From 154e0cf5cd33ff4a3a5657ed7b01674ba1e6a5e2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:14:09 +0100 Subject: l 2 websites domsen: remove obsolete ssl function --- lass/2configs/websites/domsen.nix | 32 -------------------------------- 1 file changed, 32 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 2bbfe7333..9361e3978 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -7,7 +7,6 @@ let genid_signed ; inherit (import {inherit lib pkgs;}) - ssl servePage serveOwncloud serveWordpress; @@ -25,47 +24,16 @@ let in { imports = [ ./sqlBackup.nix - (ssl [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (ssl [ "karlaskop.de" "www.karlaskop.de" ]) (servePage [ "karlaskop.de" "www.karlaskop.de" ]) - (ssl [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) (servePage [ "makeup.apanowicz.de" "www.makeup.apanowicz.de" ]) - (ssl [ "pixelpocket.de" ]) (servePage [ "pixelpocket.de" ]) - (ssl [ "o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" ]) - (ssl [ - "ubikmedia.de" - "aldona.ubikmedia.de" - "apanowicz.de" - "nirwanabluete.de" - "aldonasiech.com" - "360gradvideo.tv" - "ubikmedia.eu" - "facts.cloud" - "youthtube.xyz" - "illucloud.eu" - "illucloud.de" - "illucloud.com" - "www.ubikmedia.de" - "www.aldona.ubikmedia.de" - "www.apanowicz.de" - "www.nirwanabluete.de" - "www.aldonasiech.com" - "www.360gradvideo.tv" - "www.ubikmedia.eu" - "www.facts.cloud" - "www.youthtube.xyz" - "www.illucloud.eu" - "www.illucloud.de" - "www.illucloud.com" - ]) (serveWordpress [ "ubikmedia.de" "apanowicz.de" -- cgit v1.3.1 From 44800f5ca9b79d64836cb1bb4c318b64182ad6aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2017 17:14:25 +0100 Subject: l 2 websites domsen: add ubikmedia subdomains --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9361e3978..01699001e 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,6 +56,14 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "apanowicz.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "cinevita.ubikmedia.de" + "factscloud.ubikmedia.de" + "youthtube.ubikmedia.de" + "aldona2.ubikmedia.de" + "illucloud.ubikmedia.de" ]) ]; -- cgit v1.3.1 From 899bbbd8207679a5384f5d4d191b4072738366b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 17:28:04 +0100 Subject: l 2 websites domsen: add www.ubikmedia.de --- lass/2configs/websites/domsen.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 01699001e..71eae5b71 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -56,6 +56,7 @@ in { "www.illucloud.eu" "www.illucloud.de" "www.illucloud.com" + "www.ubikmedia.de" "apanowicz.ubikmedia.de" "karlaskop.ubikmedia.de" "nb.ubikmedia.de" -- cgit v1.3.1 From fca1c21a1adf837f5312b97e98126fef023eee60 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 10 Jan 2017 19:18:33 +0100 Subject: l 2 websites fritz: remove obsolete ssl function --- lass/2configs/websites/fritz.nix | 9 --------- 1 file changed, 9 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 00e987116..9bf7e4a9c 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -7,7 +7,6 @@ let head ; inherit (import {inherit lib pkgs;}) - ssl servePage serveWordpress ; @@ -29,28 +28,20 @@ in { imports = [ ./sqlBackup.nix - (ssl [ "radical-dreamers.de" "www.radical-dreamers.de" ]) (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - (ssl [ "gs-maubach.de" "www.gs-maubach.de" ]) (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - (ssl [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - (ssl [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - (ssl [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - (ssl [ "eastuttgart.de" "www.eastuttgart.de" ]) (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - (ssl [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) (servePage [ "habsys.de" "www.habsys.de" "habsys.eu" "www.habsys.eu" ]) - (ssl [ "goldbarrendiebstahl.radical-dreamers.de" ]) (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) ]; -- cgit v1.3.1 From 64a7a764198884f5bbb7d04c016c504e5998dc98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 13 Jan 2017 13:37:12 +0100 Subject: l 2 websites domsen: add joemisch.ubikmedia.de --- lass/2configs/websites/domsen.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 71eae5b71..5ed73a22c 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -57,14 +57,15 @@ in { "www.illucloud.de" "www.illucloud.com" "www.ubikmedia.de" + "aldona2.ubikmedia.de" "apanowicz.ubikmedia.de" - "karlaskop.ubikmedia.de" - "nb.ubikmedia.de" "cinevita.ubikmedia.de" "factscloud.ubikmedia.de" - "youthtube.ubikmedia.de" - "aldona2.ubikmedia.de" "illucloud.ubikmedia.de" + "joemisch.ubikmedia.de" + "karlaskop.ubikmedia.de" + "nb.ubikmedia.de" + "youthtube.ubikmedia.de" ]) ]; -- cgit v1.3.1 From 71b3e39cc51895870149f6b616b77deb27ec8ffd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 16:24:36 +0100 Subject: l 2 websites lassulus: add /init --- lass/2configs/websites/lassulus.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index cfdda05db..ea384195b 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,6 +5,7 @@ let inherit (import ) genid ; + inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -83,6 +84,7 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; + # TODO make this work! locations."