From 26c897d72ce24a300b871a737c74742f35221006 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 28 Nov 2018 17:00:39 +0100 Subject: ma bgt: init download.binaergewitter.de --- makefu/2configs/bgt/auphonic.pub | 1 + makefu/2configs/bgt/download.binaergewitter.de.nix | 38 +++++++++++++++++ makefu/2configs/bgt/hidden_service.nix | 48 ++++++++++++++++++++++ makefu/2configs/deployment/bgt/hidden_service.nix | 48 ---------------------- .../2configs/nginx/download.binaergewitter.de.nix | 25 ----------- 5 files changed, 87 insertions(+), 73 deletions(-) create mode 100644 makefu/2configs/bgt/auphonic.pub create mode 100644 makefu/2configs/bgt/download.binaergewitter.de.nix create mode 100644 makefu/2configs/bgt/hidden_service.nix delete mode 100644 makefu/2configs/deployment/bgt/hidden_service.nix delete mode 100644 makefu/2configs/nginx/download.binaergewitter.de.nix diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub new file mode 100644 index 000000000..37b8e0599 --- /dev/null +++ b/makefu/2configs/bgt/auphonic.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix new file mode 100644 index 000000000..6d64848f5 --- /dev/null +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + ident = (builtins.readFile ./auphonic.pub); +in { + services.openssh = { + allowSFTP = true; + sftpFlags = [ "-l VERBOSE" ]; + extraConfig = '' + Match User auphonic + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no + PasswordAuthentication no + ''; + }; + users.users.auphonic = { + uid = genid "auphonic"; + group = "nginx"; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; + }; + services.nginx = { + enable = lib.mkDefault true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + virtualHosts."download.binaergewitter.de" = { + serverAliases = [ "dl2.binaergewitter.de" ]; + root = "/var/www/binaergewitter"; + extraConfig = '' + access_log /var/spool/nginx/logs/binaergewitter.access.log combined; + error_log /var/spool/nginx/logs/binaergewitter.error.log error; + autoindex on; + ''; + }; + }; +} diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix new file mode 100644 index 000000000..c1a31b8dc --- /dev/null +++ b/makefu/2configs/bgt/hidden_service.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: + +with lib; +let + name = "bgt_cyberwar_hidden_service"; + sec = (toString ) + "/"; + secdir = sec + name; + srvdir = "/var/lib/tor/onion/"; + basedir = srvdir + name; + hn = builtins.readFile (secdir + "/hostname"); +in +{ + systemd.services.prepare-hidden-service = { + wantedBy = [ "local-fs.target" ]; + before = [ "tor.service" ]; + serviceConfig = { + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + set -euf + if ! test -d "${basedir}" ;then + mkdir -p "${srvdir}" + cp -r "${secdir}" "${srvdir}" + chown -R tor:tor "${srvdir}" + chmod -R 700 "${basedir}" + else + echo "not overwriting ${basedir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + services.nginx.virtualHosts."${hn}".locations."/" = { + proxyPass = "https://blog.binaergewitter.de"; + extraConfig = '' + proxy_set_header Host blog.binaergewitter.de; + proxy_ssl_server_name on; + ''; + }; + services.tor = { + enable = true; + hiddenServices."${name}".map = [ + { port = "80"; } + # { port = "443"; toHost = "blog.binaergewitter.de"; } + ]; + }; +} diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/deployment/bgt/hidden_service.nix deleted file mode 100644 index c1a31b8dc..000000000 --- a/makefu/2configs/deployment/bgt/hidden_service.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - name = "bgt_cyberwar_hidden_service"; - sec = (toString ) + "/"; - secdir = sec + name; - srvdir = "/var/lib/tor/onion/"; - basedir = srvdir + name; - hn = builtins.readFile (secdir + "/hostname"); -in -{ - systemd.services.prepare-hidden-service = { - wantedBy = [ "local-fs.target" ]; - before = [ "tor.service" ]; - serviceConfig = { - ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' - #!/bin/sh - set -euf - if ! test -d "${basedir}" ;then - mkdir -p "${srvdir}" - cp -r "${secdir}" "${srvdir}" - chown -R tor:tor "${srvdir}" - chmod -R 700 "${basedir}" - else - echo "not overwriting ${basedir}" - fi - ''; - Type = "oneshot"; - RemainAfterExit = "yes"; - TimeoutSec = "0"; - }; - }; - services.nginx.virtualHosts."${hn}".locations."/" = { - proxyPass = "https://blog.binaergewitter.de"; - extraConfig = '' - proxy_set_header Host blog.binaergewitter.de; - proxy_ssl_server_name on; - ''; - }; - services.tor = { - enable = true; - hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } - ]; - }; -} diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/nginx/download.binaergewitter.de.nix deleted file mode 100644 index 6b5687e72..000000000 --- a/makefu/2configs/nginx/download.binaergewitter.de.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - ident = (toString ) + "/mirrorsync.gum.id_ed25519"; -in { - systemd.services.mirrorsync = { - startAt = "08:00:00"; - path = with pkgs; [ rsync openssh ]; - script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; - }; - services.nginx = { - enable = lib.mkDefault true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - virtualHosts."download.binaergewitter.de" = { - serverAliases = [ "dl2.binaergewitter.de" ]; - root = "/var/www/binaergewitter"; - extraConfig = '' - access_log /var/spool/nginx/logs/binaergewitter.access.log combined; - error_log /var/spool/nginx/logs/binaergewitter.error.log error; - autoindex on; - ''; - }; - }; -} -- cgit v1.2.3 From a2b8571c5e39e4a8b5adf6be91a661332a0103df Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Nov 2018 23:02:21 +0100 Subject: ma: fix ssh key of ulrich --- krebs/3modules/makefu/ssh/ulrich.pub | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/makefu/ssh/ulrich.pub b/krebs/3modules/makefu/ssh/ulrich.pub index 88313ee7c..8ac69004c 100644 --- a/krebs/3modules/makefu/ssh/ulrich.pub +++ b/krebs/3modules/makefu/ssh/ulrich.pub @@ -1 +1 @@ -AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sobyfvUu/G2Ms+T0cI4CSgtjCoO2qEYVK1jkqC2A9mLJfNoPsToLowfGszpOAM9S4Rtn+OJ+vPMvs2E4pkZmXcmJZFAKKPNadmzwqCQyskBdoyszkj7DXngX56ZQ+ZEf+vPp2tu/IN0CFNVUllUcWP2TD2ECH5qkBODBHLyGf4PvV35yGpuYNFhFSWkTxwXZ7d5eat2kmwTfryX91Z+M901t6MK0ADyUwBkbotwSn/B6xUEZzExlGhRziRlIM0MrmSMvUA1mcmMJWVfHbb5Sw8yVstUuaU98C3EzDPNlVTbu5al2sDk4+jjireMMMVHC0j8aj7DlhvcF2t7ZpAKy+HN/PFuV7+RgN3DmIMLwbSRfykH3ATVdBzoL0/XmGBRXht6M22igAMFt9o/oHtwWt2JYcNX5poS8kLcjPzGHcx7KOslZ7VZev4BTpFAZIeMYhlzsNCI88bxUqdFxIcofNIQMy4Ep4qJXlgMduQbYtPDRpclDe82yiblhz48+HF/j8+0ZBx4w3jb4XBtgeTfwM2nARsD7MRzokfMfbGf6cZ8AU0/h69ECdsy2KYCKzgFxV/SHN2fDk6SZWLHmxDZ8N02VqgXMTvkYHvDBiaNxM0/iNMKqYCfuxjQPSusBENSgwhUnBGgoGYZuz0r2oMdtzqrkC/VbDxi5gSKl+ZoaMQ== shackspace.de@myvdr.de -- cgit v1.2.3 From 91e05287a7a37e960a14144a5abcb4e39cba500c Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Nov 2018 23:15:36 +0100 Subject: k binary-cache: use https://cache.krebsco.de --- krebs/2configs/binary-cache/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 46b386e14..51b4a1afc 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" -- cgit v1.2.3 From 861d4481f710d60d0d84aa8b1f8997f7fc18890d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 30 Nov 2018 23:18:53 +0100 Subject: ma krops: RIP deployment option --- makefu/krops.nix | 15 +++++---------- makefu/update-channel.sh | 2 +- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 6c510eba3..2a2f70a05 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -7,7 +7,6 @@ host-src = { secure = false; - full = false; torrent = false; hw = false; musnix = false; @@ -23,7 +22,11 @@ { # nixos-18.09 @ 2018-09-18 # + uhub/sqlite: 5dd7610401747 - nixpkgs = if test then { + # + hovercraft: 7134801b17d72 + nixpkgs = if host-src.arm6 then { + # TODO: we want to track the unstable channel + symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; + } else { file = { path = toString (pkgs.fetchFromGitHub { owner = "makefu"; @@ -33,14 +36,6 @@ }); useChecksum = true; }; - } else if host-src.full then { - git.ref = nixpkgs-src.rev; - git.url = nixpkgs-src.url; - } else if host-src.arm6 then { - # TODO: we want to track the unstable channel - symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; - } else { - file = "/home/makefu/store/${nixpkgs-src.rev}"; }; nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; diff --git a/makefu/update-channel.sh b/makefu/update-channel.sh index 59d3c434f..0899581ec 100755 --- a/makefu/update-channel.sh +++ b/makefu/update-channel.sh @@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --rev refs/heads/master' \ > $dir/nixpkgs.json newref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') -echo git commit $dir/nixpkgs.json -m "nixpkgs: $oldref -> $newref" +echo "git commit $dir/nixpkgs.json -m 'ma nixpkgs: $oldref -> $newref'" -- cgit v1.2.3 From 5782a4de2e5b5f4843a421bac7456e83790950d1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 09:20:14 +0100 Subject: cache.nixos.org: provide index.html --- krebs/2configs/cache.nsupdate.info.nix | 8 ++++++-- krebs/3modules/cachecache.nix | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index 056667d8c..db221686f 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -1,4 +1,4 @@ -{lib, ... }: +{ pkgs, lib, ... }: with lib; let domain = "cache.nsupdate.info"; @@ -17,9 +17,13 @@ in { }; krebs.cachecache = { enable = true; - enableSSL = false; # disable letsencrypt for testing + enableSSL = true; # disable letsencrypt for testing cacheDir = "/var/cache/nix-cache-cache"; maxSize = "10g"; + indexFile = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html"; + sha256 = "0n9lji4rpi2wpfik3dvl92mmpfrywyp33iwsw7d8qmykk7l0hfp8"; + }; # assumes that the domain is reachable from the internet virtualHost = domain; diff --git a/krebs/3modules/cachecache.nix b/krebs/3modules/cachecache.nix index 989320480..2c2d07ff5 100644 --- a/krebs/3modules/cachecache.nix +++ b/krebs/3modules/cachecache.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ pkgs, config, lib, ... }: # fork of https://gist.github.com/rycee/f495fc6cc4130f155e8b670609a1e57b @@ -59,15 +59,6 @@ in ''; }; - # webRoot = mkOption { - # type = types.str; - # default = "/"; - # description = '' - # Directory on virtual host that serves the cache. Must end in - # /. - # ''; - # }; - resolver = mkOption { type = types.str; description = "Address of DNS resolver."; @@ -82,6 +73,13 @@ in Where nginx should store cached data. ''; }; + indexFile = mkOption { + type = types.path; + default = pkgs.writeText "myindex" "hello world"; + description = '' + Path to index.html file. + ''; + }; maxSize = mkOption { type = types.str; @@ -98,6 +96,7 @@ in systemd.services.nginx.preStart = '' mkdir -p ${cfg.cacheDir} /srv/www/nix-cache-cache chmod 700 ${cfg.cacheDir} /srv/www/nix-cache-cache + ln -fs ${cfg.indexFile} /srv/www/nix-cache-cache/index.html chown ${nginxCfg.user}:${nginxCfg.group} \ ${cfg.cacheDir} /srv/www/nix-cache-cache ''; @@ -143,6 +142,7 @@ in locations."/" = { root = "/srv/www/nix-cache-cache"; + index = "index.html"; extraConfig = '' expires max; add_header Cache-Control $nix_cache_cache_header always; -- cgit v1.2.3 From 9052d190a352ef9b581d084e2edcd95800cadcfe Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 09:20:48 +0100 Subject: ma gum.r: enable download.binaergewitter and cache.nsupdate.info --- makefu/1systems/gum/config.nix | 12 ++++++++---- makefu/1systems/gum/hardware-config.nix | 11 ++++++++++- makefu/1systems/gum/rescue.txt | 4 ++++ makefu/1systems/gum/source.nix | 2 +- 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 3d2cbac6f..a1691da3a 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -4,13 +4,14 @@ with import ; let external-ip = config.krebs.build.host.nets.internet.ip4.addr; ext-if = config.makefu.server.primary-itf; + allDisks = [ "/dev/sda" "/dev/sdb" ]; in { imports = [ ./hardware-config.nix { users.users.lass = { - uid = 9002; + uid = 19002; isNormalUser = true; createHome = true; useDefaultShell = true; @@ -21,7 +22,7 @@ in { }; } - # + # Security @@ -93,13 +94,15 @@ in { + - + + # @@ -132,7 +135,7 @@ in { ListenAddress = ${external-ip} 21031 ''; connectTo = [ - "prism" "ni" "enklave" "dishfire" "echelon" "hotdog" + "prism" "ni" "enklave" "eve" "archprism" ]; }; @@ -189,6 +192,7 @@ in { nameservers = [ "8.8.8.8" ]; }; users.users.makefu.extraGroups = [ "download" "nginx" ]; + services.smartd.devices = builtins.map (x: { device = x; }) allDisks; boot.tmpOnTmpfs = true; state = [ "/home/makefu/.weechat" ]; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index bfe29b46c..e9670a5a4 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -46,7 +46,7 @@ in { "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "dm-thin-pool" "kvm-intel" ]; hardware.enableRedistributableFirmware = true; fileSystems."