From 070d282df215eb891f298ef2e3c147a78e139119 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 10:25:35 +0200 Subject: l nixpkgs: 2e983f1 -> d72efac --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 151242e45..f5a3bbf88 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "2e983f1"; + ref = "d72efac"; }; } -- cgit v1.2.3 From a543ef02ce6f2565823d56ae3bfed4794db15392 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 10 Jul 2017 19:49:14 +0200 Subject: l wine: add user to video group --- lass/2configs/wine.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index ee688e18c..d4a91e645 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -13,7 +13,10 @@ in { description = "user for running wine"; home = "/home/wine"; useDefaultShell = true; - extraGroups = [ "audio" ]; + extraGroups = [ + "audio" + "video" + ]; createHome = true; }; }; -- cgit v1.2.3 From 2ff81c4a0d81e8387925dfcc66685e7206c131cf Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:07:22 +0200 Subject: l mail: use reverse_names --- lass/2configs/mail.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index e39c09b84..9a3c4e829 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -43,10 +43,14 @@ let set nm_record = yes set nm_record_tags = "-inbox me archive" set virtual_spoolfile=yes # enable virtual folders - set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail + + + set sendmail="${msmtp}/bin/msmtp" # enables parsing of outgoing mail set from="lassulus@lassul.us" + alternates ^.*@lassul\.us$ ^.*@.*\.r$ set use_from=yes set envelope_from=yes + set reverse_name set sort=threads -- cgit v1.2.3 From 9215b5b6880c833721caa7572b7480c7912d7fd6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 00:08:05 +0200 Subject: l mail: show recipent in mutt index --- lass/2configs/mail.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9a3c4e829..6555b1b45 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -54,7 +54,15 @@ let set sort=threads - set index_format="%4C %Z %?GI?%GI& ? %[%d/%b] %-16.15F %?M?(%3M)& ? %s %> %?g?%g?" + set index_format="${pkgs.writeDash "mutt-index" '' + # http://www.mutt.org/doc/manual/#formatstrings + recipent="$(echo $1 | sed 's/.*<\([^>]*\).*/\1/')" + # output to mutt + # V + echo "%4C %Z %?GI?%GI& ? %[%d/%b] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + # args to mutt-index dash script + # V + ''} %r |" virtual-mailboxes \ "INBOX" "notmuch://?query=tag:inbox and NOT tag:killed"\ -- cgit v1.2.3 From 3363a8746c9152709abcd5adbbcdc00c2df0ff39 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Jul 2017 11:26:24 +0200 Subject: move source config from module system to 1systems/*/source.nix --- lass/1systems/cloudkrebs.nix | 35 ----- lass/1systems/cloudkrebs/config.nix | 34 +++++ lass/1systems/cloudkrebs/source.nix | 3 + lass/1systems/dishfire.nix | 97 ------------ lass/1systems/dishfire/config.nix | 96 ++++++++++++ lass/1systems/dishfire/source.nix | 3 + lass/1systems/echelon.nix | 70 --------- lass/1systems/echelon/config.nix | 65 ++++++++ lass/1systems/echelon/source.nix | 3 + lass/1systems/icarus.nix | 61 -------- lass/1systems/icarus/config.nix | 60 ++++++++ lass/1systems/icarus/source.nix | 4 + lass/1systems/iso.nix | 11 +- lass/1systems/mors.nix | 195 ------------------------ lass/1systems/mors/config.nix | 194 +++++++++++++++++++++++ lass/1systems/mors/source.nix | 4 + lass/1systems/prism.nix | 296 ------------------------------------ lass/1systems/prism/config.nix | 292 +++++++++++++++++++++++++++++++++++ lass/1systems/prism/source.nix | 3 + lass/1systems/shodan.nix | 108 ------------- lass/1systems/shodan/config.nix | 108 +++++++++++++ lass/1systems/shodan/source.nix | 3 + lass/1systems/uriel.nix | 100 ------------ lass/1systems/uriel/config.nix | 100 ++++++++++++ lass/1systems/uriel/source.nix | 3 + lass/2configs/default.nix | 12 +- lass/2configs/nixpkgs.nix | 8 - lass/source.nix | 24 +++ 28 files changed, 1005 insertions(+), 987 deletions(-) delete mode 100644 lass/1systems/cloudkrebs.nix create mode 100644 lass/1systems/cloudkrebs/config.nix create mode 100644 lass/1systems/cloudkrebs/source.nix delete mode 100644 lass/1systems/dishfire.nix create mode 100644 lass/1systems/dishfire/config.nix create mode 100644 lass/1systems/dishfire/source.nix delete mode 100644 lass/1systems/echelon.nix create mode 100644 lass/1systems/echelon/config.nix create mode 100644 lass/1systems/echelon/source.nix delete mode 100644 lass/1systems/icarus.nix create mode 100644 lass/1systems/icarus/config.nix create mode 100644 lass/1systems/icarus/source.nix delete mode 100644 lass/1systems/mors.nix create mode 100644 lass/1systems/mors/config.nix create mode 