From 4fac738ed2092c8922b5126903bac3f258bf22f4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:35:35 +0200 Subject: l: add restic service --- lass/3modules/default.nix | 1 + lass/3modules/restic.nix | 119 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 lass/3modules/restic.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0c10e1ec2..5e7e6dff3 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -8,6 +8,7 @@ _: ./mysql-backup.nix ./news.nix ./pyload.nix + ./restic.nix ./screenlock.nix ./umts.nix ./usershadow.nix diff --git a/lass/3modules/restic.nix b/lass/3modules/restic.nix new file mode 100644 index 000000000..c720793b1 --- /dev/null +++ b/lass/3modules/restic.nix @@ -0,0 +1,119 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + options.lass.restic = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.str; + default = config._module.args.name; + }; + passwordFile = mkOption { + type = types.str; + default = toString ; + description = '' + read the repository password from a file. + ''; + example = "/etc/nixos/restic-password"; + + }; + repo = mkOption { + type = types.str; + default = "sftp:backup@prism.r:/backups/${config.name}"; + description = '' + repository to backup to. + ''; + example = "sftp:backup@192.168.1.100:/backups/${config.name}"; + }; + dirs = mkOption { + type = types.listOf types.str; + default = []; + description = '' + which directories to backup. + ''; + example = [ + "/var/lib/postgresql" + "/home/user/backup" + ]; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "daily"; + }; + description = '' + When to run the backup. See man systemd.timer for details. + ''; + example = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }; + user = mkOption { + type = types.str; + default = "root"; + description = '' + As which user the backup should run. + ''; + example = "postgresql"; + }; + extraArguments = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra arguments to append to the restic command. + ''; + example = [ + "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp" + ]; + }; + initialize = mkOption { + type = types.bool; + default = false; + description = '' + Create the repository if it doesn't exist. + ''; + }; + }; + })); + default = {}; + }; + + config = { + systemd.services = + mapAttrs' (_: plan: + let + extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments; + connectTo = elemAt (splitString ":" plan.repo) 1; + resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}"; + in nameValuePair "backup.${plan.name}" { + environment = { + RESTIC_PASSWORD_FILE = plan.passwordFile; + RESTIC_REPOSITORY = plan.repo; + }; + path = with pkgs; [ + openssh + ]; + restartIfChanged = false; + serviceConfig = { + ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" '' + #! ${pkgs.bash}/bin/bash + ${resticCmd} snapshots || ${resticCmd} init + ''); + ExecStart = pkgs.writeDash "rustic-${plan.name}" ( + "#! ${pkgs.bash}/bin/bash\n" + + concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs + ); + User = plan.user; + }; + } + ) config.lass.restic; + systemd.timers = + mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" { + wantedBy = [ "timers.target" ]; + timerConfig = plan.timerConfig; + }) config.lass.restic; + }; +} -- cgit v1.2.3 From ddb06a55426abe797b4ebad3165c4637c0b6975d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:27:53 +0200 Subject: l mors.r: add btc price getter --- lass/1systems/mors/config.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cd259d0fe..dab1910b4 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,15 @@ with import ; dnsutils generate-secrets + (pkgs.writeDashBin "btc-coinbase" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' + '') + (pkgs.writeDashBin "btc-wex" '' + ${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg' + '') + (pkgs.writeDashBin "btc-kraken" '' + ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' + '') ]; #TODO: fix this shit -- cgit v1.2.3 From b0678507404bba2c12df39c1d21431ddd9102fcb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:28:39 +0200 Subject: l mors.r: add restic backups --- lass/1systems/mors/config.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index dab1910b4..c59494e4d 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -186,4 +186,34 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "prism" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/lass/src" + "/home/lass/work" + "/home/lass/.gnupg" + "/home/lass/Maildir" + "/home/lass/stockholm" + "/home/lass/.password-store" + "/home/bitcoin" + "/home/bch" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/mors"; + #sshPrivateKey = config.krebs.build.host.ssh.privkey.path; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); } -- cgit v1.2.3 From e77030e772899bcc747568752cdb2a997a6972bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:30:19 +0200 Subject: l prism.r: use iptables for hackerfleet --- lass/1systems/prism/config.nix | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c0e4620cc..e937db83a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,29 +110,13 @@ in { }; # TODO write function for proxy_pass (ssl/nonssl) - services.nginx.virtualHosts."hackerfleet.de" = { - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:80; - ''; - }; - services.nginx.virtualHosts."hackerfleet.de-s" = { - serverName = "hackerfleet.de"; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - } - ]; - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:443; - ''; - }; + + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + ]; } { users.users.tv = { -- cgit v1.2.3 From c85c0f1b39aed212bb128c674f194f124a9454ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:31:08 +0200 Subject: l prism.r: fix deprecation warnings --- lass/1systems/prism/config.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e937db83a..983604f8e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -8,11 +8,15 @@ in { imports = [ { - networking.interfaces.et0.ip4 = [ + networking.interfaces.et0.ipv4.addresses = [ { address = ip; prefixLength = 27; } + { + address = "46.4.114.243"; + prefixLength = 27; + } ]; networking.defaultGateway = "46.4.114.225"; networking.nameservers = [ -- cgit v1.2.3 From 1d37fba51e4f4fbb7fe7acccc11e2b2ac5dcc5b7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:33:09 +0200 Subject: l reaktor-coders: /j #panthermoderns --- lass/2configs/reaktor-coders.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 5fa1611ae..922cd79cb 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -4,7 +4,7 @@ with import ; { krebs.Reaktor.coders = { nickname = "Reaktor|lass"; - channels = [ "#coders" "#germany" ]; + channels = [ "#coders" "#germany" "#panthermoderns" ]; extraEnviron = { REAKTOR_HOST = "irc.hackint.org"; }; -- cgit v1.2.3 From 824c19e81a5696018973be2d692fcd9f07f8ef10 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:33:26 +0200 Subject: l reaktor-coders: add google & blockchain command --- lass/2configs/reaktor-coders.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lass') diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 922cd79cb..5a39f7115 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -87,6 +87,19 @@ with import ; exec /run/wrappers/bin/ping -q -c1 "$1" 2>&1 | tail -1 ''; }) + (buildSimpleReaktorPlugin "google" { + pattern = "^!g (?P.*)$$"; + script = pkgs.writeDash "google" '' + exec ${pkgs.ddgr}/bin/ddgr -C -n1 --json "$@" | \ + ${pkgs.jq}/bin/jq '@text "\(.[0].abstract) \(.[0].url)"' + ''; + }) + (buildSimpleReaktorPlugin "blockchain" { + pattern = ".*[Bb]lockchain.*$$"; + script = pkgs.writeDash "blockchain" '' + exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' + ''; + }) ]; }; } -- cgit v1.2.3 From 0521f960c8c93da7082722632309b533260781d5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:34:14 +0200 Subject: l syncthing: remove deprecated inotify --- lass/2configs/syncthing.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index cef43d1e6..17debf822 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -3,7 +3,6 @@ with import ; { services.syncthing = { enable = true; - useInotify = true; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} -- cgit v1.2.3 From 0164e142e3ce793cb98b237ba2384b3d88a3550c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:35:13 +0200 Subject: l websites: enableSSL -> onlySSL --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 62055d0fd..441b7af90 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,7 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - enableSSL = true; + onlySSL = true; extraConfig = '' listen 80; listen [::]:80; @@ -34,7 +34,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + onlySSL = true; serverAliases = domains; extraConfig = '' listen 80; @@ -148,7 +148,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + onlySSL = true; serverAliases = domains; extraConfig = '' listen 80; -- cgit v1.2.3 From 2647f93715f73495d2b5cc1537a4ff47de085e1a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 12:42:30 +0200 Subject: l: generate-secrets -> l-gen-secrets --- lass/5pkgs/generate-secrets/default.nix | 46 --------------------------------- lass/5pkgs/l-gen-secrets/default.nix | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 46 deletions(-) delete mode 100644 lass/5pkgs/generate-secrets/default.nix create mode 100644 lass/5pkgs/l-gen-secrets/default.nix (limited to 'lass') diff --git a/lass/5pkgs/generate-secrets/default.nix b/lass/5pkgs/generate-secrets/default.nix deleted file mode 100644 index 5a4afe7c5..000000000 --- a/lass/5pkgs/generate-secrets/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ pkgs }: -pkgs.writeDashBin "generate-secrets" '' - HOSTNAME="$1" - TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) - PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) - HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null - - ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null - ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null - ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null - cat < $TMPDIR/hashedPasswords.nix - { - root = "$HASHED_PASSWORD"; - mainUser = "$HASHED_PASSWORD"; - } - EOF - - cd $TMPDIR - for x in *; do - ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null - done - echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/hosts/$HOSTNAME/pass > /dev/null - - cat <; - ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; - }; - EOF - - rm -rf $TMPDIR -'' - diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix new file mode 100644 index 000000000..4b25fbd4c --- /dev/null +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "l-gen-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat < $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + mainUser = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null + + cat <; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + -- cgit v1.2.3 From c99e8256b223761eb50cf5d6841ab64f989851c3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 17:52:45 +0200 Subject: l monitoring: add example prometheus config --- lass/2configs/monitoring/node-exporter.nix | 13 ++ lass/2configs/monitoring/prometheus-server.nix | 179 +++++++++++++++++++++++++ 2 files changed, 192 insertions(+) create mode 100644 lass/2configs/monitoring/node-exporter.nix create mode 100644 lass/2configs/monitoring/prometheus-server.nix (limited to 'lass') diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix new file mode 100644 index 000000000..8c27e90d4 --- /dev/null +++ b/lass/2configs/monitoring/node-exporter.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 9100 ]; + + services.prometheus.exporters = { + node = { + enable = true; + enabledCollectors = [ + "systemd" + ]; + }; + }; +} diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix new file mode 100644 index 000000000..d56d7e552 --- /dev/null +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -0,0 +1,179 @@ +{ pkgs, lib, config, ... }: +{ + #networking = { + # firewall.allowedTCPPorts = [ + # 3000 # grafana + # 9090 # prometheus + # 9093 # alertmanager + # ]; + # useDHCP = true; + #}; + + services = { + prometheus = { + enable = true; + extraFlags = [ + "-storage.local.retention 8760h" + "-storage.local.series-file-shrink-ratio 0.3" + "-storage.local.memory-chunks 2097152" + "-storage.local.max-chunks-to-persist 1048576" + "-storage.local.index-cache-size.fingerprint-to-metric 2097152" + "-storage.local.index-cache-size.fingerprint-to-timerange 1048576" + "-storage.local.index-cache-size.label-name-to-label-values 2097152" + "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040" + ]; + alertmanagerURL = [ "http://localhost:9093" ]; + rules = [ + '' + ALERT node_down + IF up == 0 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Node is down.", + description = "{{$labels.alias}} has been down for more than 5 minutes." + } + ALERT node_systemd_service_failed + IF node_systemd_unit_state{state="failed"} == 1 + FOR 4m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.", + description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}." + } + ALERT node_filesystem_full_90percent + IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Filesystem is running out of space soon.", + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem." + } + ALERT node_filesystem_full_in_4h + IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0 + FOR 5m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.", + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours" + } + ALERT node_filedescriptors_full_in_3h + IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum + FOR 20m + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.", + description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours" + } + ALERT node_load1_90percent + IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9 + FOR 1h + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: Running on high load.", + description = "{{$labels.alias}} is running with > 90% total load for at least 1h." + } + ALERT node_cpu_util_90percent + IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90 + FOR 1h + LABELS { + severity="page" + } + ANNOTATIONS { + summary = "{{$labels.alias}}: High CPU utilization.", + description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h." + } + ALERT node_ram_using_90percent + IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1 + FOR 30m + LABELS { + severity="page" + } + ANNOTATIONS { + summary="{{$labels.alias}}: Using lots of RAM.", + description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.", + } + ALERT node_swap_using_80percent + IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8 + FOR 10m + LABELS { + severity="page" + } + ANNOTATIONS { + summary="{{$labels.alias}}: Running out of swap soon.", + description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now." + } + '' + ]; + scrapeConfigs = [ + { + job_name = "node"; + scrape_interval = "10s"; + static_configs = [ + { + targets = [ + "localhost:9100" + ]; + labels = { + alias = "prometheus.example.com"; + }; + } + ]; + } + ]; + alertmanager = { + enable = true; + listenAddress = "0.0.0.0"; + configuration = { + "global" = { + "smtp_smarthost" = "smtp.example.com:587"; + "smtp_from" = "alertmanager@example.com"; + }; + "route" = { + "group_by" = [ "alertname" "alias" ]; + "group_wait" = "30s"; + "group_interval" = "2m"; + "repeat_interval" = "4h"; + "receiver" = "team-admins"; + }; + "receivers" = [ + { + "name" = "team-admins"; + "email_configs" = [ + { + "to" = "devnull@example.com"; + "send_resolved" = true; + } + ]; + "webhook_configs" = [ + { + "url" = "https://example.com/prometheus-alerts"; + "send_resolved" = true; + } + ]; + } + ]; + }; + }; + }; + grafana = { + enable = true; + addr = "0.0.0.0"; + domain = "grafana.example.com"; + rootUrl = "https://grafana.example.com/"; + security = import ; # { AdminUser = ""; adminPassword = ""} + }; + }; +} -- cgit v1.2.3 From 817efa5f9d26effaa4c7a8efd6710fec4eb33300 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:14:35 +0200 Subject: l prism.r: kill kaepsele container --- lass/1systems/prism/config.nix | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 983604f8e..68f1826b4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -189,26 +189,6 @@ in { localAddress = "10.233.2.2"; }; } - { - #kaepsele - systemd.services."container@kaepsele".reloadIfChanged = mkForce false; - containers.kaepsele = { - config = { ... }: { - imports = [ ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - tv.