diff options
| author | tv <tv@krebsco.de> | 2018-12-07 13:20:49 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2018-12-07 13:20:49 +0100 |
| commit | 1d3a3c8104eac3e9a4ee7cdd961fcd61f706d173 (patch) | |
| tree | 53ad5d4d3ecc88eeabba682fd1741bf3d1d96aa8 | |
| parent | bfcf6ad0adaedf0d069850824fbbb55e4af20c5e (diff) | |
| parent | 43be8e6bb38ea99ed489a8b6633ebb33b96b6282 (diff) | |
Merge remote-tracking branch 'prism/master'
39 files changed, 1059 insertions, 1002 deletions
diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 88b7e1072..a8c658858 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -4,161 +4,161 @@ krebs.newsbot-js.news-spam = { urlShortenerHost = "go.lassul.us"; feeds = pkgs.writeText "feeds" '' - [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews - [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews - [SPAM]antirez|http://antirez.com/rss|#snews - [SPAM]archlinux|http://www.archlinux.org/feeds/news/|#snews - [SPAM]ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews - [SPAM]augustl|http://augustl.com/atom.xml|#snews - [SPAM]bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews - [SPAM]bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews - [SPAM]bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews - [SPAM]bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews - [SPAM]bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews - [SPAM]bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews - [SPAM]cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews - [SPAM]carta|http://feeds2.feedburner.com/carta-standard-rss|#snews - [SPAM]catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews - [SPAM]cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews - [SPAM]cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews - [SPAM]cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews - [SPAM]cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews - [SPAM]cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews - [SPAM]ccc|http://www.ccc.de/rss/updates.rdf|#snews - [SPAM]chan_biz|http://boards.4chan.org/biz/index.rss|#snews - [SPAM]chan_g|http://boards.4chan.org/g/index.rss|#snews - [SPAM]chan_int|http://boards.4chan.org/int/index.rss|#snews - [SPAM]chan_sci|http://boards.4chan.org/sci/index.rss|#snews - [SPAM]chan_x|http://boards.4chan.org/x/index.rss|#snews - [SPAM]c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews - [SPAM]cryptogon|http://www.cryptogon.com/?feed=rss2|#snews - [SPAM]csm|http://rss.csmonitor.com/feeds/csm|#snews - [SPAM]csm_world|http://rss.csmonitor.com/feeds/world|#snews - [SPAM]danisch|http://www.danisch.de/blog/feed/|#snews - [SPAM]dod|http://www.defense.gov/news/afps2.xml|#snews - [SPAM]dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews - [SPAM]ecat|http://ecat.com/feed|#snews - [SPAM]eia_press|http://www.eia.gov/rss/press_rss.xml|#snews - [SPAM]eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews - [SPAM]embargowatch|https://embargowatch.wordpress.com/feed/|#snews - [SPAM]ethereum-comments|http://blog.ethereum.org/comments/feed|#snews - [SPAM]ethereum|http://blog.ethereum.org/feed|#snews - [SPAM]europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews - [SPAM]eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews - [SPAM]exploitdb|http://www.exploit-db.com/rss.xml|#snews - [SPAM]fars|http://www.farsnews.com/rss.php|#snews #test - [SPAM]faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews - [SPAM]faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews - [SPAM]faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews - [SPAM]fbi|https://www.fbi.gov/news/rss.xml|#snews - [SPAM]fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews - [SPAM]fefe|http://blog.fefe.de/rss.xml|#snews - [SPAM]forbes|http://www.forbes.com/forbes/feed2/|#snews - [SPAM]forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews - [SPAM]fox|http://feeds.foxnews.com/foxnews/latest|#snews - [SPAM]geheimorganisation|http://geheimorganisation.org/feed/|#snews - [SPAM]GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews - [SPAM]gmanet|http://www.gmanetwork.com/news/rss/news|#snews - [SPAM]golem|http://rss.golem.de/rss.php|#snews - [SPAM]google|http://news.google.com/?output=rss|#snews - [SPAM]greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews - [SPAM]guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews - [SPAM]gulli|http://ticker.gulli.com/rss/|#snews - [SPAM]hackernews|https://news.ycombinator.com/rss|#snews - [SPAM]handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews - [SPAM]heise|https://www.heise.de/newsticker/heise-atom.xml|#snews - [SPAM]hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews - [SPAM]hindu|http://www.thehindu.com/?service=rss|#snews - [SPAM]ign|http://feeds.ign.com/ign/all|#snews - [SPAM]independent|http://www.independent.com/rss/headlines/|#snews - [SPAM]indymedia|https://de.indymedia.org/rss.xml|#snews - [SPAM]info_libera|http://www.informationliberation.com/rss.xml|#snews - [SPAM]klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews - [SPAM]korea_herald|http://www.koreaherald.com/rss_xml.php|#snews - [SPAM]linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews - [SPAM]lisp|http://planet.lisp.org/rss20.xml|#snews - [SPAM]liveleak|http://www.liveleak.com/rss|#snews - [SPAM]lolmythesis|http://lolmythesis.com/rss|#snews - [SPAM]LtU|http://lambda-the-ultimate.org/rss.xml|#snews - [SPAM]lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews - [SPAM]mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews - [SPAM]mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews - [SPAM]nds|http://www.nachdenkseiten.de/?feed=atom|#snews - [SPAM]netzpolitik|https://netzpolitik.org/feed/|#snews - [SPAM]newsbtc|http://newsbtc.com/feed/|#snews - [SPAM]nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews - [SPAM]npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews - [SPAM]npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews - [SPAM]npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews - [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews - [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei - [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews - [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews - [SPAM]phys|http://phys.org/rss-feed/|#snews - [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews - [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews - [SPAM]presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews - [SPAM]presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews - [SPAM]prisonplanet|http://prisonplanet.com/feed.rss|#snews - [SPAM]rawstory|http://www.rawstory.com/rs/feed/|#snews - [SPAM]reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews - [SPAM]reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews - [SPAM]reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews - [SPAM]reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews - [SPAM]reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews - [SPAM]reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews - [SPAM]reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews - [SPAM]reddit_sci|http://www.reddit.com/r/science/.rss|#snews - [SPAM]reddit_tech|http://www.reddit.com/r/technology/.rss|#snews - [SPAM]reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews - [SPAM]reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews - [SPAM]r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews - [SPAM]reuters|http://feeds.reuters.com/Reuters/worldNews|#snews - [SPAM]reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews - [SPAM]rt|http://rt.com/rss/news/|#snews - [SPAM]schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews - [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews - [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews - [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - [SPAM]shackspace|http://shackspace.de/atom.xml|#snews - [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews - [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews - [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews - [SPAM]sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews - [SPAM]sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews - [SPAM]sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews - [SPAM]slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews - [SPAM]slate|http://feeds.slate.com/slate|#snews - [SPAM]spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - [SPAM]spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews - [SPAM]standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews - [SPAM]stern|http://www.stern.de/feed/standard/all/|#snews - [SPAM]stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews - [SPAM]sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews - [SPAM]sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews - [SPAM]sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews - [SPAM]tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews - [SPAM]taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews - [SPAM]telegraph|http://www.telegraph.co.uk/rss.xml|#snews - [SPAM]telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews - [SPAM]the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews - [SPAM]tigsource|http://www.tigsource.com/feed/|#snews - [SPAM]tinc|http://tinc-vpn.org/news/index.rss|#snews - [SPAM]torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews - [SPAM]torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews - [SPAM]torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews - [SPAM]travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews - [SPAM]un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews - [SPAM]un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews - [SPAM]un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews - [SPAM]un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews - [SPAM]un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews - [SPAM]un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews - [SPAM]us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews - [SPAM]vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews - [SPAM]weechat|http://dev.weechat.org/feed/atom|#snews - [SPAM]xkcd|https://xkcd.com/rss.xml|#snews - [SPAM]zdnet|http://www.zdnet.com/news/rss.xml|#snews + _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews + _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews + _antirez|http://antirez.com/rss|#snews + _archlinux|http://www.archlinux.org/feeds/news/|#snews + _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews + _augustl|http://augustl.com/atom.xml|#snews + _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews + _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews + _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews + _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews + _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews + _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews + _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews + _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews + _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews + _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews + _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews + _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews + _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews + _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews + _ccc|http://www.ccc.de/rss/updates.rdf|#snews + _chan_biz|http://boards.4chan.org/biz/index.rss|#snews + _chan_g|http://boards.4chan.org/g/index.rss|#snews + _chan_int|http://boards.4chan.org/int/index.rss|#snews + _chan_sci|http://boards.4chan.org/sci/index.rss|#snews + _chan_x|http://boards.4chan.org/x/index.rss|#snews + _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews + _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews + _csm|http://rss.csmonitor.com/feeds/csm|#snews + _csm_world|http://rss.csmonitor.com/feeds/world|#snews + _danisch|http://www.danisch.de/blog/feed/|#snews + _dod|http://www.defense.gov/news/afps2.xml|#snews + _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews + _ecat|http://ecat.com/feed|#snews + _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews + _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews + _embargowatch|https://embargowatch.wordpress.com/feed/|#snews + _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews + _ethereum|http://blog.ethereum.org/feed|#snews + _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews + _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews + _exploitdb|http://www.exploit-db.com/rss.xml|#snews + _fars|http://www.farsnews.com/rss.php|#snews #test + _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews + _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews + _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews + _fbi|https://www.fbi.gov/news/rss.xml|#snews + _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews + _fefe|http://blog.fefe.de/rss.xml|#snews + _forbes|http://www.forbes.com/forbes/feed2/|#snews + _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews + _fox|http://feeds.foxnews.com/foxnews/latest|#snews + _geheimorganisation|http://geheimorganisation.org/feed/|#snews + _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews + _gmanet|http://www.gmanetwork.com/news/rss/news|#snews + _golem|http://rss.golem.de/rss.php|#snews + _google|http://news.google.com/?output=rss|#snews + _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews + _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews + _gulli|http://ticker.gulli.com/rss/|#snews + _hackernews|https://news.ycombinator.com/rss|#snews + _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews + _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews + _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews + _hindu|http://www.thehindu.com/?service=rss|#snews + _ign|http://feeds.ign.com/ign/all|#snews + _independent|http://www.independent.com/rss/headlines/|#snews + _indymedia|https://de.indymedia.org/rss.xml|#snews + _info_libera|http://www.informationliberation.com/rss.xml|#snews + _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews + _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews + _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews + _lisp|http://planet.lisp.org/rss20.xml|#snews + _liveleak|http://www.liveleak.com/rss|#snews + _lolmythesis|http://lolmythesis.com/rss|#snews + _LtU|http://lambda-the-ultimate.org/rss.xml|#snews + _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews + _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews + _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews + _nds|http://www.nachdenkseiten.de/?feed=atom|#snews + _netzpolitik|https://netzpolitik.org/feed/|#snews + _newsbtc|http://newsbtc.com/feed/|#snews + _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews + _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews + _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews + _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews + _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews + _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei + _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews + _painload|https://github.com/krebs/painload/commits/master.atom|#snews + _phys|http://phys.org/rss-feed/|#snews + _piraten|https://www.piratenpartei.de/feed/|#snews + _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews + _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews + _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews + _prisonplanet|http://prisonplanet.com/feed.rss|#snews + _rawstory|http://www.rawstory.com/rs/feed/|#snews + _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews + _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews + _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews + _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews + _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews + _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews + _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews + _reddit_sci|http://www.reddit.com/r/science/.rss|#snews + _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews + _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews + _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews + _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews + _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews + _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews + _rt|http://rt.com/rss/news/|#snews + _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews + _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews + _scmp|http://www.scmp.com/rss/91/feed|#snews + _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews + _shackspace|http://shackspace.de/atom.xml|#snews + _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews + _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews + _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews + _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews + _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews + _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews + _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews + _slate|http://feeds.slate.com/slate|#snews + _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews + _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews + _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews + _stern|http://www.stern.de/feed/standard/all/|#snews + _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews + _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews + _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews + _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews + _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews + _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews + _telegraph|http://www.telegraph.co.uk/rss.xml|#snews + _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews + _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews + _tigsource|http://www.tigsource.com/feed/|#snews + _tinc|http://tinc-vpn.org/news/index.rss|#snews + _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews + _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews + _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews + _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews + _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews + _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews + _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews + _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews + _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews + _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews + _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews + _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews + _weechat|http://dev.weechat.org/feed/atom|#snews + _xkcd|https://xkcd.com/rss.xml|#snews + _zdnet|http://www.zdnet.com/news/rss.xml|#snews ''; }; } diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 677b6f7b8..669483f3c 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -8,7 +8,7 @@ let out = { options.krebs.Reaktor = api; - config = imp; + config = mkIf (cfg != {}) imp; }; api = mkOption { diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index dd29a4e17..e12367b7c 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -143,12 +143,12 @@ let ) cfg.servers; users.extraUsers.bepasty = { - uid = genid "bepasty"; + uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; }; users.extraGroups.bepasty = { - gid = genid "bepasty"; + gid = genid_uint31 "bepasty"; }; }; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 24cbd9cc9..e8ed64654 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -109,6 +109,7 @@ let }; imp = lib.mkMerge [ + { krebs = import ./external { inherit config; }; } { krebs = import ./jeschli { inherit config; }; } { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix new file mode 100644 index 000000000..0aef25317 --- /dev/null +++ b/krebs/3modules/external/default.nix @@ -0,0 +1,312 @@ +{ config, ... }: + +with import <stockholm/lib>; + +{ + hosts = mapAttrs (_: recursiveUpdate { + ci = false; + external = true; + monitoring = false; + }) { + sokrateslaptop = { + owner = config.krebs.users.sokratess; + nets = { + retiolum = { + ip4.addr = "10.243.142.104"; + ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; + aliases = [ + "sokrateslaptop.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 + t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ + rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW + egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 + aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V + VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + kruck = { + owner = config.krebs.users.palo; + nets = { + retiolum = { + ip4.addr = "10.243.29.201"; + ip6.addr = "42:4234:6a6d:600::1"; + aliases = [ + "kruck.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh + QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA + EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U + uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ + /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR + 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s + qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH + gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj + jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs + fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 + TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + scardanelli = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.2"; + ip6.addr = "42:2:5ca:da:3111::1"; + aliases = [ + "scardanelli.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxM93+YgGhk5PtcOrE7E/ + MAOMF/c9c4Ps6m8xd4VZat3ru07yH8Yfox1yM6jwZBwIwK2AC9DK0/k3WIvZQUge + UKSTiXpE4z/0ceaesugLQ9KTjUty1e/2vQ78bOqmd7EG3aPV2QsjlgpjJ6qQxeFi + kjlHoFi9NNBLVkIyaAdlAhwvZuYFmAY/FQEmm6+XOb+Nmo+fccQlG6+NinA2GOg0 + gdY/dKYxa04Ns/yu7TK3sBQIt6cg/YUk9VpyC4yIIRPMdyVcAPz3Kd2mp23fhSvx + we80prWXYtdct4vXaBZm9FUY5y4SL3c0TEScuM73VXtr2tPAxjD5W4XMWhrjnIiY + QzoyAquVS9rR4fCaoP+hw3Tjy7Att3voa/YlHEDaendxjZ3nuO0m0vcgOa+SfCNm + SqLsqb8to1y8yJ8LnR2og4MbtasxqSe1L9VLTsb4k/AGfmAdlqyG4Q1h5pCBh0GL + 2F6FbYHzwrwqBvVCz4DTPygPtta5o7THpP50PgojtzNLm1yKWpfdcWeMgGQJSI0f + m3yenytM1u0jjw7KbBG79Z3etFNIYZy4Uq/dryEJnwpTFls+zZn9Q3tDEnO4a38Q + FgzV0VLQpRM/uf1powSDzoWp+/JYgB9464OKcTsSlVJpi3crxF86xFqqc39U2/u5 + lM61fOMcVW1KREdWypiDtu8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + homeros = { + owner = config.krebs.users.kmein; + nets = { + retiolum = { + ip4.addr = "10.243.2.1"; + ip6.addr = "42:2::0:3:05::1"; + aliases = [ + "homeros.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoZq6BwB6rV6EfTf8PWOd + ZhEWig5VcK1FcH0qi7KgojAhGSHhWmtFlvRSoGpQrSFRN0g5eTnrrguuTiIs6djc + 6Al9HMqwSD1IOkqFm8jM4aG5NqjYg3in6blOFarBEOglfnsYHiUPt6T4fERxRZ9v + RguEWrishNMSv+D4vclKwctTB/6dQNsTAfnplcyDZ9un/ql9BG2cgU9yqeYLDdXd + vRvrWX9eZKGJvTrQmAiKONlSvspr1d28FxcUrUnCsdRLvP3Cc4JZiUhSA7ixFxn3 + +LgGIZiMKTnl8syrsHk5nvLi5EUER7xkVX8iBlKA4JD4XTZVyBxPB1mJnOCUShQc + QK6nVr6auvJbRn7DHHKxDflSBgYt4qaf92+5A4xEsZtgMpmIFH5t6ifGQsQwgYsm + fOexviy9gMyZrHjQDUs4smQxxYq3AJLdfOg2jQXeAbgZpCVw5l8YHk3ECoAk7Fvh + VMJVPwukErGuVn2LpCHeVyFBXNft4bem1g0gtaf2SuGFEnl7ABetQ0bRwClRSLd7 + k7PGDbdcCImsWhqyuLpkNcm95DfBrXa12GETm48Wv9jV52C5tfWFmOnJ0mOnvtxX + gpizJjFzHz275TVnJHhmIr2DkiGpaIVUL4FRkTslejSJQoUTZfDAvKF2gRyk+n6N + mJ/hywVtvLxNkNimyztoKKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + turingmachine = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.168"; + ip6.addr = "42:4992:6a6d:600::1"; + aliases = [ + "turingmachine.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C + t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 + 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 + ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g + nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 + 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT + 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 + gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl + DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL + W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW + OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eddie = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eddie.thalheim.io + ip4.addr = "129.215.197.11"; + aliases = [ "eddie.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; + }; + }; + }; + rock = { + owner = config.krebs.users.Mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "rock.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + ip4.addr = "141.76.44.154"; + aliases = [ "inspector.i" ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.29.172"; + ip6.addr = "42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + dpdkm = { + owner = config.krebs.users.Mic92; + nets = rec { + retiolum = { + ip4.addr = "10.243.29.173"; + ip6.addr = "42:4992:6a6d:900::1"; + aliases = [ "dpdkm.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj + NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp + qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP + X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn + f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa + bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL + Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T + B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w + tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n + dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls + mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eve = { + owner = config.krebs.users.Mic92; + nets = rec { + internet = { + # eve.thalheim.io + ip4.addr = "188.68.39.17"; + ip6.addr = "2a03:4000:13:31e::1"; + aliases = [ "eve.i" ]; + }; + retiolum = rec { + via = internet; + addrs = [ + ip4.addr + ip6.addr + ]; + ip4.addr = "10.243.29.174"; + ip6.addr = "42:4992:6a6d:a00::1"; + aliases = [ "eve.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH + XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 + 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk + 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI + +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 + dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW + pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP + c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi + YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI + 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 + Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; + users = { + Mic92 = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; + mail = "joerg@higgsboson.tk"; + }; + kmein = { + }; + palo = { + }; + sokratess = { + }; + }; +} + diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 5a5065565..e89b86e32 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -53,7 +53,7 @@ let imp = { users.users.fetchWallpaper = { name = "fetchWallpaper"; - uid = genid "fetchWallpaper"; + uid = genid_uint31 "fetchWallpaper"; description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index f6b4e3c69..895d9b3b6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -427,7 +427,7 @@ let system.activationScripts.cgit = '' mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} chmod 0770 ${cfg.cgit.settings.cache-root} - chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} + chown ${toString cfg.cgit.fcgiwrap.user.name}:${toString cfg.cgit.fcgiwrap.group.name} ${cfg.cgit.settings.cache-root} ''; services.nginx.virtualHosts.cgit = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 836ecb3f6..86a36015b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -129,29 +129,10 @@ with import <stockholm/lib>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; - domsen-nas = { - ci = false; - monitoring = false; - external = true; - nets = rec { - internet = { - aliases = [ - "domsen-nas.internet" - ]; - ip4.addr = "87.138.180.167"; - ssh.port = 2223; - }; - }; - }; uriel = { monitoring = false; cores = 1; nets = { - gg23 = { - ip4.addr = "10.23.1.12"; - aliases = ["uriel.