/" = { device = "/dev/mapper/nixos-root"; @@ -56,10 +56,19 @@ in { device = "/dev/mapper/nixos-lib"; fsType = "ext4"; }; + fileSystems."/var/log" = { + device = "/dev/mapper/nixos-log"; + fsType = "ext4"; + }; fileSystems."/var/download" = { device = "/dev/mapper/nixos-download"; fsType = "ext4"; }; + fileSystems."/var/www/binaergewitter" = { + device = "/dev/mapper/nixos-binaergewitter"; + fsType = "ext4"; + options = [ "nofail" ]; + }; fileSystems."/var/lib/borgbackup" = { device = "/dev/mapper/nixos-backup"; fsType = "ext4"; diff --git a/makefu/1systems/gum/rescue.txt b/makefu/1systems/gum/rescue.txt index 30276b7db..0a3ed96ee 100644 --- a/makefu/1systems/gum/rescue.txt +++ b/makefu/1systems/gum/rescue.txt @@ -1,10 +1,14 @@ +ssh gum.i -o StrictHostKeyChecking=no + mount /dev/mapper/nixos-root /mnt mount /dev/sda2 /mnt/boot chroot-prepare /mnt chroot /mnt /bin/sh + journalctl -D /mnt/var/log/journal --since today # find the active system (or check grub) +# ... activating ... export PATH=/nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/sw/bin /nix/store/9incs5sfn7n1vh1lavgp95v761nh11w3-nixos-system-nextgum-18.03pre-git/activate diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index 6940498f1..1e36c6e87 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,5 +1,5 @@ { - name="nextgum"; + name="gum"; torrent = true; clever_kexec = true; } -- cgit v1.2.3 From 756d387a544ccae47db770d88ce7a72e22343b30 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 09:30:57 +0100 Subject: ma 0tests: add nsupdate-cache.nix --- makefu/0tests/data/secrets/nsupdate-cache.nix | 1 + 1 file changed, 1 insertion(+) create mode 100644 makefu/0tests/data/secrets/nsupdate-cache.nix diff --git a/makefu/0tests/data/secrets/nsupdate-cache.nix b/makefu/0tests/data/secrets/nsupdate-cache.nix new file mode 100644 index 000000000..f5e704702 --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-cache.nix @@ -0,0 +1 @@ +"derp" -- cgit v1.2.3 From 9c04c0cc107fb32ac0fffb1af68d3868fe062a7b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 22:04:39 +0100 Subject: ma: move home-automation --- makefu/2configs/deployment/google-muell.nix | 37 --- .../2configs/deployment/homeautomation/default.nix | 260 --------------------- makefu/2configs/deployment/homeautomation/mqtt.nix | 24 -- makefu/2configs/homeautomation/default.nix | 260 +++++++++++++++++++++ makefu/2configs/homeautomation/google-muell.nix | 37 +++ makefu/2configs/homeautomation/mqtt.nix | 24 ++ 6 files changed, 321 insertions(+), 321 deletions(-) delete mode 100644 makefu/2configs/deployment/google-muell.nix delete mode 100644 makefu/2configs/deployment/homeautomation/default.nix delete mode 100644 makefu/2configs/deployment/homeautomation/mqtt.nix create mode 100644 makefu/2configs/homeautomation/default.nix create mode 100644 makefu/2configs/homeautomation/google-muell.nix create mode 100644 makefu/2configs/homeautomation/mqtt.nix diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix deleted file mode 100644 index 235cc1546..000000000 --- a/makefu/2configs/deployment/google-muell.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, buildPythonPackage, ... }: -with import ; -let - pkg = pkgs.ampel; - home = "/var/lib/ampel"; - sec = "${toString }/google-muell.json"; - ampelsec = "${home}/google-muell.json"; - cred = "${toString }/google-muell-creds.json"; - # TODO: generate this credential file locally - ampelcred = "${home}/google-muell-creds.json"; - esp = "192.168.8.204"; - sleepval = "1800"; -in { - users.users.ampel = { - uid = genid "ampel"; - createHome = true; - isSystemUser = true; - inherit home; - }; - systemd.services.google-muell-ampel = { - description = "Send led change to rgb cubes"; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "ampel"; - ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' - install -m600 -o ampel ${sec} ${ampelsec} - install -m600 -o ampel ${cred} ${ampelcred} - ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; - PermissionsStartOnly = true; - Restart = "always"; - RestartSec = 10; - PrivateTmp = true; - }; - }; -} diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix deleted file mode 100644 index 94799b11d..000000000 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ /dev/null @@ -1,260 +0,0 @@ -{ pkgs, lib, config, ... }: - -# Ideas: -## wake-on-lan server -## -let - tasmota_rgb = name: topic: -# LED WS2812b -# effect_state_topic: "stat/led/Scheme" -# effect_command_topic: "cmnd/led/Scheme" -# effect_value_template: "{{ value_json.Scheme }}" - { platform = "mqtt"; - inherit name; - retain = false; - qos = 1; - optimistic = false; - # state - # TODO: currently broken, will not use the custom state topic - #state_topic = "/ham/${topic}/stat/POWER"; - state_topic = "/ham/${topic}/stat/POWER"; - command_topic = "/ham/${topic}/cmnd/POWER"; - availability_topic = "/ham/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - # brightness - brightness_state_topic = "/ham/${topic}/stat/Dimmer"; - brightness_command_topic = "/ham/${topic}/cmnd/Dimmer"; - brightness_value_template = "{{ value_json.Dimmer }}"; - brightness_scale = 100; - # color - rgb_state_topic = "/ham/${topic}/stat/Color"; - rgb_command_topic = "/ham/${topic}/cmnd/Color2"; - rgb_command_mode = "hex"; - rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; - # effects - effect_state_topic = "/ham/${topic}/stat/Scheme"; - effect_command_topic = "/ham/${topic}/cmnd/Scheme"; - effect_value_template = "{{ value_json.Scheme }}"; - effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; -}; - # switchmode 1 - also toggle power - # switchtopic flurlicht - tasmota_motion = name: topic: - { platform = "mqtt"; - device_class = "motion"; - inherit name; - # TODO: currently broken, will not use the custom state topic - state_topic = "/ham/${topic}/stat/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - availability_topic = "/ham/${topic}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - - firetv = "192.168.1.238"; - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "/ham/${topic}/stat/POWER1"; - command_topic = "/ham/${topic}/cmnd/POWER1"; - availability_topic = "/ham/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - }; - tasmota_bme = name: topic: - [ { platform = "mqtt"; - name = "${name} Temperatur"; - state_topic = "/ham/${topic}/tele/SENSOR"; - value_template = "{{ value_json.BME280.Temperature }}"; - unit_of_measurement = "°C"; - } - { platform = "mqtt"; - name = "${name} Luftfeuchtigkeit"; - state_topic = "/ham/${topic}/tele/SENSOR"; - value_template = "{{ value_json.BME280.Humidity }}"; - unit_of_measurement = "%"; - } - { platform = "mqtt"; - name = "${name} Luftdruck"; - state_topic = "/ham/${topic}/tele/SENSOR"; - value_template = "{{ value_json.BME280.Pressure }}"; - unit_of_measurement = "hPa"; - } - ]; - tasmota_am2301 = name: topic: - [ { platform = "mqtt"; - name = "${name} Temperatur"; - state_topic = "/ham/${topic}/tele/SENSOR"; - value_template = "{{ value_json.AM2301.Temperature }}"; - unit_of_measurement = "°C"; - } - { platform = "mqtt"; - name = "${name} Luftfeuchtigkeit"; - state_topic = "/ham/${topic}/tele/SENSOR"; - value_template = "{{ value_json.AM2301.Humidity }}"; - unit_of_measurement = "%"; - } - ]; -in { - imports = [ - ./mqtt.nix - ]; - #systemd.services.firetv = { - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # User = "nobody"; - # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - # }; - #}; - services.home-assistant = { - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - elevation = 247; - }; - #discovery = {}; - conversation = {}; - history = {}; - logbook = {}; - tts = [ - { platform = "google";} - ]; - sun.elevation = 247; - recorder = {}; - media_player = [ - { platform = "kodi"; - host = firetv; - } - #{ platform = "firetv"; - # # assumes python-firetv running - #} - ]; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "hass"; - password = lib.removeSuffix "\n" (builtins.readFile ); - keepalive = 60; - protocol = 3.1; - birth_message = { - topic = "/ham/hass/tele/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "/ham/hass/tele/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - binary_sensor = [ - (tasmota_motion "Flur Bewegung" "flurlicht") - ]; - sensor = [ - # broken - #{ platform = "speedtest"; - # monitored_conditions = [ "ping" "download" "upload" ]; - #} - { platform = "luftdaten"; - name = "Wangen"; - sensorid = "663"; - monitored_conditions = [ "P1" "P2" ]; - } - # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile ); - language = "de"; - monitored_conditions = [ "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" - "apparent_temperature" - "hourly_summary" - "humidity" - "pressure" - "uv_index" ]; - units = "si" ; - update_interval = { - days = 0; - hours = 0; - minutes = 30; - seconds = 0; - }; - } - ] - ++ (tasmota_bme "Schlafzimmer" "schlafzimmer") - ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer"); - frontend = { }; - group = - { default_view = - { view = "yes"; - entities = [ - "group.flur" - "group.schlafzimmer" - "group.draussen" - "group.wohnzimmer" - "group.arbeitszimmer" - ]; - }; - flur = [ - "light.flurlicht" - "binary_sensor.flur_bewegung" - ]; - wohnzimmer = [ - "media_player.kodi" - ]; - draussen = [ - "sensor.dark_sky_temperature" - "sensor.dark_sky_hourly_summary" - "sensor.wangen_pm10" - "sensor.wangen_pm25" - ]; - schlafzimmer = [ - "sensor.schlafzimmer_temperatur" - "sensor.schlafzimmer_luftdruck" - "sensor.schlafzimmer_luftfeuchtigkeit" - "switch.lichterkette_schlafzimmer" - ]; - arbeitszimmer = [ - "switch.strom_staubsauger" - "sensor.arbeitszimmer_temperatur" - "sensor.arbeitszimmer_luftfeuchtigkeit" - ]; - }; - http = { }; - switch = [ - (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") - (tasmota_plug "Strom Staubsauger" "arbeitszimmer") - ]; - light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; - automation = [ - { alias = "Staubsauger Strom aus nach 6h"; - trigger = { - platform = "state"; - entity_id = "switch.strom_staubsauger"; - to = "on"; - for.hours = 6; - }; - action = { - service= "homeassistant.turn_off"; - entity_id= "switch.strom_staubsauger"; - }; - } - ]; - }; - enable = true; - #configDir = "/var/lib/hass"; - }; -} diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix deleted file mode 100644 index cd1c328d7..000000000 --- a/makefu/2configs/deployment/homeautomation/mqtt.