diff options
| author | tv <tv@krebsco.de> | 2016-04-07 20:29:33 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-04-07 20:29:33 +0200 |
| commit | e1a287c78bab2847fee7c4f1a18a765d89ca373f (patch) | |
| tree | 336fc62199af9b1c38acf2de0a2bafbe8ed72efc | |
| parent | 033bf438bd2ae39d6a465c475500a24514cc2739 (diff) | |
| parent | 66b7a76a26a40bd4ecca8c83aafe5f2e5fefa461 (diff) | |
Merge remote-tracking branch 'gum/master'
46 files changed, 683 insertions, 172 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 77fb3d61c..be530d46f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -21,6 +21,7 @@ let ./go.nix ./iptables.nix ./lib.nix + ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix ./on-failure.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4bf10ac56..3d54900e4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -19,6 +19,7 @@ with config.krebs.lib; addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; aliases = [ "dishfire.retiolum" + "dishfire.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -50,8 +51,10 @@ with config.krebs.lib; addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"]; aliases = [ "echelon.retiolum" + "echelon.r" "cgit.echelon.retiolum" "go.retiolum" + "go.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -83,6 +86,7 @@ with config.krebs.lib; addrs6 = ["42:0000:0000:0000:0000:0000:0000:15ab"]; aliases = [ "prism.retiolum" + "prism.r" "cgit.prism.retiolum" ]; tinc.pubkey = '' @@ -114,6 +118,7 @@ with config.krebs.lib; addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; aliases = [ "fastpoke.retiolum" + "fastpoke.r" "cgit.fastpoke.retiolum" ]; tinc.pubkey = '' @@ -128,6 +133,7 @@ with config.krebs.lib; ''; }; }; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRyEogeejET/UlqYYzrla3W2xG771oLK8uTFsVlVQFes4/c++Pp3KryJ/+avb/FQGlUb5YTO2SViZyAPTyw3Anv/8wxryB6ExDcfiiPL9D4Kgk559Gc1C+8vJu3Se3zB9huefllhdwsVkeFrInyWRarH3LNSbBq1TH2Rw/T4wyDVILu/QFxyqECdNzi6sufQ/92rEi3oDqlMbS8f45nbVm9CJpdn7ATwLW1PoBrrYkGll3P7ggOmR45rgldTVCLq3rIrIooiOaOhY1Leq+/sBeDa7fVeRFxFaLGYb9KFjQ4x2kL+3dDv0r726wKhrMQX75g/+Hqkv2di4/AGETI71b"; }; cloudkrebs = { cores = 1; @@ -144,6 +150,7 @@ with config.krebs.lib; addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f762"]; aliases = [ "cloudkrebs.retiolum" + "cloudkrebs.r" "cgit.cloudkrebs.retiolum" ]; tinc.pubkey = '' @@ -173,6 +180,7 @@ with config.krebs.lib; addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; aliases = [ "uriel.retiolum" + "uriel.r" "cgit.uriel.retiolum" ]; tinc.pubkey = '' @@ -203,6 +211,7 @@ with config.krebs.lib; addrs6 = ["42:0:0:0:0:0:0:dea7"]; aliases = [ "mors.retiolum" + "mors.r" "cgit.mors.retiolum" ]; tinc.pubkey = '' @@ -229,6 +238,7 @@ with config.krebs.lib; addrs6 = ["42:0:0:0:0:0:0:7105"]; aliases = [ "helios.retiolum" + "helios.r" "cgit.helios.retiolum" ]; tinc.pubkey = '' @@ -253,6 +263,7 @@ with config.krebs.lib; lass = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; mail = "lass@mors.retiolum"; + pgp.pubkeys.default = builtins.readFile ./default.pgp; }; lass-uriel = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; diff --git a/krebs/3modules/lass/default.pgp b/krebs/3modules/lass/default.pgp new file mode 100644 index 000000000..38e2fa8df --- /dev/null +++ b/krebs/3modules/lass/default.pgp @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFSZ3/oBEADYvRPoLdDkASIArXyWR5ccugJQURxMDgphAGrvj6qskSkn0chF +gnc/kcQr4aVTaDFdonSyHjYvspDOZm5BgHAICCu1PL8rkMTGS+vHM5dlwnok6IKy +e2aLjLPq5sHyp4+Zeq1eHe5TQ1cgN0cPdMMnEHd8GQke21pRQ5Vz79s8qRfWlt1Y ++OQ5uY/52iZ9qJ11/N4bPPe/Zm63sRTpGw14i8UCgBAsMQOG1XPUX2/IJc1CC9+1 +Ohn/hPCbIdCbwOs7/HFFMRWmV6w4ul9gr7Js0owkWAS8FNOactS2i2SSwdONetKs +UbCVQ1PubPBZvh2Vij/oUBK5BvfNDR6nRYhOjYbt6PW/Q6bjqGecjnlO98dpcqag ++8bdl1JY9FpE4RzfuRgAFjVbtNztrmm9t6EuOHGZ5ec34TG9+i02ixh0YTEDK/Yt +my2MfIbGUbeIYRKJscqgxKkL6nv4x0lOvs8nDiUmqztGdSdTGni+BAWZz3+1xaJH +DTyQ36qYauBb5FWneRTBeagrDOAvvk/WxS+fMFZpnQovevOQBqxEL62fntikmMFn +ddPgq7R1VPdivvr+BO8yMI8i45Vn9EzIJR02WAp7oAsT966yzopVT4JLT8++CVPh +/VBrFID9yRyWjW5IJPsMsOt7z3UJaP08ua0UG4uVqo6dT6IdR8jKKxYdvwARAQAB +tCBsYXNzdWx1cyA8bGFzc3VsdXNAYWlkc2JhbGxzLmRlPokCPQQTAQoAJwUCVJnf ++gIbAwUJBaOagAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRAyqvthRFEnnviI +D/95QdNgttsly9CUeHKGfNGlJ2NgDepqob/VR2385q7cXCbFftRIsD0vaWYfsQ87 +kbKs3fpeHz8teKqZtMnXYkPIaSK0TcoaqQtyfkmj+agP2YRSkNYonlmmCiCWkodP +2VnnmRUSwHcgxS14xsUHh13JXsU5nTHDAdJqOxUX6l6Lxb989h7Q8wTn5SX1XRVd +0U5P7fNXKvVF34J6uGyWraxQLOqJEEzi82F/61hbI6zVPhxu/R+qmiSqgHIlp0ax +u+8u3eyDVP1q95AMPaL1GsNYDcSl5njbkEbruSmjVcO99cD1ZLAODFJuaa+h/IvQ +HoPnFL3hRo0SHt/RimokboJL7nx5jT/0y+FtGuPMVKUqiLApOfoeWeHWVKgMLV/0 +1+O4jEDRMNSIClI2YHdgyuQPBuHkaYXrrpDpJnYDEz2qAiijx+xIAPzifxebuVFV +NQl/XnXlzTmYrt0GHfCrNZa/ZtsqQqnJSRpydjey+ATGgs+3Oqa6z8lHhYx83ST2 +cGsUmSnzk0TnxXmqwWxb3aGA0kO50atrObWwNXud7n3hu4V0FWwfHXUk8gJxtMN6 +IenjLcI0WyLwSKvTazF6GSgtUhwNgON88eiqLS8CWdop4CEyEUfxFoZeQoS72Yzq +4pSOYPnbRDcBn2zkYaWyCTmf9qvWbZOu0Sl2lfy9n5LiKrkCDQRUmd/6ARAAq+Mt +/9LohA9Qnz/GjE504h38G3USXgEV9/ctr2PXkc2onW67u45trLSYLyCK6kDq3VIN +/3uLt8Pr+IL41NntW1exRtqohVeKI38CCqR5RP9tVxLkyxnpA/SPpSvOjWhyBkph +MRXYta1+nBHwxSaPcc2e+15pk/cYgg0cTY7Nvgo+wL4bgI+b2OHwwIwRov/t4aim +0y63OaCG82NqWrX7i2ONaR8RsZ8RHLnC+TyFaoj0mdp+vp4WFwxbqcIq+Vvn1m5j +gPlkzXK4Yrykp2IULGuj+qZyS043FzZYhbxZoE85zIMtQ5gV/ktaP25+YsU1bwb9 +75FQvdMM827bbOJJ67/l96asQNg1TMzosL8/t9xLPDry4YYu8kRIPZgKWvT0Eg1Q +AWzWJCXplTdPlhj660OCGuuyv/XJIbhqtBVZhIyR7gs6EZHZ6FHax7F41fEWGgSv +WVAMrjrnG4XYAyCP1yiW1i7/ogCzKXYvV42tzBFuPcza6jhBnU17w5E7nwYaEWgA +02Ai7aTK9WDAi8j8emQ8XppU9hqEILSvR5tG4R0YOAUbIUplIpnpf8KcEhNy48ei +MuhiTJBjPyu7bRJoZXvipNPjqhESGlvrcr1QKuEqPLRcfLo3DOt3zgxBqOZZGHKL +ckaud05wevMPK09F7taLgwBCHOmAxiMa5NQVjL8AEQEAAYkCJQQYAQoADwUCVJnf ++gIbDAUJBaOagAAKCRAyqvthRFEnngGYD/wP77ax6yczKT/AHEvqyMMRPigLHIHy +XIWt8uNKwbn1RTXuH9Nj1rtVuj7ck4jscNwmDYeT52ZDxHQjLHWgAG0CBq6afdBi +VwLur6M7jv0EwY/SMed+QD1+a59kiO8+difwLDF+Q50lYQ4fmSGsfdQ4Qxesm92r +Y1Q/xFg1K9MNZbItpzYTE4P+ii4kU5BnWwExX2OEhhlrNUjJhA30HvvUID6bsguq +Jl7mWnGpS5YYqPxiABNI++TzYXQvP95nWGROvdx2vSPuJ756S8VJ81LL7BmQyQzq +8S/ciHjmgtgLRyncqqXl1uJBqtK+50vEFHxJrANdDNzD+K4S7+23DpRsmEl/2ECQ +laGsU6HtYbnr+hc1alE4uNMEN1/a75EFI59BISnUm8jIy1nLhcIXMhFh4JuG7kGk +2ePa4Gv2DafMR8N0WYPIhP3LIIDP0s9gv2QSA+5BmI9OhZDkz9Ubuut1+PMfWCXm +aNmF2Bh8puTffsFxGJSiQ4CXDzuNRqMR5wB0OCnB/WAnuZhRAJhXmgR8FJY+EvTN +PcA1QZIZ0hQGVf8eJ5Gx4W1w2Q6mQCGnCy1XtEkZP0BOP0Or5CMtqP/VSuwaF4wh +4FLYTOLZ7oDr2ErK/bhnpuoPoUU0y3n7AG/nhtmqenlMPLWB246XnEoJMb6Ar8vW +It6jrzDh3+COSQ== +=0gFT +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/makefu/brain.pgp b/krebs/3modules/makefu/brain.pgp new file mode 100644 index 000000000..739385a38 --- /dev/null +++ b/krebs/3modules/makefu/brain.pgp @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFXn/k4BEACmXMbhoAKsMC/gFqBrQq2mgvo8+FnUe4F6JznVh7NiPH0PUdDw +jRnK2EEpD+NoDt3A0jtq6C+wnr1V+p/jYAPxRcvv8a7ym+xuA4sBIPrlW1fQIuWF +EjYnUVnN16Qa1xJiQQyEDeleAxgg0luOdqBZ0myT84a9O0deN8JM+zwqT/+sLY9c +2fVGNv496/mt7Ct294QbS6cfdR26r8PZ1Wfo8cr8UhFfFft0TE267HJdoJ8NBvH/ +BSEcoaS3kaxk2YyOdAJ1RgEoQY2w1/jeZv5IUyO7azAQUhbqBK7nVbgUd2l3nf4v +qmgNvvtcAlccY6L2M8BR6TI4Yw2hfbLOHPVTNjFlMXXX/MDYFFF9+GqmYOjyy5dy +8m4qA4ZEoHG9XT+xsZAsHJRFPBacSp2ydoVdlkJsEQnabb78NXLusgBBxhOmvVHe +5SeIvsrpn83/aIeHpLUQbzUdK3osERZUBTp9Pr0+dB+UkqThjE3MPntKcawm4cGN +dXY6iNXH4gGPOjb5ed0OzDiRS2bVyb0/F2wYXvIPE2e0CwJ0io2rRT410HfpFkWD +OPENdlNYb6FCXc4fpGxdtFL0hE6RZqBvwQAN9iDkEj+DxEwUc+yyroFRI25y+T1z +68T0xqVfKXUqcOmsACKtjlQ5QcikCj8kC9bNDln7v1Q9argSEJXJDdf3cwARAQAB +tBhwdyB1c2VyIDxyb290QGxvY2FsaG9zdD6JAjgEEwECACIFAlXn/k4CGwMGCwkI +BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDtOh4EJ4fmcIecP/1+HMD22wilyb3hQ +QLKz+Wx37ZM6w0p9o0lMEeeUpcYPtWeVBqID6vxmqFwIOU5LtkHiE0yO8AcW7TYx +14Ql3mPWd594fKXr04mN9RM9wTr09S0P4nqKuq0cR3x5s4C30DoKoUqt3ZKSZRW/ +4suhvebfYiTjlE5joH4lZy7bMaH2HpvLacZXGcyH7cmYfLuZekf1kNXRDh40IgrH +uzsXFoflhLEZouKWiV3mWFo1iIckvTDrFNHuJj5oHP2D3J1RYdbPNP+5yOu/34mt +wPK/R6MxXY+zKWZWU59Ll5nx+2wUkIP/MaE9Ubx1W0UdeB4In/Y/HhV2fwd9DFsq +cbKofeDRblEdaaTjiqc1MjSxyhPplApgG4389gXX4vszAuyxBq6AecJobYkzmVek +EOJVVqDFoT+a70p5hWMP5nQV7dE3jyy1esm6cjF9iv0cRf/GqZAIiNdeo9av56OO +H5uwamTwcRrDsy4xWzowUfJDB+nJzlXw08aQRTfczCZ3n5hXvqqxuoweH08hfm/S +oa0gU95mCkHYbscaxjXnkEgbuvCiVRhDqd8rZpi5WxNV63zHIaoeXIPVJH0zswIJ +MT2LofWB8W8in48rmRvUdzZlm/++c/9+evNyNyAyOmdRk6fP0nHdRmuINyeKc67P +0BrVstk/cywbNbpNBt+2uUJCemBBuQINBFXn/k4BEADQYsT81uL8XE9homHLRai0 +3Xo/gVe5lwXWouzzVImEQIICvmBCjdzA1nPfKvdBcFsBfOro6aefETq/cZeL16It +zJKhh2HDJ/7oCuJM0OufkwoSBwJ4f0I+0zXsPZV0+P1ijPaKunYW+YpoFm3z8rLc +iX/kxYRgo13jCNphL/TKOoq3ZTREzDcBk9QR8yLTV5i0j1qrlIsAx7iTv1jrC1L6 +fBZm40+wn0ahz9IgBWWv588i+1f7ekKQBYXi9n2+hSfMQ0ebhW14xG72eXDzV14Q +Yra+FNMOCeKhmHH9PnVw0NkwRPbtL92ZySeFMHxhYnBPckqBUuEO12TXUMWA9fzj +rpBjJWEtCRCeaSLAe5Nzleb09NKO3z4ghwedef/Cz8XZ+XDIpE/1yTQy0lSuLosw +ScmwG9UPYxpWWqJmC+H6GQ0qQmCgmPYG8b20JvnqROmsLooC/xmf4seT8J+fYpKt +fkQiuOd8RecW+1jyfr7qy2S3roNgNl7hyzlIHmtGnn3rYC4uCe4VjosvcPmnXP6N +Jcck3dQnFxmE+/JS1zdH47nDGJsn5fFrArdfU9DLGjU/L7BJt99vIvif89B2FF/n +0cR7bLeY72P1oJw+tgrsjo9uaS9u9vk/J8+Rhf3TIqbHfFh7/42sdkgk3Mqha+Bn +wAOpUP3tjdDTwow9/2iYjQARAQABiQIfBBgBAgAJBQJV5/5OAhsMAAoJEDtOh4EJ +4fmcTy8P/03eVL9GoarIjwRxYY8U23fU4xNIypkNrjspjJHVRcKJFCyA2/R9toKf +0XGJIM2fwBo6beH0rinq8Xm8hrT/gFIWupuDLSTR/km0UD6CtfFOIt+5jw3c5mMR +u9DbSWAiRYGzQKYYZUy5mdMG/kokDRSm5D0lO+YnLZtpECZn/Zi5rPKzbGyMus+a +fm8a/eNko+Eg6j8FSYBm+d8SKYdoLJN3R7hYji7JuERMs+UZMsuriSAn2Af2Jn1I +hc7fiwotrMdNifyWCtYqiFvcrsm8K8EC2J0KsieydBHwCuamlqTrjqVejbITD8Jl +ghTGNHe/crP7/XKTjKva+1+VJAHDLylZgcArQSKa+SsWB/GoKB0x9UEWThJ1DLi4 +j2GhNlCIYZtPBQMu3+2btDj0A3IUQp4aW0nd5+0zz0H7JVrl+pI37uUxTiXCZG9X +fjXrcP3niJhraHTG8mWD1v8+cG3NXpv/IZN82Z+sQlpabwjpybag2CeTfhEoFtEl +V6ez9wpgBKeDsLDLOB8VRgpsikw9f6H8GAUZe2PjKUwiDtptqa37nU+3A6wPiO2s +AWT/7D6vhMpDncp7E9DcsmsU9LNt7D+ISqi4uLKYJcfmqbJOui2YFo3zsYP8TqQD +JTZ1lSpFpipJpi6mAzQUS4P3H+aUjeW/LWiSS/YNmGIOAUeB6Y3c +=rEQB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 50419f037..bd7c0db48 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -89,19 +89,14 @@ with config.krebs.lib; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAwW+RjRcp3uarkfXZ+FcCYY2GFcfI595GDpLRuiS/YQAB3JZEirHi - HFhDJN80fZ9qHqtq9Af462xSx+cIb282TxAqCM1Z9buipOcYTYo0m8xIqkT10dB3 - mR87B+Ed1H6G3J6isdwEb9ZMegyGIIeyR53FJQYMZXjxdJbAmGMDKqjZSk1D5mo+ - n5Vx3lGzTuDy84VyphfO2ypG48RHCxHUAx4Yt3o84LKoiy/y5E66jaowCOjZ6SqG - R0cymuhoBhMIk2xAXk0Qn7MZ1AOm9N7Wru7FXyoLc7B3+Gb0/8jXOJciysTG7+Gr - Txza6fJvq2FaH8iBnfezSELmicIYhc8Ynlq4xElcHhQEmRTQavVe/LDhJ0i6xJSi - aOu0njnK+9xK+MyDkB7n8dO1Iwnn7aG4n3CjVBB4BDO08lrovD3zdpDX0xhWgPRo - ReOJ3heRO/HsVpzxKlqraKWoHuOXXcREfU9cj3F6CRd0ECOhqtFMEr6TnuSc8GaE - KCKxY1oN45NbEFOCv2XKd2wEZFH37LFO6xxzSRr1DbVuKRYIPjtOiFKpwN1TIT8v - XGzTT4TJpBGnq0jfhFwhVjfCjLuGj29MCkvg0nqObQ07qYrjdQI4W1GnGOuyXkvQ - teyxjUXYbp0doTGxKvQaTWp+JapeEaJPN2MDOhrRFjPrzgo3aW9+97UCAwEAAQ== + MIIBCgKCAQEAnztrijsfao+fmNtwAjqwIDKsRaMP3ECsq2T2zqKvxwCyXk69G9bG + RFhWjgaawS9ZhnHSlgWK/vtoR0O9NxpzdU/mvdQijbVGxM02DegjO9qDSIe8EGmA + kscW4nDqYtw4rtjOVPfnNiWXbcWD8eiYR0kcSWmSvfOpVvdhTETqduTx5HRHyEFD + JRQYR/tJSvVWXmM670PENAPNJFJ4VSJR60s5A+bFT7J/uw7HzJXX28LygJz73Dj2 + 2a4ev0WcZQngLq072h/91R/TOpg+ogUDVhXkQtKyFj7im0287JTL4bXGofZBhzaf + +h9dFGs1QLoNyhG/cgt9fog7boSXTelAiQIDAQAB -----END RSA PUBLIC KEY----- - ''; + ''; }; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -548,6 +543,29 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB }; }; + senderechner = rec { + cores = 2; + nets = { + retiolum = { + addrs4 = ["10.243.0.163"]; + addrs6 = ["42:b67b:5752:a730:5f28:d80d:6b37:5bda/128"]; + aliases = [ + "senderechner.