From 2ebd0a1fdd2c8e82f3a960ba7fb09bb66ace89ca Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 28 Oct 2016 15:02:46 +0200 Subject: l 2 websites domsen: disable backups until fixed --- lass/2configs/websites/domsen.nix | 21 --------------------- 1 file changed, 21 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index fa56d0e12..2a6df06ff 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -103,27 +103,6 @@ in { "o_ubikmedia_de" ]; - krebs.backup.plans = { - prism-sql-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-sql"; }; - startAt = "00:01"; - }; - prism-http-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-http"; }; - startAt = "00:10"; - }; - prism-o-ubikmedia-domsen = { - method = "push"; - src = { host = config.krebs.hosts.prism; path = "/srv/o.ubikmedia.de-data"; }; - dst = { host = config.krebs.hosts.domsen-nas; path = "/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES/prism-owncloud"; }; - startAt = "00:30"; - }; - }; - services.phpfpm.phpOptions = '' sendmail_path = ${sendmail} -t upload_max_filesize = 100M -- cgit v1.3.1 From d02cebe5cef7ac6c12d8971f2a49a43a9a51e6bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Nov 2016 22:34:15 +0100 Subject: l 2 websites lass: add some experimental stuff --- lass/2configs/websites/lassulus.nix | 47 +++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b8342e148..29374e97d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -37,6 +37,31 @@ in { }; }; + krebs.tinc_graphs.enable = true; + + users.users.lass-stuff = { + uid = genid "lass-stuff"; + description = "lassul.us blog cgi stuff"; + home = "/var/empty"; + }; + + services.phpfpm.poolConfigs."lass-stuff" = '' + listen = /var/run/lass-stuff.socket + user = lass-stuff + group = nginx + pm = dynamic + pm.max_children = 5 + pm.start_servers = 1 + pm.min_spare_servers = 1 + pm.max_spare_servers = 1 + listen.owner = lass-stuff + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + security.limit_extensions = + ''; + users.groups.lasscert.members = [ "dovecot2" "ejabberd" @@ -53,6 +78,28 @@ in { (nameValuePair "/.well-known/acme-challenge" '' root /var/lib/acme/challenges/lassul.us/; '') + (nameValuePair "= /retiolum-hosts.tar.bz2" '' + alias ${config.krebs.tinc.retiolum.hostsArchive}; + '') + (nameValuePair "/tinc" '' + alias ${config.krebs.tinc_graphs.workingDir}/external; + '') + (let + script = pkgs.writeBash "test" '' + echo "hello world" + ''; + #script = pkgs.execve "ddate-wrapper" { + # filename = "${pkgs.ddate}/bin/ddate"; + # argv = []; + #}; + in nameValuePair "= /ddate" '' + gzip off; + fastcgi_pass unix:/var/run/lass-stuff.socket; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param DOCUMENT_ROOT /var/empty; + fastcgi_param SCRIPT_FILENAME ${script}; + fastcgi_param SCRIPT_NAME ${script}; + '') ]; ssl = { enable = true; -- cgit v1.3.1 From dd67d49ea87d4248e7ad12844564302025d603c4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Nov 2016 22:34:34 +0100 Subject: l 2 websites util: add ownloud headers --- lass/2configs/websites/util.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 23f417195..55be8a8d9 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -79,6 +79,8 @@ rec { add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /srv/http/${domain}/; -- cgit v1.3.1 From 46a27e5aa0b6c23f3be70484db0a390a2a0dbe10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Nov 2016 22:40:39 +0100 Subject: l 2 buildbot: disable fast-tests (broken anyway)t --- lass/2configs/buildbot-standalone.nix | 51 ----------------------------------- 1 file changed, 51 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index df01a84c0..d453479d2 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -25,20 +25,6 @@ in { pollinterval=120)) ''; scheduler = { - force-scheduler = '' - sched.append(schedulers.ForceScheduler( - name="force", - builderNames=["fast-tests"])) - ''; - fast-tests-scheduler = '' - # test everything real quick - sched.append(schedulers.SingleBranchScheduler( - ## all branches - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=10, - name="fast-all-branches", - builderNames=["fast-tests"])) - ''; build-scheduler = '' # build all hosts sched.append(schedulers.SingleBranchScheduler( @@ -113,43 +99,6 @@ in { ''; - fast-tests = '' - f = util.BuildFactory() - f.addStep(grab_repo) - for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - addShell(f,name="build-{}".format(i),env=env_makefu, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf" ]: - addShell(f,name="build-{}".format(i),env=env_shared, - command=nixshell + \ - ["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \ - make \ - test \ - target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \ - method=eval \ - system={}".format(i)]) - - bu.append(util.BuilderConfig(name="fast-tests", - slavenames=slavenames, - factory=f)) - ''; build-pkgs = '' f = util.BuildFactory() f.addStep(grab_repo) -- cgit v1.3.1 From e6c7b13f5990d96e269ee12b9bf6b15bfa7d5b82 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 10 Nov 2016 23:20:05 +0100 Subject: l 2 repo-sync: fetch from ni (was cd) --- lass/2configs/repo-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f2e4de6a7..f5879a824 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -41,7 +41,7 @@ let mirror.url = "${mirror}${name}"; }; tv = { - origin.url = "http://cgit.cd/${name}"; + origin.url = "http://cgit.ni.i/${name}"; mirror.url = "${mirror}${name}"; }; lassulus = { -- cgit v1.3.1 From b837dec290e54f532cd5539c93a663ba11f68c54 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 11 Nov 2016 08:47:46 +0100 Subject: cd: drop stuff now done by ni #2 --- lass/2configs/buildbot-standalone.nix | 2 +- lass/2configs/git.nix | 2 +- lass/2configs/repo-sync.nix | 4 ++-- makefu/1systems/gum.nix | 2 +- makefu/1systems/pnp.nix | 2 +- makefu/2configs/git/brain-retiolum.nix | 2 +- makefu/2configs/git/cgit-retiolum.nix | 2 +- shared/2configs/cgit-mirror.nix | 2 +- shared/2configs/repo-sync.nix | 2 +- shared/2configs/shared-buildbot.nix | 2 +- tv/1systems/cd.nix | 20 -------------------- tv/2configs/git.nix | 2 +- tv/5pkgs/netcup/default.nix | 2 +- tv/Zcerts/charybdis_cd.crt.pem | 24 ------------------------ 14 files changed, 13 insertions(+), 57 deletions(-) delete mode 100644 tv/Zcerts/charybdis_cd.crt.pem (limited to 'lass/2configs') diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index df01a84c0..d6dc1b224 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -212,7 +212,7 @@ in { irc = { enable = true; nick = "buildbot-lass"; - server = "cd.retiolum"; + server = "ni.r"; channels = [ "retiolum" ]; allowForce = true; }; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 06cae734e..57950e1b7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -54,7 +54,7 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; - server = "cd.retiolum"; + server = "ni.r"; verbose = config.krebs.build.host.name == "prism"; branches = [ "master" ]; }; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f88149730..fe782c4cf 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -15,7 +15,7 @@ let nick = config.networking.hostName; verbose = false; channel = "#retiolum"; - server = "cd.retiolum"; + server = "ni.r"; branches = [ "newest" ]; }; }); @@ -41,7 +41,7 @@ let mirror.url = "${mirror}${name}"; }; tv = { - origin.url = "http://cgit.cd/${name}"; + origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; lassulus = { diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index bfd880b88..868825549 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -40,7 +40,7 @@ in { ''; connectTo = [ "muhbaasu" "tahoe" "flap" "wry" - "cd" + "ni" "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" ]; }; diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index a460a87e7..0c3676c8b 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -36,7 +36,7 @@ enable = true; debug = true; extraEnviron = { - REAKTOR_HOST = "cd.retiolum"; + REAKTOR_HOST = "ni.