From 05c6e0b86c3cc59662d8daf26e81127a18a96a50 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 8 Jan 2018 09:14:48 +0100 Subject: pkgs.internetarchive: remove fetchPypi, coming from python3Packages --- krebs/5pkgs/simple/internetarchive/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index 2f55e6f42..3c83093be 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, fetchPypi, ... }: +{ stdenv, pkgs, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; -- cgit v1.2.3 From 2b418e2c18ba3013808b39c50e152a0163c3a60c Mon Sep 17 00:00:00 2001 From: Markus Hihn Date: Tue, 9 Jan 2018 11:16:43 +0100 Subject: jeschli: meltdown fix --- jeschli/2configs/default.nix | 1 + jeschli/source.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 7fb240951..77281b301 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -4,6 +4,7 @@ with import ; imports = [ ./vim.nix ./retiolum.nix + { environment.variables = { NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; diff --git a/jeschli/source.nix b/jeschli/source.nix index ae9e1e72e..382dd61bc 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d83c808"; + ref = "0653b73"; }; secrets.file = getAttr builder { buildbot = toString ; -- cgit v1.2.3 From 26c4dfbdfc7c484e49717426ea1516d559a8ac61 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Jan 2018 21:40:39 +0100 Subject: infest prepare: add hetzner_rescue support --- krebs/4lib/infest/prepare.sh | 82 ++++++++++++++++++++++++++++++++------------ 1 file changed, 61 insertions(+), 21 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ccfc4f49b..4179d8294 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -21,6 +21,10 @@ prepare() {( esac ;; debian) + if grep -Fq Hetzner /etc/motd; then + prepare_hetzner_rescue "$@" + exit + fi case $VERSION_ID in 7) prepare_debian "$@" @@ -72,7 +76,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync - type curl 2>/dev/null || apt-get install curl + type curl 2>/dev/null || apt-get install curl prepare_common } @@ -94,6 +98,31 @@ prepare_nixos_iso() { sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +prepare_hetzner_rescue() { + mountpoint /mnt + + type bzip2 2>/dev/null || apt-get install bzip2 + type git 2>/dev/null || apt-get install git + type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl + + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + mkdir -p bin + rm -f bin/nixos-install + cp "$(type -p nixos-install)" bin/nixos-install + sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install + + _prepare_nix_users + _prepare_nix + _prepare_nixos_install +} + get_nixos_install() { echo "installing nixos-install" 2>&1 c=$(mktemp) @@ -107,24 +136,10 @@ EOF nix-env -i -A config.system.build.nixos-install -f "" rm -v $c } + prepare_common() {( - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - fi - done + _prepare_nix_users # # mount install directory @@ -173,10 +188,12 @@ prepare_common() {( mount --bind /nix /mnt/nix fi - # - # install nix - # + _prepare_nix + + _prepare_nixos_install +)} +_prepare_nix() {( # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -201,8 +218,31 @@ prepare_common() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi +)} + +_prepare_nix_users() {( + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + fi + done +)} + +_prepare_nixos_install() { get_nixos_install + mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install @@ -212,6 +252,6 @@ prepare_common() {( echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi -)} +} prepare "$@" -- cgit v1.2.3 From f4a23ea078c385fd3f9bfe23f935cd6886d4571d Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 9 Jan 2018 22:04:02 +0100 Subject: infest prepare: add _which --- krebs/4lib/infest/prepare.