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, config, ... }: -{ - services.mosquitto = { - enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - # see /mosquitto - users.sensor = { - hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "topic readwrite #" ]; - }; - users.hass = { - hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "topic readwrite #" ]; - }; - users.stats = { - hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "topic read #" ]; - }; - }; - environment.systemPackages = [ pkgs.mosquitto ]; - # port open via trusted interface -} diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix new file mode 100644 index 000000000..94799b11d --- /dev/null +++ b/makefu/2configs/homeautomation/default.nix @@ -0,0 +1,260 @@ +{ pkgs, lib, config, ... }: + +# Ideas: +## wake-on-lan server +## +let + tasmota_rgb = name: topic: +# LED WS2812b +# effect_state_topic: "stat/led/Scheme" +# effect_command_topic: "cmnd/led/Scheme" +# effect_value_template: "{{ value_json.Scheme }}" + { platform = "mqtt"; + inherit name; + retain = false; + qos = 1; + optimistic = false; + # state + # TODO: currently broken, will not use the custom state topic + #state_topic = "/ham/${topic}/stat/POWER"; + state_topic = "/ham/${topic}/stat/POWER"; + command_topic = "/ham/${topic}/cmnd/POWER"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + # brightness + brightness_state_topic = "/ham/${topic}/stat/Dimmer"; + brightness_command_topic = "/ham/${topic}/cmnd/Dimmer"; + brightness_value_template = "{{ value_json.Dimmer }}"; + brightness_scale = 100; + # color + rgb_state_topic = "/ham/${topic}/stat/Color"; + rgb_command_topic = "/ham/${topic}/cmnd/Color2"; + rgb_command_mode = "hex"; + rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; + # effects + effect_state_topic = "/ham/${topic}/stat/Scheme"; + effect_command_topic = "/ham/${topic}/cmnd/Scheme"; + effect_value_template = "{{ value_json.Scheme }}"; + effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ]; +}; + # switchmode 1 - also toggle power + # switchtopic flurlicht + tasmota_motion = name: topic: + { platform = "mqtt"; + device_class = "motion"; + inherit name; + # TODO: currently broken, will not use the custom state topic + state_topic = "/ham/${topic}/stat/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + + firetv = "192.168.1.238"; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/ham/${topic}/stat/POWER1"; + command_topic = "/ham/${topic}/cmnd/POWER1"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; + tasmota_bme = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Humidity }}"; + unit_of_measurement = "%"; + } + { platform = "mqtt"; + name = "${name} Luftdruck"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Pressure }}"; + unit_of_measurement = "hPa"; + } + ]; + tasmota_am2301 = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.AM2301.Humidity }}"; + unit_of_measurement = "%"; + } + ]; +in { + imports = [ + ./mqtt.nix + ]; + #systemd.services.firetv = { + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # User = "nobody"; + # ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + # }; + #}; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + #discovery = {}; + conversation = {}; + history = {}; + logbook = {}; + tts = [ + { platform = "google";} + ]; + sun.elevation = 247; + recorder = {}; + media_player = [ + { platform = "kodi"; + host = firetv; + } + #{ platform = "firetv"; + # # assumes python-firetv running + #} + ]; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "hass"; + password = lib.removeSuffix "\n" (builtins.readFile ); + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; + binary_sensor = [ + (tasmota_motion "Flur Bewegung" "flurlicht") + ]; + sensor = [ + # broken + #{ platform = "speedtest"; + # monitored_conditions = [ "ping" "download" "upload" ]; + #} + { platform = "luftdaten"; + name = "Wangen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile ); + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" + "apparent_temperature" + "hourly_summary" + "humidity" + "pressure" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 30; + seconds = 0; + }; + } + ] + ++ (tasmota_bme "Schlafzimmer" "schlafzimmer") + ++ (tasmota_am2301 "Arbeitszimmer" "arbeitszimmer"); + frontend = { }; + group = + { default_view = + { view = "yes"; + entities = [ + "group.flur" + "group.schlafzimmer" + "group.draussen" + "group.wohnzimmer" + "group.arbeitszimmer" + ]; + }; + flur = [ + "light.flurlicht" + "binary_sensor.flur_bewegung" + ]; + wohnzimmer = [ + "media_player.kodi" + ]; + draussen = [ + "sensor.dark_sky_temperature" + "sensor.dark_sky_hourly_summary" + "sensor.wangen_pm10" + "sensor.wangen_pm25" + ]; + schlafzimmer = [ + "sensor.schlafzimmer_temperatur" + "sensor.schlafzimmer_luftdruck" + "sensor.schlafzimmer_luftfeuchtigkeit" + "switch.lichterkette_schlafzimmer" + ]; + arbeitszimmer = [ + "switch.strom_staubsauger" + "sensor.arbeitszimmer_temperatur" + "sensor.arbeitszimmer_luftfeuchtigkeit" + ]; + }; + http = { }; + switch = [ + (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + (tasmota_plug "Strom Staubsauger" "arbeitszimmer") + ]; + light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; + automation = [ + { alias = "Staubsauger Strom aus nach 6h"; + trigger = { + platform = "state"; + entity_id = "switch.strom_staubsauger"; + to = "on"; + for.hours = 6; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.strom_staubsauger"; + }; + } + ]; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; +} diff --git a/makefu/2configs/homeautomation/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix new file mode 100644 index 000000000..235cc1546 --- /dev/null +++ b/makefu/2configs/homeautomation/google-muell.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, buildPythonPackage, ... }: +with import ; +let + pkg = pkgs.ampel; + home = "/var/lib/ampel"; + sec = "${toString }/google-muell.json"; + ampelsec = "${home}/google-muell.json"; + cred = "${toString }/google-muell-creds.json"; + # TODO: generate this credential file locally + ampelcred = "${home}/google-muell-creds.json"; + esp = "192.168.8.204"; + sleepval = "1800"; +in { + users.users.ampel = { + uid = genid "ampel"; + createHome = true; + isSystemUser = true; + inherit home; + }; + systemd.services.google-muell-ampel = { + description = "Send led change to rgb cubes"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "ampel"; + ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' + install -m600 -o ampel ${sec} ${ampelsec} + install -m600 -o ampel ${cred} ${ampelcred} + ''; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; + PermissionsStartOnly = true; + Restart = "always"; + RestartSec = 10; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/homeautomation/mqtt.nix b/makefu/2configs/homeautomation/mqtt.nix new file mode 100644 index 000000000..cd1c328d7 --- /dev/null +++ b/makefu/2configs/homeautomation/mqtt.nix @@ -0,0 +1,24 @@ +{ pkgs, config, ... }: +{ + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + # see /mosquitto + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + # port open via trusted interface +} -- cgit v1.2.3 From 42e64be38804bd97c65f009e26a3de3af03d07dc Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 3 Dec 2018 22:06:23 +0100 Subject: cache.nsupdate.info: bump index --- krebs/2configs/cache.nsupdate.info.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index db221686f..74f345614 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -22,7 +22,7 @@ in { maxSize = "10g"; indexFile = pkgs.fetchurl { url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html"; - sha256 = "0n9lji4rpi2wpfik3dvl92mmpfrywyp33iwsw7d8qmykk7l0hfp8"; + sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0"; }; # assumes that the domain is reachable from the internet -- cgit v1.2.3 From 1859d6653a12e1bfda9465780610f63da8f5ce69 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 4 Dec 2018 13:37:56 +0100 Subject: ma mv {deployment,}/bureautomation --- makefu/2configs/bureautomation/default.nix | 41 ++++ makefu/2configs/bureautomation/hass.nix | 240 +++++++++++++++++++++ makefu/2configs/bureautomation/mpd.nix | 9 + .../2configs/deployment/bureautomation/default.nix | 41 ---- makefu/2configs/deployment/bureautomation/hass.nix | 240 --------------------- makefu/2configs/deployment/bureautomation/mpd.nix | 9 - 6 files changed, 290 insertions(+), 290 deletions(-) create mode 100644 makefu/2configs/bureautomation/default.nix create mode 100644 makefu/2configs/bureautomation/hass.nix create mode 100644 makefu/2configs/bureautomation/mpd.nix delete mode 100644 makefu/2configs/deployment/bureautomation/default.nix delete mode 100644 makefu/2configs/deployment/bureautomation/hass.nix delete mode 100644 makefu/2configs/deployment/bureautomation/mpd.nix diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix new file mode 100644 index 000000000..3897537ea --- /dev/null +++ b/makefu/2configs/bureautomation/default.nix @@ -0,0 +1,41 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 3001; + runit = pkgs.writeDash "runit" '' + set -xeuf + PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin + name=''${1?must provide name as first arg} + state=''${2?must provide state as second arg} + # val=''${3?must provide val as third arg} + + # we ignore non-alerting events + test $state = alerting || exit 0 + + echo $name - $state + curl 'http://bauarbeiterlampe/ay?o=1' + sleep 5 + curl 'http://bauarbeiterlampe/ay?o=1' + ''; +in { + services.logstash = { + package = pkgs.logstash5; + enable = true; + inputConfig = '' + http { + port => ${toString port} + host => "127.0.0.1" + } + ''; + filterConfig = '' + ''; + outputConfig = '' + stdout { codec => json } + exec { command => "${runit} '%{ruleName}' '%{state}'" } + ''; + extraSettings = '' + path.plugins: [ "${pkgs.logstash-output-exec}" ] + ''; + }; +} diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix new file mode 100644 index 000000000..443484a34 --- /dev/null +++ b/makefu/2configs/bureautomation/hass.nix @@ -0,0 +1,240 @@ +{ pkgs, lib, ... }: +let + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER1"; + command_topic = "/bam/${topic}/cmnd/POWER1"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; + tasmota_stecki = name: topic: + ( tasmota_plug name topic) // + { state_topic = "/bam/${topic}/stat/POWER"; + command_topic = "/bam/${topic}/cmnd/POWER"; + }; + espeasy_dht22 = name: [ + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; +in { + networking.firewall.allowedTCPPorts = [ 8123 ]; + + services.home-assistant = { + enable = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + latitude = "48.8265"; + longitude = "9.0676"; + elevation = 303; + }; + + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "/bam/hass/tele/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "/bam/hass/tele/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; + switch = [ + (tasmota_plug "Bauarbeiterlampe" "plug") + (tasmota_plug "Blitzdings" "plug2") + (tasmota_stecki "Fernseher" "fernseher") + (tasmota_plug "Pluggy" "plug4") + ]; + binary_sensor = [ + { platform = "mqtt"; + device_class = "motion"; + name = "Motion"; + state_topic = "/bam/easy2/movement/Switch"; + payload_on = "1"; + payload_off = "0"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + ]; + sensor = + (espeasy_dht22 "easy1") ++ + (espeasy_dht22 "easy2") ++ + [ (espeasy_ds18 "easy3" ) + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "5341"; + monitored_conditions = [ "P1" "P2" ]; + } + + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile ); + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "apparent_temperature" + "hourly_summary" # next 24 hours text + "minutely_summary" + "humidity" + "pressure" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 30; + seconds = 0; + }; + } + #{ platform = "influxdb"; + # queries = [ + # { name = "mean value of feinstaub P1"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P1"; + # } + # { name = "mean value of feinstaub P2"; + # where = '' "node" = 'esp8266-1355142' ''; + # measurement = "feinstaub"; + # database = "telegraf"; + # field = "P2"; + # } + # ]; + #} + ]; + camera = [ + { name = "Baumarkt"; + platform = "generic"; + still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt + } + { name = "Autobahn Heilbronn"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; + } + { name = "Autobahn Singen"; + platform = "generic"; + still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; + } + ]; + frontend = { }; + http = { }; + conversation = {}; + history = {}; + logbook = {}; + tts = [ { platform = "google";} ]; + recorder = {}; + group = + { default_view = + { view = "yes"; + entities = [ + "group.sensors" + "group.outside" + "group.switches" + "group.automation" + "group.camera" + ]; + }; + automation = [ + "automation.turn_off_fernseher_10_minutes_after_last_movement" + ]; + switches = [ + "switch.bauarbeiterlampe" + "switch.blitzdings" + "switch.fernseher" + "switch.pluggy" + ]; + camera = [ + "camera.Baumarkt" + "camera.Autobahn_Heilbronn" + "camera.Autobahn_Singen" + ]; + sensors = [ + "binary_sensor.motion" + "sensor.easy2_dht22_humidity" + "sensor.easy2_dht22_temperature" + ]; + outside = [ + "sensor.ditzingen_pm10" + "sensor.ditzingen_pm25" + "sensor.dark_sky_temperature" + "sensor.dark_sky_humidity" + "sensor.dark_sky_pressure" + "sensor.dark_sky_hourly_summary" + "sensor.dark_sky_minutely_summary" + ]; + }; + # only for automation + # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + automation = [ + { alias = "Turn on Fernseher on movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "on"; + }; + action = { + service= "homeassistant.turn_on"; + entity_id= "switch.fernseher"; + }; + } + { alias = "Turn off Fernseher 10 minutes after last movement"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.motion"; + to = "off"; + for.minutes = 10; + }; + action = { + service= "homeassistant.turn_off"; + entity_id= "switch.fernseher"; + }; + condition = [{ + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + }]; + } + ]; + }; + }; +} diff --git a/makefu/2configs/bureautomation/mpd.nix b/makefu/2configs/bureautomation/mpd.nix new file mode 100644 index 000000000..1f5acb357 --- /dev/null +++ b/makefu/2configs/bureautomation/mpd.nix @@ -0,0 +1,9 @@ +{lib,pkgs, ... }: + +{ + systemd.services."ympd-wbob" = { + description = "mpd "; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody"; + }; +} diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/deployment/bureautomation/default.nix deleted file mode 100644 index 3897537ea..000000000 --- a/makefu/2configs/deployment/bureautomation/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, lib, ... }: - -with lib; -let - port = 3001; - runit = pkgs.writeDash "runit" '' - set -xeuf - PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin - name=''${1?must provide name as first arg} - state=''${2?must provide state as second arg} - # val=''${3?must provide val as third arg} - - # we ignore non-alerting events - test $state = alerting || exit 0 - - echo $name - $state - curl 'http://bauarbeiterlampe/ay?o=1' - sleep 5 - curl 'http://bauarbeiterlampe/ay?o=1' - ''; -in { - services.logstash = { - package = pkgs.logstash5; - enable = true; - inputConfig = '' - http { - port => ${toString port} - host => "127.0.0.1" - } - ''; - filterConfig = '' - ''; - outputConfig = '' - stdout { codec => json } - exec { command => "${runit} '%{ruleName}' '%{state}'" } - ''; - extraSettings = '' - path.plugins: [ "${pkgs.logstash-output-exec}" ] - ''; - }; -} diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix deleted file mode 100644 index 443484a34..000000000 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ /dev/null @@ -1,240 +0,0 @@ -{ pkgs, lib, ... }: -let - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER1"; - command_topic = "/bam/${topic}/cmnd/POWER1"; - availability_topic = "/bam/${topic}/tele/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - }; - tasmota_stecki = name: topic: - ( tasmota_plug name topic) // - { state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - }; - espeasy_dht22 = name: [ - { platform = "mqtt"; - name = "${name} DHT22 Temperature"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - } - { platform = "mqtt"; - device_class = "humidity"; - name = "${name} DHT22 Humidity"; - state_topic = "/bam/${name}/dht22/Humidity"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }]; - espeasy_ds18 = name: - { platform = "mqtt"; - name = "${name} DS18 Temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; -in { - networking.firewall.allowedTCPPorts = [ 8123 ]; - - services.home-assistant = { - enable = true; - config = { - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - }; - - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - birth_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - switch = [ - (tasmota_plug "Bauarbeiterlampe" "plug") - (tasmota_plug "Blitzdings" "plug2") - (tasmota_stecki "Fernseher" "fernseher") - (tasmota_plug "Pluggy" "plug4") - ]; - binary_sensor = [ - { platform = "mqtt"; - device_class = "motion"; - name = "Motion"; - state_topic = "/bam/easy2/movement/Switch"; - payload_on = "1"; - payload_off = "0"; - availability_topic = "/bam/easy2/tele/LWT"; - payload_available = "Online"; - payload_not_available = "Offline"; - } - ]; - sensor = - (espeasy_dht22 "easy1") ++ - (espeasy_dht22 "easy2") ++ - [ (espeasy_ds18 "easy3" ) - { platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "5341"; - monitored_conditions = [ "P1" "P2" ]; - } - - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile ); - language = "de"; - monitored_conditions = [ "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "minutely_summary" - "humidity" - "pressure" - "uv_index" ]; - units = "si" ; - update_interval = { - days = 0; - hours = 0; - minutes = 30; - seconds = 0; - }; - } - #{ platform = "influxdb"; - # queries = [ - # { name = "mean value of feinstaub P1"; - # where = '' "node" = 'esp8266-1355142' ''; - # measurement = "feinstaub"; - # database = "telegraf"; - # field = "P1"; - # } - # { name = "mean value of feinstaub P2"; - # where = '' "node" = 'esp8266-1355142' ''; - # measurement = "feinstaub"; - # database = "telegraf"; - # field = "P2"; - # } - # ]; - #} - ]; - camera = [ - { name = "Baumarkt"; - platform = "generic"; - still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt - } - { name = "Autobahn Heilbronn"; - platform = "generic"; - still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ; - } - { name = "Autobahn Singen"; - platform = "generic"; - still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ; - } - ]; - frontend = { }; - http = { }; - conversation = {}; - history = {}; - logbook = {}; - tts = [ { platform = "google";} ]; - recorder = {}; - group = - { default_view = - { view = "yes"; - entities = [ - "group.sensors" - "group.outside" - "group.switches" - "group.automation" - "group.camera" - ]; - }; - automation = [ - "automation.turn_off_fernseher_10_minutes_after_last_movement" - ]; - switches = [ - "switch.bauarbeiterlampe" - "switch.blitzdings" - "switch.fernseher" - "switch.pluggy" - ]; - camera = [ - "camera.Baumarkt" - "camera.Autobahn_Heilbronn" - "camera.Autobahn_Singen" - ]; - sensors = [ - "binary_sensor.motion" - "sensor.easy2_dht22_humidity" - "sensor.easy2_dht22_temperature" - ]; - outside = [ - "sensor.ditzingen_pm10" - "sensor.ditzingen_pm25" - "sensor.dark_sky_temperature" - "sensor.dark_sky_humidity" - "sensor.dark_sky_pressure" - "sensor.dark_sky_hourly_summary" - "sensor.dark_sky_minutely_summary" - ]; - }; - # only for automation - # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; - automation = [ - { alias = "Turn on Fernseher on movement"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.motion"; - to = "on"; - }; - action = { - service= "homeassistant.turn_on"; - entity_id= "switch.fernseher"; - }; - } - { alias = "Turn off Fernseher 10 minutes after last movement"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.motion"; - to = "off"; - for.minutes = 10; - }; - action = { - service= "homeassistant.turn_off"; - entity_id= "switch.fernseher"; - }; - condition = [{ - condition = "time"; - before = "06:30:00"; #only turn off between 6:30 and 18:00 - after = "18:00:00"; - weekday = [ "mon" "tue" "wed" "thu" "fri" ]; - }]; - } - ]; - }; - }; -} diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/deployment/bureautomation/mpd.nix deleted file mode 100644 index 1f5acb357..000000000 --- a/makefu/2configs/deployment/bureautomation/mpd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{lib,pkgs, ... }: - -{ - systemd.services."ympd-wbob" = { - description = "mpd "; - wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host localhost --port 6600 --webport 8866 --user nobody"; - }; -} -- cgit v1.2.3 From dc64ec0307253b497afc4a99a5e6aca1f1a23be9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Dec 2018 17:26:41 +0100 Subject: l gen-secrets: add wirelum keys --- lass/5pkgs/l-gen-secrets/default.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index b6cb2ec7e..5997dca09 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -8,6 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" '' ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key + ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub cat < $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; @@ -35,6 +37,15 @@ pkgs.writeDashBin "l-gen-secrets" '' $(cat $TMPDIR/retiolum.rsa_key.pub) ${"''"}; }; + wirelum = { + ip6.addr = (wip6 "changeme").address; + aliases = [ + "$HOSTNAME.w" + ]; + wireguard.pubkey = ${"''"} + $(cat $TMPDIR/wirelum.pub) + ${"''"}; + }; }; ssh.privkey.path = ; ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; -- cgit v1.2.3 From 56ffeb186a10c7b4406ac777149e7256a6c4dbbb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 9 Dec 2018 18:43:41 +0100 Subject: ma pkgs.libopencm3: rip --- makefu/5pkgs/libopencm3/default.nix | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 makefu/5pkgs/libopencm3/default.nix diff --git a/makefu/5pkgs/libopencm3/default.nix b/makefu/5pkgs/libopencm3/default.nix deleted file mode 100644 index ed35fc639..000000000 --- a/makefu/5pkgs/libopencm3/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, gcc-arm-embedded, python }: -stdenv.mkDerivation rec { - name = "libopencm-${version}"; - version = "2017-04-01"; - - src = fetchFromGitHub { - owner = "libopencm3"; - repo = "libopencm3"; - rev = "383fafc862c0d47f30965f00409d03a328049278"; - sha256 = "0ar67icxl39cf7yb5glx3zd5413vcs7zp1jq0gzv1napvmrv3jv9"; - }; - - buildInputs = [ gcc-arm-embedded python ]; - buildPhase = '' - sed -i 's#/usr/bin/env python#${python}/bin/python#' ./scripts/irq2nvic_h - make - ''; - installPhase = '' - mkdir -p $out - cp -r lib $out/ - ''; - - meta = { - description = "Open Source ARM cortex m microcontroller library"; - homepage = https://github.com/libopencm3/libopencm3; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} -- cgit v1.2.3 From 2e18ee84f02c0d7abcf936b1d39c42ab8e75825c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Dec 2018 00:09:03 +0100 Subject: ma: sort hostnames for euer, add netdata.euer.krebsco.de --- krebs/3modules/makefu/default.nix | 52 +++++++++++++------------- makefu/2configs/stats/client.nix | 61 ------------------------------- makefu/2configs/stats/collectd-client.nix | 61 +++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 86 deletions(-) delete mode 100644 makefu/2configs/stats/client.nix create mode 100644 makefu/2configs/stats/collectd-client.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 188fbc461..32cba1886 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -560,27 +560,28 @@ in { ci = true; extraZones = { "krebsco.de" = '' + boot.euer IN A ${nets.internet.ip4.addr} cache.euer IN A ${nets.internet.ip4.addr} cache.gum IN A ${nets.internet.ip4.addr} - graph IN A ${nets.internet.ip4.addr} + cgit.euer IN A ${nets.internet.ip4.addr} + dl.euer IN A ${nets.internet.ip4.addr} + dockerhub IN A ${nets.internet.ip4.addr} + euer IN A ${nets.internet.ip4.addr} + ghook IN A ${nets.internet.ip4.addr} + git.euer IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} + graph IN A ${nets.internet.ip4.addr} + gum IN A ${nets.internet.ip4.addr} iso.euer IN A ${nets.internet.ip4.addr} - wg.euer IN A ${nets.internet.ip4.addr} - photostore IN A ${nets.internet.ip4.addr} - o.euer IN A ${nets.internet.ip4.addr} mon.euer IN A ${nets.internet.ip4.addr} - boot.euer IN A ${nets.internet.ip4.addr} - wiki.euer IN A ${nets.internet.ip4.addr} + netdata.euer IN A ${nets.internet.ip4.addr} + o.euer IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} pigstarter IN A ${nets.internet.ip4.addr} - cgit.euer IN A ${nets.internet.ip4.addr} - git.euer IN A ${nets.internet.ip4.addr} - euer IN A ${nets.internet.ip4.addr} share.euer IN A ${nets.internet.ip4.addr} - gum IN A ${nets.internet.ip4.addr} + wg.euer IN A ${nets.internet.ip4.addr} + wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} - dl.euer IN A ${nets.internet.ip4.addr} - ghook IN A ${nets.internet.ip4.addr} - dockerhub IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; @@ -607,24 +608,25 @@ in { ip4.addr = "10.243.0.213"; ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; aliases = [ - "nextgum.r" - "graph.r" - "cache.gum.r" - "logs.makefu.r" - "stats.makefu.r" "backup.makefu.r" + "blog.gum.r" + "blog.makefu.r" + "cache.gum.r" + "cgit.gum.r" + "dcpp.gum.r" "dcpp.nextgum.r" + "graph.r" "gum.r" - "cgit.gum.r" + "logs.makefu.r" + "netdata.makefu.r" + "nextgum.r" "o.gum.r" - "tracker.makefu.r" "search.makefu.r" - "wiki.makefu.r" - "wiki.gum.r" - "blog.makefu.r" - "blog.gum.r" - "dcpp.gum.r" + "stats.makefu.r" "torrent.gum.r" + "tracker.makefu.r" + "wiki.gum.r" + "wiki.makefu.