From 26342f9bbbfab2ded2c03f11346094fa8d6971d1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 19:40:50 +0100 Subject: l morpheus.r: use new luks devices config --- lass/1systems/morpheus/physical.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix index 3fb03cda4..6e59a2273 100644 --- a/lass/1systems/morpheus/physical.nix +++ b/lass/1systems/morpheus/physical.nix @@ -34,10 +34,7 @@ }; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; + devices.luksroot.device = "/dev/nvme0n1p3"; }; services.udev.extraRules = '' -- cgit v1.3.1 From cb24733b91e40d82b8fb5b39ff08be1b0f68c512 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 19:59:35 +0100 Subject: l uriel.r: use new luks devices config --- lass/1systems/uriel/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 2d21f00d5..82a088643 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -15,7 +15,7 @@ loader.systemd-boot.enable = true; loader.timeout = 5; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; -- cgit v1.3.1 From 4ed62e280e52ce373c6f1a9c44c5d365c24f572c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Oct 2020 20:23:33 +0100 Subject: l icarus.r shodan.r: remove borken ssh-cryptsetup --- lass/1systems/icarus/config.nix | 1 - lass/1systems/shodan/config.nix | 2 -- 2 files changed, 3 deletions(-) (limited to 'lass/1systems') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8332e7c53..609da6011 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -19,7 +19,6 @@ with import ; # - ]; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index e41c9bd1e..9e01396bc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,8 +15,6 @@ with import ; - - -- cgit v1.3.1 From 636d1eb762aae20e1da580d6f37460aa25391f45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 23 Nov 2020 11:32:23 +0100 Subject: l: init styx.r --- krebs/3modules/lass/default.nix | 39 ++++++++++++++++++++ lass/1systems/styx/config.nix | 80 +++++++++++++++++++++++++++++++++++++++++ lass/1systems/styx/physical.nix | 34 ++++++++++++++++++ 3 files changed, 153 insertions(+) create mode 100644 lass/1systems/styx/config.nix create mode 100644 lass/1systems/styx/physical.nix (limited to 'lass/1systems') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d2a945284..3466ef8eb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -645,6 +645,45 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; }; + styx = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.11.1"; + ip6.addr = r6 "111"; + aliases = [ + "styx.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn + ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU + aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE + 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi + 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq + m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn + Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt + EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/ + 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao + Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2 + 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF + wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "111"; + aliases = [ + "styx.w" + ]; + wireguard.pubkey = '' + 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; + }; }; users = rec { lass = lass-blue; diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix new file mode 100644 index 000000000..4c3ae1411 --- /dev/null +++ b/lass/1systems/styx/config.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + + + + + + + + + # + # + # + + + # + # + # + ]; + + krebs.build.host = config.krebs.hosts.styx; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; } + ]; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = top + title = top + + + Local + menu = Local + title = Local Network + ++ LocalMachine + menu = Local Machine + title = This host + host = localhost + + + Internet + menu = internet + title = internet + + ++ CloudflareDNS + menu = Cloudflare DNS + title = Cloudflare DNS server + host = 1.1.1.1 + + ++ GoogleDNS + menu = Google DNS + title = Google DNS server + host = 8.8.8.8 + + + retiolum + menu = retiolum + title = retiolum + + ++ gum + menu = gum.r + title = gum.r + host = gum.r + + ++ ni + menu = ni.r + title = ni.r + host = ni.r + + ++ prism + menu = prism.r + title = prism.r + host = prism.r + ''; + }; +} + diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix new file mode 100644 index 000000000..a3899f87d --- /dev/null +++ b/lass/1systems/styx/physical.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; + boot.loader.grub.efiInstallAsRemovable = true; + + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EAA5-88A9"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} -- cgit v1.3.1 From ff1d896c8d436cdc83f60f7df7203f38f03fceac Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Tue, 24 Nov 2020 10:25:37 +0100 Subject: mic92: add shannan --- krebs/3modules/external/default.nix | 4 ++++ krebs/3modules/external/ssh/shannan.pub | 1 + lass/1systems/prism/config.nix | 9 +++++++++ 3 files changed, 14 insertions(+) create mode 100644 krebs/3modules/external/ssh/shannan.pub (limited to 'lass/1systems') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index d14526703..277169e11 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -608,6 +608,10 @@ in { mail = "joerg@thalheim.io"; pubkey = ssh-for "mic92"; }; + shannan = { + mail = "shannan@lekwati.com"; + pubkey = ssh-for "shannan"; + }; qubasa = { mail = "luis.nixos@gmail.com"; pubkey = ssh-for "qubasa"; diff --git a/krebs/3modules/external/ssh/shannan.pub b/krebs/3modules/external/ssh/shannan.pub new file mode 100644 index 000000000..ed89d702a --- /dev/null +++ b/krebs/3modules/external/ssh/shannan.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBXTForyB6oNMK5bbGpALKU4lPsKRGxNLhrE/PnHHq7 shannan@bernie diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 944a68beb..1206f1655 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -391,6 +391,15 @@ with import ; { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } ]; } + { + users.users.shannan = { + uid = genid_uint31 "shannan"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.shannan.pubkey + ]; + }; + } { nix.trustedUsers = [ "mic92" ]; users.users.mic92 = { -- cgit v1.3.1