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; channels = [ "#retiolum" ]; diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 81305272c..b637ca039 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -29,7 +29,7 @@ let nick = config.networking.hostName; channel = "#retiolum"; # TODO remove the hardcoded hostname - server = "cd.retiolum"; + server = "ni.r"; }; }; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5c2a0fbd0..553a23972 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -52,7 +52,7 @@ let verbose = config.krebs.build.host.name == "gum"; channel = "#retiolum"; # TODO remove the hardcoded hostname - server = "cd.retiolum"; + server = "ni.r"; }; }; }; diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix index a3860a0ef..c2326a5cc 100644 --- a/shared/2configs/cgit-mirror.nix +++ b/shared/2configs/cgit-mirror.nix @@ -17,7 +17,7 @@ let nick = config.networking.hostName; verbose = false; channel = "#retiolum"; - server = "cd.retiolum"; + server = "ni.r"; }; }; }; diff --git a/shared/2configs/repo-sync.nix b/shared/2configs/repo-sync.nix index 753b0f473..4219e5d01 100644 --- a/shared/2configs/repo-sync.nix +++ b/shared/2configs/repo-sync.nix @@ -13,7 +13,7 @@ with lib; mirror.url = mirror; }; tv = { - origin.url = http://cgit.cd/stockholm ; + origin.url = http://cgit.ni.r/stockholm; mirror.url = mirror; }; lassulus = { diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 22144e9ec..7aed6272c 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -159,7 +159,7 @@ irc = { enable = true; nick = "wolfbot"; - server = "cd.retiolum"; + server = "ni.r"; channels = [ "retiolum" ]; allowForce = true; }; diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 03a5e58d7..dd8e2cc64 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -11,26 +11,6 @@ with import ; ../2configs/fs/CAC-CentOS-7-64bit.nix ../2configs/exim-smarthost.nix ../2configs/retiolum.nix - { - tv.charybdis = { - enable = true; - ssl_cert = ../Zcerts/charybdis_cd.crt.pem; - }; - tv.iptables.input-retiolum-accept-tcp = [ - config.tv.charybdis.port - config.tv.charybdis.sslport - ]; - } - { - tv.ejabberd = { - enable = true; - hosts = [ "jabber.viljetic.de" ]; - }; - tv.iptables.input-internet-accept-tcp = [ - "xmpp-client" - "xmpp-server" - ]; - } ]; networking = { diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index b38ef00f9..b6724f40e 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -89,7 +89,7 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#retiolum"; - server = "cd.retiolum"; + server = "ni.r"; verbose = true; }; }; diff --git a/tv/5pkgs/netcup/default.nix b/tv/5pkgs/netcup/default.nix index 2443e9e73..6d2ec6896 100644 --- a/tv/5pkgs/netcup/default.nix +++ b/tv/5pkgs/netcup/default.nix @@ -16,7 +16,7 @@ in stdenv.mkDerivation { name = "netcup-1.0.0"; src = fetchgit { - url = "http://cgit.cd.krebsco.de/netcup"; + url = "http://cgit.ni.krebsco.de/netcup"; rev = "tags/v1.0.0"; sha256 = "0m6mk16pblvnapxykxdccvphslbv1gjfziyr86bnqin1xb1g99bq"; }; diff --git a/tv/Zcerts/charybdis_cd.crt.pem b/tv/Zcerts/charybdis_cd.crt.pem deleted file mode 100644 index c613ff380..000000000 --- a/tv/Zcerts/charybdis_cd.crt.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEGzCCAwOgAwIBAgIJAJJiphQRTzFPMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD -VQQGEwJhcTEYMBYGA1UECAwPTWFyaWUgQnlyZCBMYW5kMSIwIAYDVQQHDBlCZW50 -bGV5IFN1YmdsYWNpYWwgVHJlbmNoMQ4wDAYDVQQKDAVrcmViczERMA8GA1UECwwI -cmV0aW9sdW0xFDASBgNVBAMMC2NkLnJldGlvbHVtMR0wGwYJKoZIhvcNAQkBFg50 -dkB3dS5yZXRpb2x1bTAeFw0xNTA3MTkxODQ2MjhaFw0xNjA3MDkxODQ2MjhaMIGj -MQswCQYDVQQGEwJhcTEYMBYGA1UECAwPTWFyaWUgQnlyZCBMYW5kMSIwIAYDVQQH -DBlCZW50bGV5IFN1YmdsYWNpYWwgVHJlbmNoMQ4wDAYDVQQKDAVrcmViczERMA8G -A1UECwwIcmV0aW9sdW0xFDASBgNVBAMMC2NkLnJldGlvbHVtMR0wGwYJKoZIhvcN -AQkBFg50dkB3dS5yZXRpb2x1bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMyPb37kchbjZi6WsvpQeGOVEBTU8B4E24GkfetbfYtsFqW6pIKN7DlTFKzJ -3WKSLIf/cZuBQJucKuc8QXc5ZEXQ66QyCiX6al0j4C0AnHN17OhgH3yvmioWI4kI -ycD4N5TnaD2V0OK/HlhKCrIEly6+Nczeo+k5vrcgkkSYJivFpgK1r5+taBYiU4cc -Pgke2p3mRpZFfK61Ft6DlAg2rL2NVt7Qk0pp6BgCrtVIl968SmVKAEQBHnSYd9z2 -bNE2PH3qI+FLIfioOfXazmogxoQWR9LbKPUQ5nFRDXEJZg1hKDzseUkwV/oU8W3K -a37lOovqy+qwjYELrWP346/OF5UCAwEAAaNQME4wHQYDVR0OBBYEFI7WWP+tabb5 -CH5aY5mJcMdKGeaXMB8GA1UdIwQYMBaAFI7WWP+tabb5CH5aY5mJcMdKGeaXMAwG -A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKAF8hSu7Cgp2jei3GPVOE+R -TtZUePjFJw7iUSYaG1loGfY23IgEzS/jPd/m4jueRTDbtDl7cFTUmKKsF1WWH84l -s49J2HktiHTiHyZphgWFfbjUZO4nbH11Pac64WPfoeTzm9LnM0xXNd/7VCDXRess -a6pXtAQXAZri9HOsAeNO0WFivu4oug2pyUoLE64o3UemSwBi0JW2W1KvuYGnQXEa -HqrFGLBSEQuD4wTePdK0USjhNC8ceMx04b1hUQzuMf8pcXdpkLN6bIOaA/FRxmX9 -3L+6CZPVfQvvw10eLjWv3UYgIjOQFCUR4LsvkVxTaEav0KwmyCC4GUr9Vd+n3eQ= ------END CERTIFICATE----- -- cgit v1.3.1