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix deleted file mode 100644 index cfb5e3fd2..000000000 --- a/makefu/2configs/stats/client.nix +++ /dev/null @@ -1,61 +0,0 @@ -{pkgs, config, ...}: -{ - services.collectd = { - enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - - - LoadPlugin df - - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "tracefs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - - - LoadPlugin cpu - - ReportByCpu true - ReportByState true - ValuesPercentage true - - - LoadPlugin network - - Server "${config.makefu.stats-server}" "25826" - - ''; - }; -} diff --git a/makefu/2configs/stats/collectd-client.nix b/makefu/2configs/stats/collectd-client.nix new file mode 100644 index 000000000..cfb5e3fd2 --- /dev/null +++ b/makefu/2configs/stats/collectd-client.nix @@ -0,0 +1,61 @@ +{pkgs, config, ...}: +{ + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + LoadPlugin df + Interval 30.0 + + LoadPlugin interface + + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + + + LoadPlugin df + + MountPoint "/nix/store" + # MountPoint "/run*" + # MountPoint "/sys*" + # MountPoint "/dev" + # MountPoint "/dev/shm" + # MountPoint "/tmp" + FSType "tmpfs" + FSType "binfmt_misc" + FSType "debugfs" + FSType "tracefs" + FSType "mqueue" + FSType "hugetlbfs" + FSType "systemd-1" + FSType "cgroup" + FSType "securityfs" + FSType "ramfs" + FSType "proc" + FSType "devpts" + FSType "devtmpfs" + MountPoint "/var/lib/docker/devicemapper" + IgnoreSelected true + + + LoadPlugin cpu + + ReportByCpu true + ReportByState true + ValuesPercentage true + + + LoadPlugin network + + Server "${config.makefu.stats-server}" "25826" + + ''; + }; +} -- cgit v1.2.3 From 4d44efa2fceda1308dbe8207e8fd0f122cd64e19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Dec 2018 15:35:15 +0100 Subject: l: import network-manager only in mors --- lass/1systems/mors/config.nix | 1 + lass/2configs/baseX.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 207c7c640..46cdbbb66 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -34,6 +34,7 @@ with import ; + { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 53d90ed7d..859a2a1b9 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix - ./network-manager.nix { hardware.pulseaudio = { enable = true; -- cgit v1.2.3 From 1a88a8ae6447528fc505607f680573c501fc2273 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Dec 2018 18:41:51 +0100 Subject: ma events-publisher: use 1.0.0 --- makefu/1systems/gum/config.nix | 109 +++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 69 deletions(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a1691da3a..dcfa3d0e5 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -21,8 +21,12 @@ in { ]; }; } + # + + + { services.smartd.devices = builtins.map (x: { device = x; }) allDisks; } # Security @@ -31,6 +35,8 @@ in { + + # @@ -42,17 +48,47 @@ in { # + { # bonus retiolum config for connecting more hosts + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "prism" "ni" "enklave" "eve" "archprism" + ]; + }; + networking.firewall = { + allowedTCPPorts = + [ + 53 + 655 + 21031 + ]; + allowedUDPPorts = + [ + 53 + 655 + 21031 + ]; + }; + } # ci # + # services - + # + { + krebs.exim.enable = mkForce false; + } # sharing @@ -60,13 +96,6 @@ in { # ## # - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } # ## network @@ -92,10 +121,9 @@ in { # # - + # - @@ -104,7 +132,6 @@ in { - # # sharing @@ -118,7 +145,8 @@ in { # krebs infrastructure services - ]; + ]; + makefu.dl-dir = "/var/download"; services.openssh.hostKeys = [ @@ -128,71 +156,14 @@ in { services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; - krebs.tinc.retiolum = { - extraConfig = '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - ''; - connectTo = [ - "prism" "ni" "enklave" "eve" "archprism" - ]; - }; - - - # access - users.users = { - root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; - makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; - }; - - # Chat - environment.systemPackages = with pkgs;[ - weechat - bepasty-client-cli - tmux - ]; - - # Hardware - # Network networking = { firewall = { allowPing = true; logRefusedConnections = false; - allowedTCPPorts = [ - # smtp - 25 - # http - 80 443 - # httptunnel - 8080 8443 - # tinc - 655 - # tinc-shack - 21032 - # tinc-retiolum - 21031 - # taskserver - 53589 - # temp vnc - 18001 - # temp reverseshell - 31337 - ]; - allowedUDPPorts = [ - # tinc - 655 53 - # tinc-retiolum - 21031 - # tinc-shack - 21032 - ]; }; nameservers = [ "8.8.8.8" ]; }; users.users.makefu.extraGroups = [ "download" "nginx" ]; - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - boot.tmpOnTmpfs = true; state = [ "/home/makefu/.weechat" ]; } -- cgit v1.2.3 From 67d54622a399fc650b72b9aaf960b73996bdf0aa Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 00:20:00 +0100 Subject: ma omo.r: new disks for snapraid --- makefu/1systems/omo/hw/omo.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix index 1b618a486..31db335bb 100644 --- a/makefu/1systems/omo/hw/omo.nix +++ b/makefu/1systems/omo/hw/omo.nix @@ -48,9 +48,8 @@ in { makefu.snapraid = { enable = true; - # TODO: 3 is not protected - disks = map toMapper [ 0 1 ]; - parity = toMapper 2; + disks = map toMapper [ 0 2 3 ]; + parity = toMapper 1; }; fileSystems = let cryptMount = name: -- cgit v1.2.3 From f6d38eafe875ed344ce282c21c99f2b1919f043f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:31:17 +0100 Subject: ma omor: move homeautomation, add google-muell --- makefu/1systems/omo/config.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 260f96081..81b1e0ea1 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -44,7 +44,8 @@ in { # - + # statistics + # Logging #influx + grafana @@ -74,7 +75,8 @@ in { "homeassistant-0.77.2" ]; } - + + { makefu.ps3netsrv = { enable = true; -- cgit v1.2.3 From 5f95c191932826c33f75b590f8f34f2ceb9cb492 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:31:41 +0100 Subject: ma bureautomation: try to fix automation for fernseher --- makefu/2configs/bureautomation/hass.nix | 42 +++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 443484a34..a89a4813f 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -112,7 +112,6 @@ in { "temperature" # "temperature_high" "temperature_low" "apparent_temperature" "hourly_summary" # next 24 hours text - "minutely_summary" "humidity" "pressure" "uv_index" ]; @@ -212,27 +211,44 @@ in { to = "on"; }; action = { - service= "homeassistant.turn_on"; - entity_id= "switch.fernseher"; + service = "homeassistant.turn_on"; + entity_id = [ "switch.fernseher" "switch.blitzdings" ]; }; } { alias = "Turn off Fernseher 10 minutes after last movement"; - trigger = { + trigger = [ + { # trigger when movement was detected at the time platform = "state"; entity_id = "binary_sensor.motion"; to = "off"; for.minutes = 10; - }; + } + { # trigger at 20:00 no matter what + # to avoid 'everybody left before 18:00:00' + platform = "time"; + at = "18:00:00"; + } + ]; action = { - service= "homeassistant.turn_off"; - entity_id= "switch.fernseher"; + service = "homeassistant.turn_off"; + entity_id = [ "switch.fernseher" "switch.blitzdings" ]; + }; + condition = + { condition = "and"; + conditions = [ + { + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + # weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + } + { + condition = "state"; + entity_id = "binary_sensor.motion"; + state = "off"; + } + ]; }; - condition = [{ - condition = "time"; - before = "06:30:00"; #only turn off between 6:30 and 18:00 - after = "18:00:00"; - weekday = [ "mon" "tue" "wed" "thu" "fri" ]; - }]; } ]; }; -- cgit v1.2.3 From a8db537be5b157c0afe3a71d632724e1ceef3d4f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:32:12 +0100 Subject: ma netdata: init --- makefu/2configs/stats/client.nix | 7 ++ makefu/2configs/stats/netdata-server.nix | 17 ++++ makefu/3modules/netdata.nix | 150 +++++++++++++++++++++++++++++++ 3 files changed, 174 insertions(+) create mode 100644 makefu/2configs/stats/client.nix create mode 100644 makefu/2configs/stats/netdata-server.nix create mode 100644 makefu/3modules/netdata.nix diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix new file mode 100644 index 000000000..b88515a35 --- /dev/null +++ b/makefu/2configs/stats/client.nix @@ -0,0 +1,7 @@ +{ + makefu.netdata = { + enable = true; + stream.role = "slave"; + # stream.destination = "netdata.makefu.r"; + }; +} diff --git a/makefu/2configs/stats/netdata-server.nix b/makefu/2configs/stats/netdata-server.nix new file mode 100644 index 000000000..5fec3583c --- /dev/null +++ b/makefu/2configs/stats/netdata-server.nix @@ -0,0 +1,17 @@ +{ + makefu.netdata = { + enable = true; + stream.role = "master"; + }; + + services.nginx = { + virtualHosts."netdata.euer.krebsco.de" = { + addSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:19999"; + }; + virtualHosts."netdata.makefu.r" = { + locations."/".proxyPass = "http://localhost:19999"; + }; + }; +} diff --git a/makefu/3modules/netdata.nix b/makefu/3modules/netdata.nix new file mode 100644 index 000000000..3ed33643c --- /dev/null +++ b/makefu/3modules/netdata.nix @@ -0,0 +1,150 @@ +{ config, lib, pkgs, ... }: + +# fork of https://github.com/Mic92/dotfiles/blob/master/nixos/vms/modules/netdata.nix +with lib; +let + cfg = config.makefu.netdata; +in +{ + options.makefu.netdata = { + enable = mkEnableOption "netdata"; + + # TODO only apikey from file, set remote host manually + stream.file = mkOption { + type = types.str; + default = toString ; + description = "path to stream data file"; + }; + stream.role = mkOption { + type = types.enum [ "master" "slave" ]; + default = "slave"; + description = "Wether to stream data"; + }; + + httpcheck.checks = mkOption { + type = types.attrsOf (types.submodule ({ + options = { + url = mkOption { + type = types.str; + example = "https://thalheim.io"; + description = "Url to check"; + }; + regex = mkOption { + type = types.nullOr types.str; + default = null; + example = "My homepage"; + description = "Regex that is matched against the returned content"; + }; + statusAccepted = mkOption { + type = types.listOf types.int; + default = [ 200 ]; + example = [ 401 ]; + description = "Expected http status code"; + }; + }; + })); + default = {}; + description = '' + httpcheck plugin: https://github.com/netdata/netdata/blob/master/collectors/python.d.plugin/httpcheck/httpcheck.conf + ''; + }; + + portcheck.checks = mkOption { + type = types.attrsOf (types.submodule ({ + options = { + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Dns name/IP to check"; + }; + port = mkOption { + type = types.int; + description = "Tcp port number"; + }; + }; + })); + default = {}; + description = '' + portcheck plugin: https://github.com/netdata/netdata/tree/master/collectors/python.d.plugin/portcheck + ''; + }; + }; + config = mkIf cfg.enable { + systemd.services.netdata = { + requires = [ "secret.service" ]; + after = [ "secret.service" ]; + }; + krebs.secret.files.netdata-stream = { + path = "/run/secret/netdata-stream.conf"; + owner.name = "netdata"; + source-path = cfg.stream.file; + }; + environment.etc."netdata/stream.conf".source = "/run/secret/netdata-stream.conf"; + + services.netdata = { + enable = true; + config = { + global = { + "bind to" = "0.0.0.0:19999 [::]:19999"; + "error log" = "stderr"; + "update every" = "5"; + }; + health.enable = if cfg.stream.role == "master" then "yes" else "no"; + }; + }; + services.netdata.python.extraPackages = ps: [ + ps.psycopg2 ps.docker ps.dnspython + ]; + + makefu.netdata.portcheck.checks.openssh.port = (lib.head config.services.openssh.ports); + + networking.firewall.allowedTCPPorts = [ 19999 ]; + + environment.etc."netdata/python.d/httpcheck.conf".text = '' + update_every: 30 + ${lib.concatStringsSep "\n" (mapAttrsToList (site: options: + '' + ${site}: + url: '${options.url}' + ${optionalString (options.regex != null) "regex: '${options.regex}'"} + status_accepted: [ ${lib.concatStringsSep " " (map toString options.statusAccepted) } ] + '') cfg.httpcheck.checks) + } + ''; + + environment.etc."netdata/python.d/portcheck.conf".text = '' + ${lib.concatStringsSep "\n" (mapAttrsToList (service: options: + '' + ${service}: + host: '${options.host}' + port: ${toString options.port} + '') cfg.portcheck.checks) + } + ''; + systemd.services.netdata.restartTriggers = [ + config.environment.etc."netdata/python.d/httpcheck.conf".source + config.environment.etc."netdata/python.d/portcheck.conf".source + config.environment.etc."netdata/stream.conf".source + ]; + + environment.etc."netdata/health.d/httpcheck.conf".text = '' + # taken from the original but warn only if a request is at least 300ms slow + template: web_service_slow + families: * + on: httpcheck.responsetime + lookup: average -3m unaligned of time + units: ms + every: 10s + warn: ($this > ($1h_web_service_response_time * 4) && $this > 1000) + crit: ($this > ($1h_web_service_response_time * 6) && $this > 1000) + info: average response time over the last 3 minutes, compared to the average over the last hour + delay: down 5m multiplier 1.5 max 1h + options: no-clear-notification + to: webmaster + ''; + + }; + # TODO: notification + # environment.etc."netdata/health_alarm_notify.conf".source = "/run/keys/netdata-pushover.conf"; + +} -- cgit v1.2.3 From ab2554004be7680f880675dfdc992c85cad05bc3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:32:48 +0100 Subject: ma wbob.r: move bureautomation to top 2configs --- makefu/1systems/wbob/config.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index f2311fb55..3930406b1 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -20,9 +20,6 @@ in { - - - # # # @@ -35,6 +32,8 @@ in { # Sensors + + @@ -51,9 +50,9 @@ in { "homeassistant-0.77.2" ]; } - - - + + + (let collectd-port = 25826; influx-port = 8086; -- cgit v1.2.3 From eb2bd24bbf540cbc8b668272b3f0c9bd0bbc73b5 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:33:15 +0100 Subject: ma minimal: set hostname if configured, disable ncsd --- makefu/2configs/minimal.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index d764e5624..cb2ef09e3 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -7,8 +7,8 @@ # the only true timezone (even after the the removal of DST) time.timeZone = "Europe/Berlin"; - networking.hostName = config.krebs.build.host.name; - nix.buildCores = config.krebs.build.host.cores; + networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; + nix.buildCores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable # we use gpg if necessary (or nothing at all) programs.ssh.startAgent = false; @@ -85,4 +85,6 @@ "net.ipv6.conf.all.use_tempaddr" = 2; "net.ipv6.conf.default.use_tempaddr" = 2; }; + + services.nscd.enable = false; } -- cgit v1.2.3 From 3c941e7653fe4aff370f27e095b395f6195d0152 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:33:35 +0100 Subject: ma events-publisher: bump to latest version --- makefu/2configs/shack/events-publisher/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/shack/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix index 531d2525e..964e5ccbb 100644 --- a/makefu/2configs/shack/events-publisher/default.nix +++ b/makefu/2configs/shack/events-publisher/default.nix @@ -2,8 +2,8 @@ with import ; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz"; - sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd"; + url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz"; + sha256 = "0rn1ykgjbd79zg03maa49kzi6hpzn4xzf4j93qgx5wax7h12qjx0"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; -- cgit v1.2.3 From b9f21cc5672440c5af9d195cd13cf3cfaed08c12 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:33:54 +0100 Subject: ma wbob/share: expose music --- makefu/2configs/share/wbob.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 7d3fc38fe..9695751ff 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -8,6 +8,7 @@ home = "/home/share"; createHome = true; }; + users.groups.mpd.members = [ "makefu" ]; services.samba = { enable = true; enableNmbd = true; @@ -24,6 +25,12 @@ browseable = "yes"; "guest ok" = "yes"; }; + music-rw = { + path = "/data/music"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "no"; + }; }; extraConfig = '' guest account = smbguest -- cgit v1.2.3 From 4f591e4531a450f871d5f4f6d91b5bfc2e899d63 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:34:15 +0100 Subject: ma tinc: open tinc ports in config --- makefu/2configs/tinc/retiolum.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index 98abb2406..0d2774209 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,8 +1,10 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; environment.systemPackages = [ pkgs.tinc ]; + networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; + networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; } -- cgit v1.2.3 From 5b94458eb725b5e319220c0571ddc504559d25ef Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:34:35 +0100 Subject: ma: add netdata module to 3modules --- makefu/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 7146174fb..65b5a6afd 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -5,6 +5,7 @@ _: ./awesome-extra.nix ./deluge.nix ./forward-journal.nix + ./netdata.nix ./opentracker.nix ./ps3netsrv.nix ./logging-config.nix -- cgit v1.2.3 From 0e41f6f64ef672fbccdfb77158bfa46f8ca74991 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:37:36 +0100 Subject: ma gum.krebsco.de: init config --- makefu/2configs/nginx/gum.krebsco.de.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 makefu/2configs/nginx/gum.krebsco.de.nix diff --git a/makefu/2configs/nginx/gum.krebsco.de.nix b/makefu/2configs/nginx/gum.krebsco.de.nix new file mode 100644 index 000000000..3e96e6826 --- /dev/null +++ b/makefu/2configs/nginx/gum.krebsco.de.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +with import ; +let +in { + services.nginx = { + enable = mkDefault true; + virtualHosts."gum.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # proxyPass = "http://localhost:8000/"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + }; + }; + }; +} -- cgit v1.2.3 From 34b340510d3509d8ceaf88fc9aded3379792c733 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:39:41 +0100 Subject: ma 1/full: rip --- makefu/1systems/full/source.nix | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 makefu/1systems/full/source.nix diff --git a/makefu/1systems/full/source.nix b/makefu/1systems/full/source.nix deleted file mode 100644 index 1e36c6e87..000000000 --- a/makefu/1systems/full/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - name="gum"; - torrent = true; - clever_kexec = true; -} -- cgit v1.2.3 From 927c6d619eb4ef30b0934cd027d64d056e905022 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:46:01 +0100 Subject: ma binary-cache: use cache.krebsco.de --- makefu/2configs/binary-cache/lass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix index 46b386e14..51b4a1afc 100644 --- a/makefu/2configs/binary-cache/lass.nix +++ b/makefu/2configs/binary-cache/lass.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" -- cgit v1.2.3 From dea2bb97d27041544d8f6d8c10de7059238eaa5f Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:46:31 +0100 Subject: ma bitlbee: enable skypeweb --- makefu/2configs/bitlbee.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index 17efa7113..e955384d6 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -3,6 +3,6 @@ { services.bitlbee = { enable = true; - libpurple_plugins = [ pkgs.telegram-purple ]; + libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; }; } -- cgit v1.2.3 From 3ff0c20ffcbfebd74aa33b5b711467cc48dfcd9d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:47:11 +0100 Subject: ma elchos: v5 -> v6 --- makefu/2configs/elchos/search.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix index 521bfc80a..e7b91e6a8 100644 --- a/makefu/2configs/elchos/search.nix +++ b/makefu/2configs/elchos/search.nix @@ -32,7 +32,7 @@ let ${user} protocol=dyndns2 - usev5=if, if=${primary-itf} + usev6=if, if=${primary-itf} ssl=yes server=ipv6.nsupdate.info login=${user} -- cgit v1.2.3 From 8bf287558e0c2f53fe08bfb39b33e7e107b1989b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:47:56 +0100 Subject: ma homeautomation: use MEM1 --- makefu/2configs/homeautomation/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix index 94799b11d..596d0002a 100644 --- a/makefu/2configs/homeautomation/default.nix +++ b/makefu/2configs/homeautomation/default.nix @@ -31,7 +31,7 @@ let brightness_scale = 100; # color rgb_state_topic = "/ham/${topic}/stat/Color"; - rgb_command_topic = "/ham/${topic}/cmnd/Color2"; + rgb_command_topic = "/ham/${topic}/cmnd/MEM1"; # use enabled tasmota rule rgb_command_mode = "hex"; rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; # effects -- cgit v1.2.3 From 0eb5039053fb65c64b2cb62b44b55f630111825c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:49:20 +0100 Subject: ma mail.euer: use nms 2.2.0 --- makefu/2configs/mail/mail.euer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix index f079d7f41..f8f82e76b 100644 --- a/makefu/2configs/mail/mail.euer.nix +++ b/makefu/2configs/mail/mail.euer.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { imports = [ - (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz") ]; mailserver = { -- cgit v1.2.3 From 28026e6571b525c80d69b220c69739c9629c8fc7 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:50:23 +0100 Subject: ma share/omo: export audiobooks --- makefu/2configs/share/omo.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index e4fef7c3c..ed5066787 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -30,6 +30,12 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + audiobook = { + path = "/media/crypt1/audiobooks"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; crypt0 = { path = "/media/crypt0"; "read only" = "yes"; -- cgit v1.2.3 From ad9623e18128da37733487b60aa00de2e00e226d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:52:24 +0100 Subject: ma stats/server: disable verbose logging --- makefu/2configs/stats/server.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index c8e768c99..bb8fd1750 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -21,6 +21,13 @@ in { services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; + logging.level = "info"; + http.log-enabled = true; + http.write-tracing = false; + http.suppress-write-log = true; + data.trace-logging-enabled = false; + data.query-log-enabled = false; + http.bind-address = ":${toString influx-port}"; admin.bind-address = ":8083"; monitoring = { -- cgit v1.2.3 From be04145200549f91bfe9656c359f38aae38a6382 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 01:56:34 +0100 Subject: ma testdat: add netdata-stream.conf --- makefu/0tests/data/netdata-stream.conf | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 makefu/0tests/data/netdata-stream.conf diff --git a/makefu/0tests/data/netdata-stream.conf b/makefu/0tests/data/netdata-stream.conf new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From ce60c288e588d8968535399921e6735cc05acef1 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Dec 2018 10:56:38 +0100 Subject: ma 0tests: move netdata-stream to correct directory --- makefu/0tests/data/netdata-stream.conf | 0 makefu/0tests/data/secrets/netdata-stream.conf | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 makefu/0tests/data/netdata-stream.conf create mode 100644 makefu/0tests/data/secrets/netdata-stream.conf diff --git a/makefu/0tests/data/netdata-stream.conf b/makefu/0tests/data/netdata-stream.