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.81.176"; ip6.addr = "42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"; @@ -178,11 +159,6 @@ with import <stockholm/lib>; mors = { cores = 2; nets = { - gg23 = { - ip4.addr = "10.23.1.11"; - aliases = ["mors.gg23"]; - ssh.port = 45621; - }; retiolum = { ip4.addr = "10.243.0.2"; ip6.addr = "42:0:0:0:0:0:0:dea7"; @@ -351,258 +327,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; - iso = { - monitoring = false; - ci = false; - cores = 1; - }; - sokrateslaptop = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.142.104"; - ip6.addr = "42:f8a1:044d:0f75:9d73:56d8:f432:c6cc"; - aliases = [ - "sokrateslaptop.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA0EMbBv5NCSns4V/VR/NJHhwe2qNLUYjWWtCDY4zDuoiJdm3JNZJ2 - t0iKNxFwd6Mmg3ahAlndsH4FOjOBGBQCgBG25VRnQgli1sypI/gYTsSgIWHVIRoZ - rgrng0K3oyJ6FuTP+nH1rd7UAYkrOQolXQBY+LqAbxOVjiJl+DpbAXIxCIs5TBeW - egtBiXZ1S53Lv5EGFXug716XlgZLHjw7PzRLJXSlvUAIRZj0Sjq4UD9VrhazM9s5 - aDuxJIdknccEEXm6NK7a51hU/o8L+T0IUpZxhaXOdi6fvO/y3TbffKb1yRTbN0/V - VBjBh18Le7h0SmAEED5tz7NOCrAjMZQtJQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - kruck = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.201"; - ip6.addr = "42:4234:6a6d:600::1"; - aliases = [ - "kruck.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxcui2sirT5YY9HrSauj9nSF3AxUnfd2CCEGyzmzbi5+qw8T9jdNh - QcIG3s+eC3uEy6leL/eeR4NjVtQRt8CDmhGul95Vs3I1jx9gdvYR+HOatPgK0YQA - EFwk0jv8Z8tOc87X1qwA00Gb+25+kAzsf+8+4HQuh/szSGje3RBmBFkUyNHh8R0U - uzs8NSTRdN+edvYtzjnYcE1sq59HFBPkVcJNp5I3qYTp6m9SxGHMvsq6vRpNnjq/ - /RZVBhnPDBlgxia/aVfVQKeEOHZV3svLvsJzGDrUWsJCEvF0YwW4bvohY19myTNR - 9lXo/VFx86qAkY09il2OloE7iu5cA2RV+FWwLeajE9vIDA06AD7nECVgthNoZd1s - qsDfuu3WqlpyBmr6XhRkYOFFE4xVLrZ0vItGYlgR2UPp9TjHrzfsedoyJoJAbhMH - gDlFgiHlAy1fhG1sCX5883XmSjWn0eJwmZ2O9sZNBP5dxfGUXg/x8NWfQj7E1lqj - jQ59UC6yiz7bFtObKvpdn1D4tPbqBvndZzn19U/3wKo+cCBRjtLmUD7HQHC65dCs - fAiCFvUTVMM3SNDvYChm0U/KGjZZFwQ+cCLj1JNVPet2C+CJ0qI2muXOnCuv/0o5 - TBZrrHMpj6Th8AiOgeMVuxzjX1FsmAThWj9Qp/jQu6O0qvnkUNaU7I8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - turingmachine = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.168"; - ip6.addr = "42:4992:6a6d:600::1"; - aliases = [ - "turingmachine.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAxh+5HD1oAFTvMWEra2pYrA3HF8T4EnkP917lIUiuN7xUj7sawu0C - t1/1IfIlH9dbxgFe5CD/gXvokxHdovPTGVH11L+thZgq6hg/xbYvZAl76yLxj7t9 - 6+Ocac08TQZYMqWKShz5jqTVE/DLz4Cdy0Qk9sMJ1++OmH8jsWgK5BkogF99Gwf8 - ZiI0t3n3lCZsm3v592lveDcVIh6hjuCIvFVxc+7cOj0MKm1LxLWbCHZlUIE3he4g - nZu4XiYaE4Y2LicMs8zKehnQkkXrP1amT56SqUfbSnWR+HZc2+KjwRDI5BPeTS06 - 5WHwkQs0ScOn7vFZci3rElIc7vilu2eKGF1VLce9kXw9SU2RFciqavaEUXbwPnwT - 1WF35Ct+qIOP0rXoObm6mrsj7hJnlBPlVpb58/kTxLHMSHPzqQRbFZ35f6tZodJ1 - gRMKKEnMX8/VWm6TqLUIpFCCTZ5PH1fxaAnulHCxksK03UyfUOvExCTU4x8KS9fl - DIoLlV9PFBlAW8mTuIgRKYtHacsc31/5Tehcx0If09NuMFT9Qfl2/Q3p6QJomRFL - W5SCP9wx2ONhvZUkRbeihBiTN5/h3DepjOeNWd1DvE6K0Ag8SXMyBGtyKfer4ykW - OR0iCiRQQ5QBmNuJrBLRUyfoPqFUXBATT1SrRj8vzXO1TjTmANEMFD0CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eddie = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eddie.thalheim.io - ip4.addr = "129.215.197.11"; - aliases = [ "eddie.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.170"; - ip6.addr = "42:4992:6a6d:700::1"; - aliases = [ "eddie.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d - j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm - 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF - 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua - KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq - iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t - 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD - kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u - hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay - pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ - lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.subnets = [ - # edinburgh university - "129.215.0.0/16" - ]; - }; - }; - }; - rock = { - monitoring = false; - ci = false; - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.29.171"; - ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "rock.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM - DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 - HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh - mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf - Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M - Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD - 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 - fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv - 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav - ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q - cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - inspector = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - ip4.addr = "141.76.44.154"; - aliases = [ "inspector.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.172"; - ip6.addr = "42:4992:6a6d:800::1"; - aliases = [ "inspector.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG - EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ - 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF - m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw - WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd - eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 - OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau - ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x - B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG - q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj - 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - dpdkm = { - monitoring = false; - ci = false; - external = true; - nets = rec { - retiolum = { - ip4.addr = "10.243.29.173"; - ip6.addr = "42:4992:6a6d:900::1"; - aliases = [ "dpdkm.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAuW31xGBdPMSS45KmsCX81yuTcDZv1z7wSpsGQiAw7RsApG0fbBDj - NvzWZaZpTTUueG7gtt7U9Gk8DhWYR1hNt8bLXxE5QlY+gxVjU8+caRvlv10Y9XYp - qZEr1n1O5R7jS1srvutPt74uiA8I3hBoeP5TXndu8tVcehjRWXPqJj4VCy9pT2gP - X880Z30cXm0jUIu9XKhzQU2UNaxbqRzhJTvFUG04M+0a9olsUoN7PnDV6MC5Dxzn - f0ZZZDgHkcx6vsSkN/C8Tik/UCXr3tS/VX6/3+PREz6Z3bPd2QfaWdowrlFQPeYa - bELPvuqYiq7zR/jw3vVsWX2e91goAfKH5LYKNmzJCj5yYq+knB7Wil3HgBn86zvL - Joj56VsuB8fQrrUxjrDetNgtdwci+yFeXkJouQRLM0r0W24liyCuBX4B6nqbj71T - B6rAMzhBbl1yixgf31EgiCYFSusk+jiT+hye5lAhes4gBW9GAWxGNU9zE4QeAc1w - tkPH/CxRIAeuPYNwmjvYI2eQH9UQkgSBa3/Kz7/KT9scbykbs8nhDHCXwT6oAp+n - dR5aHkuBrTQOCU3Xx5ZwU5A0T83oLExIeH8jR1h2mW1JoJDdO85dAOrIBHWnjLls - mqrJusBh2gbgvNqIrDaQ9J+o1vefw1QeSvcF71JjF1CEBUmTbUAp8KMCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - eve = { - monitoring = false; - ci = false; - external = true; - nets = rec { - internet = { - # eve.thalheim.io - ip4.addr = "188.68.39.17"; - ip6.addr = "2a03:4000:13:31e::1"; - aliases = [ "eve.i" ]; - }; - retiolum = rec { - via = internet; - addrs = [ - ip4.addr - ip6.addr - ]; - ip4.addr = "10.243.29.174"; - ip6.addr = "42:4992:6a6d:a00::1"; - aliases = [ "eve.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAw5cxGjnWCG8dcuhTddvGHzH0/VjxHA5V8qJXH2R5k8ki8dsM5FRH - XRcH/aYg+IL03cyx4wU7oJKxiOTNGbysglnbTVthfYhqeQY+NRTzR1Thb2Fo+P82 - 08Eovwlgb0uwCjaiH8ZoH3BKjXyMn/Ezrni7hc5zyyRb88XJLosTykO2USlrsoIk - 6OCA3A34HyJH0/G6GbNYCPrB/a/r1ji7OWDlg3Ft9c3ViVOkcNV1d9FV0RULX9EI - +xRDbAs1fkK5wMkC2BpkJRHTpImPbYlwQvDrL2sp+JNAEVni84xGxWn9Wjd9WVv3 - dn+iPUD7HF9bFVDsj0rbVL78c63MEgr0pVyONDBK+XxogMTOqjgicmkLRxlhaSPW - pnfZHJzJ727crBbwosORY+lTq6MNIMjEjNcJnzAEVS5uTJikLYL9Y5EfIztGp7LP - c298AtKjEYOftiyMcohTGnHhio6zteuW/i2sv4rCBxHyH5sWulaHB7X1ej0eepJi - YX6/Ff+y9vDLCuDxb6mvPGT1xpnNmt1jxAUJhiRNuAvbtvjtPwYfWjQXOf7xa2xI - 61Oahtwy/szBj9mWIAymMfnvFGpeiIcww3ZGzYNyKBCjp1TkkgFRV3Y6eoq1sJ13 - Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; xerxes = { cores = 2; nets = rec { @@ -644,47 +368,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n"; }; - cabal = { - cores = 2; - nets = rec { - retiolum = { - ip4.addr = "10.243.1.4"; - ip6.addr = "42::1:4"; - aliases = [ - "cabal.