From 2e7f0ada013810e577944434f42000313befe549 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 7 Jun 2018 08:24:56 +0200 Subject: l: kops -> krops --- lass/1systems/blue/config.nix | 8 ++++++++ lass/1systems/mors/config.nix | 8 -------- lass/kops.nix | 35 ----------------------------------- lass/krops.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 50 insertions(+), 43 deletions(-) delete mode 100644 lass/kops.nix create mode 100644 lass/krops.nix (limited to 'lass') diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index aef055cf0..a84bb37f6 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -12,6 +12,14 @@ with import ; krebs.build.host = config.krebs.hosts.blue; + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; + }; + networking.nameservers = [ "1.1.1.1" ]; lass.restic = genAttrs [ diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index de6963eb5..97e69146e 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -140,14 +140,6 @@ with import ; OnCalendar = "00:37"; }; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' - set -eu - export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - }; - nix.package = pkgs.nixUnstable; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; diff --git a/lass/kops.nix b/lass/kops.nix deleted file mode 100644 index 2dda0e8fb..000000000 --- a/lass/kops.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ name }: let - inherit (import ../krebs/kops.nix { inherit name; }) - krebs-source - lib - pkgs - ; - - source = { test }: lib.evalSource [ - krebs-source - { - nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - secrets = if test then { - file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; - } else { - pass = { - dir = "${lib.getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - } - ]; - -in { - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.kops.writeDeploy "${name}-deploy" { - source = source { test = false; }; - target = "root@${name}/var/src"; - }; - - # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) - test = pkgs.kops.writeTest "${name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; - }; -} diff --git a/lass/krops.nix b/lass/krops.nix new file mode 100644 index 000000000..776a3a55d --- /dev/null +++ b/lass/krops.nix @@ -0,0 +1,42 @@ +{ config ? config, name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; + secrets = if test then { + file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + }; + + ci = map (host: + pkgs.krops.writeTest "${host.name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; + } + ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); +} -- cgit v1.3.1 From bc0cd03da463c9cf67ba47b034bbbe32d9391beb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:57:52 +0200 Subject: move Reaktor|krebs from prism to hotdog --- krebs/1systems/hotdog/config.nix | 1 + lass/1systems/prism/config.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index dc13b03a8..18b751a7e 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -14,6 +14,7 @@ + ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7a9537b64..285dbfa9d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -175,7 +175,6 @@ with import ; alias /var/realwallpaper/realwallpaper.png; ''; } - { users.users.jeschli = { -- cgit v1.3.1 From e34ca32676d1fe6a4aab3cca1518b111a36ef8cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:14 +0200 Subject: l prism.r: remove unnecessary iptables forward --- lass/1systems/prism/config.nix | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 285dbfa9d..d6d1ce2e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,21 +293,6 @@ with import ; }; }; } - { #weechat port forwarding to blue - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } - ]; - } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.3.1 From 7b51fac2c52f2d61e024f54be621b0e5b5066dfb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:55 +0200 Subject: l blue: add ag & nmap to pkgs --- lass/2configs/blue.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index c0417b865..363705edc 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -9,6 +9,11 @@ with (import ); ./pass.nix ]; + environment.systemPackages = with pkgs; [ + ag + nmap + ]; + services.tor.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ -- cgit v1.3.1 From 263f150c1bde465a5bd66c40c1ff0fe02e47ed3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:01:33 +0200 Subject: l git: fix typo --- lass/2configs/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index e41ff606f..72cfd5e75 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -54,7 +54,7 @@ let cgit.section = "art"; }; nix-user-chroot = { - cgit.desc = "Fork of nix-user-chroot my lethalman"; + cgit.desc = "Fork of nix-user-chroot by lethalman"; cgit.section = "software"; }; krops = { -- cgit v1.3.1 From d6e1ca7e2884787018dd19bec994d093ebc846ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:02:27 +0200 Subject: l websites domsen: serve www.freemonkey.art --- lass/2configs/websites/domsen.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4e8361a17..e4f50e2d1 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,10 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "freemonkey.art" ]) + (servePage [ + "freemonkey.art" + "www.freemonkey.art" + ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" -- cgit v1.3.1 From d7d39081d0c3866696e38fb42ae7e2ae28f28c69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:21 +0200 Subject: l prism.r: open ports for mosh --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d6d1ce2e4..61d147c5f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -321,6 +321,11 @@ with import ; ]; }; } + { + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.3.1 From 0a070688e839556039a634cd354235449e5f24d3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:53 +0200 Subject: l baseX: add ag to pkgs --- lass/2configs/baseX.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index a387f2c5d..afdefaa45 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -68,6 +68,7 @@ in { environment.systemPackages = with pkgs; [ acpi + ag bank cabal2nix dic -- cgit v1.3.1 From 5b2c6b9c29494b53ff80c61b7b4fff0ee5d040e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:05:26 +0200 Subject: l: remove xerxes from authorizedKeys --- lass/2configs/default.