From d73262f4e0aa2f64464a453be28d5fc4993aad19 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:05:42 +0200 Subject: k 3 l: add sokratess user --- krebs/3modules/lass/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 08e8995fa..f2c9c4684 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -305,5 +305,7 @@ with config.krebs.lib; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; + sokratess = { + }; }; } -- cgit v1.2.3 From 35596f7aed2f2b43064c5d41121c0d3d17503641 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:05:56 +0200 Subject: l 1 mors: activate redis --- lass/1systems/mors.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1028ca652..b9373313c 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -77,6 +77,9 @@ with config.krebs.lib; ]; }; } + { + services.redis.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From 48282200043d63c5e0434fdd7b8dc79aa271b8ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:08:55 +0200 Subject: l 2 c-base: add cifs-utils --- lass/2configs/c-base.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 9d13bc30d..679a90b7e 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -16,6 +16,10 @@ in { users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + environment.systemPackages = [ + pkgs.cifs-utils + ]; + services.openvpn.servers = { c-base = { config = '' -- cgit v1.2.3 From 0398342657a9548b9ada4524335b3ca864fd9c2e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:09:26 +0200 Subject: l 2 websites domsen: remove obsolete code --- lass/2configs/websites/domsen.nix | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3a3e60d39..5a4748f42 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -164,19 +145,6 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext -- cgit v1.2.3 From 51a9fb2dccf6996e1f4fe6f795076ebc6bc71d25 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:10:59 +0200 Subject: l 1 shodan: add sokratess user --- lass/1systems/shodan.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 5140591af..7c44807a6 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -22,6 +22,26 @@ with builtins; # }; # }; #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From 0f38de96e8749e49af333028435edb37f7b4ae60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:40:11 +0200 Subject: l: import --- krebs/3modules/newsbot-js.nix | 4 +--- lass/1systems/shodan.nix | 2 +- lass/2configs/websites/domsen.nix | 2 +- lass/2configs/websites/fritz.nix | 2 +- lass/2configs/websites/lassulus.nix | 2 +- lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 +- 6 files changed, 6 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index b58c555e7..2ff9a5ebb 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: -with builtins; -with lib; +with import ; let - inherit (config.krebs.lib) genid; cfg = config.krebs.newsbot-js; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 7c44807a6..9d1df1d72 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with builtins; +with import ; { imports = [ ../. diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5a4748f42..18c771fad 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -2,7 +2,7 @@ let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid genid_signed ; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 48d96b1bf..d93d310da 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid head ; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 04c19fad0..b8342e148 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid ; diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index fb1a58109..0c409ca87 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid ; inherit (import {inherit lib pkgs;}) -- cgit v1.2.3 From 71b7fa17a46929d7e3c834edf204b272ee1f76ec Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 21 Oct 2016 22:37:59 +0200 Subject: m 2 default: bump to latest stable (dirtycow) --- makefu/2configs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 56a87d7af..f218a350d 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,7 +23,8 @@ with config.krebs.lib; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "b8ede35"; # stable @ 2016-10-19 + # ref = "b8ede35"; # stable @ 2016-10-19 + ref = "31c72ce"; # stable @ 2016-10-21 (dirtycow) in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From 79a83023d5d9ee442d5c0b479cdf2e664a5c3685 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 21 Oct 2016 22:38:18 +0200 Subject: m 1 gum: remove mattermost --- makefu/1systems/gum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 20731c847..ebb8e882d 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -11,9 +11,9 @@ in { ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix ../2configs/smart-monitor.nix - # ../2configs/iodined.nix + ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix - ../2configs/mattermost-docker.nix + # ../2configs/mattermost-docker.nix ../2configs/nginx/euer.test.nix ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix -- cgit v1.2.3 From 8dc0352e4f585ca6b3a7507663dfcbd91fef098a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Oct 2016 01:29:16 +0200 Subject: l 2 nixpkgs: b8ede35 -> 686bc9c --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 73c96e876..4ef4c6ce7 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; + ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d"; }; } -- cgit v1.2.3 From ab6a4492f2d9cd6154bcbec5684a751168028f5e Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 22 Oct 2016 12:47:22 +0200 Subject: m 1 x: disable docker for now --- makefu/1systems/x.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 00eca87c4..e7f5d0dae 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -13,6 +13,7 @@ # Krebs #../2configs/disable_v6.nix + ../2configs/rad1o.nix # applications @@ -38,19 +39,21 @@ ../2configs/fs/sda-crypto-root-home.nix # ../2configs/mediawiki.nix #../2configs/wordpress.nix - ../2configs/nginx/public_html.nix + #../2configs/nginx/public_html.nix + ../2configs/nginx/icecult.nix ../2configs/tinc/retiolum.nix # temporary modules ../2configs/temp/share-samba.nix ../2configs/laptop-backup.nix - # ../2configs/temp/elkstack.nix + ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ../2configs/tinc/siem.nix #../2configs/torrent.nix ]; makefu.full-populate = true; + nixpkgs.config.allowUnfree = true; krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; @@ -59,7 +62,7 @@ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; -- cgit v1.2.3 From bb927ba0bbaa0f0a45d8b3c4f4cebac6fbe4f7c2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 22 Oct 2016 14:21:22 +0200 Subject: m 1 vbob:disable docker --- makefu/1systems/vbob.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 27a216316..56d1b01ba 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -40,7 +40,7 @@ fortclientsslvpn ppp xclip get logstash - docker + # docker devpi-web devpi-client ]; @@ -53,8 +53,6 @@ 8010 ]; - virtualisation.docker.enable = false; - fileSystems."/media/share" = { fsType = "vboxsf"; device = "share"; -- cgit v1.2.3 From 75a3c4029db60013066b0850ed4df359fe2be3cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Oct 2016 14:25:52 +0200 Subject: l 1 helios: oraclejre -> jre --- lass/1systems/helios.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index c16080762..4e0b40906 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -41,7 +41,7 @@ with import ; environment.systemPackages = with pkgs; [ firefox chromium - oraclejre8 + jre maven arandr libreoffice -- cgit v1.2.3 From 384c96efd288c44b285d20ca8f5390b9d03af6d6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Oct 2016 05:53:41 +0200 Subject: l 1 helios: remove jre from pkgs --- lass/1systems/helios.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 4e0b40906..82db8ef7b 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -41,7 +41,6 @@ with import ; environment.systemPackages = with pkgs; [ firefox chromium - jre maven arandr libreoffice -- cgit v1.2.3