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - } { #onondaga systemd.services."container@onondaga".reloadIfChanged = mkForce false; -- cgit v1.2.3 From eca81992947815db2700a831aa1ec38a0e70216b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:52:48 +0200 Subject: l: kill legacy backups --- lass/1systems/cabal/config.nix | 1 - lass/1systems/daedalus/config.nix | 1 - lass/1systems/icarus/config.nix | 1 - lass/1systems/littleT/config.nix | 1 - lass/1systems/shodan/config.nix | 1 - lass/1systems/skynet/config.nix | 1 - lass/2configs/backups.nix | 173 -------------------------------------- lass/2configs/default.nix | 1 - 8 files changed, 180 deletions(-) delete mode 100644 lass/2configs/backups.nix (limited to 'lass') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 7eba86c52..88f642d6b 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -13,7 +13,6 @@ - ]; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 609fae3c8..0c7b7b6da 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -8,7 +8,6 @@ with import ; - { diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 46dc5e873..c55d694c2 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -14,7 +14,6 @@ - ]; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 7211c78eb..69c87e5a8 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,7 +8,6 @@ with import ; - { users.users.blacky = { diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7fb57544f..5877d1470 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import ; - ]; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0b9499982..b2210282f 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -9,7 +9,6 @@ with import ; # - { # discordius config services.xserver.enable = true; diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix deleted file mode 100644 index c4fb85420..000000000 --- a/lass/2configs/backups.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, lib, ... }: -with import ; -{ - - # TODO add timerConfig to krebs.backup and randomize startup - # TODO define plans more abstract - krebs.backup.plans = { - } // mapAttrs (_: recursiveUpdate { - snapshots = { - daily = { format = "%Y-%m-%d"; retain = 7; }; - weekly = { format = "%YW%W"; retain = 4; }; - monthly = { format = "%Y-%m"; retain = 12; }; - yearly = { format = "%Y"; }; - }; - }) { - dishfire-http-prism = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-http"; }; - startAt = "03:00"; - }; - dishfire-http-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-http"; }; - startAt = "03:10"; - }; - dishfire-http-mors = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-http"; }; - startAt = "03:05"; - }; - dishfire-http-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-http"; }; - startAt = "03:10"; - }; - dishfire-sql-prism = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.prism; path = "/bku/dishfire-sql"; }; - startAt = "03:15"; - }; - dishfire-sql-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/dishfire-sql"; }; - startAt = "03:25"; - }; - dishfire-sql-mors = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/dishfire-sql"; }; - startAt = "03:20"; - }; - dishfire-sql-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/dishfire-sql"; }; - startAt = "03:25"; - }; - prism-bitlbee-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-bitlbee"; }; - startAt = "03:25"; - }; - prism-bitlbee-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-bitlbee"; }; - startAt = "03:25"; - }; - prism-bitlbee-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/var/lib/bitlbee"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-bitlbee"; }; - startAt = "03:25"; - }; - prism-chat-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-chat"; }; - startAt = "03:35"; - }; - prism-chat-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-chat"; }; - startAt = "03:30"; - }; - prism-chat-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/home/chat"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-chat"; }; - startAt = "03:35"; - }; - prism-sql-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-sql_dumps"; }; - startAt = "03:45"; - }; - prism-sql-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-sql_dumps"; }; - startAt = "03:40"; - }; - prism-sql-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-sql_dumps"; }; - startAt = "03:45"; - }; - prism-http-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/prism-http"; }; - startAt = "03:55"; - }; - prism-http-mors = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/prism-http"; }; - startAt = "03:50"; - }; - prism-http-shodan = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/prism-http"; }; - startAt = "03:55"; - }; - icarus-home-mors = { - method = "pull"; - src = { host = config.krebs.hosts.icarus; path = "/home"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/icarus-home"; }; - startAt = "05:00"; - }; - icarus-home-shodan = { - method = "push"; - src = { host = config.krebs.hosts.icarus; path = "/home"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/icarus-home"; }; - startAt = "05:00"; - }; - mors-home-icarus = { - method = "push"; - src = { host = config.krebs.hosts.mors; path = "/home"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/mors-home"; }; - startAt = "05:00"; - }; - mors-home-shodan = { - method = "push"; - src = { host = config.krebs.hosts.mors; path = "/home"; }; - dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; }; - startAt = "05:00"; - }; - shodan-home-icarus = { - method = "pull"; - src = { host = config.krebs.hosts.shodan; path = "/home"; }; - dst = { host = config.krebs.hosts.icarus; path = "/bku/shodan-home"; }; - startAt = "04:00"; - }; - shodan-home-mors = { - method = "pull"; - src = { host = config.krebs.hosts.shodan; path = "/home"; }; - dst = { host = config.krebs.hosts.mors; path = "/bku/shodan-home"; }; - startAt = "04:00"; - }; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 5a5f1b347..d56f89c2f 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -9,7 +9,6 @@ with import ; ./monitoring/client.nix ./zsh.nix ./htop.nix - ./backups.nix ./security-workarounds.nix { users.extraUsers = -- cgit v1.2.3 From 72abe80227ec5de5c2f7a55f6e2fe3da46c14538 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 16:55:43 +0200 Subject: l: config for backup target --- lass/1systems/daedalus/config.nix | 1 + lass/1systems/helios/config.nix | 1 + lass/1systems/icarus/config.nix | 1 + lass/1systems/littleT/config.nix | 1 + lass/1systems/mors/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + lass/2configs/backup.nix | 20 ++++++++++++++++++++ 7 files changed, 26 insertions(+) create mode 100644 lass/2configs/backup.nix (limited to 'lass') diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 0c7b7b6da..c15fcdc21 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -10,6 +10,7 @@ with import ; + { # bubsy config users.users.bubsy = { diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index e64cfbe79..557fce1e8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -17,6 +17,7 @@ with import ; + { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index c55d694c2..b6a0822b9 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -16,6 +16,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index 69c87e5a8..ef19e8d16 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + { users.users.blacky = { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c59494e4d..c21197f89 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import ; + { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5877d1470..42a46c5f5 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix new file mode 100644 index 000000000..27adf6d2a --- /dev/null +++ b/lass/2configs/backup.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: +with import ; + +{ + fileSystems = { + "/backups" = { + device = "/dev/pool/backup"; + fsType = "ext4"; + }; + }; + users.users.backup = { + useDefaultShell = true; + home = "/backups"; + createHome = true; + openssh.authorizedKeys.keys = with config.krebs.hosts; [ + mors.ssh.pubkey + prism.ssh.pubkey + ]; + }; +} -- cgit v1.2.3 From f888226d37abeff6e5c4e61d393a886b16ff0178 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 18:04:46 +0200 Subject: l: RIP echelon.r --- lass/1systems/echelon/config.nix | 50 ---------------------------------------- lass/1systems/echelon/source.nix | 3 --- 2 files changed, 53 deletions(-) delete mode 100644 lass/1systems/echelon/config.nix delete mode 100644 lass/1systems/echelon/source.nix (limited to 'lass') diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix deleted file mode 100644 index 6f96883bf..000000000 --- a/lass/1systems/echelon/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import { inherit pkgs lib; }) getDefaultGateway; - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - - - - - - - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" - ]; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.echelon; -} diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix deleted file mode 100644 index 96888d5a8..000000000 --- a/lass/1systems/echelon/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "echelon"; -} -- cgit v1.2.3 From afb63ca8c747e0604d16d806640e42284061372a Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:10:49 +0200 Subject: l mors.r: add redshift --- lass/1systems/mors/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index c21197f89..71d020775 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -187,6 +187,10 @@ with import ; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; + services.redshift = { + enable = true; + provider = "geoclue2"; + }; lass.restic = genAttrs [ "daedalus" -- cgit v1.2.3 From 76cd1c70b6643be6262e046f1daba5aaeee71efb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:16:12 +0200 Subject: l mors.r: add some pkgs --- lass/1systems/mors/config.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 71d020775..f8a16ad2e 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -141,6 +141,8 @@ with import ; dpass dnsutils + woeusb + l-gen-secrets generate-secrets (pkgs.writeDashBin "btc-coinbase" '' ${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount' -- cgit v1.2.3 From 2701bdd97f0f2ea8681b1d66670eb68ea0f11017 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:34:36 +0200 Subject: l: use prometheus as monitoring --- lass/1systems/prism/config.nix | 3 +-- lass/2configs/default.nix | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 68f1826b4..f8178a200 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -217,13 +217,12 @@ in { - - + { # quasi bepasty.nix imports = [ diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index d56f89c2f..12a814605 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -6,7 +6,7 @@ with import ; ./gc.nix ./mc.nix ./vim.nix - ./monitoring/client.nix + ./monitoring/node-exporter.nix ./zsh.nix ./htop.nix ./security-workarounds.nix -- cgit v1.2.3 From ba1a8d0b5a0296e6f8673bd87983bfd482085e2c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 19:43:38 +0200 Subject: l: kill dns-stuff --- lass/2configs/baseX.nix | 1 - lass/2configs/dns-stuff.nix | 16 ---------------- 2 files changed, 17 deletions(-) delete mode 100644 lass/2configs/dns-stuff.nix (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ed179ded6..e2e44b6fc 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,7 +9,6 @@ in { ./power-action.nix ./copyq.nix ./livestream.nix - ./dns-stuff.nix ./urxvt.nix ./network-manager.nix { diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix deleted file mode 100644 index cbcce8df9..000000000 --- a/lass/2configs/dns-stuff.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: -with import ; -{ - services.dnscrypt-proxy = { - enable = true; - localAddress = "127.1.0.1"; - customResolver = { - address = config.krebs.hosts.gum.nets.internet.ip4.addr; - port = 15251; - name = "2.dnscrypt-cert.euer.krebsco.de"; - key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C"; - }; - }; - services.resolved.enable = true; - services.resolved.fallbackDns = [ "127.1.0.1" ]; -} -- cgit v1.2.3 From 8f81bc6deec5fbcc41d2bc463ceaaa3b203cc2bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 08:37:44 +0200 Subject: l xerxes.r: remove deprecated nixpkgs override --- lass/1systems/xerxes/source.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass') diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix index 11f5bf796..d256b885b 100644 --- a/lass/1systems/xerxes/source.nix +++ b/lass/1systems/xerxes/source.nix @@ -2,10 +2,4 @@ with import ; import { name = "xerxes"; secure = true; - override = { - nixpkgs.git = mkForce { - url = https://github.com/lassulus/nixpkgs; - ref = "3eccd0b"; - }; - }; } -- cgit v1.2.3 From 102324c0d88a535f7518c97cb908da8d377a0bd8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 08:44:04 +0200 Subject: l bitcoin: remove ethereum --- lass/2configs/bitcoin.nix | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'lass') diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index a405addfc..9f6fd3bf0 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -10,9 +10,6 @@ in { krebs.per-user.bitcoin.packages = [ pkgs.electrum ]; - krebs.per-user.ethereum.packages = [ - pkgs.go-ethereum - ]; users.extraUsers = { bch = { name = "bch"; @@ -28,13 +25,6 @@ in { useDefaultShell = true; createHome = true; }; - ethereum = { - name = "ethereum"; - description = "user for ethereum stuff"; - home = "/home/ethereum"; - useDefaultShell = true; - createHome = true; - }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL -- cgit v1.2.3 From 004b6a895ad7ee9f7bb8864f99f98c356d93a6f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:10:40 +0200 Subject: l: add dev to docker group --- lass/2configs/dcso-dev.