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A - SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj - rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK - qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e - LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq - rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3 - 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE - fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v - yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A - kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR - KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi - TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U - oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs - TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw - 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD - rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ - 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf - luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py - w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG - 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1 - K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g - ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; - }; red = { monitoring = false; cores = 1; @@ -716,6 +399,36 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; }; + yellow = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.14"; + ip6.addr = "42:0:0:0:0:0:0:14"; + aliases = [ + "yellow.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6lHmzq8+04h3zivJmIbP + MkYiW7KflcTWQrl/4jJ7DVFbrtS6BSSI0wIibW5ygtLrp2nYgWv1jhg7K9q8tWMY + b6tDv/ze02ywCwStbjytW3ymSZUJlRkK2DQ4Ld7JEyKmLQIjxXYah+2P3QeUxLfU + Uwk6vSRuTlcb94rLFOrCUDRy1cZC73ZmtdbEP2UZz3ey6beo3l/K5O4OOz+lNXgd + OXPls4CeNm6NYhSGTBomS/zZBzGqb+4sOtLSPraNQuc75ZVpT8nFa/7tLVytWCOP + vWglPTJOyQSygSoVwGU9I8pq8xF1aTE72hLGHprIJAGgQE9rmS9/3mbiGLVZpny6 + C6Q9t6vkYBRb+jg3WozIXdUvPP19qTEFaeb08kAuf1xhjZhirfDQjI7K6SFaDOUp + Y/ZmCrCuaevifaXYza/lM+4qhPXmh82WD5ONOhX0Di98HBtij2lybIRUG/io4DAU + 52rrNAhRvMkUTBRlGG6LPC4q6khjuYgo9uley5BbyWWbCB1A9DUfbc6KfLUuxSwg + zLybZs/SHgXw+pJSXNgFJTYGv1i/1YQdpnbTgW4QsEp05gb+gA9/6+IjSIJdJE3p + DSZGcJz3gNSR1vETk8I2sSC/N8wlYXYV7wxQvSlQsehfEPrFtXM65k3RWzAAbNIJ + Akz4E3+xLVIMqKmHaGWi0usCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje "; + }; blue = { cores = 1; nets = { @@ -789,9 +502,6 @@ with import <stockholm/lib>; mail = "lass@daedalus.r"; pubkey = builtins.readFile ./ssh/daedalus.rsa; }; - fritz = { - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; - }; prism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; mail = "lass@prism.r"; @@ -800,14 +510,8 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; - sokratess = { - }; wine-mors = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKfTIKmbe1RjX1fjAn//08363zAsI0CijWnaYyAC842"; }; - Mic92 = { - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; - mail = "joerg@higgsboson.tk"; - }; }; } diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 044811c7d..cb940efef 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -77,7 +77,190 @@ let serviceConfig = { Type = "simple"; - ExecStart = "${pkgs.realwallpaper}/realwallpaper.sh"; + ExecStart = pkgs.writeDash "generate-wallpaper" '' + set -xeuf + + # usage: getimg FILENAME URL + fetch() { + echo "fetch $1" + curl -LsS -z "$1" -o "$1" "$2" + } + + # usage: check_type FILENAME TYPE + check_type() { + if ! file -ib "$1" | grep -q "^$2/"; then + echo "$1 is not of type $2" >&2 + rm "$1" + return 1 + fi + } + + # usage: image_size FILENAME + image_size() { + identify "$1" | awk '{print$3}' + } + + # usage: make_mask DST SRC MASK + make_layer() { + if needs_rebuild "$@"; then + echo "make $1 (apply mask)" >&2 + convert "$2" "$3" -alpha off -compose copy_opacity -composite "$1" + fi + } + + # usage: flatten DST HILAYER LOLAYER + flatten() { + if needs_rebuild "$@"; then + echo "make $1 (flatten)" >&2 + composite "$2" "$3" "$1" + fi + } + + # usage: needs_rebuild DST SRC... + needs_rebuild() { + a="$1" + shift + if ! test -e "$a"; then + #echo " $a does not exist" >&2 + result=0 + else + result=1 + for b; do + if test "$b" -nt "$a"; then + #echo " $b is newer than $a" >&2 + result=0 + fi + done + fi + #case $result in + # 0) echo "$a needs rebuild" >&2;; + #esac + return $result + } + + main() { + cd ${cfg.workingDir} + + # fetch source images in parallel + fetch nightmap-raw.jpg \ + ${cfg.nightmap} & + fetch daymap-raw.png \ + ${cfg.daymap} & + fetch clouds-raw.jpg \ + ${cfg.cloudmap} & + fetch marker.json \ + ${cfg.marker} & + wait + + check_type nightmap-raw.jpg image + check_type daymap-raw.png image + check_type clouds-raw.jpg image + + in_size=2048x1024 + xplanet_out_size=1466x1200 + out_geometry=1366x768+100+160 + + nightsnow_color='#0c1a49' # nightmap + + for raw in \ + nightmap-raw.jpg \ + daymap-raw.png \ + clouds-raw.jpg \ + ; + do + normal=''${raw%-raw.*}.png + if needs_rebuild $normal $raw; then + echo "make $normal; normalize $raw" >&2 + convert $raw -scale $in_size $normal + fi + done + + # create nightmap-fullsnow + if needs_rebuild nightmap-fullsnow.png; then + convert -size $in_size xc:$nightsnow_color nightmap-fullsnow.png + fi + + # extract daymap-snowmask from daymap-final + if needs_rebuild daymap-snowmask.png daymap.png; then + convert daymap.png -threshold 95% daymap-snowmask.png + fi + + # extract nightmap-lightmask from nightmap + if needs_rebuild nightmap-lightmask.png nightmap.png; then + convert nightmap.png -threshold 25% nightmap-lightmask.png + fi + + # create layers + make_layer nightmap-snowlayer.png nightmap-fullsnow.png daymap-snowmask.png + make_layer nightmap-lightlayer.png nightmap.png nightmap-lightmask.png + + # apply layers + flatten nightmap-lightsnowlayer.png \ + nightmap-lightlayer.png \ + nightmap-snowlayer.png + + flatten nightmap-final.png \ + nightmap-lightsnowlayer.png \ + nightmap.png + + # create marker file from json + if [ -s marker.json ]; then + jq -r 'to_entries[] | @json "\(.value.latitude) \(.value.longitude)"' marker.json > marker_file + fi + + # make all unmodified files as final + for normal in \ + daymap.png \ + clouds.png \ + ; + do + final=''${normal%.png}-final.png + needs_rebuild $final && + ln $normal $final + done + + # rebuild every time to update shadow + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-output.png --projection merc \ + -config ${pkgs.writeText "xplanet.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + shade=15 + ''} + + xplanet --num_times 1 --geometry $xplanet_out_size \ + --output xplanet-krebs-output.png --projection merc \ + -config ${pkgs.writeText "xplanet-krebs.config" '' + [earth] + "Earth" + map=daymap-final.png + night_map=nightmap-final.png + cloud_map=clouds-final.png + cloud_threshold=10 + marker_file=marker_file + shade=15 + ''} + + # trim xplanet output + if needs_rebuild realwallpaper.png xplanet-output.png; then + convert xplanet-output.png -crop $out_geometry \ + realwallpaper-tmp.png + mv realwallpaper-tmp.png realwallpaper.png + fi + + if needs_rebuild realwallpaper-krebs.png xplanet-krebs-output.png; then + convert xplanet-krebs-output.png -crop $out_geometry \ + realwallpaper-krebs-tmp.png + mv realwallpaper-krebs-tmp.png realwallpaper-krebs.png + fi + } + + main "$@" + ''; User = "realwallpaper"; }; }; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 8390eccbb..486a0c9cc 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -124,7 +124,7 @@ let }; users.extraUsers.tinc_graphs = { - uid = genid "tinc_graphs"; + uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; services.nginx = mkIf cfg.nginx.enable { diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix deleted file mode 100644 index 7c9812117..000000000 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ stdenv, fetchgit, xplanet, imagemagick, curl, file }: - -stdenv.mkDerivation { - name = "realwallpaper"; - - src = fetchgit { - url = https://github.com/Lassulus/realwallpaper; - rev = "847faebc9b7e87e4bea078e3a2304ec00b4cdfc0"; - sha256 = "10zihkwj9vpshlxw2jk67zbsy8g4i8b1y4jzna9fdcsgn7s12jrr"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - ]; - - installPhase = '' - mkdir -p $out - cp realwallpaper.sh $out/realwallpaper.sh - ''; -} diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index bed8961b8..0a2ab1611 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -6,26 +6,10 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/libvirt.nix> - { - services.nginx.enable = true; - imports = [ - <stockholm/lass/2configs/websites/domsen.nix> - <stockholm/lass/2configs/websites/lassulus.nix> - ]; - # needed by domsen.nix ^^ - lass.usershadow = { - enable = true; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } { # TODO make new hfos.nix out of this vv boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { - uid = genid "riot"; + uid = genid_uint31 "riot"; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ @@ -42,153 +26,7 @@ with import <stockholm/lib>; { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.179"; } ]; } - { - users.users.tv = { - uid = genid "tv"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.tv.pubkey - ]; - }; - users.users.makefu = { - uid = genid "makefu"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.makefu.pubkey - ]; - }; - users.extraUsers.dritter = { - uid = genid "dritter"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" - ]; - }; - users.extraUsers.juhulian = { - uid = 1339; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - users.users.hellrazor = { - uid = genid "hellrazor"; - isNormalUser = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQFaYOWRUvHP6I37q9Dd4PJOq8FNQqAeJZ8pLx0G62uC450kbPGcG80rHHvXmk7HqQP6biJmMg48bOsvXAScPot2Qhp1Qc35CuUqVhLiTvUAsi8l/iJjhjZ23yRGDCAmW5+JIOzIvECkcbMnG7YoYAQ9trNGHe9qwGzQGhpt3QVClE23WtE3PVKRLQx1VbiabSnAm6tXVd2zpUoSdpWt8Gpi2taM4XXJ5+l744MNxFHvDapN5xqpYzwrA34Ii13jNLWcGbtgxESpR+VjnamdWByrkBsW4X5/xn2K1I1FrujaM/DBHV1QMaDKst9V8+uL5X7aYNt0OUBu2eyZdg6aujY2BYovB9uRyR1JIuSbA/a54MM96yN9WirMUufJF/YZrV0L631t9EW8ORyWUo1GRzMuBHVHQlfApj7NCU/jEddUuTqKgwyRgTmMFMUI4M0tRULAB/7pBE1Vbcx9tg6RsKIk8VkskfbBJW9Y6Sx6YoFlxPdgMNIrBefqEjIV62piP7YLMlvfIDCJ7TNd9dLN86XGggZ/nD5zt6SL1o61vVnw9If8pHosppxADPJsJvcdN6fOe16/tFAeE0JRo0jTcyFVTBGfhpey+rFfuW8wtUyuO5WPUxkOn7xMHGMWHJAtWX2vwVIDtLxvqn48B4SmEOpPD6ii+vcpwqAex3ycqBUQ==" ]; - }; - } - { - #hotdog - systemd.services."container@hotdog".reloadIfChanged = mkForce false; - containers.hotdog = { - config = { ... }: { - imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ]; - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = true; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.1"; - localAddress = "10.233.2.2"; - }; - } - <stockholm/lass/2configs/exim-smarthost.nix> - <stockholm/lass/2configs/ts3.nix> - <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio.nix> - <stockholm/lass/2configs/binary-cache/server.nix> - <stockholm/lass/2configs/iodined.nix> - <stockholm/lass/2configs/paste.nix> - <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> - <stockholm/lass/2configs/monitoring/prometheus-server.nix> - { # quasi bepasty.nix - imports = [ - <stockholm/lass/2configs/bepasty.nix> - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - services.tor = { - enable = true; - }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - <stockholm/lass/2configs/realwallpaper.nix> - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - users.users.jeschli = { - uid = genid "jeschli"; - isNormalUser = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - jeschli.pubkey - jeschli-bln.pubkey - jeschli-bolide.pubkey - jeschli-brauerei.pubkey - ]; - }; - krebs.git.rules = [ - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.xmonad-stockholm ]; - perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - { - user = with config.krebs.users; [ - jeschli - jeschli-bln - jeschli-bolide - jeschli-brauerei - ]; - repo = [ config.krebs.git.repos.stockholm ]; - perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; - } - ]; - } - { - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - <stockholm/lass/2configs/downloading.nix> - <stockholm/lass/2configs/minecraft.nix> { services.taskserver = { enable = true; @@ -201,123 +39,11 @@ with import <stockholm/lib>; { predicate = "-p tcp --dport 53589"; target = "ACCEPT"; } ]; } - #<stockholm/lass/2configs/go.nix> - { - environment.systemPackages = [ pkgs.cryptsetup ]; - systemd.services."container@red".reloadIfChanged = mkForce false; - containers.red = { - config = { ... }: { - environment.systemPackages = [ pkgs.git ]; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass.pubkey - ]; - }; - autoStart = false; - enableTun = true; - privateNetwork = true; - hostAddress = "10.233.2.3"; - localAddress = "10.233.2.4"; - }; - services.nginx.virtualHosts."rote-allez-fraktion.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - extraConfig = '' - proxy_set_header Host rote-allez-fraktion.de; - proxy_pass http://10.233.2.4; - ''; - }; - }; - } - #{ - # imports = [ <stockholm/lass/2configs/backup.nix> ]; - # lass.restic = genAttrs [ - # "daedalus" - # "icarus" - # "littleT" - # "mors" - # "shodan" - # "skynet" - # ] (dest: { - # dirs = [ - # "/home/chat/.weechat" - # "/bku/sql_dumps" - # ]; - # passwordFile = (toString <secrets>) + "/restic/${dest}"; - # repo = "sftp:backup@${dest}.r:/backups/prism"; - # extraArguments = [ - # "sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'" - # ]; - # timerConfig = { - # OnCalendar = "00:05"; - # RandomizedDelaySec = "5h"; - # }; - # }); - #} - { - users.users.download.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" - ]; - } - { - } - { - lass.nichtparasoup.enable = true; - services.nginx = { - enable = true; - virtualHosts."lol.lassul.us" = { - forceSSL = true; - enableACME = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:5001; - ''; - }; - }; - } - { - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; } - ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.244.1.1/24" ]; - listenPort = 51820; - privateKeyFile = (toString <secrets>) + "/wireguard.key"; - allowedIPsAsRoutes = true; - peers = [ - { - # lass-android - allowedIPs = [ "10.244.1.2/32" ]; - publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; - } - ]; - }; - } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } - { - services.murmur.enable = true; - services.murmur.registerName = "lassul.us"; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - ]; - - } ]; krebs.build.host = config.krebs.hosts.archprism; diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix deleted file mode 100644 index 6a8040c9d..000000000 --- a/lass/1systems/cabal/config.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - <stockholm/lass> - - <stockholm/lass/2configs/mouse.nix> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/exim-retiolum.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/AP.nix> - <stockholm/lass/2configs/blue-host.nix> - ]; - - krebs.build.host = config.krebs.hosts.cabal; -} diff --git a/lass/1systems/cabal/physical.nix b/lass/1systems/cabal/physical.nix deleted file mode 100644 index 3cc4af03b..000000000 --- a/lass/1systems/cabal/physical.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./config.nix - <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/stock-x220.nix> - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:45:85:ac", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:62:2b:1b", NAME="et0" - ''; -} diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 1957c8ba4..d2d4bd3eb 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -25,9 +25,5 @@ macchanger dpass ]; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; programs.adb.enable = true; } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index cac13be2b..207c7c640 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -102,6 +102,7 @@ with import <stockholm/lib>; urban mk_sql_pair remmina + transmission iodine @@ -148,10 +149,6 @@ with import <stockholm/lib>; programs.adb.enable = true; users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; virtualisation.docker.enable = true; - services.redshift = { - enable = true; - provider = "geoclue2"; - }; lass.restic = genAttrs [ "daedalus" diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a9fbae695..83cc96771 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -25,7 +25,7 @@ with import <stockholm/lib>; { # TODO make new hfos.nix out of this vv boot.kernel.sysctl."net.ipv4.ip_forward" = 1; users.users.riot = { - uid = genid "riot"; + uid = genid_uint31 "riot"; isNormalUser = true; extraGroups = [ "libvirtd" ]; openssh.authorizedKeys.keys = [ @@ -44,21 +44,21 @@ with import <stockholm/lib>; } { users.users.tv = { - uid = genid "tv"; + uid = genid_uint31 "tv"; isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; }; users.users.makefu = { - uid = genid "makefu"; + uid = genid_uint31 "makefu"; isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; users.extraUsers.dritter = { - uid = genid "dritter"; + uid = genid_uint31 "dritter"; isNormalUser = true; extraGroups = [ "download" @@ -75,7 +75,7 @@ with import <stockholm/lib>; ]; }; users.users.hellrazor = { - uid = genid "hellrazor"; + uid = genid_uint31 "hellrazor"; isNormalUser = true; extraGroups = [ "download" @@ -168,7 +168,7 @@ with import <stockholm/lib>; } { users.users.jeschli = { - uid = genid "jeschli"; + uid = genid_uint31 "jeschli"; isNormalUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ jeschli.pubkey @@ -207,7 +207,6 @@ with import <stockholm/lib>; RandomizedDelaySec = "2min"; }; } - <stockholm/lass/2configs/downloading.nix> <stockholm/lass/2configs/minecraft.nix> { services.taskserver = { @@ -324,6 +323,15 @@ with import <stockholm/lib>; } ]; }; + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig= '' + except-interface=lo + interface=wg0 + ''; + }; } { krebs.iptables.tables.filter.INPUT.rules = [ @@ -338,6 +346,61 @@ with import <stockholm/lib>; ]; } + { + systemd.services."container@yellow".reloadIfChanged = mkForce false; + containers.yellow = { + config = { ... }: { + environment.systemPackages = [ pkgs.git ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.13"; + localAddress = "10.233.2.14"; + }; + + services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:9091; + ''; + + users.groups.download = {}; + users.users = { + download = { + createHome = true; + group = "download"; + name = "download"; + home = "/var/download"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + lass-shodan.pubkey + lass-icarus.pubkey + lass-daedalus.pubkey + lass-helios.pubkey + makefu.pubkey + wine-mors.pubkey + ]; + }; + }; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chmod 775 /var/download + ln -fnsT /var/lib/containers/yellow/var/download/finished /var/download/finished || : + chown download: /var/download/finished + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 4388c13fa..116bdb92f 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -25,6 +25,11 @@ fsType = "zfs"; }; + fileSystems."