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/makefu/0tests/data/secrets/netdata-stream.conf b/makefu/0tests/data/secrets/netdata-stream.conf new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From 9e6dbd6df4532031c2dd23d1da7d88c12f1b2fbb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 21:10:05 +0100 Subject: l: set short ipv6 addresses for all hosts --- krebs/3modules/lass/default.nix | 50 ++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0d8513a69..148cc3ed8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,16 +1,14 @@ with import ; { config, ... }: let - hostDefaults = hostName: host: flip recursiveUpdate host ({ + hostDefaults = hostName: host: flip recursiveUpdate host { ci = true; monitoring = true; owner = config.krebs.users.lass; - } // optionalAttrs (host.nets?retiolum) { - nets.retiolum.ip6.addr = - (krebs.genipv6 "retiolum" "lass" { inherit hostName; }).address; - }); + }; - wip6 = krebs.genipv6 "wirelum" "lass"; + r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; in { dns.providers = { @@ -56,6 +54,7 @@ in { retiolum = { via = internet; ip4.addr = "10.243.0.103"; + ip6.addr = r6 "1"; aliases = [ "prism.r" "cache.prism.r" @@ -93,13 +92,13 @@ in { wirelum = { via = internet; ip4.addr = "10.244.1.1"; - ip6.addr = (wip6 "1").address; + ip6.addr = w6 "1"; aliases = [ "prism.w" ]; wireguard = { pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk="; - subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ]; + subnets = [ "10.244.1.0/24" "42:1::/32" ]; }; }; }; @@ -150,6 +149,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.81.176"; + ip6.addr = r6 "1e1"; aliases = [ "uriel.r" "cgit.uriel.r" @@ -175,6 +175,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.2"; + ip6.addr = r6 "dea7"; aliases = [ "mors.r" "cgit.mors.r" @@ -191,7 +192,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "dea7").address; + ip6.addr = w6 "dea7"; aliases = [ "mors.w" ]; @@ -207,6 +208,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.4"; + ip6.addr = r6 "50da"; aliases = [ "shodan.r" "cgit.shodan.r" @@ -223,7 +225,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "50da").address; + ip6.addr = w6 "50da"; aliases = [ "shodan.w" ]; @@ -239,6 +241,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.114"; + ip6.addr = r6 "1205"; aliases = [ "icarus.r" "cgit.icarus.r" @@ -255,7 +258,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "1205").address; + ip6.addr = w6 "1205"; aliases = [ "icarus.w" ]; @@ -271,6 +274,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.115"; + ip6.addr = r6 "dead"; aliases = [ "daedalus.r" "cgit.daedalus.r" @@ -296,6 +300,7 @@ in { nets = rec { retiolum = { ip4.addr = "10.243.133.116"; + ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" "cgit.skynet.r" @@ -321,6 +326,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.133.77"; + ip6.addr = r6 "771e"; aliases = [ "littleT.r" ]; @@ -402,6 +408,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.13"; + ip6.addr = r6 "12ed"; aliases = [ "red.r" ]; @@ -431,6 +438,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.14"; + ip6.addr = r6 "3110"; aliases = [ "yellow.r" ]; @@ -452,7 +460,7 @@ in { ''; }; wirelum = { - ip6.addr = (wip6 "e110").address; + ip6.addr = w6 "3110"; aliases = [ "yellow.w" ]; @@ -467,6 +475,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.77"; + ip6.addr = r6 "b1ce"; aliases = [ "blue.r" ]; @@ -487,6 +496,13 @@ in { -----END PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = w6 "b1ce"; + aliases = [ + "blue.w" + ]; + wireguard.pubkey = "emftvx8v8GdoKe68MFVL53QZ187Ei0zhMmvosU1sr3U="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; @@ -494,8 +510,8 @@ in { phone = { nets = { wirelum = { - ip6.addr = (wip6 "a").address; ip4.addr = "10.244.1.2"; + ip6.addr = w6 "a"; aliases = [ "phone.w" ]; @@ -510,6 +526,7 @@ in { nets = { retiolum = { ip4.addr = "10.243.0.19"; + ip6.addr = r6 "012f"; aliases = [ "morpheus.r" ]; @@ -529,6 +546,13 @@ in { -----END RSA PUBLIC KEY----- ''; }; + wirelum = { + ip6.addr = w6 "012f"; + aliases = [ + "morpheus.w" + ]; + wireguard.pubkey = "BdiIHJjJQThmZD8DehxPGA+bboBHjljedwaRaV5yyDY="; + }; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; -- cgit v1.2.3 From f0fc2013d75e249e03123f611eacf523077ad07e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 23:01:55 +0100 Subject: l: update shodan wirelum key --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 148cc3ed8..6f3b19a96 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -229,7 +229,7 @@ in { aliases = [ "shodan.w" ]; - wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ="; + wireguard.pubkey = "0rI/I8FYQ3Pba7fQ9oyvtP4a54GWsPa+3zAiGIuyV30="; }; }; secure = true; -- cgit v1.2.3 From 4e04b2ac99885f2d953487b506d37c5519794754 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 15 Dec 2018 23:02:22 +0100 Subject: l: rip xerxes --- krebs/3modules/lass/default.nix | 40 --------------------------------------- lass/1systems/xerxes/config.nix | 16 ---------------- lass/1systems/xerxes/physical.nix | 29 ---------------------------- 3 files changed, 85 deletions(-) delete mode 100644 lass/1systems/xerxes/config.nix delete mode 100644 lass/1systems/xerxes/physical.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6f3b19a96..1eac198fa 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -362,46 +362,6 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - xerxes = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.3"; - aliases = [ - "xerxes.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U - MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk - gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W - /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb - mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO - X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj - +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim - hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9 - 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4 - H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5 - JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4 - hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe - SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo - 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe - vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3 - Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO - scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv - jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ - Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u - /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0 - bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ - sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; - }; red = { monitoring = false; cores = 1; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix deleted file mode 100644 index 1bd6cf2c5..000000000 --- a/lass/1systems/xerxes/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - - - - - - - - - ]; - - krebs.build.host = config.krebs.hosts.xerxes; -} diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix deleted file mode 100644 index 17caccfe6..000000000 --- a/lass/1systems/xerxes/physical.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - imports = [ - ./config.nix - - - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" - ''; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/16C8-D053"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; - - networking.wireless.enable = true; -} -- cgit v1.2.3 From 1e47567cedb089b8045201eea20bce162cadcfef Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:33:03 +0100 Subject: l littleT: rebirth --- lass/1systems/littleT/config.nix | 46 ++------------------------------------ lass/1systems/littleT/physical.nix | 22 ++++++++++++++++-- 2 files changed, 22 insertions(+), 46 deletions(-) diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 44617d3e7..2f28cc0d6 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -6,52 +6,10 @@ with import ; - - - { - users.users.blacky = { - uid = genid "blacky"; - home = "/home/blacky"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - "video" - ]; - useDefaultShell = true; - }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - environment.systemPackages = with pkgs; [ - pavucontrol - chromium - hexchat - networkmanagerapplet - vlc - ]; - services.xserver.enable = true; - services.xserver.displayManager.lightdm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.xserver.layout = "de"; - users.mutableUsers = mkForce true; - services.xserver.synaptics.enable = true; - } - { - #remote control - environment.systemPackages = with pkgs; [ - x11vnc - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 5900"; target = "ACCEPT"; } - ]; - } ]; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; time.timeZone = "Europe/Berlin"; hardware.trackpoint = { diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix index 9776211ae..550f058a8 100644 --- a/lass/1systems/littleT/physical.nix +++ b/lass/1systems/littleT/physical.nix @@ -1,7 +1,25 @@ { imports = [ ./config.nix - - + ]; + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5B2E-3734"; + fsType = "vfat"; + }; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + networking.hostId = "584248c6"; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.kernelModules = [ "kvm-intel" ]; + } -- cgit v1.2.3 From 1f1a0e0c6bd70897e451cfd9cdf1a175a6edd38a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:34:16 +0100 Subject: l prism: firewall for wirelum --- lass/1systems/prism/config.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index ec3976519..962a77cc2 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -300,14 +300,16 @@ with import ; imports = [ ]; - #krebs.iptables.tables.nat.PREROUTING.rules = [ - # { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } - #]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; } + ]; krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } ]; services.dnsmasq = { @@ -315,7 +317,7 @@ with import ; resolveLocalQueries = false; extraConfig= '' - listen-address=10.244.1.1 + listen-address=42:1:ce16::1 except-interface=lo interface=wg0 ''; -- cgit v1.2.3 From e1cbd678dfddb2033b5d56eb8bbd32763a6976b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:34:40 +0100 Subject: l blue: allow connections from wirelum --- lass/2configs/blue.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 4d4a92eb9..6dc2b1213 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -22,7 +22,9 @@ with (import ); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";} ]; systemd.services.chat = let -- cgit v1.2.3 From 19380cfd7096b203415995a40d0a53d606282e66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:36:39 +0100 Subject: l browsers: use stable firefox --- lass/2configs/browsers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 425e0ee13..eaffdf623 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -45,7 +45,7 @@ let createFirefoxUser = name: groups: precedence: createUser (pkgs.writeDash name '' - ${pkgs.firefox-devedition-bin}/bin/firefox-devedition "$@" + ${pkgs.firefox}/bin/firefox "$@" '') name groups precedence 80; createQuteUser = name: groups: precedence: -- cgit v1.2.3 From 42f9ff16452d7273dd8d1814758a2ae275751e7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:37:37 +0100 Subject: l git: set announce to true --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 62173e33f..7650f4294 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -154,7 +154,7 @@ let public = true; }; - make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: { + make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: { inherit admins collaborators name; public = false; hooks = { -- cgit v1.2.3 From 1d22bcb90fb4ca9459172eb5ba5c2aa44c73b07c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 09:38:40 +0100 Subject: l xmonad: use launch --- lass/5pkgs/custom/xmonad-lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index f86a4a69b..79e6416e1 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -78,7 +78,7 @@ main = getArgs >>= \case main' :: IO () main' = do handleShutdownEvent <- newShutdownEventHandler - xmonad $ ewmh + launch $ ewmh $ withUrgencyHook LibNotifyUrgencyHook $ def { terminal = myTerm -- cgit v1.2.3 From ea50add2ba55f0779d8e79c3d11cdba4b2bb9fcf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 14:38:05 +0100 Subject: l browsers: use ff more often --- lass/2configs/browsers.