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index ae1c7bc8d..b985b67b3 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -9,6 +9,7 @@ in { dev = { name = "dev"; uid = genid "dev"; + extraGroups = [ "docker" ]; description = "user for collaborative development"; home = "/home/dev"; useDefaultShell = true; -- cgit v1.2.3 From dabd9f0f02b44b048b6355184fa64612201db72d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:41:43 +0200 Subject: l monitoring: open ports --- lass/2configs/monitoring/node-exporter.nix | 6 ++++-- lass/2configs/monitoring/prometheus-server.nix | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix index 8c27e90d4..561e3a25c 100644 --- a/lass/2configs/monitoring/node-exporter.nix +++ b/lass/2configs/monitoring/node-exporter.nix @@ -1,7 +1,9 @@ { config, lib, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 9100 ]; - + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } + { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } + ]; services.prometheus.exporters = { node = { enable = true; diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index d56d7e552..c5c97412d 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -9,6 +9,12 @@ # useDHCP = true; #}; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } + ]; + services = { prometheus = { enable = true; -- cgit v1.2.3 From a0862fa505ba8fb1d94c8bdac69a2077ba89bcdc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:43:17 +0200 Subject: l monitoring: monitor more hosts --- lass/2configs/monitoring/prometheus-server.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index c5c97412d..92bb0519f 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -130,11 +130,10 @@ static_configs = [ { targets = [ - "localhost:9100" - ]; - labels = { - alias = "prometheus.example.com"; - }; + ] ++ map (host: "${host}:9100") (lib.attrNames (lib.filterAttrs (_: host: host.owner.name == "lass" && host.monitoring) config.krebs.hosts)); + #labels = { + # alias = "prometheus.example.com"; + #}; } ]; } -- cgit v1.2.3 From da44ae1115af80bb71f38de20b7421d08e435ea7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:43:51 +0200 Subject: l monitoring: print alarms to irc --- lass/2configs/monitoring/prometheus-server.nix | 33 ++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'lass') diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index 92bb0519f..1f9419e1a 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -181,4 +181,37 @@ security = import ; # { AdminUser = ""; adminPassword = ""} }; }; + services.logstash = { + enable = true; + inputConfig = '' + http { + port => 14813 + host => "127.0.0.1" + } + ''; + filterConfig = '' + if ([alerts]) { + ruby { + code => ' + lines = [] + event["alerts"].each {|p| + lines << "#{p["labels"]["instance"]}#{p["annotations"]["summary"]} #{p["status"]}" + } + event["output"] = lines.join("\n") + ' + } + } + ''; + outputConfig = '' + file { path => "/tmp/logs.json" codec => "json_lines" } + irc { + channels => [ "#noise" ] + host => "irc.r" + nick => "alarm" + codec => "json_lines" + format => "%{output}" + } + ''; + #plugins = [ ]; + }; } -- cgit v1.2.3 From 1d1861fe7c3c2906a0deff9ae9598fa7ffe08c0d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 11:29:46 +0200 Subject: l notmuch: disable tests --- lass/2configs/mail.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 81db59617..2bb51b50a 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -206,8 +206,11 @@ in { msmtp mutt pkgs.much - pkgs.notmuch tag-new-mails tag-old-mails ]; + + nixpkgs.config.packageOverrides = opkgs: { + notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; })); + }; } -- cgit v1.2.3 From 4190562d1233e40b3364c1bd812f2702a0748e49 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 16:12:10 +0200 Subject: l monitoring: delete legacy config --- lass/2configs/monitoring/client.nix | 26 --------- lass/2configs/monitoring/monit-alarms.nix | 44 ---------------- lass/2configs/monitoring/server.nix | 87 ------------------------------- 3 files changed, 157 deletions(-) delete mode 100644 lass/2configs/monitoring/client.nix delete mode 100644 lass/2configs/monitoring/monit-alarms.nix delete mode 100644 lass/2configs/monitoring/server.nix (limited to 'lass') diff --git a/lass/2configs/monitoring/client.nix b/lass/2configs/monitoring/client.nix deleted file mode 100644 index b8c245215..000000000 --- a/lass/2configs/monitoring/client.nix +++ /dev/null @@ -1,26 +0,0 @@ -{pkgs, config, ...}: -with import ; -{ - services.telegraf = { - enable = true; - - extraConfig = { - agent.interval = "1s"; - outputs = { - influxdb = { - urls = ["http://prism:8086"]; - database = "telegraf_db"; - user_agent = "telegraf"; - }; - }; - inputs = { - cpu = { - percpu = false; - totalcpu = true; - }; - mem = {}; - net = {}; - }; - }; - }; -} diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix deleted file mode 100644 index 2cfc292e5..000000000 --- a/lass/2configs/monitoring/monit-alarms.nix +++ /dev/null @@ -1,44 +0,0 @@ -{pkgs, config, ...}: -with import ; -let - echoToIrc = msg: - pkgs.writeDash "echo_irc" '' - set -euf - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null - ''; - -in { - krebs.monit = { - enable = true; - http.enable = true; - alarms = { - nirwanabluete = { - test = "${pkgs.curl}/bin/curl -sf 'https://nirwanabluete.de/'"; - alarm = echoToIrc "test nirwanabluete failed"; - }; - ubik = { - test = "${pkgs.curl}/bin/curl -sf 'https://ubikmedia.de'"; - alarm = echoToIrc "test ubik failed"; - }; - cac-panel = { - test = "${pkgs.curl}/bin/curl -sf 'https://panel.cloudatcost.com/login.php'"; - alarm = echoToIrc "test cac-panel failed"; - }; - radio = { - test = pkgs.writeBash "check_stream" '' - ${pkgs.curl}/bin/curl -sif http://lassul.us:8000/radio.ogg \ - | ${pkgs.gawk}/bin/awk '/^\r$/{exit}{print $0}' \ - | ${pkgs.gnugrep}/bin/grep -q "200 OK" || exit "''${PIPESTATUS[0]}" - ''; - alarm = echoToIrc "test radio failed"; - }; - }; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } - ]; -} - diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix deleted file mode 100644 index adaecde2c..000000000 --- a/lass/2configs/monitoring/server.nix +++ /dev/null @@ -1,87 +0,0 @@ -{pkgs, config, ...}: -with import ; -{ - services.influxdb.enable = true; - - services.influxdb.extraConfig = { - meta.hostname = config.krebs.build.host.name; - # meta.logging-enabled = true; - http.bind-address = ":8086"; - admin.bind-address = ":8083"; - http.log-enabled = false; - monitoring = { - enabled = false; - # write-interval = "24h"; - }; - collectd = [{ - enabled = true; - typesdb = "${pkgs.collectd}/share/collectd/types.db"; - database = "collectd_db"; - port = 25826; - }]; - }; - - krebs.kapacitor = - let - db = "telegraf_db"; - echoToIrc = pkgs.writeDash "echo_irc" '' - set -euf - data="$(${pkgs.jq}/bin/jq -r .message)" - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - irc.r 6667 prism-alarm \#noise "$data" >/dev/null - ''; - in { - enable = true; - alarms = { - cpu = { - database = db; - text = '' - var data = batch - |query(${"'''"} - SELECT mean("usage_user") AS mean - FROM "${db}"."default"."cpu" - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" > 90) - .exec('${echoToIrc}') - data |deadman(1.0,5m) - .stateChangesOnly() - .exec('${echoToIrc}') - ''; - }; - ram = { - database = db; - text = '' - var data = batch - |query(${"'''"} - SELECT mean("used_percent") AS mean - FROM "${db}"."default"."mem" - ${"'''"}) - .period(10m) - .every(1m) - .groupBy('host') - data |alert() - .crit(lambda: "mean" > 90) - .exec('${echoToIrc}') - ''; - }; - }; - }; - - services.grafana = { - enable = true; - addr = "0.0.0.0"; - auth.anonymous.enable = true; - security = import ; # { AdminUser = ""; adminPassword = ""} - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; } - { predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; } - { predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; } - ]; -} -- cgit v1.2.3 From 92c123397188ae6cf115197862e8d79015995356 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 17:26:43 +0200 Subject: l prism.r: run go-shortener --- lass/1systems/prism/config.nix | 1 + lass/2configs/go.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 lass/2configs/go.nix (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f8178a200..7b581d905 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -303,6 +303,7 @@ in { { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } + ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix new file mode 100644 index 000000000..ecf89b298 --- /dev/null +++ b/lass/2configs/go.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: +{ + krebs.go = { + enable = true; + }; + services.nginx = { + enable = true; + virtualHosts.go = { + locations."/".extraConfig = '' + proxy_set_header Host go.lassul.us; + proxy_pass http://localhost:1337; + ''; + serverAliases = [ + "go.lassul.us" + ]; + }; + }; +} + -- cgit v1.2.3 From b96f9d898a77bb5a735ad35d1bc1eeeea1833cae Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:14:34 +0200 Subject: l websites: move servephpBB to util --- lass/2configs/websites/lassulus.nix | 55 ------------------------------------- lass/2configs/websites/util.nix | 53 +++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 55 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 25ca1f455..b9811221c 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,61 +6,6 @@ let genid ; - servephpBB = domains: - let - domain = head domains; - - in { - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - serverAliases = domains; - extraConfig = '' - index index.php; - root /srv/http/${domain}/; - access_log /tmp/nginx_acc.log; - error_log /tmp/nginx_err.log; - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - client_max_body_size 100m; - ''; - locations."/".extraConfig = '' - try_files $uri $uri/ /index.php?$args; - ''; - locations."~ \.php(?:$|/)".extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; - fastcgi_intercept_errors on; - ''; - #Directives to send expires headers and turn off 404 error logging. - locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' - access_log off; - log_not_found off; - expires max; - ''; - }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; - }; - in { imports = [ ./default.nix diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 441b7af90..61b5543ce 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -28,6 +28,59 @@ rec { }; }; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + serveOwncloud = domains: let domain = head domains; -- cgit v1.2.3 From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:18:05 +0200 Subject: l: add red.r --- lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++++ lass/1systems/red/config.nix | 30 ++++++++++++++++++++++++++++++ lass/1systems/red/source.nix | 4 ++++ lass/2configs/websites/lassulus.nix | 1 - 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 lass/1systems/red/config.nix create mode 100644 lass/1systems/red/source.nix (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7b581d905..d1faf77bd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -304,6 +304,34 @@ in { ]; } + { + environment.systemPackages = [ pkgs.cryptsetup ]; + systemd.services."container@red".reloadIfChanged = mkForce false; + containers.red = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + services.nginx.virtualHosts."rote-allez-fraktion.de" = { + enableACME = true; + addSSL = true; + locations."/" = { + extraConfig = '' + proxy_set_header Host rote-allez-fraktion.de; + proxy_pass http://10.233.2.4; + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix new file mode 100644 index 000000000..8c60aed62 --- /dev/null +++ b/lass/1systems/red/config.nix @@ -0,0 +1,30 @@ +with import ; +{ config, lib, pkgs, ... }: +let + inherit (import {inherit lib pkgs;}) + servephpBB + ; +in +{ + imports = [ + + + + + + (servephpBB [ "rote-allez-fraktion.de" ]) + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + ]; + + krebs.build.host = config.krebs.hosts.red; + boot.isContainer = true; + networking.useDHCP = false; + + services.nginx.enable = true; + environment.systemPackages = [ + pkgs.mk_sql_pair + ]; +} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix new file mode 100644 index 000000000..f2bad743c --- /dev/null +++ b/lass/1systems/red/source.nix @@ -0,0 +1,4 @@ +import { + name = "red"; + secure = true; +} diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b9811221c..53f1eea5c 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -10,7 +10,6 @@ in { imports = [ ./default.nix ../git.nix - (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { -- cgit v1.2.3 From 74b52f1c3e1db674adab2a397def13dda495a66f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:20:53 +0200 Subject: l: add immoscout@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 4455d2761..e05ed2427 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -79,6 +79,7 @@ with import ; { from = "ovh@lassul.us"; to = lass.mail; } { from = "hetzner@lassul.us"; to = lass.mail; } { from = "allygator@lassul.us"; to = lass.mail; } + { from = "immoscout@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 7240963fb9a0a98696cae7d9a0d9ba248eb51676 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:27:25 +0200 Subject: l git: add collaborators to public repos --- lass/2configs/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 1fe87c666..2e3c6290f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -70,8 +70,8 @@ let import { inherit config lib pkgs; } ); - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; + make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: { + inherit cgit collaborators name; public = true; hooks = { post-receive = pkgs.git-hooks.irc-announce { -- cgit v1.2.3 From 867db7d464f101f0be77199b7178b5f110d79bf7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:27:51 +0200 Subject: l git: add nixos-aws --- lass/2configs/git.