/awesomecfg/kiosk.lua
+++ b/makefu/5pkgs/awesomecfg/kiosk.lua
@@ -521,13 +521,15 @@ awful.rules.rules = {
 }
 
 -- awful.util.spawn_with_shell("chromium --new-window --kiosk https://www.checkpoint.com/ThreatPortal/livemap.html")
-awful.util.spawn_with_shell("chromium --new-window --kiosk http://wolf:3000/dashboard/db/soc-critical-values")
+--awful.util.spawn_with_shell("chromium --new-window --kiosk http://wolf:3000/dashboard/db/soc-critical-values")
 -- awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://wolf:3000/dashboard/db/aralast")
 --awful.util.spawn_with_shell("chromium --new-window --kiosk http://gast.aramark.de/thales-deutschland/menu/pdf/woche_de.php")
 
-awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://map.norsecorp.com")
+--awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://map.norsecorp.com")
 --awful.util.spawn_with_shell("sleep 0.5;chromium --new-window --kiosk http://threatmap.fortiguard.com")
 
+awful.util.spawn_with_shell("chromium --new-window --kiosk 'https://ossim.siem/ossim/#dashboard/overview/overview'")
+awful.util.spawn_with_shell("chromium --new-window --kiosk 'https://ossim.siem/ossim/#analysis/alarms/alarms'")
 
 -- }}}
 
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index f6a6b674b..f94136c0b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -10,6 +10,8 @@ in
     alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
     awesomecfg = callPackage ./awesomecfg {};
     bintray-upload = callPackage ./bintray-upload {};
+    git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
+    mergerfs = callPackage ./mergerfs {};
     mycube-flask = callPackage ./mycube-flask {};
     nodemcu-uploader = callPackage ./nodemcu-uploader {};
     tw-upload-plugin = callPackage ./tw-upload-plugin {};
diff --git a/makefu/5pkgs/git-xlsx-textconv/default.nix b/makefu/5pkgs/git-xlsx-textconv/default.nix
new file mode 100644
index 000000000..1f631f020
--- /dev/null
+++ b/makefu/5pkgs/git-xlsx-textconv/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, lib, goPackages, fetchFromGitHub }:
+let
+  go-xlsx = goPackages.buildGoPackage rec {
+  name = "go-xlsx-${version}";
+  version = "46e6e472d";
+
+  goPackagePath = "github.com/tealeg/xlsx";
+  src = fetchFromGitHub {
+    rev = version;
+    owner = "tealeg";
+    repo = "xlsx";
+    sha256 = "1vls05asms7azhyszbqpgdby9l45jpgisbzzmbrzi30n6cvs89zg";
+  };
+};
+in
+(goPackages.buildGoPackage rec {
+  name = "git-xlsx-textconv-${version}";
+  version = "70685e7f8";
+
+
+  goPackagePath = "github.com/tokuhirom/git-xlsx-textconv";
+
+  src = fetchFromGitHub {
+    rev = version;
+    owner = "tokuhirom";
+    repo = "git-xlsx-textconv";
+    sha256 = "055f3caj1y8v7sc2pz9q0dfyi2ij77d499pby4sjfvm5kjy9msdi";
+  };
+  propagatedBuildInputs = [ go-xlsx ];
+}).bin
diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix
new file mode 100644
index 000000000..64e8fc671
--- /dev/null
+++ b/makefu/5pkgs/mergerfs/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchgit, fuse, pkgconfig, which, attr, pandoc, git }:
+
+stdenv.mkDerivation rec {
+  name = "mergerfs-${version}";
+  version = "2.14.0";
+
+  # not using fetchFromGitHub because of changelog being built with git log
+  src = fetchgit {
+    url = "https://github.com/trapexit/mergerfs";
+    rev = "refs/tags/${version}";
+    sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm";
+    deepClone = true;
+  };
+
+  buildInputs = [ fuse pkgconfig which attr pandoc git ];
+
+  makeFlags = [ "PREFIX=$(out)" "XATTR_AVAILABLE=1" ];
+
+
+  meta = {
+    homepage = https://github.com/trapexit/mergerfs;
+    description = "a FUSE based union filesystem";
+    license = stdenv.lib.licenses.isc;
+    maintainers = [ stdenv.lib.maintainers.makefu ];
+  };
+}