From c45cd788d2df7d14175de59d31506d970eb72382 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 15 Apr 2017 17:58:20 +0200 Subject: m: graphs -> graph --- makefu/2configs/deployment/graphs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/deployment/graphs.nix b/makefu/2configs/deployment/graphs.nix index 35a724f6a..b33ddece0 100644 --- a/makefu/2configs/deployment/graphs.nix +++ b/makefu/2configs/deployment/graphs.nix @@ -23,8 +23,8 @@ in { } ''; serverAliases = [ - "graphs.r" "graphs.retiolum" - "graphs.${hn}" "graphs.${hn}.retiolum" + "graph.r" + "graph.${hn}" "graph.${hn}.r" ]; }; anonymous = { -- cgit v1.2.3 From eeffa28de533a4a02f67f28ab789bbc89d084043 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:08:36 +0200 Subject: m: init syncthing for hosts --- makefu/1systems/fileleech.nix | 2 +- makefu/1systems/gum.nix | 5 +++-- makefu/1systems/omo.nix | 5 +++-- makefu/2configs/ipfs.nix | 5 +++++ makefu/2configs/syncthing.nix | 11 +++++++++++ 5 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 makefu/2configs/ipfs.nix create mode 100644 makefu/2configs/syncthing.nix (limited to 'makefu') diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix index 4f92c2b90..3aa5a54f8 100644 --- a/makefu/1systems/fileleech.nix +++ b/makefu/1systems/fileleech.nix @@ -32,7 +32,6 @@ in { ../2configs/elchos/log.nix ../2configs/elchos/search.nix ../2configs/elchos/stats.nix - ../2configs/stats-srv.nix ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -129,6 +128,7 @@ in { # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey + config.krebs.users.lass.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index c39997ebf..3186f8887 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -35,10 +35,12 @@ in { ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix + # ../2configs/ipfs.nix + ../2configs/syncthing.nix # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix - ../2configs/logging/central-logging-client.nix + # ../2configs/logging/central-logging-client.nix ]; services.smartd.devices = [ { device = "/dev/sda";} ]; @@ -79,7 +81,6 @@ in { ]; services.bitlbee.enable = true; systemd.services.bitlbee.environment.BITLBEE_DEBUG="1"; - # systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c # Hardware boot.loader.grub.device = "/dev/sda"; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 99303b604..ff34ee843 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -53,9 +53,10 @@ in { ../2configs/omo-share.nix ../2configs/tinc/retiolum.nix ../2configs/logging/central-stats-server.nix - ../2configs/logging/central-logging-server.nix + # ../2configs/logging/central-logging-server.nix ../2configs/logging/central-stats-client.nix - ../2configs/logging/central-logging-client.nix + ../2configs/syncthing.nix + # ../2configs/logging/central-logging-client.nix # ../2configs/torrent.nix diff --git a/makefu/2configs/ipfs.nix b/makefu/2configs/ipfs.nix new file mode 100644 index 000000000..cc07e063d --- /dev/null +++ b/makefu/2configs/ipfs.nix @@ -0,0 +1,5 @@ +{...}: +{ + services.ipfs.enable = true; + networking.firewall.allowedTCPPorts = [ 4001 ]; +} diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix new file mode 100644 index 000000000..6b758ea2d --- /dev/null +++ b/makefu/2configs/syncthing.nix @@ -0,0 +1,11 @@ +{...}: + +with import ; { + services.syncthing = { + enable = true; + openDefaultPorts = true; + useInotify = true; + group = "download"; + }; + users.extraGroups.download.gid = genid "download"; +} -- cgit v1.2.3 From ff038698d1dd68b5d4c512c2214198b5d975594c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:11:32 +0200 Subject: m 2 urxvtd: init --- makefu/1systems/x.nix | 3 ++- makefu/2configs/base-gui.nix | 5 ++++- makefu/2configs/urxvtd.nix | 21 +++++++++++++++++++++ makefu/5pkgs/awesomecfg/full.cfg | 2 +- 4 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/urxvtd.nix (limited to 'makefu') diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 9cedc04a8..51c9543ef 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -2,6 +2,7 @@ # # { config, pkgs, ... }: +with import ; { imports = @@ -78,7 +79,7 @@ }; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; + environment.systemPackages = [ pkgs.passwdqc-utils ]; virtualisation.docker.enable = true; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index ba4c551b3..1a19ab36b 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -16,7 +16,10 @@ let mainUser = config.krebs.build.user.name; in { - imports = [ ]; + imports = [ + ./urxvtd.nix + ]; + services.xserver = { enable = true; layout = "us"; diff --git a/makefu/2configs/urxvtd.nix b/makefu/2configs/urxvtd.nix new file mode 100644 index 000000000..286b87ab3 --- /dev/null +++ b/makefu/2configs/urxvtd.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +let + mainUser = config.krebs.build.user.name; +in { + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + before = [ "graphical.