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 2e3c6290f..d18524cf5 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -57,6 +57,12 @@ let cgit.desc = "Fork of nix-user-chroot my lethalman"; cgit.section = "software"; }; + nixos-aws = { + collaborators = [ { + name = "fabio"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; + } ]; + }; } // mapAttrs make-public-repo-silent { }; -- cgit v1.2.3 From 02e24615adeac1ab6062ba83748eafe7418ac3ed Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:36:07 +0200 Subject: l prism.r: enable ipv4 forwarding --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d1faf77bd..89ea749c5 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -104,6 +104,7 @@ in { ]; } { # TODO make new hfos.nix out of this vv + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { uid = genid "riot"; isNormalUser = true; -- cgit v1.2.3 From 652b540d4b9978e0b01d6dad0feb725fd79a13d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:41:42 +0200 Subject: l red.r: env NIX_REMOTE=daemon --- lass/1systems/red/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 8c60aed62..31e2de966 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -24,6 +24,7 @@ in networking.useDHCP = false; services.nginx.enable = true; + environment.variables.NIX_REMOTE = "daemon"; environment.systemPackages = [ pkgs.mk_sql_pair ]; -- cgit v1.2.3 From a7595f3ab19b8e94696fdca18c0b78cc605281b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 15:49:56 +0200 Subject: l gc: don't gc on containers --- lass/2configs/gc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index ad015180a..c5073e384 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -3,6 +3,6 @@ with import ; { nix.gc = { - automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ]; + automatic = ! (elem config.krebs.build.host.name [ "prism" "mors" "helios" ] || config.boot.isContainer); }; } -- cgit v1.2.3 From 0f98216757cfeb3cfe318181fee0fc5c7b7f1c04 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 16:04:21 +0200 Subject: l zsh: use recent LS_COLORS --- lass/2configs/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index aa3e6731d..76cac9f56 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -54,8 +54,8 @@ eval $(dircolors -b ${pkgs.fetchFromGitHub { owner = "trapd00r"; repo = "LS_COLORS"; - rev = "master"; - sha256="05lh5w3bgj9h8d8lrbbwbzw8788709cnzzkl8yh7m1dawkpf6nlp"; + rev = "a75fca8545f91abb8a5f802981033ef54bf1eac0"; + sha256="1lzj0qnj89mzh76ha137mnz2hf86k278rh0y9x124ghxj9yqsnb4"; }}/LS_COLORS) alias ls='ls --color' zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} -- cgit v1.2.3 From 37fa7bff9339799984554b8ccbacf1f07281d6ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 May 2018 16:04:48 +0200 Subject: l git: add krops repo --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index d18524cf5..43085ba5e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -63,6 +63,10 @@ let pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; } ]; }; + krops = { + cgit.desc = "krebs deployment"; + cgit.section = "software"; + }; } // mapAttrs make-public-repo-silent { }; -- cgit v1.2.3 From b847bcdc02ded53c946a8f75dabfbda8ac3498dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 2 May 2018 15:53:09 +0200 Subject: l helios.r: update certs --- lass/1systems/helios/config.nix | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) (limited to 'lass') diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 557fce1e8..759bb6d06 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -138,35 +138,14 @@ with import ; networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; }) - - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; }) - (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; }) - (pkgs.writeText "minio.cert" '' - -----BEGIN CERTIFICATE----- - MIIDFDCCAfygAwIBAgIQBEKYm9VmbR6T/XNLP2P5kDANBgkqhkiG9w0BAQsFADAS - MRAwDgYDVQQKEwdBY21lIENvMB4XDTE4MDIxNDEyNTk1OVoXDTE5MDIxNDEyNTk1 - OVowEjEQMA4GA1UEChMHQWNtZSBDbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC - AQoCggEBAMmRGUTMDxOaoEZ3osG1ZpGj4enHl6ToWaoCXvRXvI6RB/99QOFlwLdL - 8lGjIbXyovNkH686pVsfgCTOLRGzftWHmWgfmaSUv0TToBW8F9DN4ww9YgiLZjvV - YZunRyp1n0x9OrBXMs7xEBBa4q0AG1IvlRJTrd7CW519FlVq7T95LLB7P6t6K54C - ksG4kEzXLRPD/FMdU7LWbhWnQSOxPMCq8erTv3kW3A3Y9hSAKOFQKQHH/3O2HDrM - CbK5ldNklswg2rIHxx7kg1fteLD1lVCNPfCMfuwlLUaMeoRZ03HDof8wFlRz3pzw - hQRWPvfLfRvFCZ0LFNvfgAqXtmG/ywUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgKk - MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wLAYDVR0RBCUw - I4IJbG9jYWxob3N0ggZoZWxpb3OCCGhlbGlvcy5yhwR/AAABMA0GCSqGSIb3DQEB - CwUAA4IBAQBzrPb3NmAn60awoJG3d4BystaotaFKsO3iAnP4Lfve1bhKRELIjJ30 - hX/mRYkEVRbfwKRgkkLab4zpJ/abjb3DjFNo8E4QPNeCqS+8xxeBOf7x61Kg/0Ox - jRQ95fTATyItiChwNkoxYjVIwosqxBVsbe3KxwhkmKPQ6wH/nvr6URX/IGUz2qWY - EqHdjsop83u4Rjn3C0u46U0P+W4U5IFiLfcE3RzFFYh67ko5YEhkyXP+tBNSgrTM - zFisVoQZdXpMCWWxBVWulB4FvvTx3jKUPRZVOrfexBfY4TA/PyhXLoz7FeEK9n2a - qFkrxy+GrHBXfSRZgCaHQFdKorg2fwwa - -----END CERTIFICATE----- - '') + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "006j61q2z44z6d92638iin6r46r4cj82ipwm37784h34i5x4mp0d"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "1nkd1rjcn02q9xxjg7sw79lbwy08i7hb4v4pn98djknvcmplpz5m"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "094m12npglnnv1nf1ijcv70p8l15l00id44qq7rwynhcgxi5539i"; }) + + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "1anfncdf5xsp219kryncv21ra87flpzcjwcc85hzvlwbxhid3g4x"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "035kkfizyl5dndj7rhvmy91rr75lakqbqgjx4dpiw0kqq369mz8r"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "14fpzx1qjs9ws9sz0y7pb6j40336xlckkqcm2rc5j86yn7r22lp7"; }) + (pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "1yjl3kyw4chc8vw7bnqac2h9vn8dxryw7lr7i03lqi9sdvs4108s"; }) ]; programs.adb.enable = true; -- cgit v1.2.3 From ecc09522d9073386c91fc61838ca418489ab648f Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 12:13:14 +0200 Subject: l cabal.r: use as AP --- lass/1systems/cabal/config.nix | 1 + lass/2configs/AP.nix | 77 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 lass/2configs/AP.nix (limited to 'lass') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 88f642d6b..9ac3cb681 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -15,6 +15,7 @@ + ]; krebs.build.host = config.krebs.hosts.cabal; diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix new file mode 100644 index 000000000..5ce7cfff8 --- /dev/null +++ b/lass/2configs/AP.nix @@ -0,0 +1,77 @@ +{ config, pkgs, ... }: +with import ; +let + wifi = "wlp0s29u1u2"; +in { + boot.extraModulePackages = [ + pkgs.linuxPackages.rtl8814au + ]; + networking.networkmanager.unmanaged = [ wifi ]; + + systemd.services.hostapd = { + description = "hostapd wireless AP"; + path = [ pkgs.hostapd ]; + wantedBy = [ "network.target" ]; + + after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ]; + + serviceConfig = { + ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" '' + interface=${wifi} + hw_mode=a + channel=36 + ieee80211d=1 + country_code=DE + ieee80211n=1 + ieee80211ac=1 + wmm_enabled=1 + + # 5ghz + ssid=krebsing + auth_algs=1 + wpa=2 + wpa_key_mgmt=WPA-PSK + rsn_pairwise=CCMP + wpa_passphrase=aidsballz + ''}"; + Restart = "always"; + }; + }; + + networking.interfaces.${wifi}.ipv4.addresses = [ + { address = "10.99.0.1"; prefixLength = 24; } + ]; + services.dhcpd4 = { + enable = true; + interfaces = [ wifi ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.99.0.1; + option domain-name-servers 1.1.1.1, 8.8.8.8; + subnet 10.99.0.0 netmask 255.255.255.0 { + range 10.99.0.100 10.99.0.200; + } + ''; + }; + + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } + { v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; } + { v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; } + { v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; } + { v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + #TODO find out what this is about? + { v6 = false; predicate = "-s 10.99.0.0/24 -d 224.0.0.0/24"; target = "RETURN"; } + { v6 = false; predicate = "-s 10.99.0.0/24 -d 255.255.255.255"; target = "RETURN"; } + + { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24"; target = "MASQUERADE"; } + { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; } + { v6 = false; predicate = "-s 10.99.0.0/24 ! -d 10.99.0.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; } + ]; +} -- cgit v1.2.3 From 28d6704a0d617ca7d379b836ab9fdd4d6a0be868 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 18:04:38 +0200 Subject: l monitoring: use correct logstash url --- lass/2configs/monitoring/prometheus-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index 1f9419e1a..e16d421a0 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -164,7 +164,7 @@ ]; "webhook_configs" = [ { - "url" = "https://example.com/prometheus-alerts"; + "url" = "http://127.0.0.1:14813/prometheus-alerts"; "send_resolved" = true; } ]; -- cgit v1.2.3 From 7330cce0d46f23036a42e19421ca3b59dc21f9cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 18:21:39 +0200 Subject: l prism.r: add restic backups --- lass/1systems/prism/config.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 89ea749c5..564315e8f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -333,6 +333,31 @@ in { }; }; } + { + imports = [ ]; + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "mors" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/chat/.weechat" + "/bku/sql_dumps" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/prism"; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 66b55d0a27327b5f0f6adf675a779f8d09e9c703 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 18:33:11 +0200 Subject: l repo-sync: RIP web-routes-wai-custom --- lass/2configs/repo-sync.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index ad44c67e1..1cf22552c 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -135,7 +135,6 @@ in { (sync-retiolum "populate") (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") - (sync-retiolum "web-routes-wai-custom") (sync-retiolum "xmonad-stockholm") ]; } -- cgit v1.2.3 From f4c7c3ebdce7c4a248140d20464fbdf65ea0c921 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:30:19 +0200 Subject: l mors: open chromecast ports --- lass/1systems/mors/config.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index f8a16ad2e..586a957cf 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -35,9 +35,11 @@ with import ; { - #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ + #risk of rain { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + #chromecast + { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } ]; } { -- cgit v1.2.3 From 5fe30a149d649b24cb0c55e398064adfce51614c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:30:51 +0200 Subject: l: init nichtparasoup --- lass/5pkgs/nichtparasoup/default.nix | 25 +++++++++++++++++++++++++ lass/5pkgs/nichtparasoup/exception.patch | 13 +++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 lass/5pkgs/nichtparasoup/default.nix create mode 100644 lass/5pkgs/nichtparasoup/exception.patch (limited to 'lass') diff --git a/lass/5pkgs/nichtparasoup/default.nix b/lass/5pkgs/nichtparasoup/default.nix new file mode 100644 index 000000000..cf34c683f --- /dev/null +++ b/lass/5pkgs/nichtparasoup/default.nix @@ -0,0 +1,25 @@ +{ stdenv, pkgs, ... }: +let + py = pkgs.python3Packages.python.withPackages (p: [ + p.werkzeug + p.beautifulsoup4 + ]); + src = pkgs.fetchFromGitHub { + owner = "k4cg"; + repo = "nichtparasoup"; + rev = "cf164b5"; + sha256 = "09bwh76agp14j8rv7bp47jcwhffc1b0bak0ikvzxyphph5lyidk9"; + }; + patchedSrc = stdenv.mkDerivation { + name = "nichtparasoup"; + inherit src; + patches = [ ./exception.patch ]; + phases = [ "unpackPhase" "patchPhase" "installPhase" ]; + installPhase = '' + mkdir -p $out + cp -r * $out/ + ''; + }; +in pkgs.writeDashBin "nichtparasoup" '' + ${py}/bin/python ${patchedSrc}/nichtparasoup.py "$@" +'' diff --git a/lass/5pkgs/nichtparasoup/exception.patch b/lass/5pkgs/nichtparasoup/exception.patch new file mode 100644 index 000000000..34c177de0 --- /dev/null +++ b/lass/5pkgs/nichtparasoup/exception.patch @@ -0,0 +1,13 @@ +diff --git a/nichtparasoup.py b/nichtparasoup.py +index 9da9a2b..833ca71 100755 +--- a/nichtparasoup.py ++++ b/nichtparasoup.py +@@ -211,7 +211,7 @@ def cache_fill_loop(): + try: + sources[crawler][site].crawl() + info = Crawler.info() +- except Exception, e: ++ except Exception as e: + logger.error("Error in crawler %s - %s: %s" % (crawler, site, e)) + break + -- cgit v1.2.3 From 80cb62753405364cedb40f7591704dde56593de3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:31:12 +0200 Subject: l: add nichtparasoup module --- lass/3modules/default.nix | 1 + lass/3modules/nichtparasoup.nix | 48 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 lass/3modules/nichtparasoup.nix (limited to 'lass') diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 5e7e6dff3..2cf6a66b9 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -7,6 +7,7 @@ _: ./hosts.nix ./mysql-backup.nix ./news.nix + ./nichtparasoup.nix ./pyload.nix ./restic.nix ./screenlock.nix diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix new file mode 100644 index 000000000..dd1419f24 --- /dev/null +++ b/lass/3modules/nichtparasoup.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +with import ; + +{ + options.lass.nichtparasoup = { + enable = mkEnableOption "nichtparasoup funny image page"; + config = mkOption { + type = types.str; + default = '' + [General] + Port: 5001 + IP: 0.0.0.0 + Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25 + + [Cache] + Images_min_limit: 15 + + [Logging] + ;; possible destinations: file syslog + Destination: syslog + Verbosity: ERROR + + [Sites] + SoupIO: everyone + Pr0gramm: new,top + Reddit: gifs,pics,aww,aww_gifs,reactiongifs,wtf,FoodPorn,cats,StarWars,ANormalDayInRussia,perfectloops,reallifedoodles + NineGag: geeky,wtf,hot,trending + Instagram: cats,animals,nerdy_gaming_art,nature,wtf + Fourchan: sci + ''; + }; + }; + + config = mkIf config.lass.nichtparasoup.enable { + systemd.services.nichtparasoup = { + description = "nichtparasoup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = true; + serviceConfig = { + Restart = "always"; + ExecStart = "${pkgs.nichtparasoup}/bin/nichtparasoup -c ${pkgs.writeText "config.ini"config.lass.nichtparasoup.config}"; + }; + }; + }; +} -- cgit v1.2.3 From 67047f9e8dc18e43ce37927b19a6aae62c2ab4a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:32:23 +0200 Subject: l prism.r: add pubkey to download --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 564315e8f..76aaf0cdc 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -358,6 +358,11 @@ in { }; }); } + { + users.users.download.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 24a3d64301ccbc39bdc6e46d5b6201b48311ed80 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:37:21 +0200 Subject: l prism.r: enable nichtparasoup --- lass/1systems/prism/config.