/var/download" = { + device = "tank/download"; + fsType = "zfs"; + }; + fileSystems."/var/lib/containers" = { device = "tank/containers"; fsType = "zfs"; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 8405b0f1f..39c0791fc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -8,14 +8,13 @@ with import <stockholm/lib>; <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/git.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/browsers.nix> <stockholm/lass/2configs/programs.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/backup.nix> + <stockholm/lass/2configs/blue-host.nix> ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 14aca598e..13a8b3e41 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -7,6 +7,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/blue-host.nix> + <stockholm/lass/2configs/power-action.nix> { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix new file mode 100644 index 000000000..ff7b23687 --- /dev/null +++ b/lass/1systems/yellow/config.nix @@ -0,0 +1,167 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.yellow; + + system.activationScripts.downloadFolder = '' + mkdir -p /var/download + chown download:download /var/download + chmod 775 /var/download + ''; + + users.users.download = { uid = genid "download"; }; + users.groups.download.members = [ "transmission" ]; + users.users.transmission.group = mkForce "download"; + + systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ]; + services.transmission = { + enable = true; + settings = { + download-dir = "/var/download/finished"; + incomplete-dir = "/var/download/incoming"; + incomplete-dir-enable = true; + umask = "002"; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + services.nginx = { + enable = true; + package = pkgs.nginx.override { + modules = with pkgs.nginxModules; [ + fancyindex + ]; + }; + virtualHosts."dl" = { + default = true; + locations."/Nginx-Fancyindex-Theme-dark" = { + extraConfig = '' + alias ${pkgs.fetchFromGitHub { + owner = "Naereen"; + repo = "Nginx-Fancyindex-Theme"; + rev = "e84f7d6a32085c2b6238f85f5fdebe9ceb710fc4"; + sha256 = "0wzl4ws2w8f0749vxfd1c8c21p3jw463wishgfcmaljbh4dwplg6"; + }}/Nginx-Fancyindex-Theme-dark; + autoindex on; + ''; + }; + locations."/" = { + root = "/var/download/finished"; + extraConfig = '' + fancyindex on; + fancyindex_header "/Nginx-Fancyindex-Theme-dark/header.html"; + fancyindex_footer "/Nginx-Fancyindex-Theme-dark/footer.html"; + dav_methods PUT DELETE MKCOL COPY MOVE; + + create_full_put_path on; + dav_access all:r; + ''; + }; + }; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + ]; + }; + + services.openvpn.servers.nordvpn.config = '' + client + dev tun + proto udp + remote 82.102.16.229 1194 + resolv-retry infinite + remote-random + nobind + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + persist-key + persist-tun + ping 15 + ping-restart 0 + ping-timer-rem + reneg-sec 0 + comp-lzo no + + explicit-exit-notify 3 + + remote-cert-tls server + + #mute 10000 + auth-user-pass ${toString <secrets/nordvpn.txt>} + + verb 3 + pull + fast-io + cipher AES-256-CBC + auth SHA512 + + <ca> + -----BEGIN CERTIFICATE----- + MIIEyjCCA7KgAwIBAgIJANIxRSmgmjW6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD + VQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQMA4GA1UEChMH + Tm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUyMjkubm9yZHZw + bi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEWEGNlcnRAbm9y + ZHZwbi5jb20wHhcNMTcxMTIyMTQ1MTQ2WhcNMjcxMTIwMTQ1MTQ2WjCBnjELMAkG + A1UEBhMCUEExCzAJBgNVBAgTAlBBMQ8wDQYDVQQHEwZQYW5hbWExEDAOBgNVBAoT + B05vcmRWUE4xEDAOBgNVBAsTB05vcmRWUE4xGjAYBgNVBAMTEWRlMjI5Lm5vcmR2 + cG4uY29tMRAwDgYDVQQpEwdOb3JkVlBOMR8wHQYJKoZIhvcNAQkBFhBjZXJ0QG5v + cmR2cG4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv++dfZlG + UeFF2sGdXjbreygfo78Ujti6X2OiMDFnwgqrhELstumXl7WrFf5EzCYbVriNuUny + mNCx3OxXxw49xvvg/KplX1CE3rKBNnzbeaxPmeyEeXe+NgA7rwOCbYPQJScFxK7X + +D16ZShY25GyIG7hqFGML0Qz6gpZRGaHSd0Lc3wSgoLzGtsIg8hunhfi00dNqMBT + ukCzgfIqbQUuqmOibsWnYvZoXoYKnbRL0Bj8IYvwvu4p2oBQpvM+JR4DC+rv52LI + 583Q6g3LebQ4JuQf8jgxvEEV4UL1CsUBqN3mcRpVUKJS3ijXmzEX9MfpBRcp1rBA + VsiE4Mrk7PXhkwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFFIv1UuKN2NXaVjRNXDT + Rs/+LT/9MIHTBgNVHSMEgcswgciAFFIv1UuKN2NXaVjRNXDTRs/+LT/9oYGkpIGh + MIGeMQswCQYDVQQGEwJQQTELMAkGA1UECBMCUEExDzANBgNVBAcTBlBhbmFtYTEQ + MA4GA1UEChMHTm9yZFZQTjEQMA4GA1UECxMHTm9yZFZQTjEaMBgGA1UEAxMRZGUy + Mjkubm9yZHZwbi5jb20xEDAOBgNVBCkTB05vcmRWUE4xHzAdBgkqhkiG9w0BCQEW + EGNlcnRAbm9yZHZwbi5jb22CCQDSMUUpoJo1ujAMBgNVHRMEBTADAQH/MA0GCSqG + SIb3DQEBCwUAA4IBAQBf1vr93OIkIFehXOCXYFmAYai8/lK7OQH0SRMYdUPvADjQ + e5tSDK5At2Ew9YLz96pcDhzLqtbQsRqjuqWKWs7DBZ8ZiJg1nVIXxE+C3ezSyuVW + //DdqMeUD80/FZD5kPS2yJJOWfuBBMnaN8Nxb0BaJi9AKFHnfg6Zxqa/FSUPXFwB + wH+zeymL2Dib2+ngvCm9VP3LyfIdvodEJ372H7eG8os8allUnkUzpVyGxI4pN/IB + KROBRPKb+Aa5FWeWgEUHIr+hNrEMvcWfSvZAkSh680GScQeJh5Xb4RGMCW08tb4p + lrojzCvC7OcFeUNW7Ayiuukx8rx/F4+IZ1yJGff9 + -----END CERTIFICATE----- + </ca> + key-direction 1 + <tls-auth> + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 49b2f54c6ee58d2d97331681bb577d55 + 054f56d92b743c31e80b684de0388702 + ad3bf51088cd88f3fac7eb0729f2263c + 51d82a6eb7e2ed4ae6dfa65b1ac764d0 + b9dedf1379c1b29b36396d64cb6fd6b2 + e61f869f9a13001dadc02db171f04c4d + c46d1132c1f31709e7b54a6eabae3ea8 + fbd2681363c185f4cb1be5aa42a27c31 + 21db7b2187fd11c1acf224a0d5a44466 + b4b5a3cc34ec0227fe40007e8b379654 + f1e8e2b63c6b46ee7ab6f1bd82f57837 + 92c209e8f25bc9ed493cb5c1d891ae72 + 7f54f4693c5b20f136ca23e639fd8ea0 + 865b4e22dd2af43e13e6b075f12427b2 + 08af9ffd09c56baa694165f57fe2697a + 3377fa34aebcba587c79941d83deaf45 + -----END OpenVPN Static key V1----- + </tls-auth> + ''; +} diff --git a/lass/1systems/yellow/physical.nix b/lass/1systems/yellow/physical.nix new file mode 100644 index 000000000..7499ff723 --- /dev/null +++ b/lass/1systems/yellow/physical.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = false; + environment.variables.NIX_REMOTE = "daemon"; +} diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 9b44e8f0e..d781f8c71 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -126,6 +126,12 @@ in { restartIfChanged = false; }; + nixpkgs.config.packageOverrides = super: { + dmenu = pkgs.writeDashBin "dmenu" '' + ${pkgs.fzfmenu}/bin/fzfmenu "$@" + ''; + }; + krebs.xresources.enable = true; lass.screenlock.enable = true; } diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 86158c468..d3775b5df 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -26,6 +26,7 @@ ''; }; virtualHosts."cache.krebsco.de" = { + forceSSL = true; serverAliases = [ "cache.lassul.us" ]; enableACME = true; locations."/".extraConfig = '' diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index fba996743..9cf294afd 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -81,6 +81,7 @@ in { host = "${host}.r", targetdir = "/var/lib/containers/.blue", rsync = { + archive = true, owner = true, group = true, }; diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix deleted file mode 100644 index 8d0fb0d02..000000000 --- a/lass/2configs/downloading.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -{ - users.extraUsers = { - download = { - name = "download"; - home = "/var/download"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "download" - ]; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - lass-shodan.pubkey - lass-icarus.pubkey - lass-daedalus.pubkey - lass-helios.pubkey - makefu.pubkey - wine-mors.pubkey - ]; - }; - - transmission = { - extraGroups = [ - "download" - ]; - }; - }; - - users.extraGroups = { - download = { - members = [ - "download" - "transmission" - ]; - }; - }; - - krebs.rtorrent = { - enable = true; - web = { - enable = true; - port = 9091; - basicAuth = import <secrets/torrent-auth>; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = 51413; - downloadDir = "/var/download/finished"; - # dump old torrents into watch folder to have them re-added - watchDir = "/var/download/watch"; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } - ]; - }; -} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 9bb70d1c2..1ee45bb41 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -93,6 +93,7 @@ with import <stockholm/lib>; { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } { from = "lesswrong@lassul.us"; to = lass.mail; } + { from = "nordvpn@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 9ea91ae19..36e797a96 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -174,6 +174,16 @@ let macro pager a "<modify-labels>-archive\n" # tag as Archived + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index U "<modify-labels>+unread\n" + macro index u "<modify-labels>-unread\n" + macro pager U "<modify-labels>+unread\n" + macro pager u "<modify-labels>-unread\n" + + bind index t noop bind pager t noop macro index t "<modify-labels>" # tag as Archived diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 85faded14..987632cd1 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -5,7 +5,6 @@ with import <stockholm/lib>; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (import <stockholm/lib>) genid; admin-password = import <secrets/icecast-admin-pw>; source-password = import <secrets/icecast-source-pw>; @@ -31,7 +30,7 @@ in { "${name}" = rec { inherit name; group = name; - uid = genid name; + uid = genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; diff --git a/lass/2configs/tests/dummy-secrets/nordvpn.txt b/lass/2configs/tests/dummy-secrets/nordvpn.txt new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/nordvpn.txt diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix deleted file mode 100644 index 14d6ce9ec..000000000 --- a/lass/2configs/websites/fritz.