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0zCc5aLVRO6NuxUoR6BVzq2PQ/U5AEjYTdGkQufRot42N29MhxY7 + lJBfPfkw/yg2FOzmAzTi62QyrLWSaF1x54rKu+JeNSsOAX+BorGhM67N45DGvJ0X + rakIL0BrVoV7Kxssq3DscGVbjbNS5B5c+IvTp97me/MpuDrfYqUyZk5mS9nB0oDL + inao/A5AtOO4sdqN5BNE9/KisN/9dD359Gz2ZGGq6Ki7o4HBdBj5vi0f4fTofZxT + BJH4BxbWaHwXMC0HYGlhQS0Y7tKYT6h3ChxoLDuW2Ox2IF5AQ/O4t4PIBDp1XaAO + OK8SsmsiD6ZZm6q/nLWBkYH08geYfq0BhQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + muhbaasu = rec { cores = 1; nets = { @@ -582,17 +600,19 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB makefu = { mail = "makefu@pornocauster.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; + pgp.pubkeys.default = builtins.readFile ./default.pgp; + pgp.pubkeys.brain = builtins.readFile ./brain.pgp; }; makefu-omo = { - inherit (makefu) mail; + inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; }; makefu-tsp = { - inherit (makefu) mail; + inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; }; makefu-vbob = { - inherit (makefu) mail; + inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; }; exco = { diff --git a/krebs/3modules/makefu/default.pgp b/krebs/3modules/makefu/default.pgp new file mode 100644 index 000000000..bc5c50b76 --- /dev/null +++ b/krebs/3modules/makefu/default.pgp @@ -0,0 +1,64 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBE6quoQBEACemTuY0Ujeygxdyds3ugPbKuIsJMCQSdXAKsCkH4vV5qam8rQP +AabpYyQfew9nCUCJa4NkKFrLnGz4d7rl1u5ihVqMctYeJqZdtX88DqqNKQXoqKQv +crF5hcZmUtbGe5eyoMV55hiODPVPTVra6pbxWwhqa0pYeXEyDy1BPoqgcP0DUFho +yBeoyw71ujgdJZvl5rq6ZVjTGuToNKHn5UBDMu6n0rl9Ha7ukL4Gx8hOhmK8yv87 +zuUzBRQkTgoC48JA3Bt0kb15ghbOV7D411ZhmhEqWwE/OBk3//6MOGu24Mm0OG8J ++tbEMysck0LYe5q5U/2cmGsqlwV6FXLmnPOj6H4XtdTBDVXo/Hp6A8mVR1sSDopc +/2TnTwv0cdGOIS1CgxUc/qS6a8h+2UGaLSPnuPBWom163YbO/vgj8Th5q3N2DiRO +EP+mGCKn1/cghU7WjMny8z59A7SeZ0rRN8KaMlFEZMlgtQf7/6EjL5Ulo5H0vb2m +G5lAfW5xz55Y6M06sEl2wJ4pkgt+jeWRItKQvyqcdFEfiJfuP0+ESmQIMvz2ZnDC +ZJzpmjP5uDwqu5THcTHvJ/ptSHRtXEiqqwrpQ0dqtwxLMJtIdgOohVoPAUNTTXcy +XmL0qZsLFI2We2v0jgYMcYw1gswsksMLLmnVWlAsBqCALRyu4Ptxrkg9NwARAQAB +tB5tYWtlZnUgPHJvb3RAc3ludGF4LWZlaGxlci5kZT6JAjgEEwECACIFAk6quoQC +GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEMk6uSvVJeKfr5UP/3vvBlZQ +9DjLRBx9YUjbq34LDl/wdDX7Fwsdb+TccUiOgKW2RAXbdnff2r5VRn4VSDUYoFfN +qtDrxKl04IWeVwiaTjCJdXp6veSpov5GcmARgPUow8v9Eu2gZw0o1LvW7NFP5e3u +YxmSTrlVGZMTCkwIkYoaETseCE0qsahWD0zCM19rAEuTkwKOQo58mXFUzNq829Ex +OAv4zIQE6V7SKKOZzXhvBu3s1ql1SDfmciaszMlwwPtwgFBkg1HrFvuimU7zqGkf +wQpWt91j8kJZdAC8iUf/7UNh/VZu+n9jtmynunRrY2PgPh6LgeDmiaTbVfHX51/3 +R01dzzTk0dnqwosNoc1u8Xsb/rTs9LDsncteUGKgiEh+LRjouGGh/C1g58dkF0wP +S00dgnEhI9d8ui/yTPa47l3zDSa/m6Nq6oEGVbZDivNDuTV1jfhrs0v3kx50aK0O +y+exKMmgxoxeCMZs53iHXiXAcsHSj+Gue6W2jDvRjaPqfxnM3GNd7y9ix8IF43R6 +n1oAZo7zWA4a5iq8yvBTjKqyDJAKu8C4kYM/9FMJlDgUjWYvNI4BiG1iw0iGVAjt +JHz/QEM/7Mg7fw1rtJB/A9ezLJGyiDcc5GwrLIVl6U8stNWF0ZqgtwWKF1lm0Faj +mPRDdOVZNTPw61YNqHJGdHVBD0usx3Xg/4V6tC5GZWxpeCBSaWNodGVyIDxGZWxp +eC5SaWNodGVyQHN5bnRheC1mZWhsZXIuZGU+iQI4BBMBAgAiBQJSpxSDAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDJOrkr1SXin4w8D/9QY5oTvCmFERHR +uUgGyU1hPomIE6RrSxoeqHsMUhUuqNeWYk0T/Oju/sZLlWUuBZHLTXeGPyFEe0/n +6ys4cqTSwCKUdB0kQO3GAzPKGmC6C5trQaMpY+A6yVi3He6rN37+XjfjrY+o7Rbl +s8K6S3jR/f/MSODjRnGNPTLsuDYKo+d4RwlWv2G+RFHueh4/aef0s3lzoDbmdJiW +zXaTqiCKgG34GzQO4hs6MsyG9mJo05qXvMAGgCyRDJkbcmwjgQonlEi6TIJyQ3J2 +CNLrl2UW5eUFKnZbWGZYL7Ojsq0UnRna6z1L4sxk1kCLxn1Gz8RiisJ1bUOM85vZ +dTyFTb9+iC43c2IbLpF139ic+hb6dYJC392cOwrT2UgfUuzqocY2V/HXjVsqsNtL +t4tnoZkZhjFMaUe5FQbUYwtA2IqqrqD7iC7ULtclYa2tvW2HIAs4VjocWxfbgY4b +He99Ma5xSNL171a34n2ZayjsI8cbYtHvVPTZ8Zs6xqsz8D+o+m0bBxGobOAkb6yN +UUdZjo5Jdcr2AxAITEgzgzcWR0sCbn+6Jj7XJuz2SYEtOhZBrY7tONoOkrysCtJD +fKOp2RCq60ZHMqoBTyyxtQ6LG/I0bZs7a2/6Wc3O3VhSIGgjSOan7N4G13CJqfFA +FfMATGPnK+nYxmVAQ2VR0GxscvjdBLkCDQROqrqEARAAzYUNba4eFVDLlF2SzSra +VMyV9eNBdi64tNQVTFDH+bj2KgcPKZXBUXDz+hizOb3jegaBojlbf6LYUgzQMQ96 +uHcE/mlBhtU1nUYKEH82kblA6UVOrtSyK/2MIX/aoK7C+pKFSIEkl2/V4NtPQ6Ay +H+UQ8c6uOP6Z0raaawjZ/rzvxIlVPD0Ou0PtJf6l0UtMQRWpYcwNl3O6JgMFhqP4 +LipP40aYEuxr9RUynWBb8HzXj1R5imPgF+F47L8EPKDgIqEr6OLWigQ6pBpKM8xP +lMQByGvv5Xi35rqMwn2porHwYE5BIUIQcSSSdhSxgwB0G/hlpucX7wtUMheAUFTj +sVVK5jirMf30h4NUlpyO1hNblIM+oex96yir8PRZwQFkZ8CFeMDXjsNYUhcqyAJC +Lr64XiaX7VdIshcIF07tC/Rjd7qKOs21phzIJ7FkYYFkhh607q6rzH7pBsnckJnX +ydFIo412ig4dac2f2FSgZXPYyZ9T6y9raL3Aq1WigOncG+ajpN60/r1pXXggoIgr +ZuSMXpklr3z7DZ+M5Vk7EjpTZqfUkcBuS9ObsfX/oIpVaY5MCZobjw4iBEee/t+f +4YigdPTWWxoHA259S2dH3MdWzIH515VWjUD4E7Jf9iEoYygT98u3fV/1GHjBsQTg +2CTXRCG3xpHnPliLvwkt6z8AEQEAAYkCHwQYAQIACQUCTqq6hAIbDAAKCRDJOrkr +1SXin9vjD/46juH2MLa/iyXzbz4QxEHt5/USZ+RFh8Bt5iBEGVvKY97QlOJ6Eq8Z +9BMA1z+QpdkU2Rx7H2l9ohA5Kznlz80KUGzkkEwCZTqycLLX2/oq825dqF0H6hJu +9R95ltC8xIYvW0KPunnyU4HO+RyVM544vR1KKBTXV/+ojHD2BviDQ41bFNfYjo+N +uInrJWCgsxAC1fhnxLjQH74BkBSMF0S85y68EnHbJ/4IAud24shb6blsF1Sjf1CK +UX0ZWwbBWj7cMg0pfkczdl7Y7pHJqOr/UrC40jHVO4CX0JrxhOT7u4cvhv0E4Y3O +y9+Js7+fM6Ua+YF6TuArOorOCH8vzx6xvM1AW2U5jS3iMglIi6fXEYRuQB9ygPTc +wJ/ByBApEKC7O0kA0PhwEF4FTgZntThlaJ+2rsUseONAXqZTJaX+CXtQdw6IVa8n +SmXN01YsZzW1qFhbBSYHowqbOxbW9WH0ObtL+bxfJbG8HrVoXZJ5pcytzIDsGbtE +1M2AQPZ4CaaWDGEvnM3REo1OOAf3f4Vf9C59suPoKVWqalBb94AhQqka8nZ81jL9 +tXDt0Yuaj2xroCNstmRFOgXJBWWx59kVdU9yoC2K0AWNrMdHAuyevgscAHsKkXq5 +4C1xL0RuUlNZ1qcX7Ev7kcLJ1RxRyXZQCbpIUi+UAWuNgEwMEHo1eQ== +=rHPd +-----END PGP PUBLIC KEY