From aa1c6c814c9afbe4483b23b37b9d95d5055848fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 12 Feb 2018 10:41:19 +0100 Subject: l helios.r: add docker --- lass/1systems/helios/config.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index f53e93f26..0ab6ec2c6 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -149,11 +149,13 @@ with import ; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" ]; + users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; services.printing.drivers = [ pkgs.postscript-lexmark ]; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + virtualisation.docker.enable = true; } -- cgit v1.2.3 From 51cfaef6412f833f2137336617ceb2f234932ede Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 16:56:59 +0100 Subject: l mors.r: add /home/virtual --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 936666a73..b81fa891c 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -89,6 +89,10 @@ with import ; fsType = "btrfs"; options = ["defaults" "noatime" "ssd" "compress=lzo"]; }; + "/home/virtual" = { + device = "/dev/mapper/pool-virtual"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' -- cgit v1.2.3 From e26d3bbd72acad8b3e00dcf8356ea58f4bbaf7d7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:06:02 +0100 Subject: l mors.r: enable docker --- lass/1systems/mors/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index b81fa891c..265ef7145 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -198,5 +198,6 @@ with import ; nix.package = pkgs.nixUnstable; programs.adb.enable = true; - users.users.mainUser.extraGroups = [ "adbusers" ]; + users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; + virtualisation.docker.enable = true; } -- cgit v1.2.3 From 391fdd01b204402894718109d94c6c9590ccf644 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:06:38 +0100 Subject: l prism.r: add jeschli-bolide git access --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 087aaab06..eae8feb8f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -297,6 +297,7 @@ in { user = with config.krebs.users; [ jeschli jeschli-bln + jeschli-bolide jeschli-brauerei ]; repo = [ config.krebs.git.repos.stockholm ]; -- cgit v1.2.3 From 94a5ac9aeb1d11b5f37a8256db06a8e672cf3439 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:07:31 +0100 Subject: l prism.r: add taskserver config --- lass/1systems/prism/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eae8feb8f..b498d94ff 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -314,6 +314,18 @@ in { } + { + services.taskserver = { + enable = true; + fqdn = "lassul.us"; + listenHost = "::"; + listenPort = 53589; + organisations.lass.users = [ "lass" "android" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 119856187d954204592ac9d702b9c0327db82eb1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:13:18 +0100 Subject: l: add dunst --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 265ef7145..6a606e0ad 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -31,6 +31,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From be0a02f5d696aeb79312ee172e0d77d5c32229a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 13 Feb 2018 17:13:55 +0100 Subject: l: add rtl-sdr --- lass/1systems/helios/config.nix | 1 + lass/1systems/mors/config.nix | 1 + 2 files changed, 2 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 0ab6ec2c6..5a553572e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -16,6 +16,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6a606e0ad..6ca980155 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -32,6 +32,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 8b3916ad4ada99d4e48d8ad1a85f5dd8d4d40457 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 00:20:23 +0100 Subject: l helios.r: add minio.cert --- lass/1systems/helios/config.nix | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 5a553572e..c4d99cb2c 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -137,14 +137,35 @@ with import ; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) + (pkgs.writeText "minio.cert" '' + -----BEGIN CERTIFICATE----- + MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS + MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 + OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC + AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL + 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV + YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C + ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM + CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw + hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk + MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw + I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB + CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 + hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox + jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY + EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM + zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a + qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa + -----END CERTIFICATE----- + '') ]; lass.screenlock.command = "${pkgs.i3lock}/bin/i3lock -i /home/lass/lock.png -t -f"; -- cgit v1.2.3 From d8c6ef4d103da4701092dc8120abe63bb855014a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:45:39 +0100 Subject: l prism.r: add jeschli user --- lass/1systems/prism/config.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b498d94ff..c0e4620cc 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -292,6 +292,16 @@ in { { + users.users.jeschli = { + uid = genid "jeschli"; + isNormalUser = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + jeschli.pubkey + jeschli-bln.pubkey + jeschli-bolide.pubkey + jeschli-brauerei.pubkey + ]; + }; krebs.git.rules = [ { user = with config.krebs.users; [ -- cgit v1.2.3 From 8c600fd0f5c8d63115c5527733885a14ad210913 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 19 Feb 2018 09:46:00 +0100 Subject: l shodan.r: ignore lidswitch --- lass/1systems/shodan/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ef015aebc..7fb57544f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -61,4 +61,8 @@ with import ; SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" ''; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; } -- cgit v1.2.3 From 55a156814ae06f16f9e87638ddd5d0b73ddf41e0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 3 Mar 2018 15:02:47 +0100 Subject: l deploy: don't run --diff --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6ca980155..cbb71ab24 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -182,7 +182,7 @@ with import ; echo 'secrets are crypted' >&2 exit 23 else - exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' + exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"' fi ''; predeploy = pkgs.writeDash "predeploy" '' -- cgit v1.2.3