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - inherit (import <stockholm/lib>) - genid - head - ; - inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - servePage - serveWordpress - ; - - msmtprc = pkgs.writeText "msmtprc" '' - account default - host localhost - ''; - - sendmail = pkgs.writeDash "msmtp" '' - exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" - ''; - -in { - - services.nginx.enable = true; - - imports = [ - ./default.nix - ./sqlBackup.nix - - (serveWordpress [ "radical-dreamers.de" "www.radical-dreamers.de" ]) - - (serveWordpress [ "gs-maubach.de" "www.gs-maubach.de" ]) - - (serveWordpress [ "spielwaren-kern.de" "www.spielwaren-kern.de" ]) - - (servePage [ "familienpraxis-korntal.de" "www.familienpraxis-korntal.de" ]) - - (serveWordpress [ "ttf-kleinaspach.de" "www.ttf-kleinaspach.de" ]) - - (serveWordpress [ "eastuttgart.de" "www.eastuttgart.de" ]) - - (serveWordpress [ "goldbarrendiebstahl.radical-dreamers.de" ]) - ]; - - lass.mysqlBackup.config.all.databases = [ - "eastuttgart_de" - "radical_dreamers_de" - "spielwaren_kern_de" - "ttf_kleinaspach_de" - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - - users.users.goldbarrendiebstahl = { - home = "/srv/http/goldbarrendiebstahl.radical-dreamers.de"; - uid = genid "goldbarrendiebstahl"; - createHome = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.fritz.pubkey - ]; - }; - - services.phpfpm.phpOptions = '' - sendmail_path = ${sendmail} -t - ''; -} diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b72b20928..17af0d00d 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -3,7 +3,7 @@ with lib; let inherit (import <stockholm/lib>) - genid + genid_uint31 ; in { @@ -22,7 +22,7 @@ in { krebs.tinc_graphs.enable = true; users.users.lass-stuff = { - uid = genid "lass-stuff"; + uid = genid_uint31 "lass-stuff"; description = "lassul.us blog cgi stuff"; home = "/var/empty"; }; @@ -66,22 +66,6 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; - locations."/urlaubyay2018".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/india2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; - locations."/heilstadt".extraConfig = '' - autoindex on; - alias /srv/http/lassul.us-media/grabowsee2018; - auth_basic "Restricted Content"; - auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' - c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 - ''}; - ''; locations."/krebspage".extraConfig = '' default_type "text/html"; alias ${pkgs.krebspage}/index.html; @@ -140,7 +124,7 @@ in { }; users.users.blog = { - uid = genid "blog"; + uid = genid_uint31 "blog"; description = "lassul.us blog deployment"; home = "/srv/http/lassul.us"; useDefaultShell = true; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 974e11c6e..f6ce7ccc9 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -142,7 +142,7 @@ with import <stockholm/lib>; users.users = mapAttrs' (_: cfg: nameValuePair cfg.name { - uid = genid cfg.name; + uid = genid_uint31 cfg.name; home = "/home/${cfg.name}"; useDefaultShell = true; createHome = true; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 3a4970767..f86a4a69b 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -38,7 +38,7 @@ import XMonad.Hooks.EwmhDesktops (ewmh) import XMonad.Hooks.FloatNext (floatNext) import XMonad.Hooks.FloatNext (floatNextHook) import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts)) -import XMonad.Hooks.Place (placeHook, smart) +import XMonad.Hooks.ManageHelpers (composeOne, doCenterFloat, (-?>)) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Layout.FixedColumn (FixedColumn(..)) @@ -84,7 +84,7 @@ main' = do { terminal = myTerm , modMask = mod4Mask , layoutHook = smartBorders $ myLayoutHook - , manageHook = placeHook (smart (1,0)) <+> floatNextHook <+> floatHooks + , manageHook = floatHooks <+> floatNextHook , startupHook = whenJustM (liftIO (lookupEnv "XMONAD_STARTUP_HOOK")) (\path -> forkFile path [] Nothing) @@ -99,13 +99,12 @@ myLayoutHook = defLayout defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat) floatHooks :: Query (Endo WindowSet) -floatHooks = composeAll . concat $ - [ [ title =? t --> doFloat | t <- myTitleFloats] - , [ className =? c --> doFloat | c <- myClassFloats ] ] - where - myTitleFloats = [] - myClassFloats = ["Pinentry"] -- for gpg passphrase entry - +floatHooks = composeOne + [ className =? "Pinentry" -?> doCenterFloat + , title =? "fzfmenu" -?> doCenterFloat + , title =? "glxgears" -?> doCenterFloat + , resource =? "Dialog" -?> doFloat + ] myKeyMap :: [([Char], X ())] myKeyMap = @@ -114,6 +113,7 @@ myKeyMap = , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") + , ("M4-z", spawn "${pkgs.emot-menu}/bin/emoticons") , ("<XF86AudioMute>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-mute @DEFAULT_SINK@ toggle") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") @@ -163,6 +163,9 @@ myKeyMap = , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") + , ("M4-<F9>", spawn "${pkgs.redshift}/bin/redshift -O 4000 -g 0.9:0.8:0.8") + , ("M4-<F10>", spawn "${pkgs.redshift}/bin/redshift -x") + , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("M4-s", spawn "${pkgs.knav}/bin/knav") diff --git a/lass/5pkgs/emot-menu/default.nix b/lass/5pkgs/emot-menu/default.nix new file mode 100644 index 000000000..d5d84e456 --- /dev/null +++ b/lass/5pkgs/emot-menu/default.nix @@ -0,0 +1,31 @@ +{ coreutils, dmenu, gnused, writeDashBin, writeText, xdotool }: let + + emoticons = writeText "emoticons" '' +¯\(°_o)/¯ | dunno lol shrug dlol +¯\_(ツ)_/¯ | dunno lol shrug dlol +( ͡° ͜ʖ ͡°) | lenny +¯\_( ͡° ͜ʖ ͡°)_/¯ | lenny shrug dlol +( ゚д゚) | aaah sad noo +ヽ(^o^)丿 | hi yay hello +(^o^; | ups hehe +(^∇^) | yay +┗(`皿´)┛ | angry argh +ヾ(^_^) byebye!! | bye +<(^.^<) <(^.^)> (>^.^)> (7^.^)7 (>^.^<) | dance +(-.-)Zzz... | sleep +(∩╹□╹∩) | oh noes woot +™ | tm +ζ | zeta +(╯°□°)╯ ┻━┻ | table flip +(」゜ロ゜)」 | why woot + ''; + +in +writeDashBin "emoticons" '' + set -efu + + data=$(${coreutils}/bin/cat ${emoticons}) + emoticon=$(echo "$data" | ${dmenu}/bin/dmenu | ${gnused}/bin/sed 's/ | .*//') + ${xdotool}/bin/xdotool type -- "$emoticon" + exit 0 +'' diff --git a/lass/5pkgs/fzfmenu/default.nix b/lass/5pkgs/fzfmenu/default.nix new file mode 100644 index 000000000..905a5ce6b --- /dev/null +++ b/lass/5pkgs/fzfmenu/default.nix @@ -0,0 +1,45 @@ +{ pkgs, ... }: + +pkgs.writeDashBin "fzfmenu" '' + set -efu + PROMPT=">" + for i in "$@" + do + case $i in + -p) + PROMPT="$2" + shift + shift + break + ;; + -l) + # no reason to filter number of lines + LINES="$2" + shift + shift + break + ;; + -i) + # we do this anyway + shift + break + ;; + *) + echo "Unknown option $1" >&2 + shift + ;; + esac + done + INPUT=$(${pkgs.coreutils}/bin/cat) + OUTPUT="$(${pkgs.coreutils}/bin/mktemp)" + ${pkgs.rxvt_unicode}/bin/urxvt \ + -name fzfmenu -title fzfmenu \ + -e ${pkgs.dash}/bin/dash -c \ + "echo \"$INPUT\" | ${pkgs.fzf}/bin/fzf \ + --history=/dev/null \ + --no-sort \ + --prompt=\"$PROMPT\" \ + > \"$OUTPUT\"" 2>/dev/null + ${pkgs.coreutils}/bin/cat "$OUTPUT" + ${pkgs.coreutils}/bin/rm "$OUTPUT" +'' diff --git a/lib/default.nix b/lib/default.nix index 4cb0332ca..348d47e85 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -13,8 +13,9 @@ let ne = x: y: x != y; mod = x: y: x - y * (x / y); - genid = import ./genid.nix { inherit lib; }; - genid_uint31 = x: ((lib.genid x) + 16777216) / 2; + genid = lib.genid_uint32; # TODO remove + genid_uint31 = x: ((lib.genid_uint32 x) + 16777216) / 2; + genid_uint32 = import ./genid.nix { inherit lib; }; lpad = n: c: s: if lib.stringLength s < n diff --git a/lib/types.nix b/lib/types.nix index 016853300..41e75154e 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -19,7 +19,7 @@ rec { default = config._module.args.name; }; cores = mkOption { - type = positive; + type = uint; }; nets = mkOption { type = attrsOf net; diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index 34a75dbd3..fdf203d5b 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; ]; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos - krebs.build.host = config.krebs.hosts.iso; + krebs.build.host = { cores = 0; }; isoImage.isoBaseName = lib.mkForce "stockholm"; krebs.hidden-ssh.enable = true; environment.systemPackages = with pkgs; [ |