BLOCK----- diff --git a/lass/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index 5e340b26f..b58c555e7 100644 --- a/lass/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -4,10 +4,12 @@ with builtins; with lib; let - cfg = config.lass.newsbot-js; + inherit (config.krebs.lib) genid; + + cfg = config.krebs.newsbot-js; out = { - options.lass.newsbot-js = api; + options.krebs.newsbot-js = api; config = mkIf cfg.enable imp; }; diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 8d0704e8c..816c2ff69 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -54,6 +54,34 @@ let type = with types; string; default = ""; }; + ssl = mkOption { + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + #TODO: check for valid cipher + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; + }; + prefer_server_ciphers = mkOption { + type = bool; + default = true; + }; + protocols = mkOption { + type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]); + default = [ "TLSv1.1" "TLSv1.2" ]; + + }; + }; + }); + default = {}; + }; }; }); default = {}; @@ -89,14 +117,28 @@ let } ''; - to-server = { server-names, listen, locations, extraConfig, ... }: '' - server { - ${concatMapStringsSep "\n" (x: "listen ${x};") listen} - server_name ${toString server-names}; - ${indent extraConfig} - ${indent (concatMapStrings to-location locations)} - } - ''; + to-server = { server-names, listen, locations, extraConfig, ssl, ... }: + let + _extraConfig = if ssl.enable then + extraConfig + '' + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + ${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"} + ssl_ciphers ${ssl.ciphers}; + ssl_protocols ${toString ssl.protocols}; + '' + else + extraConfig + ; + + in '' + server { + ${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")} + server_name ${toString server-names}; + ${indent _extraConfig} + ${indent (concatMapStrings to-location locations)} + } + ''; in out diff --git a/lass/5pkgs/newsbot-js/default.nix b/krebs/5pkgs/newsbot-js/default.nix index cabd7422c..9e4a51306 100644 --- a/lass/5pkgs/newsbot-js/default.nix +++ b/krebs/5pkgs/newsbot-js/default.nix @@ -25,9 +25,9 @@ in nodePackages.buildNodePackage { name = "newsbot-js"; src = fetchgit { - url = "http://cgit.echelon/newsbot-js/"; - rev = "802b172d0eed6c9625a9cb5db408f5cc8c01784e"; - sha256 = "794fc7845aca311f7cf7b6bdc109b5a25d0e2299322bc6612edadc477b2536e2"; + url = "http://cgit.prism/newsbot-js/"; + rev = "09e01639be4ea9691cf5b33f7d9057b68ac98079"; + sha256 = "28ffbed66c2efcd194c47823c7d5d5533c80852fc0cf9d9d4ee609c71d50c142"; }; phases = [ diff --git a/lass/5pkgs/newsbot-js/packages.nix b/krebs/5pkgs/newsbot-js/packages.nix index 982a9d55c..982a9d55c 100644 --- a/lass/5pkgs/newsbot-js/packages.nix +++ b/krebs/5pkgs/newsbot-js/packages.nix diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 0103b6ec0..cc98c2c5b 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -19,12 +19,8 @@ with builtins; # }; #} { - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } - ]; - }; + services.elasticsearch = { + enable = true; }; } ]; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9f492e2c6..1f7a13c56 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix + ../2configs/cbase.nix #../2configs/buildbot-standalone.nix { #risk of rain port @@ -141,10 +142,16 @@ services.elasticsearch = { enable = true; plugins = [ - pkgs.elasticsearchPlugins.elasticsearch_kopf + # pkgs.elasticsearchPlugins.elasticsearch_kopf ]; }; } + { + services.postgresql = { + enable = true; + package = pkgs.postgresql; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; @@ -270,16 +277,17 @@ emulateWheel = true; }; - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; + #services.xserver = { + # videoDriver = "intel"; + # vaapiDrivers = [ pkgs.vaapiIntel ]; + # deviceSection = '' + # Option "AccelMethod" "sna" + # BusID "PCI:0:2:0" + # ''; + #}; environment.systemPackages = with pkgs; [ + acronym cac-api sshpass get @@ -328,7 +336,4 @@ tapButtons = false; twoFingerScroll = true; }; - - #for google hangout - users.extraUsers.gm.extraGroups = [ "audio" "video" ]; } diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 05b3470e5..4d40c8d59 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -83,10 +83,10 @@ in { { sound.enable = false; } - { - #workaround for server dying after 6-7h - boot.kernelPackages = pkgs.linuxPackages_4_2; - } + #{ + # #workaround for server dying after 6-7h + # boot.kernelPackages = pkgs.linuxPackages_4_2; + #} { nixpkgs.config.allowUnfree = true; } @@ -119,7 +119,8 @@ in { } { users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH" + "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFhFJUMTfPbv3SzqlT9S67Av/m/ctLfTd3mMhD4O9hZc+t+dZmaHWj3v1KujzMBiDp3Yfo2YdVVZLTwTluHD8yNoQH418Vm01nrYHwOsc5J0br3mb0URZSstPiz6/6Fc+PNCDfQ2skUAWUidWiH+JolROFQ4y2lfpLOw+wsK2jj+Gqx6w== JuiceSSH" + config.krebs.users.lass-uriel.pubkey ]; } { @@ -134,6 +135,12 @@ in { { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } ]; } + { + services.tor = { + enable = true; + client.enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 0758164f0..4e4eca21f 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -15,15 +15,6 @@ with builtins; ../2configs/bitlbee.nix ../2configs/weechat.nix ../2configs/skype.nix - { - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../krebs/Zpubkeys/uriel.ssh.pub - ]; - }; - }; - } ]; krebs.build.host = config.krebs.hosts.uriel; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index d2c96fdaa..8017d4270 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -54,8 +54,8 @@ with config.krebs.lib; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; nixpkgs = { - url = https://github.com/Lassulus/nixpkgs; - rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + url = https://github.com/NixOS/nixpkgs; + rev = "40c586b7ce2c559374df435f46d673baf711c543"; dev = "/home/lass/src/nixpkgs"; }; } // optionalAttrs config.krebs.build.host.secure { @@ -68,8 +68,9 @@ with config.krebs.lib; users.mutableUsers = false; + services.timesyncd.enable = true; + #why is this on in the first place? - services.ntp.enable = false; services.nscd.enable = false; boot.tmpOnTmpfs = true; @@ -81,7 +82,7 @@ with config.krebs.lib; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' EDITOR=vim - PAGER=most + MANPAGER=most ''; environment.systemPackages = with pkgs; [ @@ -104,6 +105,9 @@ with config.krebs.lib; #stuff for dl aria2 + + #neat utils + krebspaste ]; programs.bash = { diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index ede1c7b7b..6c52240af 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -33,16 +33,19 @@ in { dmenu gitAndTools.qgit - mpv much pavucontrol powertop push slock sxiv + xorg.xbacklight xsel zathura + mpv + mpv-poll + yt-next #window manager stuff #haskellPackages.xmobar #haskellPackages.yeganesh diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index eb764068b..47a16d4cb 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: let + inherit (config.krebs.lib) genid; + mainUser = config.users.extraUsers.mainUser; createChromiumUser = name: extraGroups: packages: { @@ -8,6 +10,7 @@ let inherit name; inherit extraGroups; home = "/home/${name}"; + uid = genid name; useDefaultShell = true; createHome = true; }; @@ -28,6 +31,7 @@ let inherit name; inherit extraGroups; home = "/home/${name}"; + uid = genid name; useDefaultShell = true; createHome = true; }; @@ -48,16 +52,17 @@ in { environment.systemPackages = [ (pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) + BROWSER=$(echo -e "ff\ncr\nwk\nfb\ngm\nflash" | dmenu) $BROWSER $@ '') ]; imports = [ - ( createFirefoxUser "ff" [ "audio" ] [ ] ) + ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) - ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) - ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) + ( createChromiumUser "wk" [ "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "fb" [ "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "gm" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] ) ]; diff --git a/lass/2configs/cbase.nix b/lass/2configs/cbase.nix new file mode 100644 index 000000000..9d13bc30d --- /dev/null +++ b/lass/2configs/cbase.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: + +let + inherit (config.krebs.lib) genid; + +in { + + users.extraUsers = { + cbasevpn = rec { + name = "cbasevpn"; + uid = genid "cbasevpn"; + description = "user for running c-base openvpn"; + home = "/home/${name}"; + }; + }; + + users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + + services.openvpn.servers = { + c-base = { + config = '' + client + dev tap + proto tcp + remote vpn.ext.c-base.org 1194 + resolv-retry infinite + nobind + user cbasevpn + group cbasevpn + persist-key + persist-tun + + auth-nocache + #auth-user-pass + auth-user-pass ${toString <secrets/cbase.txt>} + + comp-lzo + verb 3 + + #script-security 2 + #up /etc/openvpn/update-resolv-conf + #down /etc/openvpn/update-resolv-conf + + <ca> + -----BEGIN CERTIFICATE----- + MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV + BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj + LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ + ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1 + MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu + MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf + MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF + AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7 + IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co + uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA + AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB + pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw + CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ + BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA + Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF + BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5 + ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK + wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o= + -----END CERTIFICATE----- + </ca> + key-direction 1 + <tls-auth> + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 5d49aa8c9cec18de7ab6e0b5cd09a368 + d3f1b8b77e055e448804fa0e14f487cb + 491681742f96b54a23fb8639aa9ed14e + c40b86a5546b888c4f3873f23c956e87 + 169076ec869127ffc85353fd5928871c + da19776b79f723abb366fae6cdfe4ad6 + 7ef667b7d05a7b78dfd5ea1d2da276dc + 5f6c82313fe9c1178c7256b8d1d081b0 + 4c80bc8f21add61fbc52c158579edc1d + bbde230afb9d0e531624ce289a17098a + 3261f9144a9a2a6f0da4250c9eed4086 + 187ec6fa757a454de743a349e32af193 + e9f8b49b010014bdfb3240d992f2f234 + 581d0ce05d4e07a2b588ad9b0555b704 + 9d5edc28efde59226ec8942feed690a1 + 2acd0c8bc9424d6074d0d495391023b6 + -----END OpenVPN Static key V1----- + </tls-auth> + ''; + }; + }; +} diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 4482c4e9d..d7c68bd7d 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -187,13 +187,10 @@ let hackernews|https://news.ycombinator.com/rss|#news ''; in { - imports = [ - ../3modules/newsbot-js.nix - ]; environment.systemPackages = [ pkgs.newsbot-js ]; - lass.newsbot-js = { + krebs.newsbot-js = { enable = true; ircServer = "localhost"; feeds = newsfile; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index f8a63706e..89e0f217a 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -16,11 +16,13 @@ enable = true; connectTo = [ "prism" - "cloudkrebs" - "echelon" "pigstarter" "gum" "flap" ]; }; + + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + }; } diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 3fe45e1d1..b40227c61 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -1,13 +1,42 @@ { config, pkgs, ... }: let - customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin { - name = "Mustang2"; - src = pkgs.fetchFromGitHub { - owner = "croaker"; - repo = "mustang-vim"; - rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5"; - sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67"; + customPlugins = { + mustang2 = pkgs.vimUtils.buildVimPlugin { + name = "Mustang2"; + src = pkgs.fetchFromGitHub { + owner = "croaker"; + repo = "mustang-vim"; + rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5"; + sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67"; + }; + }; + unimpaired = pkgs.vimUtils.buildVimPlugin { + name = "unimpaired-vim"; + src = pkgs.fetchFromGitHub { + owner = "tpope"; + repo = "vim-unimpaired"; + rev = "11dc568dbfd7a56866a4354c737515769f08e9fe"; + sha256 = "1an941j5ckas8l3vkfhchdzjwcray16229rhv3a1d4pbxifwshi8"; + }; + }; + brogrammer = pkgs.vimUtils.buildVimPlugin { + name = "brogrammer"; + src = pkgs.fetchFromGitHub { + owner = "marciomazza"; + repo = "vim-brogrammer-theme"; + rev = "3e412d8e8909d8d89eb5a4cbe955b5bc0833a3c3"; + sha256 = "0am1qk8ls74z5ipgf9viacayq08y9i9vd7sxxiivwgsjh2ancbv6"; + }; + }; + file-line = pkgs.vimUtils.buildVimPlugin { + name = "file-line"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "f9ffa1879ad84ce4a386110446f395bc1795b72a"; + sha256 = "173n47w9zd01rcyrrmm194v79xq7d1ggzr19n1lsxrqfgr2c1rvk"; + }; }; }; @@ -23,7 +52,7 @@ in { syntax on " TODO autoload colorscheme file set background=dark - colorscheme mustang + colorscheme brogrammer filetype off filetype plugin indent on @@ -56,7 +85,8 @@ in { vnoremap < <gv vnoremap > >gv - nmap <esc>q :buffer + nmap <esc>q :buffer + "Tabwidth set ts=2 sts=2 sw=2 et @@ -105,11 +135,26 @@ in { "esc timeout set timeoutlen=1000 ttimeoutlen=0 + + "foldfunctions + inoremap <F9> <C-O>za + nnoremap <F9> za + onoremap <F9> <C-C>za + vnoremap <F9> zf ''; vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; vimrcConfig.vam.pluginDictionaries = [ - { names = [ "Gundo" "commentary" "mustang2" ]; } + { names = [ + "brogrammer" + "commentary" + "extradite" + "file-line" + "fugitive" + "Gundo" + "mustang2" + "unimpaired" + ]; } { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 6a257f0bb..98f5df42a 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,14 +1,17 @@ { config, lib, pkgs, ... }: -{ - krebs.per-user.chat.packages = [ - pkgs.weechat - pkgs.tmux +let + inherit (config.krebs.lib) genid; +in { + krebs.per-user.chat.packages = with pkgs; [ + mosh + tmux + weechat ]; users.extraUsers.chat = { home = "/home/chat"; - uid = lib.genid "chat"; + uid = genid "chat"; useDefaultShell = true; createHome = true; openssh.authorizedKeys.keys = [ diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 203ed0b09..30afd787e 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -52,6 +52,7 @@ let wantedBy = [ "multi-user.target" ]; requires = [ "xserver.service" ]; environment = xmonad-environment; + restartIfChanged = false; serviceConfig = { ExecStart = "${xmonad-start}/bin/xmonad"; ExecStop = "${xmonad-stop}/bin/xmonad-stop"; diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 64aa45823..7299e9ac0 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -54,10 +54,6 @@ #eval $( dircolors -b ~/.LS_COLORS ) - #exports - export EDITOR='vim' - export MANPAGER='most' - export PAGER='vim -R -' # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' #beautiful colors diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0dcad971c..f891498c2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,7 +3,6 @@ _: imports = [ ./xresources.nix ./folderPerms.nix - ./newsbot-js.nix ./per-user.nix ./urxvtd.nix ./xresources.nix diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index a10df779e..35d8d04a5 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -45,24 +45,6 @@ let instanceid = mkOption { type = str; }; - ssl = mkOption { - type = with types; submodule ({ - options = { - enable = mkEnableOption "ssl"; - certificate = mkOption { - type = str; - }; - certificate_key = mkOption { - type = str; - }; - ciphers = mkOption { - type = str; - default = "AES128+EECDH:AES128+EDH"; - }; - }; - }); - default = {}; - }; }; })); default = {}; @@ -72,7 +54,7 @@ let group = config.services.nginx.group; imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { server-names = [ "${domain}" "www.${domain}" @@ -116,16 +98,7 @@ let error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; - ${if ssl.enable then '' - ssl_certificate ${ssl.certificate}; - ssl_certificate_key ${ssl.certificate_key}; - '' else ""} ''; - listen = (if ssl.enable then - [ "80" "443 ssl" ] - else - "80" - ); }); services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' listen = ${folder}/phpfpm.pool diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix index 93441cf0d..6e87e9853 100644 --- a/lass/3modules/static_nginx.nix +++ b/lass/3modules/static_nginx.nix @@ -42,10 +42,6 @@ let certificate_key = mkOption { type = str; }; - ciphers = mkOption { - type = str; - default = "AES128+EECDH:AES128+EDH"; - }; }; }); default = {}; @@ -74,16 +70,7 @@ let deny all; '') ]; - - listen = (if ssl.enable then - [ "80" "443 ssl" ] - else - "80" - ); - extraConfig = (if ssl.enable then '' - ssl_certificate ${ssl.certificate}; - ssl_certificate_key ${ssl.certificate_key}; - '' else ""); + inherit ssl; }); }; diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix new file mode 100644 index 000000000..53d5d015a --- /dev/null +++ b/lass/5pkgs/acronym/default.