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 76aaf0cdc..90decc35e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -363,6 +363,22 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" ]; } + { + lass.nichtparasoup.enable = true; + services.nginx = { + enable = true; + virtualHosts.lol = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:5001; + ''; + serverAliases = [ + "lol.lassul.us" + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From e1a0d9409d7f7e1c60f98ef2ee69cfecc445aa08 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:59:08 +0200 Subject: l nichtparasoup: cf164b5 -> c6dcd0d --- lass/5pkgs/nichtparasoup/default.nix | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/nichtparasoup/default.nix b/lass/5pkgs/nichtparasoup/default.nix index cf34c683f..fcff7ad54 100644 --- a/lass/5pkgs/nichtparasoup/default.nix +++ b/lass/5pkgs/nichtparasoup/default.nix @@ -7,19 +7,9 @@ let src = pkgs.fetchFromGitHub { owner = "k4cg"; repo = "nichtparasoup"; - rev = "cf164b5"; - sha256 = "09bwh76agp14j8rv7bp47jcwhffc1b0bak0ikvzxyphph5lyidk9"; - }; - patchedSrc = stdenv.mkDerivation { - name = "nichtparasoup"; - inherit src; - patches = [ ./exception.patch ]; - phases = [ "unpackPhase" "patchPhase" "installPhase" ]; - installPhase = '' - mkdir -p $out - cp -r * $out/ - ''; + rev = "c6dcd0d"; + sha256 = "10xy20bjdnd5bjv2hf6v5y5wi0mc9555awxkjqf57rk6ngc5w6ss"; }; in pkgs.writeDashBin "nichtparasoup" '' - ${py}/bin/python ${patchedSrc}/nichtparasoup.py "$@" + ${py}/bin/python ${src}/nichtparasoup.py "$@" '' -- cgit v1.2.3 From 4b9ad61e03c18ae2687d49a365fb4e95ac2dbeec Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:51:21 +0200 Subject: l icarus.r: add dpass & macchanger --- lass/1systems/icarus/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index b6a0822b9..f9754ee92 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -33,4 +33,9 @@ SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; + + environment.systemPackages = with pkgs; [ + macchanger + dpass + ]; } -- cgit v1.2.3 From 2dc18fb83a0c8fcd9c4cb04de9470e73c29fcedd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:55:38 +0200 Subject: l prism.r: simplify lol.lassul.us nginx --- lass/1systems/prism/config.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 90decc35e..d4be2faaf 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -367,15 +367,12 @@ in { lass.nichtparasoup.enable = true; services.nginx = { enable = true; - virtualHosts.lol = { + virtualHosts."lol.lassul.us" = { forceSSL = true; enableACME = true; locations."/".extraConfig = '' proxy_pass http://localhost:5001; ''; - serverAliases = [ - "lol.lassul.us" - ]; }; }; } -- cgit v1.2.3 From c0f7f7bab5447ebf95f4873f7ff9679938ff6d27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:56:26 +0200 Subject: l baseX: add dconf --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index e2e44b6fc..809297655 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -74,6 +74,7 @@ in { gi git-preview gitAndTools.qgit + gnome3.dconf lm_sensors mpv-poll much -- cgit v1.2.3 From e8c4f7c0e40a1612731ad9f68ef7f5bb1ec7ce1c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:57:44 +0200 Subject: l websites utils: forceSSL --- lass/2configs/websites/util.nix | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 61b5543ce..a11e8e692 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,11 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - onlySSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; + forceSSL = true; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -87,12 +83,9 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - onlySSL = true; + forceSSL = true; serverAliases = domains; extraConfig = '' - listen 80; - listen [::]:80; - # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; @@ -201,12 +194,9 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - onlySSL = true; + forceSSL = true; serverAliases = domains; extraConfig = '' - listen 80; - listen [::]:80; - root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; -- cgit v1.2.3 From 06402dba84c42396a911ceff56c15a26b9f5ee9c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 May 2018 08:28:21 +0200 Subject: l icarus.r: import wine.nix --- lass/1systems/icarus/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index f9754ee92..eb2be5869 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -17,6 +17,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; @@ -38,4 +39,8 @@ macchanger dpass ]; + services.redshift = { + enable = true; + provider = "geoclue2"; + }; } -- cgit v1.2.3 From 603db72c0d4bb98ca0b56aa94fa69299123d784c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 May 2018 08:30:10 +0200 Subject: l nichtparasoup: update default feeds --- lass/3modules/nichtparasoup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix index dd1419f24..14f4fffc8 100644 --- a/lass/3modules/nichtparasoup.nix +++ b/lass/3modules/nichtparasoup.nix @@ -24,9 +24,9 @@ with import ; [Sites] SoupIO: everyone Pr0gramm: new,top - Reddit: gifs,pics,aww,aww_gifs,reactiongifs,wtf,FoodPorn,cats,StarWars,ANormalDayInRussia,perfectloops,reallifedoodles + Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,cableporn,cableporn,educationalgifs,EngineeringPorn,forbiddensnacks,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected NineGag: geeky,wtf,hot,trending - Instagram: cats,animals,nerdy_gaming_art,nature,wtf + Instagram: nature,wtf Fourchan: sci ''; }; -- cgit v1.2.3 From af75b96fbe412527c4bf9129de850bcab3e7c7cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 8 May 2018 08:31:53 +0200 Subject: l xmonad: change default layout order --- lass/5pkgs/custom/xmonad-lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 18cb25b5b..868c1072a 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -90,7 +90,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1 ||| simplestFloat) + defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) floatHooks :: Query (Endo WindowSet) floatHooks = composeAll . concat $ -- cgit v1.2.3 From 079396f9e11573228bd6cf498f161c49660a7549 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 May 2018 15:18:15 +0200 Subject: l icarus.r: enable adb --- lass/1systems/icarus/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index eb2be5869..59cd12afb 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -43,4 +43,5 @@ enable = true; provider = "geoclue2"; }; + programs.adb.enable = true; } -- cgit v1.2.3 From 0c0d527bec3a6a3d6435203253edb2ef27f9655b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 May 2018 15:51:24 +0200 Subject: l: hw config into physical.nix --- lass/1systems/cabal/config.nix | 15 ------- lass/1systems/cabal/physical.nix | 12 ++++++ lass/1systems/daedalus/config.nix | 15 ------- lass/1systems/daedalus/physical.nix | 20 +++++++++ lass/1systems/dishfire/config.nix | 34 --------------- lass/1systems/dishfire/physical.nix | 39 +++++++++++++++++ lass/1systems/helios/config.nix | 56 +----------------------- lass/1systems/helios/physical.nix | 65 ++++++++++++++++++++++++++++ lass/1systems/icarus/config.nix | 15 ------- lass/1systems/icarus/physical.nix | 20 +++++++++ lass/1systems/littleT/config.nix | 15 ------- lass/1systems/littleT/physical.nix | 7 +++ lass/1systems/mors/config.nix | 39 ----------------- lass/1systems/mors/physical.nix | 44 +++++++++++++++++++ lass/1systems/prism/config.nix | 83 +----------------------------------- lass/1systems/prism/physical.nix | 85 +++++++++++++++++++++++++++++++++++++ lass/1systems/red/config.nix | 2 - lass/1systems/red/physical.nix | 7 +++ lass/1systems/shodan/config.nix | 42 ------------------ lass/1systems/shodan/physical.nix | 47 ++++++++++++++++++++ lass/1systems/skynet/config.nix | 15 ------- lass/1systems/skynet/physical.nix | 12 ++++++ lass/1systems/uriel/config.nix | 55 ------------------------ lass/1systems/uriel/physical.nix | 59 +++++++++++++++++++++++++ lass/1systems/xerxes/config.nix | 24 ----------- lass/1systems/xerxes/physical.nix | 29 +++++++++++++ 26 files changed, 448 insertions(+), 408 deletions(-) create mode 100644 lass/1systems/cabal/physical.nix create mode 100644 lass/1systems/daedalus/physical.nix create mode 100644 lass/1systems/dishfire/physical.nix create mode 100644 lass/1systems/helios/physical.nix create mode 100644 lass/1systems/icarus/physical.nix create mode 100644 lass/1systems/littleT/physical.nix create mode 100644 lass/1systems/mors/physical.nix create mode 100644 lass/1systems/prism/physical.nix create mode 100644 lass/1systems/red/physical.nix create mode 100644 lass/1systems/shodan/physical.nix create mode 100644 lass/1systems/skynet/physical.nix create mode 100644 lass/1systems/uriel/physical.nix create mode 100644 lass/1systems/xerxes/physical.nix (limited to 'lass') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 9ac3cb681..b117b5116 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -3,8 +3,6 @@ { imports = [ - - @@ -19,17 +17,4 @@ ]; krebs.build.host = config.krebs.hosts.cabal; - - #fileSystems = { - # "/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - # }; - #}; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - #''; } diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix new file mode 100644 index 000000000..3cc4af03b --- /dev/null +++ b/lass/1systems/cabal/physical.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./config.nix + + + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" + ''; +} diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index c15fcdc21..eafc0d06c 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - - @@ -94,17 +92,4 @@ with import ; ''; krebs.build.host = config.krebs.hosts.daedalus; - - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; } diff --git a/lass/1systems/daedalus/physical.nix b/lass/1systems/daedalus/physical.nix new file mode 100644 index 000000000..33a0cb473 --- /dev/null +++ b/lass/1systems/daedalus/physical.nix @@ -0,0 +1,20 @@ +{ + imports = [ + ./config.nix + + + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; +} diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 7993c763e..3d5f32180 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -4,41 +4,7 @@ imports = [ - - { - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - } { networking.dhcpcd.allowInterfaces = [ "enp*" diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 000000000..64e3904e0 --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./config.nix + + ]; + + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; +} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 759bb6d06..bd7f75c3e 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -12,48 +12,12 @@ with import ; # TODO fix krebs.git.rules.[definition 2-entry 2].lass not defined # - + # - { # automatic hardware detection - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/root"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1F60-17C6"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "btrfs"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - nix.maxJobs = lib.mkDefault 8; - } - { # crypto stuff - boot.initrd.luks = { - cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; - }; - } { services.xserver.dpi = 200; fonts.fontconfig.dpi = 200; @@ -99,13 +63,6 @@ with import ; } ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.wireless.enable = true; - hardware.enableRedistributableFirmware = true; - environment.systemPackages = with pkgs; [ ag vim @@ -124,17 +81,6 @@ with import ; services.tlp.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.xrandrHeads = [ - { output = "DP-2"; primary = true; } - { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } - { output = "DP-0"; } - ]; - - services.xserver.displayManager.sessionCommands = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal - ''; - networking.hostName = lib.mkForce "BLN02NB0162"; security.pki.certificateFiles = [ diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix new file mode 100644 index 000000000..549506c29 --- /dev/null +++ b/lass/1systems/helios/physical.nix @@ -0,0 +1,65 @@ +{ + imports = [ + ./config.nix + { # automatic hardware detection + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + nix.maxJobs = lib.mkDefault 8; + } + { # crypto stuff + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + } + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="f8:59:71:a9:05:65", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="54:e1:ad:4f:06:83", NAME="et0" + ''; + + services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.xrandrHeads = [ + { output = "DP-2"; primary = true; } + { output = "DP-4"; monitorConfig = ''Option "Rotate" "left"''; } + { output = "DP-0"; } + ]; + + services.xserver.displayManager.sessionCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-6 --off --output DP-5 --off --output DP-4 --mode 2560x1440 --pos 3840x0 --rotate left --output DP-3 --off --output DP-2 --primary --mode 3840x2160 --scale 0.5x0.5 --pos 0x400 --rotate normal --output DP-1 --off --output DP-0 --mode 2560x1440 --pos 5280x1120 --rotate normal + ''; +} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 59cd12afb..d54bd3e9e 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -3,8 +3,6 @@ { imports = [ - - @@ -22,19 +20,6 @@ krebs.build.host = config.krebs.hosts.icarus; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; - environment.systemPackages = with pkgs; [ macchanger dpass diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix new file mode 100644 index 000000000..6cc77a47d --- /dev/null +++ b/lass/1systems/icarus/physical.nix @@ -0,0 +1,20 @@ +{ + imports = [ + ./config.nix + + + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; +} diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index ef19e8d16..44617d3e7 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - - @@ -68,17 +66,4 @@ with import ; ''; krebs.build.host = config.krebs.hosts.littleT; - - #fileSystems = { - # "/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - # }; - #}; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - #''; } diff --git a/lass/1systems/littleT/physical.nix b/lass/1systems/littleT/physical.nix new file mode 100644 index 000000000..9776211ae --- /dev/null +++ b/lass/1systems/littleT/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + + + ]; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 586a957cf..2e6c8bc8a 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - - @@ -88,43 +86,6 @@ with import ; krebs.build.host = config.krebs.hosts.mors; - fileSystems = { - "/bku" = { - device = "/dev/mapper/pool-bku"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/home/virtual" = { - device = "/dev/mapper/pool-virtual"; - fsType = "ext4"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - environment.systemPackages = with pkgs; [ acronym brain diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix new file mode 100644 index 000000000..f99d6bd52 --- /dev/null +++ b/lass/1systems/mors/physical.nix @@ -0,0 +1,44 @@ +{ + imports = [ + ./config.nix + + + ]; + + fileSystems = { + "/bku" = { + device = "/dev/mapper/pool-bku"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/home/virtual" = { + device = "/dev/mapper/pool-virtual"; + fsType = "ext4"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" + ''; + + #TODO activationScripts seem broken, fix them! + #activationScripts + #split up and move into base + system.activationScripts.powertopTunables = '' + #Runtime PMs + echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' + ''; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d4be2faaf..c7b877deb 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -1,90 +1,9 @@ { config, lib, pkgs, ... }: with import ; -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - -in { +{ imports = [ - { - networking.interfaces.et0.ipv4.addresses = [ - { - address = ip; - prefixLength = 27; - } - { - address = "46.4.114.243"; - prefixLength = 27; - } - ]; - networking.defaultGateway = "46.4.114.