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index eaffdf623..d214e224d 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -89,8 +89,8 @@ in { })); }; } - ( createQuteUser "qb" [ "audio" ] 20 ) - ( createFirefoxUser "ff" [ "audio" ] 10 ) + ( createFirefoxUser "ff" [ "audio" ] 11 ) + ( createQuteUser "qb" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "audio" "video" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) ( createChromiumUser "wk" [ "audio" ] 0 ) -- cgit v1.2.3 From 9e464d988859395466543d62f94b71229791628d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 14:38:24 +0100 Subject: l mail: don't autosign with gpg --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 36e797a96..21b9d7b49 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -82,7 +82,7 @@ let source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc set pgp_use_gpg_agent = yes set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D - set crypt_autosign = yes + set crypt_autosign = no set crypt_replyencrypt = yes set crypt_verify_sig = yes set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f" -- cgit v1.2.3 From 24330950fe2bd31056e3ae1d58c1965c8a736f1f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:11:02 +0100 Subject: wirelum -> wiregrill --- krebs/3modules/lass/default.nix | 18 +++++++-------- lass/1systems/prism/config.nix | 6 ++--- lass/2configs/blue.nix | 4 ++-- lass/2configs/default.nix | 2 +- lass/2configs/wiregrill.nix | 44 ++++++++++++++++++++++++++++++++++++ lass/2configs/wirelum.nix | 44 ------------------------------------ lass/5pkgs/l-gen-secrets/default.nix | 8 +++---- lib/krebs/genipv6.nix | 4 ++-- 8 files changed, 65 insertions(+), 65 deletions(-) create mode 100644 lass/2configs/wiregrill.nix delete mode 100644 lass/2configs/wirelum.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1eac198fa..1117dc61c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -8,7 +8,7 @@ with import ; }; r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address; - w6 = ip: (krebs.genipv6 "wirelum" "lass" ip).address; + w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address; in { dns.providers = { @@ -89,7 +89,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { via = internet; ip4.addr = "10.244.1.1"; ip6.addr = w6 "1"; @@ -191,7 +191,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "dea7"; aliases = [ "mors.w" @@ -224,7 +224,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "50da"; aliases = [ "shodan.w" @@ -257,7 +257,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "1205"; aliases = [ "icarus.w" @@ -419,7 +419,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "3110"; aliases = [ "yellow.w" @@ -456,7 +456,7 @@ in { -----END PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "b1ce"; aliases = [ "blue.w" @@ -469,7 +469,7 @@ in { }; phone = { nets = { - wirelum = { + wiregrill = { ip4.addr = "10.244.1.2"; ip6.addr = w6 "a"; aliases = [ @@ -506,7 +506,7 @@ in { -----END RSA PUBLIC KEY----- ''; }; - wirelum = { + wiregrill = { ip6.addr = w6 "012f"; aliases = [ "morpheus.w" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 962a77cc2..6c454b4ac 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -298,15 +298,15 @@ with import ; } { imports = [ - + ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } { v4 = false; precedence = 1000; predicate = "-s 42:1::/32"; target = "ACCEPT"; } ]; krebs.iptables.tables.filter.FORWARD.rules = [ - { precedence = 1000; predicate = "-i wirelum -o retiolum"; target = "ACCEPT"; } - { precedence = 1000; predicate = "-i retiolum -o wirelum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; } + { precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; } ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v4 = false; predicate = "-s 42:1:ce16::/48 ! -d 42:1:ce16::48"; target = "MASQUERADE"; } diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 6dc2b1213..cdd77e847 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -22,9 +22,9 @@ with (import ); krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-i wirelum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i wiregrill -p udp --dport 60000:61000"; target = "ACCEPT";} { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} - { predicate = "-i wirelum -p tcp --dport 9999"; target = "ACCEPT";} + { predicate = "-i wiregrill -p tcp --dport 9999"; target = "ACCEPT";} ]; systemd.services.chat = let diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dea32d4d4..62a42baf9 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,7 +10,7 @@ with import ; ./zsh.nix ./htop.nix ./security-workarounds.nix - ./wirelum.nix + ./wiregrill.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/wiregrill.nix b/lass/2configs/wiregrill.nix new file mode 100644 index 000000000..b2ee35df3 --- /dev/null +++ b/lass/2configs/wiregrill.nix @@ -0,0 +1,44 @@ +with import ; +{ config, pkgs, ... }: let + + self = config.krebs.build.host.nets.wiregrill; + isRouter = !isNull self.via; + +in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { + #hack for modprobe inside containers + systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [ + (pkgs.writeDashBin "modprobe" ":") + ]); + + boot.kernel.sysctl = mkIf isRouter { + "net.ipv6.conf.all.forwarding" = 1; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ + { precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; } + ]; + + networking.wireguard.interfaces.wiregrill = { + ips = + (optional (!isNull self.ip4) self.ip4.addr) ++ + (optional (!isNull self.ip6) self.ip6.addr); + listenPort = 51820; + privateKeyFile = (toString ) + "/wiregrill.key"; + allowedIPsAsRoutes = true; + peers = mapAttrsToList + (_: host: { + allowedIPs = if isRouter then + (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++ + (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr) + else + host.nets.wiregrill.wireguard.subnets + ; + endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}"); + persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61; + publicKey = host.nets.wiregrill.wireguard.pubkey; + }) + (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts); + }; +} diff --git a/lass/2configs/wirelum.nix b/lass/2configs/wirelum.nix deleted file mode 100644 index cd8a20c6b..000000000 --- a/lass/2configs/wirelum.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import ; -{ config, pkgs, ... }: let - - self = config.krebs.build.host.nets.wirelum; - isRouter = !isNull self.via; - -in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) { - #hack for modprobe inside containers - systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [ - (pkgs.writeDashBin "modprobe" ":") - ]); - - boot.kernel.sysctl = mkIf isRouter { - "net.ipv6.conf.all.forwarding" = 1; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [ - { precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; } - ]; - - networking.wireguard.interfaces.wirelum = { - ips = - (optional (!isNull self.ip4) self.ip4.addr) ++ - (optional (!isNull self.ip6) self.ip6.addr); - listenPort = 51820; - privateKeyFile = (toString ) + "/wirelum.key"; - allowedIPsAsRoutes = true; - peers = mapAttrsToList - (_: host: { - allowedIPs = if isRouter then - (optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++ - (optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr) - else - host.nets.wirelum.wireguard.subnets - ; - endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}"); - persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61; - publicKey = host.nets.wirelum.wireguard.pubkey; - }) - (filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts); - }; -} diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index 5997dca09..85b050644 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -8,8 +8,8 @@ pkgs.writeDashBin "l-gen-secrets" '' ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wirelum.key - ${pkgs.coreutils}/bin/cat $TMPDIR/wirelum.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wirelum.pub + ${pkgs.wireguard}/bin/wg genkey > $TMPDIR/wiregrill.key + ${pkgs.coreutils}/bin/cat $TMPDIR/wiregrill.key | ${pkgs.wireguard}/bin/wg pubkey > $TMPDIR/wiregrill.pub cat < $TMPDIR/hashedPasswords.nix { root = "$HASHED_PASSWORD"; @@ -37,13 +37,13 @@ pkgs.writeDashBin "l-gen-secrets" '' $(cat $TMPDIR/retiolum.rsa_key.pub) ${"''"}; }; - wirelum = { + wiregrill = { ip6.addr = (wip6 "changeme").address; aliases = [ "$HOSTNAME.w" ]; wireguard.pubkey = ${"''"} - $(cat $TMPDIR/wirelum.pub) + $(cat $TMPDIR/wiregrill.pub) ${"''"}; }; }; diff --git a/lib/krebs/genipv6.nix b/lib/krebs/genipv6.nix index 1d3f398ec..22a23fcef 100644 --- a/lib/krebs/genipv6.nix +++ b/lib/krebs/genipv6.nix @@ -16,12 +16,12 @@ let { normalize-ip6-addr (appendZeros addressLength netPrefix); netHash = toString { retiolum = 0; - wirelum = 1; + wiregrill = 1; }.${netname}; netPrefix = "42:${netHash}"; netPrefixLength = { retiolum = 32; - wirelum = 32; + wiregrill = 32; }.${netname}; inherit subnetname; -- cgit v1.2.3 From bb22dc7475a01b262f4102c9a7b9df96c1ed5708 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:31:57 +0100 Subject: l littleT: make into blue-host --- lass/1systems/littleT/config.nix | 1 + lass/2configs/blue-host.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 2f28cc0d6..7fe143c3c 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -6,6 +6,7 @@ with import ; + ]; networking.networkmanager.enable = true; diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 9cf294afd..718a92e9c 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -7,6 +7,7 @@ let "daedalus" "skynet" "prism" + "littleT" ]; remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -- cgit v1.2.3 From c8943a2c89d2bcefc910f3c2bc588bcf6c1673f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:33:37 +0100 Subject: l skynet.r don't fetch wallpaper --- lass/1systems/skynet/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 13a8b3e41..4b806af7b 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,7 +5,6 @@ with import ; - { -- cgit v1.2.3 From e9907ee8a8433904026bf1c54edd7f79ab0c49a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:34:45 +0100 Subject: l baseX: add fzfmenu to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 859a2a1b9..1b6a1d593 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -64,6 +64,7 @@ in { dic dmenu font-size + fzfmenu gitAndTools.qgit git-preview gnome3.dconf -- cgit v1.2.3 From 8705b4dbc8e8cf0c4e09c114daad3f96026520ab Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Dec 2018 16:36:13 +0100 Subject: l domsen: add klabusterbeere --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4935268a4..ce7df4bfb 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -126,6 +126,7 @@ in { { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "bui@freemonkey.art"; to ="bui"; } + { from = "kontakt@alewis.de"; to ="klabusterbeere"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -204,5 +205,12 @@ in { createHome = true; }; + users.users.klabusterbeere = { + uid = genid_uint31 "klabusterbeere"; + home = "/home/klabusterbeere"; + useDefaultShell = true; + createHome = true; + }; + } -- cgit v1.2.3 From 23562e36190e07f338211541ac3d2cc77ebdbafa Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 17 Dec 2018 09:33:45 +0100 Subject: l domsen: add alewis.de to sender_domains --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index ce7df4bfb..25dac0ac4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -135,6 +135,7 @@ in { "jla-trading.com" "ubikmedia.eu" "ubikmedia.de" + "alewis.de" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/81100000.lock: No such file or directory (2)