From 34ac22e4419fff0e07afc3a71615dc30399aecff Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Feb 2021 19:50:25 +0100 Subject: l: default user is yubikey --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c5cf5cb15..555f39be0 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -690,7 +690,7 @@ in { }; }; users = rec { - lass = lass-blue; + lass = lass-yubikey; lass-yubikey = { mail = lass.mail; pubkey = builtins.readFile ./ssh/yubikey.rsa; -- cgit v1.2.3 From 892ae1f8a70ce3a6062a2ffa6ac5b3e3df3ba99c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Feb 2021 21:58:48 +0100 Subject: glados: import unstable home-assistant --- krebs/2configs/shack/glados/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'krebs') diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d546564c5..53d6e6f4a 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,5 +1,11 @@ { config, pkgs, lib, ... }: let + unstable = import (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; + }) {}; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -40,6 +46,9 @@ in { { enable = true; autoExtraComponents = true; + package = unstable.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + }); config = { homeassistant = { name = "Glados"; -- cgit v1.2.3 From 57da9035d2f4ac805fa05a92fa70eee942b2db06 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 16 Feb 2021 23:02:08 +0100 Subject: ircd: raise all limits --- krebs/2configs/ircd.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 789fc2f2f..0de07a027 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,6 +5,8 @@ 6667 6669 ]; + systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384; + krebs.charybdis = { enable = true; motd = '' @@ -15,7 +17,7 @@ serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; - description = "miep!"; + description = "irc!"; network_name = "irc.r"; vhost = "0.0.0.0"; @@ -26,7 +28,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 100000; + default_max_clients = 2048; #nicklen = 30; }; @@ -38,12 +40,12 @@ */ host = "0.0.0.0"; port = 6667; - sslport = 6697; + #sslport = 6697; /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 6697; + #sslport = 6697; }; class "users" { @@ -53,9 +55,9 @@ number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; - number_per_cidr = 65536; - max_number = 100000; - sendq = 10 megabyte; + number_per_cidr = 65535; + max_number = 65535; + sendq = 1000 megabyte; }; privset "op" { @@ -91,7 +93,7 @@ use_knock = yes; knock_delay = 5 minutes; knock_delay_channel = 1 minute; - max_chans_per_user = 15; + max_chans_per_user = 150; max_bans = 100; max_bans_large = 500; default_split_user_count = 0; -- cgit v1.2.3 From ac10edb22a05258326ac7a84571c09147f603a09 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Feb 2021 19:56:54 +0100 Subject: l: remove deprecated cgit aliases --- krebs/3modules/lass/default.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 555f39be0..9dd76a627 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -125,7 +125,6 @@ in { ip6.addr = r6 "1e1"; aliases = [ "uriel.r" - "cgit.uriel.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -151,7 +150,6 @@ in { ip6.addr = r6 "dea7"; aliases = [ "mors.r" - "cgit.mors.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -185,7 +183,6 @@ in { ip6.addr = r6 "50da"; aliases = [ "shodan.r" - "cgit.shodan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -220,7 +217,6 @@ in { ip6.addr = r6 "1205"; aliases = [ "icarus.r" - "cgit.icarus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -254,7 +250,6 @@ in { ip6.addr = r6 "daed"; aliases = [ "daedalus.r" - "cgit.daedalus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -286,7 +281,6 @@ in { ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" - "cgit.skynet.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 1580aca24d352eaf649305e367ad92537b25f314 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Feb 2021 19:57:38 +0100 Subject: l: init coaxmetal.r --- krebs/3modules/lass/default.nix | 42 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 9dd76a627..2123ec962 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -682,6 +682,48 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; }; + + coaxmetal = { + cores = 16; + nets = { + retiolum = { + ip4.addr = "10.243.0.17"; + ip6.addr = r6 "17"; + aliases = [ + "coaxmetal.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA + xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK + gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU + WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek + ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 + G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F + G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO + IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX + K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE + 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly + bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo + l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "17"; + aliases = [ + "coaxmetal.w" + ]; + wireguard.pubkey = '' + lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; + syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; + }; + }; users = rec { lass = lass-yubikey; -- cgit v1.2.3 From 8b7477926d0b7c1ac3d92d07e6934f9e593ea9ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Feb 2021 20:16:07 +0100 Subject: l: fix lass-yubikey mail --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2123ec962..6978c0b4e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -728,7 +728,7 @@ in { users = rec { lass = lass-yubikey; lass-yubikey = { - mail = lass.mail; + mail = "lass@lassul.us"; pubkey = builtins.readFile ./ssh/yubikey.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; }; -- cgit v1.2.3