100644 lass/1systems/mors/source.nix delete mode 100644 lass/1systems/prism.nix create mode 100644 lass/1systems/prism/config.nix create mode 100644 lass/1systems/prism/source.nix delete mode 100644 lass/1systems/shodan.nix create mode 100644 lass/1systems/shodan/config.nix create mode 100644 lass/1systems/shodan/source.nix delete mode 100644 lass/1systems/uriel.nix create mode 100644 lass/1systems/uriel/config.nix create mode 100644 lass/1systems/uriel/source.nix delete mode 100644 lass/2configs/nixpkgs.nix create mode 100644 lass/source.nix (limited to 'lass') diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix deleted file mode 100644 index e65b13d00..000000000 --- a/lass/1systems/cloudkrebs.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/git.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - ]; - - krebs.build.host = config.krebs.hosts.cloudkrebs; -} diff --git a/lass/1systems/cloudkrebs/config.nix b/lass/1systems/cloudkrebs/config.nix new file mode 100644 index 000000000..aa9a1f1ab --- /dev/null +++ b/lass/1systems/cloudkrebs/config.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import { inherit pkgs lib; }) getDefaultGateway; + ip = config.krebs.build.host.nets.internet.ip4.addr; +in { + imports = [ + + + + + + + + { + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.cloudkrebs; +} diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix new file mode 100644 index 000000000..99e71e755 --- /dev/null +++ b/lass/1systems/cloudkrebs/source.nix @@ -0,0 +1,3 @@ +import { + name = "cloudkrebs"; +} diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix deleted file mode 100644 index e12367aca..000000000 --- a/lass/1systems/dishfire.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ../. - ../2configs/retiolum.nix - - #../2configs/exim-retiolum.nix - ../2configs/git.nix - { - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - } - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - ../2configs/websites/fritz.nix - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..416edeb82 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + { + boot.loader.grub = { + device = "/dev/vda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "ehci_pci" + "uhci_hcd" + "virtio_pci" + "virtio_blk" + ]; + + fileSystems."/" = { + device = "/dev/mapper/pool-nix"; + fsType = "ext4"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/srv_http"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + fileSystems."/bku" = { + device = "/dev/pool/bku"; + fsType = "ext4"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + "eth*" + ]; + } + { + sound.enable = false; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + imports = [ + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + #TODO: abstract & move to own file + krebs.exim-smarthost = { + enable = true; + relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ + config.krebs.hosts.mors + config.krebs.hosts.uriel + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "lass"; } + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 000000000..2445af130 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import { + name = "dishfire"; +} diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix deleted file mode 100644 index da8864011..000000000 --- a/lass/1systems/echelon.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - - ip = config.krebs.build.host.nets.internet.ip4.addr; -in { - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - ../2configs/git.nix - #../2configs/redis.nix - ../2configs/go.nix - ../2configs/ircd.nix - ../2configs/newsbot-js.nix - { - networking.interfaces.enp2s1.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = getDefaultGateway ip; - networking.nameservers = [ - "8.8.8.8" - ]; - - } - { - sound.enable = false; - } - { - imports = [ - ../3modules/dnsmasq.nix - ]; - lass.dnsmasq = { - enable = true; - config = '' - interface=retiolum - ''; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } - ]; - } - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" - ]; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.echelon; -} diff --git a/lass/1systems/echelon/config.nix b/lass/1systems/echelon/config.nix new file mode 100644 index 000000000..f064a4788 --- /dev/null +++ b/lass/1systems/echelon/config.