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index ed97b4897..a43113177 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -23,7 +23,6 @@ with import ; config.krebs.users.lass-blue.pubkey config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-icarus.pubkey - config.krebs.users.lass-xerxes.pubkey ]; }; mainUser = { -- cgit v1.3.1 From 9b389fd6644a71c0fb8fdc7764727d771d54e221 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Jun 2018 15:45:12 +0200 Subject: Revert "l prism.r: remove unnecessary iptables forward" This reverts commit e34ca32676d1fe6a4aab3cca1518b111a36ef8cd. --- lass/1systems/prism/config.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 61d147c5f..9a0bb49e9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,6 +293,21 @@ with import ; }; }; } + { #weechat port forwarding to blue + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } + ]; + } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.3.1 From c01b6860809fb455c060e143c596590f61fc62c5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 12 Jun 2018 18:43:12 +0200 Subject: github krebscode -> krebs --- krebs/2configs/news-spam.nix | 2 +- krebs/2configs/news.nix | 4 ++-- krebs/5pkgs/simple/buildbot-classic/default.nix | 2 +- krebs/5pkgs/simple/painload/default.nix | 2 +- krebs/5pkgs/simple/repo-sync/default.nix | 2 +- krebs/5pkgs/simple/retiolum-bootstrap/default.nix | 4 ++-- krebs/5pkgs/simple/thesauron/default.nix | 2 +- lass/2configs/repo-sync.nix | 4 ++-- makefu/5pkgs/elchhub/default.nix | 4 ++-- 9 files changed, 13 insertions(+), 13 deletions(-) (limited to 'lass') diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 69c503bf9..a3f39b40e 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -94,7 +94,7 @@ [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews - [SPAM]painload|https://github.com/krebscode/painload/commits/master.atom|#snews + [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews [SPAM]phys|http://phys.org/rss-feed/|#snews [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 49a5e3459..6c59f4d84 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -8,7 +8,7 @@ ethereum|http://blog.ethereum.org/feed|#news LtU|http://lambda-the-ultimate.org/rss.xml|#news mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news - painload|https://github.com/krebscode/painload/commits/master.atom|#news + painload|https://github.com/krebs/painload/commits/master.atom|#news reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news reddit_nix|http://www.reddit.com/r/nixos/.rss|#news shackspace|http://shackspace.de/atom.xml|#news @@ -16,7 +16,7 @@ vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news weechat|http://dev.weechat.org/feed/atom|#news xkcd|https://xkcd.com/rss.xml|#news - painload|https://github.com/krebscode/painload/commits/master.atom|#news + painload|https://github.com/krebs/painload/commits/master.atom|#news ''; }; } diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 3cb691f53..e6bafbd25 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -7,7 +7,7 @@ python2Packages.buildPythonApplication rec { patches = []; src = fetchFromGitHub { - owner = "krebscode"; + owner = "krebs"; repo = "buildbot-classic"; rev = version; sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; diff --git a/krebs/5pkgs/simple/painload/default.nix b/krebs/5pkgs/simple/painload/default.nix index 136ec4394..3b1c83b42 100644 --- a/krebs/5pkgs/simple/painload/default.nix +++ b/krebs/5pkgs/simple/painload/default.nix @@ -1,7 +1,7 @@ { fetchgit, ... }: fetchgit { - url = https://github.com/krebscode/painload; + url = https://github.com/krebs/painload; rev = "c113487f73713a03b1a139b22bb34b86234d0495"; sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6"; } diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 20326901d..8393cd79f 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -10,7 +10,7 @@ with python3Packages; buildPythonPackage rec { pkgs.git ]; src = fetchFromGitHub { - owner = "krebscode"; + owner = "krebs"; repo = "repo-sync"; rev = version; sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; diff --git a/krebs/5pkgs/simple/retiolum-bootstrap/default.nix b/krebs/5pkgs/simple/retiolum-bootstrap/default.nix index 331b1cb7f..c0651f627 100644 --- a/krebs/5pkgs/simple/retiolum-bootstrap/default.nix +++ b/krebs/5pkgs/simple/retiolum-bootstrap/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { src = fetchurl { - url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh; + url = https://raw.githubusercontent.com/krebs/painload/master/retiolum/scripts/tinc_setup/new_install.sh; sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s"; }; @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { meta = { description = "Retiolum boostrap scripts"; - url = https://github.com/krebscode/painload; + url = https://github.com/krebs/painload; license = licenses.wtfpl; platforms = platforms.unix; maintainers = with maintainers; [ makefu ]; diff --git a/krebs/5pkgs/simple/thesauron/default.nix b/krebs/5pkgs/simple/thesauron/default.nix index 99ab2b728..d543319f2 100644 --- a/krebs/5pkgs/simple/thesauron/default.nix +++ b/krebs/5pkgs/simple/thesauron/default.nix @@ -1,6 +1,6 @@ { fetchgit, callPackage }: let src = fetchgit { - url = "https://github.com/krebscode/thesauron"; + url = "https://github.com/krebs/thesauron"; rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5"; "sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva"; }; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 1cf22552c..615f5a728 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -126,8 +126,8 @@ in { (sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") - (sync-remote "painload" "https://github.com/krebscode/painload") - (sync-remote "Reaktor" "https://github.com/krebscode/Reaktor") + (sync-remote "painload" "https://github.com/krebs/painload") + (sync-remote "Reaktor" "https://github.com/krebs/Reaktor") (sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git") (sync-retiolum "go") (sync-retiolum "much") diff --git a/makefu/5pkgs/elchhub/default.nix b/makefu/5pkgs/elchhub/default.nix index 76ba834ab..df5777135 100644 --- a/makefu/5pkgs/elchhub/default.nix +++ b/makefu/5pkgs/elchhub/default.nix @@ -22,13 +22,13 @@ in buildPythonPackage rec { ]; doCheck = false; src = fetchFromGitHub { - owner = "krebscode"; + owner = "krebs"; repo = "elchhub"; rev = "58707c6"; sha256 = "04spbcr660dxyc4jvrai094na25zizd2cfi36jz19lahb0k66lqm"; }; meta = { - homepage = https://github.com/krebscode/elchhub; + homepage = https://github.com/krebs/elchhub; description = "elchhub"; license = lib.licenses.wtfpl; }; -- cgit v1.3.1