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 4179d8294..ee5f334c7 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -94,11 +94,14 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } prepare_hetzner_rescue() { + _which() ( + which "$1" + ) mountpoint /mnt type bzip2 2>/dev/null || apt-get install bzip2 @@ -138,6 +141,9 @@ EOF } prepare_common() {( + _which() ( + type -p "$1" + ) _prepare_nix_users @@ -245,7 +251,7 @@ _prepare_nixos_install() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then -- cgit v1.2.3 From 4c0e2b269f6f2df9725cca59e151f6c39b593fdb Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 9 Jan 2018 22:06:16 +0100 Subject: infest prepare: remove duplicated code --- krebs/4lib/infest/prepare.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ee5f334c7..ff1ab1fb7 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -116,11 +116,6 @@ prepare_hetzner_rescue() { mount --rbind /mnt/"$target_path" "$target_path" fi - mkdir -p bin - rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install - sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install - _prepare_nix_users _prepare_nix _prepare_nixos_install -- cgit v1.2.3 From 794e4fe21b9d0841f80ecab184716fbf88328aed Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 9 Jan 2018 22:07:04 +0100 Subject: infest prepare: no subshell for _prepare* --- krebs/4lib/infest/prepare.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ff1ab1fb7..78c1c6ec1 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -194,7 +194,7 @@ prepare_common() {( _prepare_nixos_install )} -_prepare_nix() {( +_prepare_nix() { # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -219,9 +219,9 @@ _prepare_nix() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi -)} +} -_prepare_nix_users() {( +_prepare_nix_users() { if ! getent group nixbld >/dev/null; then groupadd -g 30000 -r nixbld fi @@ -238,7 +238,7 @@ _prepare_nix_users() {( nixbld$i fi done -)} +} _prepare_nixos_install() { -- cgit v1.2.3 From cc51c5f7db21749b87b0db096087b7e7447a8f0a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 10 Jan 2018 00:04:07 +0100 Subject: ma photostore.krebsco.de: init on gum.r also init the application server and config --- krebs/3modules/makefu/default.nix | 1 + makefu/1systems/gum/config.nix | 2 +- .../2configs/deployment/photostore.krebsco.de.nix | 40 ++++++++++++++++++++++ makefu/5pkgs/cameraupload-server/default.nix | 23 +++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/deployment/photostore.krebsco.de.nix create mode 100644 makefu/5pkgs/cameraupload-server/default.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9f1842b88..56e5c6b82 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -541,6 +541,7 @@ with import ; graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 6e5f3c2d4..f473d9e4c 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -67,7 +67,7 @@ in { - + diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix new file mode 100644 index 000000000..9e16a384a --- /dev/null +++ b/makefu/2configs/deployment/photostore.krebsco.de.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +# more than just nginx config but not enough to become a module +with import ; +let + wsgi-sock = "${workdir}/uwsgi-photostore.sock"; + workdir = config.services.uwsgi.runDir; +in { + + services.uwsgi = { + enable = true; + user = "nginx"; + runDir = "/var/lib/photostore"; + plugins = [ "python3" ]; + instance = { + type = "emperor"; + vassals = { + cameraupload-server = { + type = "normal"; + pythonPackages = self: with self; [ pkgs.cameraupload-server ]; + socket = wsgi-sock; + }; + }; + }; + }; + + services.nginx = { + enable = mkDefault true; + virtualHosts."photostore.krebsco.de" = { + locations = { + "/".extraConfig = '' + uwsgi_pass unix://${wsgi-sock}; + uwsgi_param UWSGI_CHDIR ${workdir}; + uwsgi_param UWSGI_MODULE cuserver.main; + uwsgi_param UWSGI_CALLABLE app; + include ${pkgs.nginx}/conf/uwsgi_params; + ''; + }; + }; + }; +} diff --git a/makefu/5pkgs/cameraupload-server/default.nix b/makefu/5pkgs/cameraupload-server/default.nix new file mode 100644 index 000000000..e2e410958 --- /dev/null +++ b/makefu/5pkgs/cameraupload-server/default.