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import { inherit pkgs lib; }) getDefaultGateway; + ip = config.krebs.build.host.nets.internet.ip4.addr; +in { + imports = [ + + + + + + + + + + + { + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + sound.enable = false; + } + { + lass.dnsmasq = { + enable = true; + config = '' + interface=retiolum + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p udp --dport 53"; target = "ACCEPT"; } + ]; + } + { + users.extraUsers = { + satan = { + name = "satan"; + uid = 1338; + home = "/home/satan"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+l3ajjOd80uJBM8oHO9HRbtA5hK6hvrpxxnk7qWW7OloT9IXcoM8bbON755vK0O6XyxZo1JZ1SZ7QIaOREGVIRDjcbJbqD3O+nImc6Rzxnrz7hvE+tuav9Yylwcw5HeQi82UIMGTEAwMHwLvsW6R/xyMCuOTbbzo9Ib8vlJ8IPDECY/05RhL7ZYFR0fdphI7jq7PobnO8WEpCZDhMvSYjO9jf3ac53wyghT3gH7AN0cxTR9qgQlPHhTbw+nZEI0sUKtrIhjfVE80wgK3NQXZZj7YAplRs/hYwSi7i8V0+8CBt2epc/5RKnJdDHFQnaTENq9kYQPOpUCP6YUwQIo8X nineinchnade@gmail.com" + ]; + }; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.echelon; +} diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix new file mode 100644 index 000000000..96888d5a8 --- /dev/null +++ b/lass/1systems/echelon/source.nix @@ -0,0 +1,3 @@ +import { + name = "echelon"; +} diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix deleted file mode 100644 index 13c517e3b..000000000 --- a/lass/1systems/icarus.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/baseX.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/games.nix - ]; - - krebs.build.host = config.krebs.hosts.icarus; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - loader.grub.efiSupport = true; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda2"; - }; - #"/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - #}; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; -} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix new file mode 100644 index 000000000..791ce0f46 --- /dev/null +++ b/lass/1systems/icarus/config.nix @@ -0,0 +1,60 @@ +{ config, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.icarus; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; +} diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix new file mode 100644 index 000000000..5b46a44f3 --- /dev/null +++ b/lass/1systems/icarus/source.nix @@ -0,0 +1,4 @@ +import { + name = "icarus"; + secure = true; +} diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index b45d5b228..820ef74b8 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -4,12 +4,11 @@ with import ; { imports = [ - ../../krebs - ../3modules - ../5pkgs - ../2configs/mc.nix - ../2configs/nixpkgs.nix - ../2configs/vim.nix + + + + + { # /dev/stderr doesn't work. I don't know why # /proc/self doesn't seem to work correctly diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix deleted file mode 100644 index 0bfd54515..000000000 --- a/lass/1systems/mors.nix +++ /dev/null @@ -1,195 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/exim-retiolum.nix - ../2configs/programs.nix - ../2configs/bitcoin.nix - ../2configs/browsers.nix - ../2configs/games.nix - ../2configs/pass.nix - ../2configs/elster.nix - ../2configs/steam.nix - ../2configs/wine.nix - ../2configs/git.nix - ../2configs/virtualbox.nix - ../2configs/fetchWallpaper.nix - #../2configs/c-base.nix - ../2configs/mail.nix - ../2configs/repo-sync.nix - ../2configs/ircd.nix - ../2configs/logf.nix - ../2configs/syncthing.nix - { - #risk of rain port - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - ]; - } - { - services.elasticsearch = { - enable = true; - }; - } - { - #zalando project - services.postgresql = { - enable = true; - package = pkgs.postgresql; - }; - virtualisation.docker.enable = true; - #users.users.mainUser.extraGroups = [ "docker" ]; - } - { - lass.umts = { - enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; - initstrings = '' - Init1 = AT+CFUN=1 - Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 - ''; - }; - } - { - services.nginx = { - enable = true; - virtualHosts.default = { - serverAliases = [ - "localhost" - "${config.krebs.build.host.name}" - "${config.krebs.build.host.name}.r" - ]; - locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' - alias /home/$1/public_html$2; - ''; - }; - }; - } - { - services.redis.enable = true; - } - { - environment.systemPackages = [ - pkgs.ovh-zone - ]; - } - { - #ps vita stuff - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - } - { - services.tor = { - enable = true; - client.enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.mors; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - loader.grub.efiSupport = true; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/pool-root"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/boot" = { - device = "/dev/sda2"; - }; - #"/bku" = { - # device = "/dev/mapper/pool-bku"; - # fsType = "btrfs"; - # options = ["defaults" "noatime" "ssd" "compress=lzo"]; - #}; - "/home" = { - device = "/dev/mapper/pool-home"; - fsType = "btrfs"; - options = ["defaults" "noatime" "ssd" "compress=lzo"]; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" - ''; - - #TODO activationScripts seem broken, fix them! - #activationScripts - #split up and move into base - system.activationScripts.powertopTunables = '' - #Runtime PMs - echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' - echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' - ''; - - environment.systemPackages = with pkgs; [ - acronym - brain - cac-api - sshpass - get - teamspeak_client - hashPassword - urban - mk_sql_pair - remmina - thunderbird - - iodine - - macchanger - ]; - - #TODO: fix this shit - ##fprint stuff - ##sudo fprintd-enroll $USER to save fingerprints - #services.fprintd.enable = true; - #security.pam.services.sudo.fprintAuth = true; - - users.extraGroups = { - loot = { - members = [ - config.users.extraUsers.mainUser.name - "firefox" - "chromium" - "google" - "virtual" - ]; - }; - }; - - krebs.repo-sync.timerConfig = { - OnCalendar = "00:37"; - }; -} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix new file mode 100644 index 000000000..bb0a4e23e --- /dev/null +++ b/lass/1systems/mors/config.nix @@ -0,0 +1,194 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + + + + + + + + + + + + + + + + + + + + + { + #risk of rain port + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } + ]; + } + { + services.elasticsearch = { + enable = true; + }; + } + { + #zalando project + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + virtualisation.docker.enable = true; + #users.users.mainUser.extraGroups = [ "docker" ]; + } + { + lass.umts = { + enable = true; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + initstrings = '' + Init1 = AT+CFUN=1 + Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 + ''; + }; + } + { + services.nginx = { + enable = true; + virtualHosts.default = { + serverAliases = [ + "localhost" + "${config.krebs.build.host.name}" + "${config.krebs.build.host.name}.r" + ]; + locations."~ ^/~(.+?)(/.*)?\$".extraConfig = '' + alias /home/$1/public_html$2; + ''; + }; + }; + } + { + services.redis.enable = true; + } + { + environment.systemPackages = [ + pkgs.ovh-zone + ]; + } + { + #ps vita stuff + boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + } + { + services.tor = { + enable = true; + client.enable = true; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.mors; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/pool-root"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/boot" = { + device = "/dev/sda2"; + }; + #"/bku" = { + # device = "/dev/mapper/pool-bku"; + # fsType = "btrfs"; + # options = ["defaults" "noatime" "ssd" "compress=lzo"]; + #}; + "/home" = { + device = "/dev/mapper/pool-home"; + fsType = "btrfs"; + options = ["defaults" "noatime" "ssd" "compress=lzo"]; + }; + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:a0:0c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + ''; + + #TODO activationScripts seem broken, fix them! + #activationScripts + #split up and move into base + system.activationScripts.powertopTunables = '' + #Runtime PMs + echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.2/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1f.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1d.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.3/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1b.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1a.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:19.0/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.1/power/control' + echo 'auto' > '/sys/bus/pci/devices/0000:00:1c.4/power/control' + ''; + + environment.systemPackages = with pkgs; [ + acronym + brain + cac-api + sshpass + get + teamspeak_client + hashPassword + urban + mk_sql_pair + remmina + thunderbird + + iodine + + macchanger + ]; + + #TODO: fix this shit + ##fprint stuff + ##sudo fprintd-enroll $USER to save fingerprints + #services.fprintd.enable = true; + #security.pam.services.sudo.fprintAuth = true; + + users.extraGroups = { + loot = { + members = [ + config.users.extraUsers.mainUser.name + "firefox" + "chromium" + "google" + "virtual" + ]; + }; + }; + + krebs.repo-sync.timerConfig = { + OnCalendar = "00:37"; + }; +} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..a9dfa2eb6 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,4 @@ +import { + name = "mors"; + secure = true; +} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix deleted file mode 100644 index 531dec9df..000000000 --- a/lass/1systems/prism.nix +++ /dev/null @@ -1,296 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; - -let - ip = config.krebs.build.host.nets.internet.ip4.addr; - - inherit (import {inherit lib pkgs;}) - manageCerts - ; - -in { - imports = [ - ../. - { - networking.interfaces.et0.ip4 = [ - { - address = ip; - prefixLength = 24; - } - ]; - networking.defaultGateway = "213.239.205.225"; - networking.nameservers = [ - "8.8.8.8" - ]; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" - ''; - } - ../2configs/retiolum.nix - ../2configs/exim-smarthost.nix - ../2configs/downloading.nix - ../2configs/ts3.nix - ../2configs/bitlbee.nix - ../2configs/weechat.nix - ../2configs/privoxy-retiolum.nix - ../2configs/radio.nix - ../2configs/buildbot-standalone.nix - ../2configs/repo-sync.nix - ../2configs/binary-cache/server.nix - ../2configs/iodined.nix - ../2configs/libvirt.nix - ../2configs/hfos.nix - ../2configs/makefu-sip.nix - ../2configs/monitoring/server.nix - ../2configs/monitoring/monit-alarms.nix - ../2configs/paste.nix - ../2configs/syncthing.nix - ../2configs/coders-irc.nix - ../2configs/ciko.nix - { - lass.pyload.enable = true; - } - { - imports = [ - ../2configs/bepasty.nix - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } - { - boot.loader.grub = { - devices = [ - "/dev/sda" - "/dev/sdb" - ]; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "vmw_pvscsi" - ]; - - fileSystems."/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; - }; - - fileSystems."/var/download" = { - device = "/dev/pool/download"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/http"; - }; - - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; - }; - - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - - } - { - sound.enable = false; - } - { - nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" - ]; - } - { - time.timeZone = "Europe/Berlin"; - } - { - imports = [ - ../2configs/websites/domsen.nix - ../2configs/websites/lassulus.nix - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - ../2configs/realwallpaper.nix - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - users.users.tv = { - uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - krebs.repo-sync.repos.nixpkgs.timerConfig = { - OnBootSec = "90min"; - OnUnitInactiveSec = "24h"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - { - # Nin stuff - users.users.nin = { - uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.nin.pubkey - ]; - extraGroups = [ - "libvirtd" - ]; - }; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } - ]; - } - { - krebs.Reaktor.prism = { - nickname = "Reaktor|lass"; - channels = [ "#retiolum" ]; - extraEnviron = { - REAKTOR_HOST = "ni.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ]; - }; - } - { - #stuff for dritter - users.extraUsers.dritter = { - name = "dritter"; - uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.prism; -} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix new file mode 100644 index 000000000..9faa4d473 --- /dev/null +++ b/lass/1systems/prism/config.nix @@ -0,0 +1,292 @@ +{ config, lib, pkgs, ... }: +with import ; + +let + ip = config.krebs.build.host.nets.internet.ip4.addr; + +in { + imports = [ + + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + } + + + + + + + + + + + + + + + + + + + + + + { + lass.pyload.enable = true; + } + { + imports = [ + + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + } + { + sound.enable = false; + } + { + nixpkgs.config.allowUnfree = true; + } + { + #stuff for juhulian + users.extraUsers.juhulian = { + name = "juhulian"; + uid = 1339; + home = "/home/juhulian"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } + { + environment.systemPackages = [ + pkgs.perlPackages.Plack + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} + ]; + } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" + ]; + } + { + time.timeZone = "Europe/Berlin"; + } + { + imports = [ + + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + services.tor = { + enable = true; + }; + } + { + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + + ]; + services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + users.users.tv = { + uid = genid "tv"; + inherit (config.krebs.users.tv) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; + } + { + krebs.repo-sync.timerConfig = { + OnBootSec = "15min"; + OnUnitInactiveSec = "90min"; + RandomizedDelaySec = "30min"; + }; + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; + krebs.repo-sync.repos.nixpkgs.timerConfig = { + OnBootSec = "90min"; + OnUnitInactiveSec = "24h"; + }; + } + { + lass.usershadow = { + enable = true; + }; + } + { + # Nin stuff + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + ]; + } + { + krebs.Reaktor.prism = { + nickname = "Reaktor|lass"; + channels = [ "#retiolum" ]; + extraEnviron = { + REAKTOR_HOST = "ni.r"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + ]; + }; + } + { + #stuff for dritter + users.extraUsers.dritter = { + name = "dritter"; + uid = genid "dritter"; + home = "/home/dritter"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "download" + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" + ]; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.prism; +} diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix new file mode 100644 index 000000000..557fbf509 --- /dev/null +++ b/lass/1systems/prism/source.nix @@ -0,0 +1,3 @@ +import { + name = "prism"; +} diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix deleted file mode 100644 index 044e2ccf8..000000000 --- a/lass/1systems/shodan.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ config, pkgs, ... }: - -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/wine.nix - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} - { - users.users.sokratess = { - uid = genid "sokratess"; - home = "/home/sokratess"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - password = "aidsballs"; - }; - krebs.per-user.sokratess.packages = [ - pkgs.firefox - pkgs.python27Packages.virtualenv - pkgs.python27Packages.ipython - pkgs.python27Packages.python - ]; - } - { - krebs.monit = let - echoToIrc = msg: - pkgs.writeDash "echo_irc" '' - set -euf - export LOGNAME=prism-alarm - ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null - ''; - in { - enable = true; - http.enable = true; - alarms = { - hfos = { - test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; - alarm = echoToIrc "test hfos failed"; - }; - }; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.shodan; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - "/bku" = { - device = "/dev/pool/bku"; - fsType = "btrfs"; - }; - }; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" - ''; -} diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix new file mode 100644 index 000000000..a68471aa0 --- /dev/null +++ b/lass/1systems/shodan/config.nix @@ -0,0 +1,108 @@ +{ config, pkgs, ... }: + +with import ; +{ + imports = [ + + + + + + + + + + + + #{ + # users.extraUsers = { + # root = { + # openssh.authorizedKeys.keys = map readFile [ + # ../../krebs/Zpubkeys/uriel.ssh.pub + # ]; + # }; + # }; + #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } + { + krebs.monit = let + echoToIrc = msg: + pkgs.writeDash "echo_irc" '' + set -euf + export LOGNAME=prism-alarm + ${pkgs.irc-announce}/bin/irc-announce \ + ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + ''; + in { + enable = true; + http.enable = true; + alarms = { + hfos = { + test = "${pkgs.curl}/bin/curl -sf --insecure 'https://hfos.hackerfleet.de'"; + alarm = echoToIrc "test hfos failed"; + }; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp -i retiolum --dport 9093"; target = "ACCEPT"; } + ]; + } + ]; + + krebs.build.host = config.krebs.hosts.shodan; + + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #kernelModules = [ "kvm-intel" "msr" ]; + }; + fileSystems = { + "/" = { + device = "/dev/pool/nix"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/sda1"; + }; + + "/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + "/bku" = { + device = "/dev/pool/bku"; + fsType = "btrfs"; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + ''; +} diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix new file mode 100644 index 000000000..be24ae2d5 --- /dev/null +++ b/lass/1systems/shodan/source.nix @@ -0,0 +1,3 @@ +import { + name = "shodan"; +} diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix deleted file mode 100644 index b84fec317..000000000 --- a/lass/1systems/uriel.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import ; -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix - { - # locke config - i18n.defaultLocale ="de_DE.UTF-8"; - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - users.users.locke = { - uid = genid "locke"; - home = "/home/locke"; - group = "users"; - createHome = true; - extraGroups = [ - "audio" - "networkmanager" - ]; - useDefaultShell = true; - }; - networking.networkmanager.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet - ]; - services.xserver.desktopManager.xfce = { - enable = true; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.uriel; - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - #kernelParams = [ - # "acpi.brightness_switch_enabled=0" - #]; - #loader.grub.enable = true; - #loader.grub.version = 2; - #loader.grub.device = "/dev/sda"; - - loader.systemd-boot.enable = true; - loader.timeout = 5; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/po