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +pkgs.writeScriptBin "acronym" '' + #! ${pkgs.bash}/bin/bash + + acro=$1 + + curl -s http://www.acronymfinder.com/$acro.html \ + | grep 'class="result-list__body__rank"' \ + | sed 's/.*title="\([^"]*\)".*/\1/' \ + | sed 's/^.* - //' \ + | sed "s/'/'/g" +'' diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index ce29ae33c..0c9dd94ca 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -2,14 +2,16 @@ { nixpkgs.config.packageOverrides = rec { + acronym = pkgs.callPackage ./acronym/default.nix {}; firefoxPlugins = { noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; - newsbot-js = pkgs.callPackage ./newsbot-js/default.nix {}; + mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in pkgs.haskellPackages.callPackage src {}; + yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; } diff --git a/lass/5pkgs/mpv-poll/default.nix b/lass/5pkgs/mpv-poll/default.nix new file mode 100644 index 000000000..ee191843e --- /dev/null +++ b/lass/5pkgs/mpv-poll/default.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: + +pkgs.writeScriptBin "mpv-poll" '' + #! ${pkgs.bash}/bin/bash + + pl=$1 + hist=''${HISTORY:-"./mpv_history"} + mpv_options=''${MPV_OPTIONS:-""} + + lastYT="" + + play_video () { + toPlay=$1 + echo $toPlay >> $hist + mpv $mpv_options $toPlay + } + + if ! [ -e $hist ]; then + touch $hist + fi + + while : + do + if [ -s $pl ]; then + toPlay=$(head -1 $pl) + sed -i '1d' $pl + if $(echo $toPlay | grep -Eq 'https?://(www.)?youtube.com/watch'); then + lastYT=$toPlay + fi + play_video $toPlay + else + if [ -n "$lastYT" ]; then + next=$(yt-next $lastYT) + lastYT=$next + play_video $next + fi + sleep 1 + fi + done +'' diff --git a/lass/5pkgs/yt-next/default.nix b/lass/5pkgs/yt-next/default.nix new file mode 100644 index 000000000..8132b4f05 --- /dev/null +++ b/lass/5pkgs/yt-next/default.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +pkgs.writeScriptBin "yt-next" '' + #! ${pkgs.bash}/bin/bash + + vid=$1 + num=''${NUM:-1} + + curl -Ls $1 \ + | grep 'href="/watch?v=' \ + | head -n$num \ + | sed 's,.*href="\([^"]*\)".*,https://youtube.com\1,' +'' diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index a33744f0b..2f2358ddc 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -1,17 +1,51 @@ { config, pkgs, lib, ... }: with config.krebs.lib; -{ +let + byid = dev: "/dev/disk/by-id/" + dev; + rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039"; + auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F"; + dataPartition = auxDisk + "-part1"; + + allDisks = [ rootDisk auxDisk ]; +in { imports = [ - ../2configs/fs/single-partition-ext4.nix - ../2configs/zsh-user.nix - ../. + ../. + ../2configs/fs/single-partition-ext4.nix + ../2configs/zsh-user.nix + ../2configs/smart-monitor.nix + ../2configs/exim-retiolum.nix + ../2configs/virtualization.nix ]; + networking.firewall.allowedUDPPorts = [ 80 655 67 ]; + networking.firewall.allowedTCPPorts = [ 80 655 ]; + networking.firewall.checkReversePath = false; + #networking.firewall.enable = false; + # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; - boot.loader.grub.device = "/dev/disk/by-id/ata-ADATA_SSD_S599_64GB_10460000000000000039"; + boot.kernelModules = [ "coretemp" "f71882fg" ]; + + hardware.enableAllFirmware = true; + nixpkgs.config.allowUnfree = true; + networking.wireless.enable = true; + + # TODO smartd omo darth gum all-in-one + services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + zramSwap.enable = true; + + fileSystems."/data" = { + device = dataPartition; + fsType = "ext4"; + }; + + boot.loader.grub.device = rootDisk; + users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey + config.krebs.users.makefu-vbob.pubkey ]; + + krebs.build.host = config.krebs.hosts.darth; } diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index e784fdc12..710421659 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -41,9 +41,16 @@ in { ]; }; - krebs.nginx.servers.cgit.server-names = [ - "cgit.euer.krebsco.de" - ]; + krebs.nginx.servers.cgit = { + server-names = [ "cgit.euer.krebsco.de" ]; + listen = [ "${external-ip}:80" "${internal-ip}:80" ]; + }; + + # access + users.users = { + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + }; # Chat environment.systemPackages = with pkgs;[ diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index bfcd2298a..fbd06a9c7 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -11,7 +11,7 @@ let # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 # omo Chassis: # __FRONT_ @@ -30,6 +30,8 @@ let cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks + + # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; in { imports = @@ -42,16 +44,21 @@ in { ../2configs/smart-monitor.nix ../2configs/mail-client.nix ../2configs/share-user-sftp.nix + ../2configs/graphite-standalone.nix ../2configs/omo-share.nix ]; + krebs.retiolum.enable = true; networking.firewall.trustedInterfaces = [ "enp3s0" ]; # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net # tcp:80 - nginx for sharing files # tcp:655 udp:655 - tinc - # tcp:8080 - sabnzbd + # tcp:8111 - graphite + # tcp:9090 - sabnzbd + # tcp:9200 - elasticsearch + # tcp:5601 - kibana networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 9200 9090 ]; # services.openssh.allowSFTP = false; diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 119f0e5e4..88c187758 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,7 +36,11 @@ #../2configs/wordpress.nix ../2configs/nginx/public_html.nix ]; - + krebs.nginx = { + default404 = false; + servers.default.listen = [ "80 default_server" ]; + servers.default.server-names = [ "_" ]; + }; krebs.retiolum.enable = true; # steam hardware.opengl.driSupport32Bit = true; diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 748b08ef1..5e2382f37 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -15,11 +15,6 @@ ]; nixpkgs.config.allowUnfree = true; - krebs.build.source.upstream-nixpkgs = { - url = https://github.com/makefu/nixpkgs; - # HTTP Everywhere + libredir - rev = "8239ac6"; - }; fileSystems."/nix" = { device ="/dev/disk/by-label/nixstore"; fsType = "ext4"; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 341a2ab20..b807957ba 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -10,16 +10,6 @@ # # if this is not enough, check out main-laptop.nix -## TODO: .Xdefaults: -# URxvt*termName: rxvt -# URxvt.scrollBar : false -# URxvt*scrollBar_right: false -# URxvt*borderLess: false -# URxvt.foreground: white -# URxvt.background: black -# URxvt.urgentOnBell: true -# URxvt.visualBell: false -# URxvt.font : xft:Terminus with config.krebs.lib; let @@ -83,7 +73,9 @@ in XTerm*FaceName : Terminus:pixelsize=14 URxvt*termName: rxvt - URxvt.scrollBar : False + URxvt*saveLines: 10000 + URxvt*loginShell: false + URxvt.scrollBar : false URxvt*scrollBar_right: false URxvt*borderLess: false URxvt.foreground: white diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 313ccbec7..20faf7896 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -125,6 +125,7 @@ with config.krebs.lib; nixpkgs.config.packageOverrides = pkgs: { nano = pkgs.runCommand "empty" {} "mkdir -p $out"; + tinc = pkgs.tinc_pre; }; services.cron.enable = false; diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index 5214cf872..1ef0d69e9 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -19,7 +19,7 @@ with config.krebs.lib; "/home" = { device = "/dev/mapper/main-home"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; }; } diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e9d7b755a..b82c0e44e 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -18,12 +18,12 @@ with config.krebs.lib; "/" = { device = "/dev/mapper/luksroot"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; "/boot" = { device = "/dev/disk/by-label/nixboot"; fsType = "ext4"; - options="defaults,discard"; + options = [ "defaults" "discard" ]; }; }; } diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index d5ce34bd4..7f9dc67a5 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -23,6 +23,7 @@ with config.krebs.lib; services.tlp.enable = true; services.tlp.extraConfig = '' START_CHARGE_THRESH_BAT0=80 + STOP_CHARGE_THRESH_BAT0=95 CPU_SCALING_GOVERNOR_ON_AC=performance CPU_SCALING_GOVERNOR_ON_BAT=ondemand diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index 793daa6f8..eeade94e8 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -7,7 +7,7 @@ with config.krebs.lib; gnupg imapfilter msmtp - mutt-kz + mutt notmuch offlineimap openssl diff --git a/makefu/2configs/nginx/public_html.nix b/makefu/2configs/nginx/public_html.nix new file mode 100644 index 000000000..9df8351ca --- /dev/null +++ b/makefu/2configs/nginx/public_html.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: + +with config.krebs.lib; + +{ + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + autoindex on; + '') + ]; + }; +} diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index a9640b38b..3a4dd456f 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -48,6 +48,13 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + + emu = { + path = "/media/crypt1/emu"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; usenet = { path = "/media/crypt0/usenet/dst"; "read only" = "yes"; diff --git a/makefu/4lib/default.nix b/makefu/4lib/default.nix new file mode 100644 index 000000000..5e9ab2087 --- /dev/null +++ b/makefu/4lib/default.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: + +with lib; +let + addDefaultTime = bku-entry: recursiveUpdate { + snapshots = { + daily = { format = "%Y-%m-%d"; retain = 7; }; + weekly = { format = "%YW%W"; retain = 4; }; + monthly = { format = "%Y-%m"; retain = 12; }; + yearly = { format = "%Y"; }; + }; + startAt = "5:23"; + } bku-entry; + + backup-host = config.krebs.hosts.omo; + backup-path = "/media/backup"; +in { + bku = { + inherit addDefaultTime; + simplePath = addDefaultTime (path: { + method = "pull"; + src = { host = config.krebs.build.host; inherit path; }; + dst = { + host = backup-host; + path = backup-path ++ config.krebs.build.host.name + ++ builtins.replaceStrings ["/"] ["-"] path; + }; + }); + }; +} diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix index 5bf85a66a..1b1672f08 100644 --- a/makefu/5pkgs/mycube-flask/default.nix +++ b/makefu/5pkgs/mycube-flask/default.nix @@ -10,8 +10,8 @@ with pkgs.pythonPackages;buildPythonPackage rec { src = fetchFromGitHub { owner = "makefu"; repo = "mycube-flask"; - rev = "5f5260a"; - sha256 = "1jx0h81nlmi1xry2vw46rvsanq0sdca6hlq31lhh7klqrg885hgh"; + rev = "48dc6857"; + sha256 = "1ax1vz6m5982l1mmp9vmywn9nw9p9h4m3ss74zazyspxq1wjim0v"; }; meta = { homepage = https://github.com/makefu/mycube-flask; |