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "cameraupload-server-${version}"; + version = "0.2.4"; + + propagatedBuildInputs = [ + flask + ]; + + src = fetchFromGitHub { + owner = "makefu"; + repo = "cameraupload-server"; + rev = "c98c8ec"; + sha256 = "0ssgvjm0z399l62wkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + }; + + meta = { + homepage = https://github.com/makefu/cameraupload-server; + description = "server side for cameraupload_full"; + license = lib.licenses.asl20; + }; +} -- cgit v1.2.3 From 7c3e4260f279c057ebc45ba6b456f89ca3c97b0e Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 10 Jan 2018 15:07:04 +0100 Subject: jeschli: set default hostname --- jeschli/1systems/bln/config.nix | 2 +- jeschli/1systems/reagenzglas/config.nix | 1 - jeschli/2configs/default.nix | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix index 873c0fa3d..9e5f8c52e 100644 --- a/jeschli/1systems/bln/config.nix +++ b/jeschli/1systems/bln/config.nix @@ -36,7 +36,7 @@ } ]; - networking.hostName = "BLN02NB0154"; # Define your hostname. + networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname. networking.networkmanager.enable = true; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix index d65e897ae..eb2ba179e 100644 --- a/jeschli/1systems/reagenzglas/config.nix +++ b/jeschli/1systems/reagenzglas/config.nix @@ -29,7 +29,6 @@ allowDiscards = true; } ]; - networking.hostName = "reaganzglas"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Select internationalisation properties. diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix index 77281b301..6d788d283 100644 --- a/jeschli/2configs/default.nix +++ b/jeschli/2configs/default.nix @@ -64,4 +64,5 @@ with import ; ]; krebs.enable = true; + networking.hostName = config.krebs.build.host.name; } -- cgit v1.2.3 From 547812c8efd0bffa73529ab1b864cc871a8ca6d7 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 10 Jan 2018 15:09:21 +0100 Subject: jeschli: +enklave.r --- jeschli/1systems/enklave/config.nix | 45 +++++++++++++++++++++++ jeschli/1systems/enklave/source.nix | 3 ++ jeschli/2configs/os-templates/CentOS-7-64bit.nix | 16 +++++++++ krebs/3modules/jeschli/default.nix | 46 ++++++++++++++++++++++++ 4 files changed, 110 insertions(+) create mode 100644 jeschli/1systems/enklave/config.nix create mode 100644 jeschli/1systems/enklave/source.nix create mode 100644 jeschli/2configs/os-templates/CentOS-7-64bit.nix diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix new file mode 100644 index 000000000..010089017 --- /dev/null +++ b/jeschli/1systems/enklave/config.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + "ens*" + ]; + } + { + services.openssh.enable = true; + } + { + sound.enable = false; + } + { + users.extraUsers = { + root.initialPassword = "pfeife123"; + root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + jeschli = { + name = "jeschli"; + uid = 1000; + home = "/home/jeschli"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ +"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos" + ]; + }; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.enklave; +} diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix new file mode 100644 index 000000000..4f9f37be7 --- /dev/null +++ b/jeschli/1systems/enklave/source.nix @@ -0,0 +1,3 @@ +import { + name = "enklave"; +} diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix new file mode 100644 index 000000000..fb34e94e2 --- /dev/null +++ b/jeschli/2configs/os-templates/CentOS-7-64bit.nix @@ -0,0 +1,16 @@ +_: + +{ + imports = [ ]; + + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; +} diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 0d161e1c8..c7e882742 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -118,6 +118,52 @@ with import ; }; }; }; + enklave = { + nets = rec { + internet = { + ip4.addr = "88.198.164.182"; + aliases = [ + "enklave.i" + ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.27.30"; + ip6.addr = "42::30"; + aliases = [ + "enklave.