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = mainUser; + }; + }; + # TODO: sessionCommands from base-gui related to urxvt in this file +} diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index e43341d25..73ff42e9f 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -90,7 +90,7 @@ client.connect_signal("focus", function(c) c.border_color = beautiful.border_foc client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) -- This is used later as the default terminal and editor to run. -terminal = "urxvt" +terminal = "urxvtc" editor = os.getenv("EDITOR") or "vim" editor_cmd = terminal .. " -e " .. editor browser = "firefox" -- cgit v1.2.3 From 24260ff6d43e390d500655de5991e95f11654d8c Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:12:16 +0200 Subject: m 2 default: 2982661 -> 4fac473 --- makefu/2configs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu') diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cd9b4c056..0865c3a31 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,7 +11,7 @@ with import ; ./vim.nix ./binary-cache/nixos.nix ]; - + programs.command-not-found.enable = false; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 + ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From 729b0ed1c0779480cae6fb9c8d1dde314fd6f4ad Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:13:07 +0200 Subject: m 2 tools: add packages --- makefu/2configs/tools/core-gui.nix | 2 +- makefu/2configs/tools/core.nix | 1 + makefu/2configs/tools/extra-gui.nix | 1 + makefu/2configs/tools/sec.nix | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 6d62e92c0..0538647ae 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -12,11 +12,11 @@ firefox keepassx pcmanfm + evince skype mirage tightvnc gnome3.dconf - wireshark xdotool xorg.xbacklight scrot diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 86d72c662..6ae2951eb 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -40,6 +40,7 @@ cac-api cac-panel krebspaste + krebszones ledger pass ]; diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 9cfacf408..596734dd5 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -4,6 +4,7 @@ krebs.per-user.makefu.packages = with pkgs;[ inkscape gimp + libreoffice skype virtmanager synergy diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 5ab699f35..e53d9ee8e 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -11,5 +11,6 @@ nmap msf thc-hydra + wireshark ]; } -- cgit v1.2.3 From 9d7e9bf4a9630bb763d7d7bff7880c70405c7ea3 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:13:35 +0200 Subject: m 1 shoney: graphs -> graph --- makefu/1systems/shoney.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 96aeb2856..9f04e97eb 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -31,7 +31,7 @@ in { anonymous-domain = "localhost.localdomain"; anonymous.extraConfig = "return 403;"; complete = { - serverAliases = [ "graphs.siem" ]; + serverAliases = [ "graph.siem" ]; extraConfig = '' if ( $server_addr = "${ip}" ) { return 403; -- cgit v1.2.3 From 978e47eedd70476703aa7237efa084260638b287 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Apr 2017 10:04:27 +0200 Subject: m 1 x: rm krebs.nginx --- makefu/1systems/x.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'makefu') diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 51c9543ef..866aac3bd 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -72,11 +72,6 @@ with import ; makefu.umts.apn = "web.vodafone.de"; nixpkgs.config.allowUnfree = true; - krebs.nginx = { - default404 = false; - servers.default.listen = [ "80 default_server" ]; - servers.default.server-names = [ "_" ]; - }; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; environment.systemPackages = [ pkgs.passwdqc-utils ]; -- cgit v1.2.3 From c815fda8161f899254ce3dd8debfad830a8f67ee Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Apr 2017 10:04:39 +0200 Subject: m 2 dnscrypt: change resolver --- makefu/2configs/dnscrypt.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu') diff --git a/makefu/2configs/dnscrypt.nix b/makefu/2configs/dnscrypt.nix index d810456f3..6e7ef0f82 100644 --- a/makefu/2configs/dnscrypt.nix +++ b/makefu/2configs/dnscrypt.nix @@ -1,5 +1,6 @@ { services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy.resolverName = "cs-de"; networking.extraResolvconfConf = '' name_servers='127.0.0.1' ''; -- cgit v1.2.3 From bc0e4fa234bb4b817efde7e6f8e7ad206359d115 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Apr 2017 10:05:39 +0200 Subject: m 2 stats-server: also open ports for v6 --- makefu/2configs/logging/central-stats-server.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'makefu') diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix index 30ad63879..4f7961f32 100644 --- a/makefu/2configs/logging/central-stats-server.nix +++ b/makefu/2configs/logging/central-stats-server.nix @@ -71,5 +71,12 @@ in { iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + + ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; } -- cgit v1.2.3 From 371f8b9b7102c317150da37880dae44bd938d1b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Apr 2017 10:07:48 +0200 Subject: m 2 fetchwallpaper: use prism --- makefu/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu') diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix index fb74919c4..16a7a13b2 100644 --- a/makefu/2configs/fetchWallpaper.nix +++ b/makefu/2configs/fetchWallpaper.nix @@ -8,7 +8,7 @@ timerConfig = { OnCalendar = "*:0/30"; }; - url = "http://echelon/wallpaper.png"; + url = "http://prism.r/realwallpaper-sat-krebs.png"; }; } -- cgit v1.2.3