From dede52e436625471e905360d4d78d5a9c5d6fe81 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Sep 2017 13:05:34 +0200 Subject: ma x: steam is now a tool --- makefu/1systems/x/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index faa29f3db..892eb1095 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -56,7 +56,6 @@ with import ; - # # Hardware -- cgit v1.3.1 From 2b4d7d951299d7dada001476872d809310f40810 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:02:28 +0200 Subject: ma gum.r: disable torrent --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 934bfa685..2f288e708 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,7 +40,7 @@ in { # services - + # -- cgit v1.3.1 From ad06126dcedfd5f28a3b64f2df2f32428f933a08 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Sep 2017 16:39:58 +0200 Subject: ma omo.r: enable telegraf --- makefu/1systems/omo/config.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu/1systems') diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4c93a7a3e..32cd3f900 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -60,6 +60,7 @@ in { # logs to influx + # services @@ -77,6 +78,9 @@ in { ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload + + # Temporary: + ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; -- cgit v1.3.1 From 7db4c634fc266d25ac80f2545c6c77d5b4d28708 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:29:26 +0200 Subject: ma latte.r: init --- krebs/3modules/makefu/default.nix | 33 ++++++++++++++++++++++++ makefu/1systems/latte/config.nix | 53 +++++++++++++++++++++++++++++++++++++++ makefu/1systems/latte/source.nix | 3 +++ 3 files changed, 89 insertions(+) create mode 100644 makefu/1systems/latte/config.nix create mode 100644 makefu/1systems/latte/source.nix (limited to 'makefu/1systems') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 6e0e876b8..a34c8cd97 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -78,6 +78,37 @@ with import ; }; }; }; + latte = rec { + ci = true; + cores = 1; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + nets = { + internet = { + ip4.addr = "185.215.224.160"; + aliases = [ + "latte.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.80.249"; + ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; + aliases = [ + "latte.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU + 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo + r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf + 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 + GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 + vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { ci = true; @@ -460,6 +491,8 @@ with import ; ''; }; }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix new file mode 100644 index 000000000..d532f216f --- /dev/null +++ b/makefu/1systems/latte/config.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: +let + + # external-ip = config.krebs.build.host.nets.internet.ip4.addr; + # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + # default-gw = "185.215.224.1"; + # prefixLength = 24; + # external-mac = "46:5b:fc:f4:44:c9"; + # ext-if = "et0"; +in { + + imports = [ + + # configure your hw: + + + + + # Security + + + + # Tools + + + + # Services + + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.latte; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.copyKernels = true; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + # network interface receives dhcp address + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix new file mode 100644 index 000000000..d997fb3f0 --- /dev/null +++ b/makefu/1systems/latte/source.nix @@ -0,0 +1,3 @@ +import { + name="latte"; +} -- cgit v1.3.1 From e2a8aab44294584d185b6501cede7857c0529d36 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:37:24 +0200 Subject: ma: enable remote-build on gum,omo - x is master --- makefu/1systems/gum/config.nix | 8 +++++++- makefu/1systems/omo/config.nix | 2 ++ makefu/1systems/x/config.nix | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 2f288e708..e1357ff01 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,10 +40,11 @@ in { # services - # + + ## Web @@ -74,6 +75,9 @@ in { # + # Temporary: + + ]; makefu.dl-dir = "/var/download"; @@ -143,6 +147,8 @@ in { 53589 # temp vnc 18001 + # temp reverseshell + 31337 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 32cd3f900..a22ff10bd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -65,6 +65,8 @@ in { # services + + # security diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 892eb1095..443f912d8 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -57,6 +57,7 @@ with import ; # + # Hardware -- cgit v1.3.1 From aa273ee8802c7de6283e0bea2a7624bf099d251d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:38:08 +0200 Subject: ma wbob: enable extended logging --- makefu/1systems/wbob/config.nix | 106 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 104 insertions(+), 2 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b776b49d6..3a53b70cb 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -25,7 +25,9 @@ in { # # - ]; + # Services + + ]; krebs = { enable = true; @@ -33,10 +35,48 @@ in { }; swapDevices = [ { device = "/var/swap"; } ]; + services.collectd.extraConfig = lib.mkAfter '' + #LoadPlugin ping + # does not work because it requires privileges + # + # Host "google.de" + # Host "heise.de" + # + + LoadPlugin curl + + TotalTime true + NamelookupTime true + ConnectTime true + + + MeasureResponseTime true + MeasureResponseCode true + URL "https://google.de" + + + + MeasureResponseTime true + MeasureResponseCode true + URL "http://web.de" + + + + #LoadPlugin netlink + # + # Interface "enp0s25" + # Interface "wlp2s0" + # IgnoreSelected false + # + ''; networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.allowedTCPPorts = [ + 655 + 8081 #smokeping + 49152 + ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; @@ -90,4 +130,66 @@ in { serverAddress = "x.r"; }; }; + security.wrappers.fping = { + source = "${pkgs.fping}/bin/fping"; + setuid = true; + }; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = Top + title = Network Latency Grapher + remark = Welcome to this SmokePing website. + + + network + menu = Net latency + title = Network latency (ICMP pings) + + ++ google + probe = FPing + host = google.de + ++ webde + probe = FPing + host = web.de + + + services + menu = Service latency + title = Service latency (DNS, HTTP) + + ++ HTTP + menu = HTTP latency + title = Service latency (HTTP) + + +++ webdeping + probe = EchoPingHttp + host = web.de + + +++ googwebping + probe = EchoPingHttp + host = google.de + + #+++ webwww + #probe = Curl + #host = web.de + + #+++ googwebwww + #probe = Curl + #host = google.de + ''; + probeConfig = '' + + FPing + binary = /run/wrappers/bin/fping + + EchoPingHttp + pings = 5 + url = / + + #+ Curl + ## probe-specific variables + #binary = ${pkgs.curl}/bin/curl + #step = 60 + ## a default for this target-specific variable + #urlformat = http://%host%/ + ''; + }; } -- cgit v1.3.1 From 5b536e2d311ae6beea7f7e73115c3a061d523a59 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:19 +0200 Subject: ma irc: ni.r -> irc.r --- makefu/1systems/pnp/config.nix | 3 ++- makefu/2configs/git/brain-retiolum.nix | 2 +- makefu/2configs/git/cgit-retiolum.nix | 2 +- makefu/2configs/stats/server.nix | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 5fbaaabc7..47fa74c00 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -34,7 +34,8 @@ krebs.Reaktor.debug = { debug = true; extraEnviron = { - REAKTOR_HOST = "ni.r"; + # TODO: remove hard-coded server + REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; channels = [ "#retiolum" ]; diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 05754dc7f..b913f3056 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -21,7 +21,7 @@ let verbose = true; channel = "#retiolum"; # TODO remove the hardcoded hostname - server = "ni.r"; + server = "irc.r"; }; }; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5604383e7..5d46cabb3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -59,7 +59,7 @@ let verbose = config.krebs.build.host.name == "gum"; channel = "#retiolum"; # TODO remove the hardcoded hostname - server = "ni.r"; + server = "irc.r"; }; }; }; diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index bb91b4478..7548c733e 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,7 +2,7 @@ with import ; let - irc-server = "ni.r"; + irc-server = "rc.r"; irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; -- cgit v1.3.1 From 0fe3f562d7dc66dc4dcf39522fc17ccce6ee30b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:48 +0200 Subject: ma cake.r: init --- krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++++++ makefu/1systems/cake/config.nix | 20 ++++++++++++++++++++ makefu/1systems/cake/source.nix | 3 +++ 3 files changed, 48 insertions(+) create mode 100644 makefu/1systems/cake/config.nix create mode 100644 makefu/1systems/cake/source.nix (limited to 'makefu/1systems') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a34c8cd97..d80935683 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,6 +4,31 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + cake = rec { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.136.236"; + ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; + aliases = [ + "cake.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu + jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ + MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq + 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 + 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP + MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; + }; drop = rec { ci = true; cores = 1; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix new file mode 100644 index 000000000..0630d19ad --- /dev/null +++ b/makefu/1systems/cake/config.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + imports = [ + + # configure your hw: + # + # + # { + name="cake"; +} \ No newline at end of file -- cgit v1.3.1 From b01385c974dd3f4a9cbf0e7e992e960cd9ebf295 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:28:34 +0200 Subject: ma: #retiolum -> #xxx --- makefu/1systems/pnp/config.nix | 2 +- makefu/2configs/git/brain-retiolum.nix | 2 +- makefu/2configs/git/cgit-retiolum.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu/1systems') diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 47fa74c00..6c9fc0606 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -38,7 +38,7 @@ REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; - channels = [ "#retiolum" ]; + channels = [ "#xxx" ]; }; krebs.build.host = config.krebs.hosts.pnp; diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index b913f3056..3be3fccef 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -19,7 +19,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = true; - channel = "#retiolum"; + channel = "#xxx"; # TODO remove the hardcoded hostname server = "irc.r"; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5d46cabb3..ed890fe40 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -57,7 +57,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = config.krebs.build.host.name == "gum"; - channel = "#retiolum"; + channel = "#xxx"; # TODO remove the hardcoded hostname server = "irc.r"; }; -- cgit v1.3.1