= /ddate".extraConfig = let script = pkgs.writeBash "test" '' echo "hello world" @@ -100,6 +102,10 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; + locations."/init".extraConfig = '' + alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + ''; + enableSSL = true; extraConfig = "listen 80;"; sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem"; -- cgit v1.3.1 From f216392665662ba375a657ae2431b70bb1ab63cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 17 Jan 2017 18:44:08 +0100 Subject: l: move initscript to pkgs --- lass/2configs/websites/lassulus.nix | 9 ++- lass/4lib/default.nix | 130 ---------------------------------- lass/5pkgs/default.nix | 3 +- lass/5pkgs/init/default.nix | 134 ++++++++++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+), 134 deletions(-) create mode 100644 lass/5pkgs/init/default.nix (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index ea384195b..024d2eeb2 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -5,7 +5,6 @@ let inherit (import ) genid ; - inherit (import ../../4lib { inherit lib; }) initscript; in { imports = [ @@ -102,8 +101,12 @@ in { fastcgi_param SCRIPT_NAME ${script}; ''; - locations."/init".extraConfig = '' - alias ${pkgs.writeText "init" (initscript { pubkey = config.krebs.users.lass.pubkey; })}; + locations."/init".extraConfig = let + initscript = pkgs.init.override { + pubkey = config.krebs.users.lass.pubkey; + }; + in '' + alias ${initscript}; ''; enableSSL = true; diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 0dc7fa8d7..56943b7ac 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,134 +7,4 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - initscript = { pubkey ? config.krebs.users.lass.pubkey, disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca" }: '' - #! /bin/sh - # usage: curl xu/~tv/init | sh - set -efu - # TODO nix-env -f '' -iA jq # if not exists (also version) - # install at tmp location - - - case $(cat /proc/cmdline) in - *' root=LABEL=NIXOS_ISO '*) :;; - *) echo Error: unknown operating system >&2; exit 1;; - esac - - disk=${disk} - - bootdev=${disk}1 - - luksdev=${disk}2 - luksmap=/dev/mapper/${luksmap} - - vgname=${vgname} - - rootdev=/dev/mapper/${vgname}-root - homedev=/dev/mapper/${vgname}-home - bkudev=/dev/mapper/${vgname}-bku - - # - # partitioning - # - - # http://en.wikipedia.org/wiki/GUID_Partition_Table - # undo: - # dd if=/dev/zero bs=512 count=34 of=/dev/sda - # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) - if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted "$disk" \ - mklabel gpt \ - mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ - mkpart primary 1024MiB 100% - fi - - if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then - echo zonk - exit 23 - fi - - if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then - echo zonk2 - exit 23 - fi - - if ! cryptsetup isLuks "$luksdev"; then - # aes xts-plain64 - cryptsetup luksFormat "$luksdev" \ - -h sha512 \ - --iter-time 5000 - fi - - if ! test -e "$luksmap"; then - cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" - fi - # cryptsetup close - - if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then - pvcreate "$luksmap" - fi - - if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi - - lvchange -a y /dev/mapper/"$vgname" - - if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi - if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi - if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi - - # lvchange -a n "$vgname" - - - # - # formatting - # - - if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then - mkfs.vfat "$bootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then - mkfs.btrfs "$rootdev" - fi - - if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then - mkfs.btrfs "$homedev" - fi - - if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then - mkfs.btrfs "$bkudev" - fi - - - if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then - mount "$rootdev" /mnt - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then - mkdir -m 0000 -p /mnt/boot - mount "$bootdev" /mnt/boot - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then - mkdir -m 0000 -p /mnt/home - mount "$homedev" /mnt/home - fi - if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then - mkdir -m 0000 -p /mnt/bku - mount "$bkudev" /mnt/bku - fi - - # umount -R /mnt - - - parted "$disk" print - lsblk "$disk" - - key='${pubkey}' - if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then - mkdir -p /root/.ssh - echo "$key" > /root/.ssh/authorized_keys - fi - systemctl start sshd - ip route - echo READY. - ''; } diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 0beda7481..e47e3126a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, ... }@args: { nixpkgs.config.packageOverrides = rec { @@ -11,6 +11,7 @@ ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; + init = pkgs.callPackage ./init/default.nix args; mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; pop = pkgs.callPackage ./pop/default.nix {}; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix new file mode 100644 index 000000000..abf2528d7 --- /dev/null +++ b/lass/5pkgs/init/default.nix @@ -0,0 +1,134 @@ +{ pkgs, lib, pubkey ? "", disk ? "/dev/sda", vgname ? "vga", luksmap ? "ca", ... }: + +with lib; + +pkgs.writeText "init" '' + #! /bin/sh + # usage: curl xu/~tv/init | sh + set -efu + # TODO nix-env -f '' -iA jq # if not exists (also version) + # install at tmp location + + + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) :;; + *) echo Error: unknown operating system >&2; exit 1;; + esac + + disk=${disk} + + bootdev=${disk}1 + + luksdev=${disk}2 + luksmap=/dev/mapper/${luksmap} + + vgname=${vgname} + + rootdev=/dev/mapper/${vgname}-root + homedev=/dev/mapper/${vgname}-home + bkudev=/dev/mapper/${vgname}-bku + + # + # partitioning + # + + # http://en.wikipedia.org/wiki/GUID_Partition_Table + # undo: + # dd if=/dev/zero bs=512 count=34 of=/dev/sda + # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) + if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then + parted "$disk" \ + mklabel gpt \ + mkpart ESP fat32 1MiB 1024MiB set 1 boot on \ + mkpart primary 1024MiB 100% + fi + + if ! test "$(blkid -o value -s PARTLABEL "$bootdev")" = ESP; then + echo zonk + exit 23 + fi + + if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then + echo zonk2 + exit 23 + fi + + if ! cryptsetup isLuks "$luksdev"; then + # aes xts-plain64 + cryptsetup luksFormat "$luksdev" \ + -h sha512 \ + --iter-time 5000 + fi + + if ! test -e "$luksmap"; then + cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" + fi + # cryptsetup close + + if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then + pvcreate "$luksmap" + fi + + if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi + + lvchange -a y /dev/mapper/"$vgname" + + if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi + if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi + if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi + + # lvchange -a n "$vgname" + + + # + # formatting + # + + if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then + mkfs.vfat "$bootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then + mkfs.btrfs "$rootdev" + fi + + if ! test "$(blkid -o value -s TYPE "$homedev")" = btrfs; then + mkfs.btrfs "$homedev" + fi + + if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then + mkfs.btrfs "$bkudev" + fi + + + if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then + mount "$rootdev" /mnt + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then + mkdir -m 0000 -p /mnt/boot + mount "$bootdev" /mnt/boot + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then + mkdir -m 0000 -p /mnt/home + mount "$homedev" /mnt/home + fi + if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then + mkdir -m 0000 -p /mnt/bku + mount "$bkudev" /mnt/bku + fi + + # umount -R /mnt + + + parted "$disk" print + lsblk "$disk" + + key='${pubkey}' + if [ "$(cat /root/.ssh/authorized_keys 2>/dev/null)" != "$key" ]; then + mkdir -p /root/.ssh + echo "$key" > /root/.ssh/authorized_keys + fi + systemctl start sshd + ip route + echo READY. +'' -- cgit v1.3.1 From 654d32383f782dbd8d3fa198583754ff1d0ca5ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Jan 2017 18:38:32 +0100 Subject: l 2 websites domsen: setup mail for ubikmedia --- lass/2configs/websites/domsen.nix | 41 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5ed73a22c..e79973a66 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -112,17 +112,26 @@ in { ''; internet-aliases = [ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; } + { from = "dma@ubikmedia.de"; to = "domsen"; } + { from = "dma@ubikmedia.eu"; to = "domsen"; } { from = "mail@jla-trading.com"; to = "jla-trading"; } + { from = "jms@ubikmedia.eu"; to = "jms"; } + { from = "ms@ubikmedia.eu"; to = "ms"; } + { from = "nrg@ubikmedia.eu"; to = "nrg"; } + { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; } + + { from = "testuser@lassul.us"; to = "testuser"; } ]; sender_domains = [ "jla-trading.com" + "ubikmedia.eu" ]; ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; users.users.domsen = { - uid = genid "domsen"; + uid = genid_signed "domsen"; description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; @@ -131,10 +140,38 @@ in { }; users.users.jla-trading = { - uid = genid "jla-trading"; + uid = genid_signed "jla-trading"; home = "/home/jla-trading"; useDefaultShell = true; createHome = true; }; + + users.users.jms = { + uid = genid_signed "jms"; + home = "/home/jms"; + useDefaultShell = true; + createHome = true; + }; + + users.users.ms = { + uid = genid_signed "ms"; + home = "/home/ms"; + useDefaultShell = true; + createHome = true; + }; + + users.users.nrg = { + uid = genid_signed "nrg"; + home = "/home/nrg"; + useDefaultShell = true; + createHome = true; + }; + + users.users.testuser = { + uid = genid_signed "testuser"; + home = "/home/testuser"; + useDefaultShell = true; + createHome = true; + }; } -- cgit v1.3.1