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" - ''; - } - { - imports = [ ]; - - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - "ahci" "sd_mod" - ]; - - boot.kernelModules = [ "kvm-intel" ]; - - fileSystems."/" = { - device = "/dev/pool/nix_root"; - fsType = "ext4"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - fsType = "ext4"; - }; - - fileSystems."/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - swapDevices = [ - { label = "swap1"; } - { label = "swap2"; } - ]; - - sound.enable = false; - nixpkgs.config.allowUnfree = true; - time.timeZone = "Europe/Berlin"; - } { diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix new file mode 100644 index 000000000..83f127c22 --- /dev/null +++ b/lass/1systems/prism/physical.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./config.nix + { + networking.interfaces.et0.ipv4.addresses = [ + { + address = config.krebs.build.host.nets.internet.ip4.addr; + prefixLength = 27; + } + { + address = "46.4.114.243"; + prefixLength = 27; + } + ]; + networking.defaultGateway = "46.4.114.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" + ''; + } + { + imports = [ ]; + + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + "ahci" "sd_mod" + ]; + + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = { + device = "/dev/pool/nix_root"; + fsType = "ext4"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + fsType = "ext4"; + }; + + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "ext4"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + + swapDevices = [ + { label = "swap1"; } + { label = "swap2"; } + ]; + + sound.enable = false; + nixpkgs.config.allowUnfree = true; + time.timeZone = "Europe/Berlin"; + } + ]; + +} diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 31e2de966..04bbf1ee8 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -20,8 +20,6 @@ in ]; krebs.build.host = config.krebs.hosts.red; - boot.isContainer = true; - networking.useDHCP = false; services.nginx.enable = true; environment.variables.NIX_REMOTE = "daemon"; diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix new file mode 100644 index 000000000..b6aa3a894 --- /dev/null +++ b/lass/1systems/red/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; +} diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 42a46c5f5..8405b0f1f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -4,8 +4,6 @@ with import ; { imports = [ - #TODO reinstall with correct layout and use lass/hw/x220 - @@ -22,46 +20,6 @@ with import ; krebs.build.host = config.krebs.hosts.shodan; - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - "/bku" = { - device = "/dev/pool/bku"; - fsType = "btrfs"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; - services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix new file mode 100644 index 000000000..4a550d0a4 --- /dev/null +++ b/lass/1systems/shodan/physical.nix @@ -0,0 +1,47 @@ +{ + #TODO reinstall with correct layout and use lass/hw/x220 + imports = [ + ./config.nix + + ]; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "btrfs"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; +} diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b2210282f..b6c08f797 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -3,8 +3,6 @@ with import ; { imports = [ - - # @@ -46,17 +44,4 @@ with import ; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; - - #fileSystems = { - # "/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - # }; - #}; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" - ''; } diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix new file mode 100644 index 000000000..358e1f511 --- /dev/null +++ b/lass/1systems/skynet/physical.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./config.nix + + + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" + ''; +} diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index 70bef9883..3eddcfc52 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -41,60 +41,5 @@ with import ; ]; krebs.build.host = config.krebs.hosts.uriel; - - hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.systemd-boot.enable = true; - loader.timeout = 5; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/root"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - ''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; } diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix new file mode 100644 index 000000000..9ac3468a8 --- /dev/null +++ b/lass/1systems/uriel/physical.nix @@ -0,0 +1,59 @@ +{ + imports = [ + ./config.nix + ]; + + hardware.enableAllFirmware = true; + boot = { + #kernelParams = [ + # "acpi.brightness_switch_enabled=0" + #]; + #loader.grub.enable = true; + #loader.grub.version = 2; + #loader.grub.device = "/dev/sda"; + + loader.systemd-boot.enable = true; + loader.timeout = 5; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + kernelModules = [ "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/root"; + fsType = "ext4"; + }; + + "/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" + ''; + + services.xserver.synaptics = { + enable = true; + twoFingerScroll = true; + accelFactor = "0.035"; + additionalOptions = '' + Option "FingerHigh" "60" + Option "FingerLow" "60" + ''; + }; +} diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 0669748f5..1bd6cf2c5 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -3,8 +3,6 @@ { imports = [ - - @@ -15,26 +13,4 @@ ]; krebs.build.host = config.krebs.hosts.xerxes; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" - ''; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; - fsType = "btrfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/16C8-D053"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; - networking.wireless.enable = true; } diff --git a/lass/1systems/xerxes/physical.nix b/lass/1systems/xerxes/physical.nix new file mode 100644 index 000000000..17caccfe6 --- /dev/null +++ b/lass/1systems/xerxes/physical.nix @@ -0,0 +1,29 @@ +{ + imports = [ + ./config.nix + + + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="b0:f1:ec:9f:5c:78", NAME="wl0" + ''; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d227d88f-bd24-4e8a-aa14-9e966b471437"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C8-D053"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1ec4193b-7f41-490d-8782-7677d437b358"; + fsType = "btrfs"; + }; + + boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/disk/by-uuid/d17f19a3-dcba-456d-b5da-e45cc15dc9c8"; } ]; + + networking.wireless.enable = true; +} -- cgit v1.2.3 From 178ee92dcab1955b06c19ddb941957c098716ec0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 12 May 2018 15:53:04 +0200 Subject: l kops: nix-config is physical.nix --- lass/kops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/kops.nix b/lass/kops.nix index 9d0ab911a..2dda0e8fb 100644 --- a/lass/kops.nix +++ b/lass/kops.nix @@ -8,7 +8,7 @@ source = { test }: lib.evalSource [ krebs-source { - nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; secrets = if test then { file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; } else { -- cgit v1.2.3 From 8b1d1b8d913004951e0c2fd46c6b7d2a3c27148a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 19:35:28 +0200 Subject: l git: don't announce nixos-aws --- lass/2configs/git.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 43085ba5e..f9e326333 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -57,17 +57,17 @@ let cgit.desc = "Fork of nix-user-chroot my lethalman"; cgit.section = "software"; }; + krops = { + cgit.desc = "krebs deployment"; + cgit.section = "software"; + }; + } // mapAttrs make-public-repo-silent { nixos-aws = { collaborators = [ { name = "fabio"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; } ]; }; - krops = { - cgit.desc = "krebs deployment"; - cgit.section = "software"; - }; - } // mapAttrs make-public-repo-silent { }; restricted-repos = mapAttrs make-restricted-repo ( -- cgit v1.2.3 From 3d815f1becbc5c9c4a7e6d40a644bc18f69af5ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 19:39:19 +0200 Subject: l source: nix-config is physical.nix --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/source.nix b/lass/source.nix index 1d840f38f..e7991da2a 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -12,7 +12,7 @@ host@{ name, secure ? false, override ? {} }: let in evalSource (toString _file) [ { - nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; nixpkgs = (import host).nixpkgs; secrets = getAttr builder { buildbot.file = toString ; -- cgit v1.2.3 From 8642d7c3bcd6edcfc63a3837b4985dd7380bfdb2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 19:52:22 +0200 Subject: l helios.r: remove maxJobs --- lass/1systems/helios/physical.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix index 549506c29..a224f81df 100644 --- a/lass/1systems/helios/physical.nix +++ b/lass/1systems/helios/physical.nix @@ -25,8 +25,6 @@ fsType = "tmpfs"; options = ["nosuid" "nodev" "noatime"]; }; - - nix.maxJobs = lib.mkDefault 8; } { # crypto stuff boot.initrd.luks = { -- cgit v1.2.3 From 364c99bd295e2a44170991cd94d39a1cd546a128 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 20:38:10 +0200 Subject: l helios.r: import pkgs --- lass/1systems/helios/physical.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/helios/physical.nix b/lass/1systems/helios/physical.nix index a224f81df..a5212454f 100644 --- a/lass/1systems/helios/physical.nix +++ b/lass/1systems/helios/physical.nix @@ -1,3 +1,4 @@ +{ pkgs, ... }: { imports = [ ./config.nix -- cgit v1.2.3 From 619131d246ead21ba001644be82686ce31138773 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 May 2018 22:27:15 +0200 Subject: l git: add icarus to admin users --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index f9e326333..712a15342 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -121,7 +121,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-shodan ]; + user = [ lass lass-shodan lass-icarus ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ -- cgit v1.2.3 From 91b1eec4162bf16ce3c4ae698cebd7236b968f9f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:04:59 +0200 Subject: l: set 32bit dri in games.nix --- lass/2configs/games.nix | 1 + lass/2configs/steam.nix | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 3ee3a98a5..81f53bf69 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -80,6 +80,7 @@ in { }; }; + hardware.opengl.driSupport32Bit = true; hardware.pulseaudio.support32Bit = true; security.sudo.extraConfig = '' diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index 225ddd308..e1b523e3a 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -10,8 +10,6 @@ # source: https://nixos.org/wiki/Talk:Steam # ##TODO: make steam module - hardware.opengl.driSupport32Bit = true; - nixpkgs.config.steam.java = true; environment.systemPackages = with pkgs; [ steam -- cgit v1.2.3 From 9e95c2b2d12cf18fcda266cc3b69d685d288b77f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:05:49 +0200 Subject: l baseX: add thesauron --- lass/2configs/baseX.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 809297655..a387f2c5d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -69,11 +69,12 @@ in { environment.systemPackages = with pkgs; [ acpi bank + cabal2nix dic dmenu gi - git-preview gitAndTools.qgit + git-preview gnome3.dconf lm_sensors mpv-poll @@ -87,19 +88,18 @@ in { rxvt_unicode_with-plugins slock sxiv - timewarrior taskwarrior termite + thesauron + timewarrior xclip + xephyrify xorg.xbacklight xorg.xhost xsel youtube-tools yt-next zathura - - cabal2nix - xephyrify ]; fonts.fonts = with pkgs; [ -- cgit v1.2.3 From aecf06a8bfa5e5d444bff6d5c4430250a2684d34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:06:50 +0200 Subject: l websites domsen: remove old, add new --- lass/2configs/websites/domsen.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 7a72499c9..c75cc81fc 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,12 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ - "habsys.de" - "habsys.eu" - "www.habsys.de" - "www.habsys.eu" - ]) + (servePage [ "freemonkey.art" ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" -- cgit v1.2.3 From cb41b35641eba3c0e88c87604072405ecc8fc5f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:09:50 +0200 Subject: l websites domsen: add akayguen --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c75cc81fc..4e8361a17 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -115,6 +115,7 @@ in { { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } + { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -172,5 +173,12 @@ in { createHome = true; }; + users.users.akayguen = { + uid = genid_signed "akayguen"; + home = "/home/akayguen"; + useDefaultShell = true; + createHome = true; + }; + } -- cgit v1.2.3 From 3fc6ff613ff9a1c5e439d6061a2580271dcfc368 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:15:54 +0200 Subject: l mails: add elitedangerous@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index e05ed2427..fe79ce82b 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -80,6 +80,7 @@ with import ; { from = "hetzner@lassul.us"; to = lass.mail; } { from = "allygator@lassul.us"; to = lass.mail; } { from = "immoscout@lassul.us"; to = lass.mail; } + { from = "elitedangerous@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From efb7452a0c5f0d4109ae188dc6abda46a20e394c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:20:08 +0200 Subject: l websites util: make ssl optional again --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index a11e8e692..816449c14 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,7 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - forceSSL = true; + addSSL = true; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -83,7 +83,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - forceSSL = true; + addSSL = true; serverAliases = domains; extraConfig = '' # Add headers to serve security related headers @@ -194,7 +194,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - forceSSL = true; + addSSL = true; serverAliases = domains; extraConfig = '' root /srv/http/${domain}/; -- cgit v1.2.3 From 