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIID8gKCA+kAt8zRg/g0jRmqXn6rVul/tdjWtLPcu0aTjNJ5OYZh50i7WqWllGVz + +FfJicuq/Xd1l5qrgUN7MD+Wrfeov+G9lzSgacfPhXMujutXxX3JwW/9f7UN+yoN + Sw29Zj+NWb45HyI5WVwMQ332KbKjNcWdTRe+O39oE6bZWg54oEeZOad2UJ7/83sB + yNEV/B7bJ0+X9HR8XCKrHI/RkjixNauMDlquGzoVyqLKIWwUnBl9CwtNBCYHbvYD + G1rWeCewd9Z6KsqcKSePfa4mn5eOluWcXmbrD/sx8oII40oNUs3kI7a2HExB2Yle + P9Q5MQrXRZfI3bdrh1aHieBodZLtosHPNuJIpo8ZaCX88WLhGR3nhJa1vvM1vNwd + TSSAdobdZUcuIQJKnVxwP4rXQAKPkN2+ddy+tXCGvfFAsdGKDbgPy4FgT+Ed28vg + 3W0fef/3sDNGPY1VAa58/pLz9Un3kNJKUjt00tWamo8daU/3mxZs83nIqDHLq86l + 1+wCl37l+KHe7pUVZ3smoezPRCMoUThmc7VzupbQG+piiSSyiYQi0CuBusa44t76 + 1lMr3pOdRBBAoetZ745ZZVx8s+eYk+C1BmQbLJAfzQ9sbH3LAwXpuAH70mtrFqWl + C3LF89/5mZRbFxALZv9cVx3LqIZDjwpKlwPWorZwo14L+eAagdPCcnVNo6ZcVow2 + mAdNnf7C33fvRsU+rUEIZVPsBHZfAv+f0jqQ65TMvl32VZ0FlxxahSZSj64n8iwr + Z+DOxKA9OcAaTrHQReYLpWUfNceVDLfOmQLeih8hNgClgqPgYJP/OtN+ox3NP6ZX + +Gkx9HO7a+agtyJxjh3NYbT/NkRW8HcjW8KgRN7jlE9sQi5/FoxKQOUdHmLTvjdk + YJXqdPWMYHj2xt4A8x2nzl/si6lwDsod+zdY5RGSdYhoybEOs4wZZIuArmm8GP+C + IbtgutknAuqvm2FOxyWCbLFTimgqC5BgrNUsXFJJLsHQ3bWFJtVpJlSa5Y0iypCP + Yr/cefbDrGfs3eCy7FlYDIkCcH06FPm1LTs6USisrtKFObRQN+zPSPln9FysNmpH + h0YUhrWdTO+wN78K5gc4ALPNUlyqmH61h8jS2qSdrRZLcZWIi4K4banG6EJcWRvV + kaVxghY1i/Z9x43bZRpBPvpM462IDx08vYX9AcFmF7JfjAXPwJO/EqZVsY1YPDzO + vdXWrtTORO8R8Pjq3X952yNqgHBcJQh7Q9TBcj+XBtkidOSnTt3Sp/RumsucUW19 + 0wMempDPiCOAadLmR4cW5XL1ednXurkd+5gHCmB1Sl7FueP5dgLB/mhXjmITE3zH + aQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + }; users = { jeschli = { -- cgit v1.2.3 From 94c785281a89711742bb32cde94b9ccbb7603c21 Mon Sep 17 00:00:00 2001 From: jeschli Date: Wed, 10 Jan 2018 15:10:13 +0100 Subject: jeschli retiolum: connect to enklave --- jeschli/2configs/retiolum.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix index 403300b30..b611cbe7d 100644 --- a/jeschli/2configs/retiolum.nix +++ b/jeschli/2configs/retiolum.nix @@ -9,6 +9,7 @@ "gum" "ni" "dishfire" + "enklave" ]; }; @@ -16,6 +17,9 @@ tinc = pkgs.tinc_pre; }; + networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedUDPPorts = [ 655 ]; + environment.systemPackages = [ pkgs.tinc ]; -- cgit v1.2.3 From 36833781d46f189a6addaa109f8a4b5539cbba2c Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Jan 2018 11:22:46 +0100 Subject: repo-sync: don't announce syncs in irc --- krebs/2configs/repo-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 84b7d9c0e..48da88a8d 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -58,7 +58,7 @@ let ref = "heads/master"; }; }; - krebs.git = defineRepo name true; + krebs.git = defineRepo name false; }; in { -- cgit v1.2.3 From 4ae0254642d10fe2376d218491974ee3d42722ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:00:58 +0100 Subject: l: add lassul.us dns --- krebs/3modules/lass/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0567d58ba..37bb31563 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -3,6 +3,9 @@ with import ; { + dns.providers = { + "lassul.us" = "zones"; + }; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; ci = true; @@ -80,6 +83,18 @@ with import ; prism IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} ''; + "lassul.us" = '' + $TTL 3600 + @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN TXT v=spf1 mx -all + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + ''; }; nets = rec { internet = { -- cgit v1.2.3 From b713edf2f844e9cc5ca1cc00a9ad4113ecfad40b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:01:23 +0100 Subject: l daedalus.r: install some software --- lass/1systems/daedalus/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 8ec744584..609fae3c8 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -40,6 +40,9 @@ with import ; zathura skype wine + geeqie + vlc + minecraft ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; -- cgit v1.2.3 From 291a3347e9baedd35baf855e58dc98caef066d69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:02:38 +0100 Subject: l: add minecraft.nix --- lass/1systems/prism/config.nix | 8 +------- lass/2configs/minecraft.