4cdffe8351ecc47b5b34797660f7644935004c95 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:25:26 +0200 Subject: l nichtparasoup: remove some feeds --- lass/3modules/nichtparasoup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/3modules/nichtparasoup.nix b/lass/3modules/nichtparasoup.nix index 14f4fffc8..632481b69 100644 --- a/lass/3modules/nichtparasoup.nix +++ b/lass/3modules/nichtparasoup.nix @@ -24,7 +24,7 @@ with import ; [Sites] SoupIO: everyone Pr0gramm: new,top - Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,cableporn,cableporn,educationalgifs,EngineeringPorn,forbiddensnacks,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected + Reddit: gifs,reactiongifs,ANormalDayInRussia,perfectloops,reallifedoodles,bizarrebuildings,cablefail,cableporn,educationalgifs,EngineeringPorn,holdmybeer,itsaunixsystem,loadingicon,michaelbaygifs,nononoyesno,oddlysatisfying,ofcoursethatsathing,OSHA,PeopleFuckingDying,PerfectTiming,PixelArt,RetroFuturism,robotsbeingjerks,scriptedasiangifs,shittyrobots,startrekstabilized,ThingsCutInHalfPorn,totallynotrobots,Unexpected NineGag: geeky,wtf,hot,trending Instagram: nature,wtf Fourchan: sci -- cgit v1.2.3 From 942375e134fd70876ee81924ff83955473883cad Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 17:26:19 +0200 Subject: l: add blue.r --- lass/1systems/blue/config.nix | 11 +++++++++++ lass/1systems/blue/physical.nix | 8 ++++++++ lass/1systems/blue/source.nix | 4 ++++ 3 files changed, 23 insertions(+) create mode 100644 lass/1systems/blue/config.nix create mode 100644 lass/1systems/blue/physical.nix create mode 100644 lass/1systems/blue/source.nix (limited to 'lass') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix new file mode 100644 index 000000000..b068c34b0 --- /dev/null +++ b/lass/1systems/blue/config.nix @@ -0,0 +1,11 @@ +with import ; +{ config, lib, pkgs, ... }: +{ + imports = [ + + + + ]; + + krebs.build.host = config.krebs.hosts.blue; +} diff --git a/lass/1systems/blue/physical.nix b/lass/1systems/blue/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/blue/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix new file mode 100644 index 000000000..d8b979812 --- /dev/null +++ b/lass/1systems/blue/source.nix @@ -0,0 +1,4 @@ +import { + name = "blue"; + secure = true; +} -- cgit v1.2.3 From b39efc716232405abf3cfaa95f77e7025f6d3d1d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 17:29:32 +0200 Subject: l mors.r: enable libvirtd --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 2e6c8bc8a..de6963eb5 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -186,4 +186,5 @@ with import ; RandomizedDelaySec = "5h"; }; }); + virtualisation.libvirtd.enable = true; } -- cgit v1.2.3 From f1349ff0bb4c12fd57076d31eaf634568ec1f818 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 17:30:17 +0200 Subject: l mors.r: new hardware --- lass/1systems/mors/physical.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index f99d6bd52..580252000 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -18,8 +18,8 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="5a:37:e4:6e:1f:9d", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0" ''; #TODO activationScripts seem broken, fix them! -- cgit v1.2.3 From dbcdae5e38bddcb7683ae115c222c098d8e3c6a5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 17:31:13 +0200 Subject: l red: NIX_REMOTE should be in physical.nix --- lass/1systems/red/config.nix | 1 - lass/1systems/red/physical.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/red/config.nix b/lass/1systems/red/config.nix index 04bbf1ee8..3139e94a2 100644 --- a/lass/1systems/red/config.nix +++ b/lass/1systems/red/config.nix @@ -22,7 +22,6 @@ in krebs.build.host = config.krebs.hosts.red; services.nginx.enable = true; - environment.variables.NIX_REMOTE = "daemon"; environment.systemPackages = [ pkgs.mk_sql_pair ]; diff --git a/lass/1systems/red/physical.nix b/lass/1systems/red/physical.nix index b6aa3a894..7499ff723 100644 --- a/lass/1systems/red/physical.nix +++ b/lass/1systems/red/physical.nix @@ -4,4 +4,5 @@ ]; boot.isContainer = true; networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.2.3 From 2e7bcebfd07080db071f07c3ad8e42e136857c31 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 17:32:00 +0200 Subject: l container-networking: set ipv4.ip_forward --- lass/2configs/container-networking.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix index 3dae3420d..98b56bd41 100644 --- a/lass/2configs/container-networking.nix +++ b/lass/2configs/container-networking.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { #krebs.iptables.tables.filter.INPUT.rules = [ @@ -24,4 +24,5 @@ { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p tcp"; target = "MASQUERADE --to-ports 1024-65535"; } { v6 = false; predicate = "-s 10.233.2.0/24 ! -d 10.233.2.0/24 -p udp"; target = "MASQUERADE --to-ports 1024-65535"; } ]; + boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1; } -- cgit v1.2.3 From dca292c905b09eff69e0219472c7846a55a0bb72 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 17:32:29 +0200 Subject: l l-gen-secrets: fix secret paths --- lass/5pkgs/l-gen-secrets/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/5pkgs/l-gen-secrets/default.nix b/lass/5pkgs/l-gen-secrets/default.nix index 4b25fbd4c..b6cb2ec7e 100644 --- a/lass/5pkgs/l-gen-secrets/default.nix +++ b/lass/5pkgs/l-gen-secrets/default.nix @@ -17,9 +17,9 @@ pkgs.writeDashBin "l-gen-secrets" '' cd $TMPDIR for x in *; do - ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m krebs-secrets/$HOSTNAME/$x > /dev/null + ${pkgs.coreutils}/bin/cat $x | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/$x > /dev/null done - echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m hosts/$HOSTNAME/pass > /dev/null + echo $PASSWORD | ${pkgs.pass}/bin/pass insert -m admin/$HOSTNAME/pass > /dev/null cat < Date: Wed, 16 May 2018 20:19:57 +0200 Subject: l: don't redirect ssh port from inner networks --- lass/2configs/container-networking.nix | 12 +++--------- lass/2configs/libvirt.nix | 3 +++ 2 files changed, 6 insertions(+), 9 deletions(-) (limited to 'lass') diff --git a/lass/2configs/container-networking.nix b/lass/2configs/container-networking.nix index 98b56bd41..f04e4342d 100644 --- a/lass/2configs/container-networking.nix +++ b/lass/2configs/container-networking.nix @@ -1,12 +1,6 @@ { lib, ... }: { - #krebs.iptables.tables.filter.INPUT.rules = [ - # { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 53"; target = "ACCEPT"; } - # { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 53"; target = "ACCEPT"; } - # { v6 = false; predicate = "-i ve-+ -p udp -m udp --dport 67"; target = "ACCEPT"; } - # { v6 = false; predicate = "-i ve-+ -p tcp -m tcp --dport 67"; target = "ACCEPT"; } - #]; krebs.iptables.tables.filter.FORWARD.rules = [ { v6 = false; predicate = "-d 10.233.2.0/24 -o ve-+ -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } { v6 = false; predicate = "-s 10.233.2.0/24 -i ve-+"; target = "ACCEPT"; } @@ -14,9 +8,9 @@ { v6 = false; predicate = "-o ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; } { v6 = false; predicate = "-i ve-+"; target = "REJECT --reject-with icmp-port-unreachable"; } ]; - #krebs.iptables.tables.filter.OUTPUT.rules = [ - # { v6 = false; predicate = "-o ve-+ -p udp -m udp --dport 68"; target = "ACCEPT"; } - #]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; predicate = "-s 10.233.2.0/24"; target = "ACCEPT"; precedence = 1000; } + ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v6 = false; predicate = "-s 10.233.2.0/24 -d 224.0.0.0/24"; target = "RETURN"; } { v6 = false; predicate = "-s 10.233.2.0/24 -d 255.255.255.255"; target = "RETURN"; } diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index a71638323..78d5ae0e9 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -20,6 +20,9 @@ krebs.iptables.tables.filter.OUTPUT.rules = [ { v6 = false; predicate = "-o virbr0 -p udp -m udp --dport 68"; target = "ACCEPT"; } ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; predicate = "-s 192.168.122.0/24"; target = "ACCEPT"; precedence = 1000; } + ]; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v6 = false; predicate = "-s 192.168.122.0/24 -d 224.0.0.0/24"; target = "RETURN"; } { v6 = false; predicate = "-s 192.168.122.0/24 -d 255.255.255.255"; target = "RETURN"; } -- cgit v1.2.3 From 82704cb35cd74f58c3246f39f89d3e13267b716b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 23:07:27 +0200 Subject: l AP: use network bridge --- lass/2configs/AP.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'lass') diff --git a/lass/2configs/AP.nix b/lass/2configs/AP.nix index 5ce7cfff8..dfffbfdf9 100644 --- a/lass/2configs/AP.nix +++ b/lass/2configs/AP.nix @@ -6,7 +6,7 @@ in { boot.extraModulePackages = [ pkgs.linuxPackages.rtl8814au ]; - networking.networkmanager.unmanaged = [ wifi ]; + networking.networkmanager.unmanaged = [ wifi "et0" ]; systemd.services.hostapd = { description = "hostapd wireless AP"; @@ -38,12 +38,17 @@ in { }; }; - networking.interfaces.${wifi}.ipv4.addresses = [ + networking.bridges.br0.interfaces = [ + wifi + "et0" + ]; + + networking.interfaces.br0.ipv4.addresses = [ { address = "10.99.0.1"; prefixLength = 24; } ]; services.dhcpd4 = { enable = true; - interfaces = [ wifi ]; + interfaces = [ "br0" ]; extraConfig = '' option subnet-mask 255.255.255.0; option routers 10.99.0.1; @@ -56,11 +61,12 @@ in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; predicate = "-d 10.99.0.0/24 -o ${wifi} -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - { v6 = false; predicate = "-s 10.99.0.0/24 -i ${wifi}"; target = "ACCEPT"; } - { v6 = false; predicate = "-i ${wifi} -o ${wifi}"; target = "ACCEPT"; } - { v6 = false; predicate = "-o ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; } - { v6 = false; predicate = "-i ${wifi}"; target = "REJECT --reject-with icmp-port-unreachable"; } + { v6 = false; predicate = "-d 10.99.0.0/24 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } + { v6 = false; predicate = "-s 10.99.0.0/24 -i br0"; target = "ACCEPT"; } + { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; } + { v6 = false; predicate = "-i br0 -o br0"; target = "ACCEPT"; } + { v6 = false; predicate = "-o br0"; target = "REJECT --reject-with icmp-port-unreachable"; } + { v6 = false; predicate = "-i br0"; target = "REJECT --reject-with icmp-port-unreachable"; } ]; krebs.iptables.tables.nat.PREROUTING.rules = [ { v6 = false; predicate = "-s 10.99.0.0/24"; target = "ACCEPT"; precedence = 1000; } -- cgit v1.2.3 From 72a094546e6a934fa57950ebc0d5f0bdaa21bd49 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 16 May 2018 23:08:00 +0200 Subject: l: add blue to authorizedKeys --- lass/2configs/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 12a814605..ed97b4897 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -19,7 +19,8 @@ with import ; users.extraUsers = { root = { openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey + config.krebs.users.lass-mors.pubkey + config.krebs.users.lass-blue.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey config.krebs.users.lass-xerxes.pubkey @@ -38,7 +39,8 @@ with import ; "wheel" ]; openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey + config.krebs.users.lass-mors.pubkey + config.krebs.users.lass-blue.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey ]; -- cgit v1.2.3 From e1fec918a64a6c0aff0b758b4ea8a5e228623012 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:04:05 +0200 Subject: l cabal.r: provice host for blue.r --- lass/1systems/cabal/config.nix | 1 + lass/2configs/blue-host.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 lass/2configs/blue-host.nix (limited to 'lass') diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index b117b5116..64c179e67 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -14,6 +14,7 @@ + ]; krebs.build.host = config.krebs.hosts.cabal; diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix new file mode 100644 index 000000000..657234bc1 --- /dev/null +++ b/lass/2configs/blue-host.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + imports = [ + + ]; + containers.blue = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = true; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.9"; + localAddress = "10.233.2.10"; + }; +} -- cgit v1.2.3 From 32b66b6def41a6d33718e14b09135b234a4036b8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:06:29 +0200 Subject: l mors.r: use correct wifi mac --- lass/1systems/mors/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/mors/physical.nix b/lass/1systems/mors/physical.nix index 580252000..680dc9bde 100644 --- a/lass/1systems/mors/physical.nix +++ b/lass/1systems/mors/physical.nix @@ -18,7 +18,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="5a:37:e4:6e:1f:9d", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:72:f4:88", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:c4:7a:f1", NAME="et0" ''; -- cgit v1.2.3 From c7a49e7ac91eef1833992d9801b11febad726afe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:09:54 +0200 Subject: l prism.r: forward weechat port to blue.r --- lass/1systems/prism/config.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c7b877deb..9bfd90c14 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -295,6 +295,21 @@ with import ; }; }; } + { #weechat port forwarding to blue + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From d72657a57be63ff6eeeaa0b84cd7761b2d38c8b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:20:10 +0200 Subject: l blue.r: add weechat, backups & mail --- lass/1systems/blue/config.nix | 30 +++++++++++++++++++++++ lass/2configs/blue.nix | 55 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 lass/2configs/blue.nix (limited to 'lass') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index b068c34b0..aef055cf0 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -5,7 +5,37 @@ with import ; + + + ]; krebs.build.host = config.krebs.hosts.blue; + + networking.nameservers = [ "1.1.1.1" ]; + + lass.restic = genAttrs [ + "daedalus" + "icarus" + "littleT" + "prism" + "shodan" + "skynet" + ] (dest: { + dirs = [ + "/home/" + "/var/lib" + ]; + passwordFile = (toString ) + "/restic/${dest}"; + repo = "sftp:backup@${dest}.r:/backups/blue"; + extraArguments = [ + "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" + ]; + timerConfig = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + }); + time.timeZone = "Europe/Berlin"; + users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey ]; } diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix new file mode 100644 index 000000000..c0417b865 --- /dev/null +++ b/lass/2configs/blue.nix @@ -0,0 +1,55 @@ +with (import ); +{ config, lib, pkgs, ... }: + +{ + + imports = [ + ./bitlbee.nix + ./mail.nix + ./pass.nix + ]; + + services.tor.enable = true; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} + { predicate = "-i retiolum -p tcp --dport 9999"; target = "ACCEPT";} + ]; + + systemd.services.chat = let + tmux = pkgs.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' + set-option -g prefix ` + unbind-key C-b + bind ` send-prefix + + set-option -g status off + set-option -g default-terminal screen-256color + + #use session instead of windows + bind-key c new-session + bind-key p switch-client -p + bind-key n switch-client -n + bind-key C-s switch-client -l + ''} "$@" + ''; + in { + description = "chat environment setup"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + path = [ + pkgs.rxvt_unicode.terminfo + ]; + + serviceConfig = { + User = "lass"; + RemainAfterExit = true; + Type = "oneshot"; + ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; + }; + }; +} -- cgit v1.2.3 From c7d373f814fb18c0ced8da1a4c364b3aadd9d450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:28:49 +0200 Subject: l exim: allow sending from blue.r --- lass/2configs/exim-smarthost.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index fe79ce82b..5248f4d63 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -14,7 +14,7 @@ with import ; ]; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors - config.krebs.hosts.uriel + config.krebs.hosts.blue ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 -- cgit v1.2.3 From cd145bb426bef35aecaf5e2f86be300241606c1b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:32:07 +0200 Subject: l backup: add blue to authorizedKeys --- lass/2configs/backup.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/backup.nix b/lass/2configs/backup.nix index 27adf6d2a..d23cf9a43 100644 --- a/lass/2configs/backup.nix +++ b/lass/2configs/backup.nix @@ -15,6 +15,7 @@ with import ; openssh.authorizedKeys.keys = with config.krebs.hosts; [ mors.ssh.pubkey prism.ssh.pubkey + blue.ssh.pubkey ]; }; } -- cgit v1.2.3 From 141fa0117c0aaa994a7b0776976631044afc193b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:32:47 +0200 Subject: l exim: add new mail addresses --- lass/2configs/exim-smarthost.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lass') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 5248f4d63..371f20885 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -81,6 +81,8 @@ with import ; { from = "allygator@lassul.us"; to = lass.mail; } { from = "immoscout@lassul.us"; to = lass.mail; } { from = "elitedangerous@lassul.us"; to = lass.mail; } + { from = "boardgamegeek@lassul.us"; to = lass.mail; } + { from = "qwertee@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From de7ee966dfb6923e9b9ebab55eb4f6f17a88ed43 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:33:42 +0200 Subject: l monitoring: don't send resolved status --- lass/2configs/monitoring/prometheus-server.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index e16d421a0..aef671636 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -159,7 +159,6 @@ "email_configs" = [ { "to" = "devnull@example.com"; - "send_resolved" = true; } ]; "webhook_configs" = [ -- cgit v1.2.3 From 3277fac9b6941ece359efed2884c440d2e03837c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 20 May 2018 10:42:46 +0200 Subject: l git: add blue & mors to allowed users --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 712a15342..e41ff606f 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -121,7 +121,7 @@ let with git // config.krebs.users; repo: singleton { - user = [ lass lass-shodan lass-icarus ]; + user = [ lass-mors lass-shodan lass-icarus lass-blue ]; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ -- cgit v1.2.3 From 5af3134c0084ac98fbd504865925aeba61f06d94 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 May 2018 08:25:11 +0200 Subject: l red: forceSSL --- lass/1systems/prism/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 9bfd90c14..b2669c4ac 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -243,7 +243,7 @@ with import ; }; services.nginx.virtualHosts."rote-allez-fraktion.de" = { enableACME = true; - addSSL = true; + forceSSL = true; locations."/" = { extraConfig = '' proxy_set_header Host rote-allez-fraktion.de; -- cgit v1.2.3 From 4829b6b9d7ce2b19e84473ecb254e68219b1d0b6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 May 2018 08:25:53 +0200 Subject: l: add bitlbee.nix --- lass/2configs/bitlbee.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 lass/2configs/bitlbee.nix (limited to 'lass') diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix new file mode 100644 index 000000000..1220fa0cd --- /dev/null +++ b/lass/2configs/bitlbee.nix @@ -0,0 +1,15 @@ +with (import ); +{ config, lib, pkgs, ... }: + +{ + services.bitlbee = { + enable = true; + portNumber = 6666; + plugins = [ + pkgs.bitlbee-facebook + pkgs.bitlbee-steam + pkgs.bitlbee-discord + ]; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; +} -- cgit v1.2.3 From 9173c08145836c1ee34674a15a488c7099f203af Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 May 2018 08:26:20 +0200 Subject: l: remove IM.nix --- lass/1systems/prism/config.nix | 1 - lass/2configs/IM.nix | 73 ------------------------------------------ 2 files changed, 74 deletions(-) delete mode 100644 lass/2configs/IM.nix (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b2669c4ac..6d03a2694 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -131,7 +131,6 @@ with import ; } - diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix deleted file mode 100644 index 7d3dfd428..000000000 --- a/lass/2configs/IM.nix +++ /dev/null @@ -1,73 +0,0 @@ -with (import ); -{ config, lib, pkgs, ... }: - -let - tmux = pkgs.writeDash "tmux" '' - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g prefix ` - unbind-key C-b - bind ` send-prefix - - set-option -g status off - set-option -g default-terminal screen-256color - - #use session instead of windows - bind-key c new-session - bind-key p switch-client -p - bind-key n switch-client -n - bind-key C-s switch-client -l - ''} "$@" - ''; -in { - - services.bitlbee = { - enable = true; - portNumber = 6666; - plugins = [ - pkgs.bitlbee-facebook - pkgs.bitlbee-steam - pkgs.bitlbee-discord - ]; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; - - users.extraUsers.chat = { - home = "/home/chat"; - uid = genid "chat"; - useDefaultShell = true; - createHome = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-android.pubkey - lass-helios.pubkey - ]; - }; - - # mosh - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - { predicate = "-p tcp --dport 9999"; target = "ACCEPT";} - ]; - - systemd.services.chat = { - description = "chat environment setup"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - restartIfChanged = false; - - path = [ - pkgs.rxvt_unicode.terminfo - ]; - - serviceConfig = { - User = "chat"; - RemainAfterExit = true; - Type = "oneshot"; - ExecStart = "${tmux} -2 new-session -d -s IM ${pkgs.weechat}/bin/weechat"; - ExecStop = "${tmux} kill-session -t IM"; - }; - }; -} -- cgit v1.2.3 From 4277c251906100bc103808af7a674fe2fbb3851b Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 21 May 2018 08:28:08 +0200 Subject: l prism.r: add wireguard config --- lass/1systems/prism/config.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 6d03a2694..7a9537b64 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -309,6 +309,34 @@ with import ; { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } ]; } + { + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } + ]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.1.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # lass-android + allowedIPs = [ "10.244.1.2/32" ]; + publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk="; + } + ]; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 2e7f0ada013810e577944434f42000313befe549 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jun 2018 08:24:56 +0200 Subject: l: kops -> krops --- lass/1systems/blue/config.nix | 8 ++++++++ lass/1systems/mors/config.nix | 8 -------- lass/kops.nix | 35 ----------------------------------- lass/krops.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 50 insertions(+), 43 deletions(-) delete mode 100644 lass/kops.nix create mode 100644 lass/krops.nix (limited to 'lass') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index aef055cf0..a84bb37f6 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -12,6 +12,14 @@ with import ; krebs.build.host = config.krebs.hosts.blue; + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; + }; + networking.nameservers = [ "1.1.1.1" ]; lass.restic = genAttrs [ diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index de6963eb5..97e69146e 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,14 +140,6 @@ with import ; OnCalendar = "00:37"; }; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/kops.nix b/lass/kops.nix deleted file mode 100644 index 2dda0e8fb..000000000 --- a/lass/kops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/kops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - secrets = if test then { - file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.kops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) - test = pkgs.kops.writeTest "${name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; - }; -} diff --git a/lass/krops.nix b/lass/krops.nix new file mode 100644 index 000000000..776a3a55d --- /dev/null +++ b/lass/krops.nix @@ -0,0 +1,42 @@ +{ config ? config, name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; + secrets = if test then { + file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + }; + + ci = map (host: + pkgs.krops.writeTest "${host.name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; + } + ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); +} -- cgit v1.2.3 From bc0cd03da463c9cf67ba47b034bbbe32d9391beb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:57:52 +0200 Subject: move Reaktor|krebs from prism to hotdog --- lass/1systems/prism/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7a9537b64..285dbfa9d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -175,7 +175,6 @@ with import ; alias /var/realwallpaper/realwallpaper.png; ''; } - { users.users.jeschli = { -- cgit v1.2.3 From e34ca32676d1fe6a4aab3cca1518b111a36ef8cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:14 +0200 Subject: l prism.r: remove unnecessary iptables forward --- lass/1systems/prism/config.nix | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 285dbfa9d..d6d1ce2e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,21 +293,6 @@ with import ; }; }; } - { #weechat port forwarding to blue - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } - ]; - } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.2.3 From 7b51fac2c52f2d61e024f54be621b0e5b5066dfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:55 +0200 Subject: l blue: add ag & nmap to pkgs --- lass/2configs/blue.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index c0417b865..363705edc 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -9,6 +9,11 @@ with (import ); ./pass.nix ]; + environment.systemPackages = with pkgs; [ + ag + nmap + ]; + services.tor.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.2.3 From 263f150c1bde465a5bd66c40c1ff0fe02e47ed3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:01:33 +0200 Subject: l git: fix typo --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index e41ff606f..72cfd5e75 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -54,7 +54,7 @@ let cgit.section = "art"; }; nix-user-chroot = { - cgit.desc = "Fork of nix-user-chroot my lethalman"; + cgit.desc = "Fork of nix-user-chroot by lethalman"; cgit.section = "software"; }; krops = { -- cgit v1.2.3 From d6e1ca7e2884787018dd19bec994d093ebc846ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:02:27 +0200 Subject: l websites domsen: serve www.freemonkey.art --- lass/2configs/websites/domsen.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4e8361a17..e4f50e2d1 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,10 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "freemonkey.art" ]) + (servePage [ + "freemonkey.art" + "www.freemonkey.art" + ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" -- cgit v1.2.3 From d7d39081d0c3866696e38fb42ae7e2ae28f28c69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:21 +0200 Subject: l prism.r: open ports for mosh --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d6d1ce2e4..61d147c5f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -321,6 +321,11 @@ with import ; ]; }; } + { + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 0a070688e839556039a634cd354235449e5f24d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:53 +0200 Subject: l baseX: add ag to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a387f2c5d..afdefaa45 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -68,6 +68,7 @@ in { environment.systemPackages = with pkgs; [ acpi + ag bank cabal2nix dic -- cgit v1.2.3 From 5b2c6b9c29494b53ff80c61b7b4fff0ee5d040e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:05:26 +0200 Subject: l: remove xerxes from authorizedKeys --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ed97b4897..a43113177 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,7 +23,6 @@ with import ; config.krebs.users.lass-blue.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey - config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { -- cgit v1.2.3 From 9b389fd6644a71c0fb8fdc7764727d771d54e221 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Jun 2018 15:45:12 +0200 Subject: Revert "l prism.r: remove unnecessary iptables forward" This reverts commit e34ca32676d1fe6a4aab3cca1518b111a36ef8cd. --- lass/1systems/prism/config.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 61d147c5f..9a0bb49e9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,6 +293,21 @@ with import ; }; }; } + { #weechat port forwarding to blue + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } + ]; + } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.2.3 From c01b6860809fb455c060e143c596590f61fc62c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Jun 2018 18:43:12 +0200 Subject: github krebscode -> krebs --- lass/2configs/repo-sync.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 1cf22552c..615f5a728 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -126,8 +126,8 @@ in { (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") - (sync-remote "painload" "https://github.com/krebscode/painload") - (sync-remote "Reaktor" "https://github.com/krebscode/Reaktor") + (sync-remote "painload" "https://github.com/krebs/painload") + (sync-remote "Reaktor" "https://github.com/krebs/Reaktor") (sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git") (sync-retiolum "go") (sync-retiolum "much") -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/45300000.lock: No such file or directory (2)