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 7 deletions(-) create mode 100644 lass/2configs/minecraft.nix diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 03e9f6eeb..3e42ecd75 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -289,13 +289,6 @@ in { alias /var/realwallpaper/realwallpaper.png; ''; } - { - services.minecraft-server.enable = true; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } - { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } - ]; - } { @@ -318,6 +311,7 @@ in { RandomizedDelaySec = "2min"; }; } + ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix new file mode 100644 index 000000000..aa33dcccc --- /dev/null +++ b/lass/2configs/minecraft.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +{ + users.users = { + mc = { + name = "mc"; + description = "user playing mc"; + home = "/home/mc"; + createHome = true; + useDefaultShell = true; + packages = with pkgs; [ + tmux + ]; + }; + }; + krebs.per-user.mc.packages = [ pkgs.jdk ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } + { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } + ]; +} -- cgit v1.2.3 From dde9e711fc2e6f15565d4d402d1743fa69d111f3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:03:55 +0100 Subject: l prism.r: allow jeschli push to all branches --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 3e42ecd75..5831cd6cf 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -300,7 +300,7 @@ in { jeschli-brauerei ]; repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ]; + perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; } ]; } -- cgit v1.2.3 From 80e7b1254fd60a880f0cae5b36872607255f41fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:04:56 +0100 Subject: l prism.r: add downloading (again) --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5831cd6cf..087aaab06 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -311,6 +311,7 @@ in { RandomizedDelaySec = "2min"; }; } + ]; -- cgit v1.2.3 From 07ba3cde29849f10d1a78db65d56632aeee1790c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:06:04 +0100 Subject: l: add taskwarrior to pkgs --- lass/2configs/baseX.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 59ea0ecb7..65e8f15a4 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -85,6 +85,8 @@ in { screengrab slock sxiv + timewarrior + taskwarrior termite xclip xorg.xbacklight -- cgit v1.2.3 From 0b4ce5878640d222ab28d269acc36429ae20b7d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:06:52 +0100 Subject: l browsers: use precedence --- lass/2configs/browsers.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 9459cfd6f..8d57f1148 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -35,7 +35,10 @@ let useDefaultShell = true; createHome = true; }; - lass.browser.paths.${name}.path = bin; + lass.browser.paths.${name} = { + path = bin; + inherit precedence; + }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(${name}) NOPASSWD: ALL ''; -- cgit v1.2.3 From c23738db3730c61ee2487a0dc1a1f48be6dd1db2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:07:08 +0100 Subject: l browsers: preconfigure chromium --- lass/2configs/browsers.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 8d57f1148..d04c56365 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -83,6 +83,14 @@ in { browser-select ]; + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium + ]; + }; + imports = [ { options.lass.browser.select = mkOption { -- cgit v1.2.3 From 59f3f4257d58e8ff28a37a0167bd69acd83397e9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:07:29 +0100 Subject: l browsers: add fin --- lass/2configs/browsers.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index d04c56365..cbbd54b6b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -113,8 +113,9 @@ in { ( createFirefoxUser "ff" [ "audio" ] 10 ) ( createChromiumUser "cr" [ "video" "audio" ] 9 ) ( createChromiumUser "gm" [ "video" "audio" ] 8 ) - ( createChromiumUser "wk" [ "video" "audio" ] ) - ( createChromiumUser "fb" [ "video" "audio" ] ) - ( createChromiumUser "com" [ "video" "audio" ] ) + ( createChromiumUser "wk" [ "video" "audio" ] 0 ) + ( createChromiumUser "fb" [ "video" "audio" ] 0 ) + ( createChromiumUser "com" [ "video" "audio" ] 0 ) + ( createChromiumUser "fin" [] (-1) ) ]; } -- cgit v1.2.3 From dd03ce2e9e4a5a66c9259537e976bed5f6305c7a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:08:01 +0100 Subject: l: add zsh --- lass/2configs/default.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index c68aee330..5a5f1b347 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,11 +2,12 @@ with import ; { config, pkgs, ... }: { imports = [ - ../2configs/binary-cache/client.nix - ../2configs/gc.nix - ../2configs/mc.nix - ../2configs/vim.nix - ../2configs/monitoring/client.nix + ./binary-cache/client.nix + ./gc.nix + ./mc.nix + ./vim.nix + ./monitoring/client.nix + ./zsh.nix ./htop.nix ./backups.nix ./security-workarounds.nix -- cgit v1.2.3 From b49137cac3597800a4ccd108f8b65aa77de64e0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:08:55 +0100 Subject: l: add more emails --- lass/2configs/exim-smarthost.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 94191fcb7..0219f5216 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -54,6 +54,11 @@ with import ; { from = "bitstamp@lassul.us"; to = lass.mail; } { from = "bitcoin.de@lassul.us"; to = lass.mail; } { from = "ableton@lassul.us"; to = lass.mail; } + { from = "dhl@lassul.us"; to = lass.mail; } + { from = "sipgate@lassul.us"; to = lass.mail; } + { from = "coinexchange@lassul.us"; to = lass.mail; } + { from = "verwaltung@lassul.us"; to = lass.mail; } + { from = "gearbest@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From a3751cdb4731ff238d02e1e0e84bbe8aaa9217ac Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 00:09:46 +0100 Subject: l zsh: cleanup --- lass/2configs/zsh.nix | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 4d33aa79d..728c0cc0d 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -7,10 +7,8 @@ zsh-newuser-install() { :; } ''; interactiveShellInit = '' - #unsetopt nomatch setopt autocd extendedglob bindkey -e - zstyle :compinstall filename '/home/lass/.zshrc' #history magic bindkey "" up-line-or-local-history @@ -40,7 +38,6 @@ bindkey "^X^E" edit-command-line #completion magic - fpath=(~/.zsh/completions $fpath) autoload -Uz compinit compinit zstyle ':completion:*' menu select @@ -48,14 +45,18 @@ #enable automatic rehashing of $PATH zstyle ':completion:*' rehash true - - #eval $( dircolors -b ~/.LS_COLORS ) + eval $(dircolors -b ${pkgs.fetchFromGitHub { + owner = "trapd00r"; + repo = "LS_COLORS"; + rev = "master"; + sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + }}/LS_COLORS) # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' #beautiful colors alias ls='ls --color' - zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + # zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} #emacs bindings bindkey "[7~" beginning-of-line @@ -66,24 +67,24 @@ #aliases alias ll='ls -l' alias la='ls -la' - alias pinginet='ping 8.8.8.8' - alias du='du -hd1' - alias qiv="qiv -f -m" - alias zshres="source ~/.zshrc" #fancy window title magic case $TERM in (*xterm* | *rxvt*) - - # Write some info to terminal title. - # This is seen when the shell prompts for input. function precmd { - print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a" + if test -n "$SSH_CLIENT"; then + echo -ne "\033]0;$$ $USER@$HOST $PWD\007" + else + echo -ne "\033]0;$$ $USER@$PWD\007" + fi } - # Write command and args to terminal title. # This is seen while the shell waits for a command to complete. function preexec { - printf "\033]0;%s\a" "$1" + if test -n "$SSH_CLIENT"; then + echo -ne "\033]0;$$ $USER@$HOST $PWD $1\007" + else + echo -ne "\033]0;$$ $USER@$PWD $1\007" + fi } ;; esac @@ -119,4 +120,5 @@ ''; }; users.users.mainUser.shell = "/run/current-system/sw/bin/zsh"; + users.users.root.shell = "/run/current-system/sw/bin/zsh"; } -- cgit v1.2.3 From 74d1531be988057ccadd3de5184d915dcf84c92d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Jan 2018 09:24:44 +0100 Subject: l nixpkgs: d202e30 -> 92d088e --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 46c6d31dc..8ca3fe3c0 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "d202e30"; + ref = "92d088e"; }; secrets = getAttr builder { buildbot.file = toString ; -- cgit v1.2.3